{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 20.118
      },
      {
        "name": "AnalysisInfo",
        "time": 0.024
      },
      {
        "name": "BehaviorAnalysis",
        "time": 3.951
      },
      {
        "name": "Debug",
        "time": 0.002
      },
      {
        "name": "NetworkAnalysis",
        "time": 4.74
      },
      {
        "name": "Suricata",
        "time": 7.129
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_setunhandledexceptionfilter",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_objects",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_scsi",
        "time": 0.0
      },
      {
        "name": "antivm_generic_services",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "banker_prinimalka",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "debugs_self",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "deletes_shadow_copies",
        "time": 0.0
      },
      {
        "name": "deletes_system_state_backup",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_mappeddrives_autodisconnect",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "guloader_apis",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "koadic_apis",
        "time": 0.0
      },
      {
        "name": "koadic_network_activity",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "cryptbot_network",
        "time": 0.0
      },
      {
        "name": "masslogger_artifacts",
        "time": 0.0
      },
      {
        "name": "purplewave_network_activity",
        "time": 0.0
      },
      {
        "name": "quilclipper_behavior",
        "time": 0.0
      },
      {
        "name": "raccoon_behavior",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "vidar_behavior",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_needextension",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "loader_alien",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypt_pcinfo",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agenttesla_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agentteslat2_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_nanocore",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_document_file",
        "time": 0.0
      },
      {
        "name": "network_downloader_exe",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "nemty_network_activity",
        "time": 0.0
      },
      {
        "name": "nemty_note",
        "time": 0.0
      },
      {
        "name": "sodinokibi_behavior",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_registry",
        "time": 0.0
      },
      {
        "name": "blackrat_apis",
        "time": 0.0
      },
      {
        "name": "blackrat_network_activity",
        "time": 0.0
      },
      {
        "name": "blackrat_registry_keys",
        "time": 0.0
      },
      {
        "name": "dcrat_behavior",
        "time": 0.0
      },
      {
        "name": "karagany_system_event_objects",
        "time": 0.0
      },
      {
        "name": "rat_luminosity",
        "time": 0.0
      },
      {
        "name": "rat_nanocore",
        "time": 0.0
      },
      {
        "name": "netwire_behavior",
        "time": 0.0
      },
      {
        "name": "obliquerat_network_activity",
        "time": 0.0
      },
      {
        "name": "orcusrat_behavior",
        "time": 0.0
      },
      {
        "name": "trochilusrat_apis",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "remcos_shell_code_dynamic_wrapper_x",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_system_procname",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "neshta_files",
        "time": 0.0
      },
      {
        "name": "neshta_regkeys",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.001
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.021
      },
      {
        "name": "network_ip_exe",
        "time": 0.001
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.0
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.007
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.0
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.003
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.006
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.001
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.015
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.506
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.028
      },
      {
        "name": "antiav_detectreg",
        "time": 2.501
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.005
      },
      {
        "name": "antiemu_windefend",
        "time": 0.002
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.001
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.001
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.044
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.035
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.099
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.045
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.136
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.001
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.002
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.011
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.277
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.004
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.182
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.091
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.135
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "gulpix_behavior",
        "time": 0.0
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.026
      },
      {
        "name": "okrum_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_cridex",
        "time": 0.001
      },
      {
        "name": "geodo_banking_trojan",
        "time": 0.052
      },
      {
        "name": "banker_spyeye_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_zeus_mutex",
        "time": 0.0
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.001
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.002
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.001
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.045
      },
      {
        "name": "checks_uac_status",
        "time": 0.008
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.001
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "carberp_mutex",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.0
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.002
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.012
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.006
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "cypherit_mutexes",
        "time": 0.0
      },
      {
        "name": "darkcomet_regkeys",
        "time": 0.023
      },
      {
        "name": "datop_loader",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.002
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.001
      },
      {
        "name": "disables_system_restore",
        "time": 0.001
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.001
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.001
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.008
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "andromut_mutexes",
        "time": 0.0
      },
      {
        "name": "downloader_cabby",
        "time": 0.0
      },
      {
        "name": "phorpiex_mutexes",
        "time": 0.0
      },
      {
        "name": "protonbot_mutexes",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.001
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "apocalypse_stealer_file_behavior",
        "time": 0.0
      },
      {
        "name": "arkei_files",
        "time": 0.001
      },
      {
        "name": "azorult_mutexes",
        "time": 0.001
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.017
      },
      {
        "name": "cryptbot_files",
        "time": 0.001
      },
      {
        "name": "echelon_files",
        "time": 0.001
      },
      {
        "name": "infostealer_ftp",
        "time": 0.881
      },
      {
        "name": "infostealer_im",
        "time": 0.495
      },
      {
        "name": "infostealer_mail",
        "time": 0.152
      },
      {
        "name": "masslogger_files",
        "time": 0.0
      },
      {
        "name": "poullight_files",
        "time": 0.007
      },
      {
        "name": "purplewave_mutexes",
        "time": 0.0
      },
      {
        "name": "quilclipper_mutexes",
        "time": 0.0
      },
      {
        "name": "qulab_files",
        "time": 0.007
      },
      {
        "name": "qulab_mutexes",
        "time": 0.0
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.033
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.001
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.001
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.0
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.0
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.0
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.0
      },
      {
        "name": "network_tor_service",
        "time": 0.001
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.006
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.008
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.001
      },
      {
        "name": "powerpool_mutexes",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "cryptomix_mutexes",
        "time": 0.0
      },
      {
        "name": "dharma_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.006
      },
      {
        "name": "ransomware_files",
        "time": 0.009
      },
      {
        "name": "fonix_mutexes",
        "time": 0.0
      },
      {
        "name": "gandcrab_mutexes",
        "time": 0.0
      },
      {
        "name": "germanwiper_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_regkeys",
        "time": 0.011
      },
      {
        "name": "nemty_mutexes",
        "time": 0.0
      },
      {
        "name": "nemty_regkeys",
        "time": 0.006
      },
      {
        "name": "pysa_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_radamant",
        "time": 0.0
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "revil_mutexes",
        "time": 0.001
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "satan_mutexes",
        "time": 0.001
      },
      {
        "name": "snake_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_cmd",
        "time": 0.0
      },
      {
        "name": "ransomware_stopdjvu",
        "time": 0.0
      },
      {
        "name": "rat_beebus_mutexes",
        "time": 0.0
      },
      {
        "name": "blacknet_mutexes",
        "time": 0.0
      },
      {
        "name": "blackrat_mutexes",
        "time": 0.0
      },
      {
        "name": "crat_mutexes",
        "time": 0.0
      },
      {
        "name": "dcrat_files",
        "time": 0.001
      },
      {
        "name": "dcrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_fynloski_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_regkeys",
        "time": 0.025
      },
      {
        "name": "lodarat_file_behavior",
        "time": 0.0
      },
      {
        "name": "modirat_behavior",
        "time": 0.001
      },
      {
        "name": "njrat_regkeys",
        "time": 0.0
      },
      {
        "name": "obliquerat_files",
        "time": 0.002
      },
      {
        "name": "obliquerat_mutexes",
        "time": 0.0
      },
      {
        "name": "parallax_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_pcclient",
        "time": 0.002
      },
      {
        "name": "rat_plugx_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_poisonivy_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_quasar_mutexes",
        "time": 0.0
      },
      {
        "name": "ratsnif_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_spynet",
        "time": 0.001
      },
      {
        "name": "venomrat_mutexes",
        "time": 0.0
      },
      {
        "name": "warzonerat_files",
        "time": 0.001
      },
      {
        "name": "warzonerat_regkeys",
        "time": 0.012
      },
      {
        "name": "xpertrat_files",
        "time": 0.0
      },
      {
        "name": "xpertrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_xtreme_mutexes",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.002
      },
      {
        "name": "recon_fingerprint",
        "time": 0.029
      },
      {
        "name": "remcos_files",
        "time": 0.001
      },
      {
        "name": "remcos_mutexes",
        "time": 0.0
      },
      {
        "name": "remcos_regkeys",
        "time": 0.015
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.001
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "spicyhotpot_behavior",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.001
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.001
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.0
      },
      {
        "name": "tampers_etw",
        "time": 0.001
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "targeted_flame",
        "time": 0.001
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.834
      },
      {
        "name": "trickbot_mutex",
        "time": 0.0
      },
      {
        "name": "fleercivet_mutex",
        "time": 0.0
      },
      {
        "name": "lokibot_mutexes",
        "time": 0.001
      },
      {
        "name": "ursnif_behavior",
        "time": 0.001
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "neshta_mutexes",
        "time": 0.0
      },
      {
        "name": "renamer_mutexes",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.029
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.024
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      },
      {
        "name": "allaple_mutexes",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "87053d0ad81ac3367ef5.exe",
      "path": "/opt/CAPEv2/storage/binaries/87053d0ad81ac3367ef5e6305f4cf4eec11776e94971f3f54bc66eaddf756eb5",
      "guest_paths": "",
      "size": 605184,
      "crc32": "3F995045",
      "md5": "43bfb580c664206153734859442ead26",
      "sha1": "70188c653e409b08f1591f5c7fd95e4716edf649",
      "sha256": "87053d0ad81ac3367ef5e6305f4cf4eec11776e94971f3f54bc66eaddf756eb5",
      "sha512": "78403ac6c5c5f24b55097e6f998707ab59cdf0169842cc7a2ddef65ef20adc59b6d695b9e453de9023b2845904bad9df67025689cdd40e7250f0de3005ce3303",
      "rh_hash": null,
      "ssdeep": "12288:x0PRNYLhJdkEefw+AAf3BEODSPGepldpbGhp:wNe/kThfRFDSPrpld5G/",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [
        {
          "name": "COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24",
          "meta": {
            "description": "Detects indicators of .NET Reactors managed obfuscation. Reactor is a commercial obfuscation solution, pirated versions are often abused by threat actors.",
            "author": "Jonathan Peters",
            "id": "8dc07bbd-cbeb-5214-a27a-555a0d396197",
            "date": "2024-01-09",
            "modified": "2024-01-12",
            "reference": "https://www.eziriz.com/dotnet_reactor.htm",
            "source_url": "https://github.com/cod3nym/detection-rules//blob/86a04c4594cb48895192aad4af164f21f568c136/yara/dotnet/obf_net_reactor.yar#L18-L34",
            "license_url": "https://github.com/cod3nym/detection-rules//blob/86a04c4594cb48895192aad4af164f21f568c136/LICENSE.md",
            "hash": "be842a9de19cfbf42ea5a94e3143d58390a1abd1e72ebfec5deeb8107dddf038",
            "logic_hash": "40a03eb487e2c02a032c4bfb51580dbb764e0a49ceee5ae92c54a5ee3ede9696",
            "score": 65,
            "quality": 80,
            "tags": "FILE"
          },
          "strings": [
            "<PrivateImplementationDetails>{987D5E06-59D6-4C51-9ADF-C3C0AE4FC498}",
            "<Module>{1F4B02DF-696E-486A-8B35-F56CCA1C23C6}",
            "<Module>{b8bddd2a-a952-4523-8049-3c5b3829d6dc}"
          ],
          "addresses": {
            "": 256027
          }
        },
        {
          "name": "possible_includes_base64_packed_functions",
          "meta": {
            "impact": 5,
            "hide": true,
            "desc": "Detects possible includes and packed functions"
          },
          "strings": [
            "btoA",
            "This",
            "prog",
            "rogr",
            "ogra",
            "gram",
            "cann",
            "anno",
            "nnot",
            "mode",
            "text",
            "rsrc",
            "relo",
            "eloc",
            "vlmX",
            "XjXo",
            "vlsH",
            "neis",
            "eksL",
            "elsH",
            "BSJB",
            "3031",
            "0319",
            "Stri",
            "trin",
            "ring",
            "ings",
            "GUID",
            "Blob",
            "Htdz",
            "tdze",
            "dzey",
            "CompilationRelaxationsAttrib",
            "ompilationRelaxationsAttribu",
            "mpilationRelaxationsAttribut",
            "pilationRelaxationsAttribute",
            "ilationRelaxationsAttrib",
            "lationRelaxationsAttribu",
            "ationRelaxationsAttribut",
            "tionRelaxationsAttribute",
            "ionRelaxationsAttrib",
            "onRelaxationsAttribu",
            "nRelaxationsAttribut",
            "RelaxationsAttribute",
            "elaxationsAttrib",
            "laxationsAttribu",
            "axationsAttribut",
            "xationsAttribute",
            "ationsAttrib",
            "tionsAttribu",
            "ionsAttribut",
            "onsAttribute",
            "nsAttrib",
            "sAttribu",
            "Attribut",
            "ttribute",
            "trib",
            "ribu",
            "ibut",
            "bute",
            "Syst",
            "yste",
            "stem",
            "Runt",
            "unti",
            "ntim",
            "time",
            "CompilerServices",
            "ompilerServi",
            "mpilerServic",
            "pilerService",
            "ilerServices",
            "lerServi",
            "erServic",
            "rService",
            "Services",
            "ervi",
            "rvic",
            "vice",
            "ices",
            "mscorlib",
            "scor",
            "corl",
            "orli",
            "rlib",
            "ctor",
            "Void",
            "Int3",
            "nt32",
            "Bool",
            "oole",
            "olea",
            "lean",
            "RuntimeCompatibilityAttribut",
            "untimeCompatibilityAttribute",
            "ntimeCompatibilityAttrib",
            "timeCompatibilityAttribu",
            "imeCompatibilityAttribut",
            "meCompatibilityAttribute",
            "eCompatibilityAttrib",
            "CompatibilityAttribu",
            "ompatibilityAttribut",
            "mpatibilityAttribute",
            "patibilityAttrib",
            "atibilityAttribu",
            "tibilityAttribut",
            "ibilityAttribute",
            "bilityAttrib",
            "ilityAttribu",
            "lityAttribut",
            "ityAttribute",
            "tyAttrib",
            "yAttribu",
            "DebuggableAttrib",
            "ebuggableAttribu",
            "buggableAttribut",
            "uggableAttribute",
            "ggableAttrib",
            "gableAttribu",
            "ableAttribut",
            "bleAttribute",
            "leAttrib",
            "eAttribu",
            "Diagnost",
            "iagnosti",
            "agnostic",
            "gnostics",
            "nost",
            "osti",
            "stic",
            "tics",
            "DebuggingMod",
            "ebuggingMode",
            "buggingModes",
            "uggingMo",
            "ggingMod",
            "gingMode",
            "ingModes",
            "ngMo",
            "gMod",
            "Mode",
            "odes",
            "AssemblyTitleAttribu",
            "ssemblyTitleAttribut",
            "semblyTitleAttribute",
            "emblyTitleAttrib",
            "mblyTitleAttribu",
            "blyTitleAttribut",
            "lyTitleAttribute",
            "yTitleAttrib",
            "TitleAttribu",
            "itleAttribut",
            "tleAttribute",
            "Reflecti",
            "eflectio",
            "flection",
            "lect",
            "ecti",
            "ctio",
            "tion",
            "AssemblyDescriptionAttribute",
            "ssemblyDescriptionAttrib",
            "semblyDescriptionAttribu",
            "emblyDescriptionAttribut",
            "mblyDescriptionAttribute",
            "blyDescriptionAttrib",
            "lyDescriptionAttribu",
            "yDescriptionAttribut",
            "DescriptionAttribute",
            "escriptionAttrib",
            "scriptionAttribu",
            "criptionAttribut",
            "riptionAttribute",
            "iptionAttrib",
            "ptionAttribu",
            "tionAttribut",
            "ionAttribute",
            "onAttrib",
            "nAttribu",
            "AssemblyConfigurationAttribu",
            "ssemblyConfigurationAttribut",
            "semblyConfigurationAttribute",
            "emblyConfigurationAttrib",
            "mblyConfigurationAttribu",
            "blyConfigurationAttribut",
            "lyConfigurationAttribute",
            "yConfigurationAttrib",
            "ConfigurationAttribu",
            "onfigurationAttribut",
            "nfigurationAttribute",
            "figurationAttrib",
            "igurationAttribu",
            "gurationAttribut",
            "urationAttribute",
            "rationAttrib",
            "ationAttribu",
            "AssemblyCompanyAttribute",
            "ssemblyCompanyAttrib",
            "semblyCompanyAttribu",
            "emblyCompanyAttribut",
            "mblyCompanyAttribute",
            "blyCompanyAttrib",
            "lyCompanyAttribu",
            "yCompanyAttribut",
            "CompanyAttribute",
            "ompanyAttrib",
            "mpanyAttribu",
            "panyAttribut",
            "anyAttribute",
            "nyAttrib",
            "AssemblyProductAttribute",
            "ssemblyProductAttrib",
            "semblyProductAttribu",
            "emblyProductAttribut",
            "mblyProductAttribute",
            "blyProductAttrib",
            "lyProductAttribu",
            "yProductAttribut",
            "ProductAttribute",
            "roductAttrib",
            "oductAttribu",
            "ductAttribut",
            "uctAttribute",
            "ctAttrib",
            "tAttribu",
            "AssemblyCopyrightAttribu",
            "ssemblyCopyrightAttribut",
            "semblyCopyrightAttribute",
            "emblyCopyrightAttrib",
            "mblyCopyrightAttribu",
            "blyCopyrightAttribut",
            "lyCopyrightAttribute",
            "yCopyrightAttrib",
            "CopyrightAttribu",
            "opyrightAttribut",
            "pyrightAttribute",
            "yrightAttrib",
            "rightAttribu",
            "ightAttribut",
            "ghtAttribute",
            "htAttrib",
            "AssemblyTrademarkAttribu",
            "ssemblyTrademarkAttribut",
            "semblyTrademarkAttribute",
            "emblyTrademarkAttrib",
            "mblyTrademarkAttribu",
            "blyTrademarkAttribut",
            "lyTrademarkAttribute",
            "yTrademarkAttrib",
            "TrademarkAttribu",
            "rademarkAttribut",
            "ademarkAttribute",
            "demarkAttrib",
            "emarkAttribu",
            "markAttribut",
            "arkAttribute",
            "rkAttrib",
            "kAttribu",
            "ComVisibleAttrib",
            "omVisibleAttribu",
            "mVisibleAttribut",
            "VisibleAttribute",
            "isibleAttrib",
            "sibleAttribu",
            "ibleAttribut",
            "InteropServi",
            "nteropServic",
            "teropService",
            "eropServices",
            "ropServi",
            "opServic",
            "pService",
            "GuidAttribut",
            "uidAttribute",
            "idAttrib",
            "dAttribu",
            "AssemblyFileVersionAttribute",
            "ssemblyFileVersionAttrib",
            "semblyFileVersionAttribu",
            "emblyFileVersionAttribut",
            "mblyFileVersionAttribute",
            "blyFileVersionAttrib",
            "lyFileVersionAttribu",
            "yFileVersionAttribut",
            "FileVersionAttribute",
            "ileVersionAttrib",
            "leVersionAttribu",
            "eVersionAttribut",
            "VersionAttribute",
            "ersionAttrib",
            "rsionAttribu",
            "sionAttribut",
            "TargetFrameworkAttribute",
            "argetFrameworkAttrib",
            "rgetFrameworkAttribu",
            "getFrameworkAttribut",
            "etFrameworkAttribute",
            "tFrameworkAttrib",
            "FrameworkAttribu",
            "rameworkAttribut",
            "ameworkAttribute",
            "meworkAttrib",
            "eworkAttribu",
            "workAttribut",
            "orkAttribute",
            "Versioni",
            "ersionin",
            "rsioning",
            "sion",
            "ioni",
            "onin",
            "ning",
            "Modu",
            "odul",
            "dule",
            "EmbeddedAttribut",
            "mbeddedAttribute",
            "beddedAttrib",
            "eddedAttribu",
            "ddedAttribut",
            "dedAttribute",
            "edAttrib",
            "Microsof",
            "icrosoft",
            "cros",
            "roso",
            "osof",
            "soft",
            "CodeAnalysis",
            "odeAnaly",
            "deAnalys",
            "eAnalysi",
            "Analysis",
            "naly",
            "alys",
            "lysi",
            "ysis",
            "RefSafetyRulesAttrib",
            "efSafetyRulesAttribu",
            "fSafetyRulesAttribut",
            "SafetyRulesAttribute",
            "afetyRulesAttrib",
            "fetyRulesAttribu",
            "etyRulesAttribut",
            "tyRulesAttribute",
            "yRulesAttrib",
            "RulesAttribu",
            "ulesAttribut",
            "lesAttribute",
            "esAttrib",
            "i0XQl9UoSkFPZs8H",
            "0XQl9UoSkFPZs8HT",
            "XQl9UoSkFPZs8HTp",
            "Ql9UoSkFPZs8",
            "l9UoSkFPZs8H",
            "9UoSkFPZs8HT",
            "UoSkFPZs8HTp",
            "oSkFPZs8",
            "SkFPZs8H",
            "kFPZs8HT",
            "FPZs8HTp",
            "PZs8",
            "Zs8H",
            "s8HT",
            "8HTp",
            "rOjCZorAEL2T0Afb",
            "OjCZorAEL2T0AfbF",
            "jCZorAEL2T0AfbFR",
            "CZorAEL2T0Af",
            "ZorAEL2T0Afb",
            "orAEL2T0AfbF",
            "rAEL2T0AfbFR",
            "AEL2T0Af",
            "EL2T0Afb",
            "L2T0AfbF",
            "2T0AfbFR",
            "T0Af",
            "0Afb",
            "AfbF",
            "fbFR",
            "Obje",
            "bjec",
            "ject",
            "sTvnpWek2nfmDwFd",
            "TvnpWek2nfmDwFdf",
            "vnpWek2nfmDwFdfK",
            "npWek2nfmDwF",
            "pWek2nfmDwFd",
            "Wek2nfmDwFdf",
            "ek2nfmDwFdfK",
            "k2nfmDwF",
            "2nfmDwFd",
            "nfmDwFdf",
            "fmDwFdfK",
            "mDwF",
            "DwFd",
            "wFdf",
            "FdfK",
            "splZUgP4vy8SEQ4W",
            "plZUgP4vy8SEQ4Wx",
            "lZUgP4vy8SEQ4Wxb",
            "ZUgP4vy8SEQ4",
            "UgP4vy8SEQ4W",
            "gP4vy8SEQ4Wx",
            "P4vy8SEQ4Wxb",
            "4vy8SEQ4",
            "vy8SEQ4W",
            "y8SEQ4Wx",
            "8SEQ4Wxb",
            "SEQ4",
            "EQ4W",
            "Q4Wx",
            "4Wxb",
            "BrkJ4r57MWGuhsWs",
            "rkJ4r57MWGuhsWsF",
            "kJ4r57MWGuhsWsFt",
            "J4r57MWGuhsW",
            "4r57MWGuhsWs",
            "r57MWGuhsWsF",
            "57MWGuhsWsFt",
            "7MWGuhsW",
            "MWGuhsWs",
            "WGuhsWsF",
            "GuhsWsFt",
            "uhsW",
            "hsWs",
            "sWsF",
            "WsFt",
            "T0oXjDDARMKNwOLf",
            "0oXjDDARMKNwOLf5",
            "oXjDDARMKNwOLf5O",
            "XjDDARMKNwOL",
            "jDDARMKNwOLf",
            "DDARMKNwOLf5",
            "DARMKNwOLf5O",
            "ARMKNwOL",
            "RMKNwOLf",
            "MKNwOLf5",
            "KNwOLf5O",
            "NwOL",
            "wOLf",
            "OLf5",
            "Lf5O",
            "HXXkwC97v36mypeV",
            "XXkwC97v36mypeVY",
            "XkwC97v36mypeVYM",
            "kwC97v36mype",
            "wC97v36mypeV",
            "C97v36mypeVY",
            "97v36mypeVYM",
            "7v36mype",
            "v36mypeV",
            "36mypeVY",
            "6mypeVYM",
            "mype",
            "ypeV",
            "peVY",
            "eVYM",
            "WIjj7aqHV2iiX19k",
            "Ijj7aqHV2iiX19ko",
            "jj7aqHV2iiX19koS",
            "j7aqHV2iiX19",
            "7aqHV2iiX19k",
            "aqHV2iiX19ko",
            "qHV2iiX19koS",
            "HV2iiX19",
            "V2iiX19k",
            "2iiX19ko",
            "iiX19koS",
            "iX19",
            "X19k",
            "19ko",
            "9koS",
            "LuLZUIuxdUHc2aJ3",
            "uLZUIuxdUHc2aJ3g",
            "LZUIuxdUHc2aJ3gr",
            "ZUIuxdUHc2aJ",
            "UIuxdUHc2aJ3",
            "IuxdUHc2aJ3g",
            "uxdUHc2aJ3gr",
            "xdUHc2aJ",
            "dUHc2aJ3",
            "UHc2aJ3g",
            "Hc2aJ3gr",
            "c2aJ",
            "2aJ3",
            "aJ3g",
            "J3gr",
            "Q4m4WxwqHJLsZ0ZV",
            "4m4WxwqHJLsZ0ZV1",
            "m4WxwqHJLsZ0ZV1p",
            "4WxwqHJLsZ0Z",
            "WxwqHJLsZ0ZV",
            "xwqHJLsZ0ZV1",
            "wqHJLsZ0ZV1p",
            "qHJLsZ0Z",
            "HJLsZ0ZV",
            "JLsZ0ZV1",
            "LsZ0ZV1p",
            "sZ0Z",
            "Z0ZV",
            "0ZV1",
            "ZV1p",
            "dtZVs5ct0qm2aZmw",
            "tZVs5ct0qm2aZmw5",
            "ZVs5ct0qm2aZmw5X",
            "Vs5ct0qm2aZm",
            "s5ct0qm2aZmw",
            "5ct0qm2aZmw5",
            "ct0qm2aZmw5X",
            "t0qm2aZm",
            "0qm2aZmw",
            "qm2aZmw5",
            "m2aZmw5X",
            "2aZm",
            "aZmw",
            "Zmw5",
            "mw5X",
            "u4ry4fg3xj71WiHq",
            "4ry4fg3xj71WiHqe",
            "ry4fg3xj71WiHqe8",
            "y4fg3xj71WiH",
            "4fg3xj71WiHq",
            "fg3xj71WiHqe",
            "g3xj71WiHqe8",
            "3xj71WiH",
            "xj71WiHq",
            "j71WiHqe",
            "71WiHqe8",
            "1WiH",
            "WiHq",
            "iHqe",
            "Hqe8",
            "Nugnaeqe",
            "ugnaeqeq",
            "gnae",
            "naeq",
            "aeqe",
            "eqeq",
            "Efyf",
            "fyfq",
            "yfqp",
            "Properti",
            "ropertie",
            "operties",
            "pert",
            "erti",
            "rtie",
            "ties",
            "1F4B02DF",
            "F4B0",
            "4B02",
            "B02D",
            "02DF",
            "696E",
            "486A",
            "8B35",
            "F56CCA1C23C6",
            "56CCA1C2",
            "6CCA1C23",
            "CCA1C23C",
            "CA1C23C6",
            "A1C2",
            "1C23",
            "C23C",
            "23C6",
            "UHROQNM8nJMyt7Wh",
            "HROQNM8nJMyt7WhV",
            "ROQNM8nJMyt7WhVU",
            "OQNM8nJMyt7W",
            "QNM8nJMyt7Wh",
            "NM8nJMyt7WhV",
            "M8nJMyt7WhVU",
            "8nJMyt7W",
            "nJMyt7Wh",
            "JMyt7WhV",
            "Myt7WhVU",
            "yt7W",
            "t7Wh",
            "7WhV",
            "WhVU",
            "eCCquBx9xKIlDNsO",
            "CCquBx9xKIlDNsOc",
            "CquBx9xKIlDNsOcK",
            "quBx9xKIlDNs",
            "uBx9xKIlDNsO",
            "Bx9xKIlDNsOc",
            "x9xKIlDNsOcK",
            "9xKIlDNs",
            "xKIlDNsO",
            "KIlDNsOc",
            "IlDNsOcK",
            "lDNs",
            "DNsO",
            "NsOc",
            "sOcK",
            "eE0XOJHVq436cEbm",
            "E0XOJHVq436cEbmG",
            "0XOJHVq436cEbmG3",
            "XOJHVq436cEbmG3S",
            "OJHVq436cEbm",
            "JHVq436cEbmG",
            "HVq436cEbmG3",
            "Vq436cEbmG3S",
            "q436cEbm",
            "436cEbmG",
            "36cEbmG3",
            "6cEbmG3S",
            "cEbm",
            "EbmG",
            "bmG3",
            "mG3S",
            "MulticastDelegat",
            "ulticastDelegate",
            "lticastDeleg",
            "ticastDelega",
            "icastDelegat",
            "castDelegate",
            "astDeleg",
            "stDelega",
            "tDelegat",
            "Delegate",
            "eleg",
            "lega",
            "egat",
            "gate",
            "lnpjfBHHitTcIbxk",
            "npjfBHHitTcIbxkN",
            "pjfBHHitTcIbxkN7",
            "jfBHHitTcIbxkN7U",
            "fBHHitTcIbxk",
            "BHHitTcIbxkN",
            "HHitTcIbxkN7",
            "HitTcIbxkN7U",
            "itTcIbxk",
            "tTcIbxkN",
            "TcIbxkN7",
            "cIbxkN7U",
            "Ibxk",
            "bxkN",
            "xkN7",
            "kN7U",
            "SRTESUHnMlWtoUBm",
            "RTESUHnMlWtoUBml",
            "TESUHnMlWtoUBmlC",
            "ESUHnMlWtoUBmlCn",
            "SUHnMlWtoUBm",
            "UHnMlWtoUBml",
            "HnMlWtoUBmlC",
            "nMlWtoUBmlCn",
            "MlWtoUBm",
            "lWtoUBml",
            "WtoUBmlC",
            "toUBmlCn",
            "oUBm",
            "UBml",
            "BmlC",
            "mlCn",
            "rDTgcQnXdoapjb3o",
            "DTgcQnXdoapjb3or",
            "TgcQnXdoapjb3orK",
            "gcQnXdoapjb3orKB",
            "cQnXdoapjb3o",
            "QnXdoapjb3or",
            "nXdoapjb3orK",
            "Xdoapjb3orKB",
            "doapjb3o",
            "oapjb3or",
            "apjb3orK",
            "pjb3orKB",
            "jb3o",
            "b3or",
            "3orK",
            "orKB",
            "CrQ4JYn1DGJce8A2",
            "rQ4JYn1DGJce8A2H",
            "Q4JYn1DGJce8A2HO",
            "4JYn1DGJce8A2HOx",
            "JYn1DGJce8A2",
            "Yn1DGJce8A2H",
            "n1DGJce8A2HO",
            "1DGJce8A2HOx",
            "DGJce8A2",
            "GJce8A2H",
            "Jce8A2HO",
            "ce8A2HOx",
            "e8A2",
            "8A2H",
            "A2HO",
            "2HOx",
            "NCMGydn9EkFcY1lR",
            "CMGydn9EkFcY1lRG",
            "MGydn9EkFcY1lRG7",
            "Gydn9EkFcY1lRG7A",
            "ydn9EkFcY1lR",
            "dn9EkFcY1lRG",
            "n9EkFcY1lRG7",
            "9EkFcY1lRG7A",
            "EkFcY1lR",
            "kFcY1lRG",
            "FcY1lRG7",
            "cY1lRG7A",
            "Y1lR",
            "1lRG",
            "lRG7",
            "RG7A",
            "Acg5EHnkSubsx4il",
            "cg5EHnkSubsx4ilA",
            "g5EHnkSubsx4ilAD",
            "5EHnkSubsx4ilADa",
            "EHnkSubsx4il",
            "HnkSubsx4ilA",
            "nkSubsx4ilAD",
            "kSubsx4ilADa",
            "Subsx4il",
            "ubsx4ilA",
            "bsx4ilAD",
            "sx4ilADa",
            "x4il",
            "4ilA",
            "ilAD",
            "lADa",
            "YwYhton2JWdYfiYU",
            "wYhton2JWdYfiYUk",
            "Yhton2JWdYfiYUkp",
            "hton2JWdYfiYUkpb",
            "ton2JWdYfiYU",
            "on2JWdYfiYUk",
            "n2JWdYfiYUkp",
            "2JWdYfiYUkpb",
            "JWdYfiYU",
            "WdYfiYUk",
            "dYfiYUkp",
            "YfiYUkpb",
            "fiYU",
            "iYUk",
            "YUkp",
            "Ukpb",
            "zfIWo4nuC0pOPpQH",
            "fIWo4nuC0pOPpQHc",
            "IWo4nuC0pOPpQHcd",
            "Wo4nuC0pOPpQHcdU",
            "o4nuC0pOPpQH",
            "4nuC0pOPpQHc",
            "nuC0pOPpQHcd",
            "uC0pOPpQHcdU",
            "C0pOPpQH",
            "0pOPpQHc",
            "pOPpQHcd",
            "OPpQHcdU",
            "PpQH",
            "pQHc",
            "QHcd",
            "HcdU",
            "Ehs6p1nwKvc2VUcN",
            "hs6p1nwKvc2VUcNB",
            "s6p1nwKvc2VUcNBI",
            "6p1nwKvc2VUcNBI0",
            "p1nwKvc2VUcN",
            "1nwKvc2VUcNB",
            "nwKvc2VUcNBI",
            "wKvc2VUcNBI0",
            "Kvc2VUcN",
            "vc2VUcNB",
            "c2VUcNBI",
            "2VUcNBI0",
            "VUcN",
            "UcNB",
            "cNBI",
            "NBI0",
            "ValueTyp",
            "alueType",
            "lueT",
            "ueTy",
            "eTyp",
            "Type",
            "DaCfjQnpytIxMfeQ",
            "aCfjQnpytIxMfeQo",
            "CfjQnpytIxMfeQon",
            "fjQnpytIxMfeQonv",
            "jQnpytIxMfeQ",
            "QnpytIxMfeQo",
            "npytIxMfeQon",
            "pytIxMfeQonv",
            "ytIxMfeQ",
            "tIxMfeQo",
            "IxMfeQon",
            "xMfeQonv",
            "MfeQ",
            "feQo",
            "eQon",
            "Qonv",
            "nfgl7KnFiyOHldD5",
            "fgl7KnFiyOHldD5p",
            "gl7KnFiyOHldD5pV",
            "l7KnFiyOHldD5pVk",
            "7KnFiyOHldD5",
            "KnFiyOHldD5p",
            "nFiyOHldD5pV",
            "FiyOHldD5pVk",
            "iyOHldD5",
            "yOHldD5p",
            "OHldD5pV",
            "HldD5pVk",
            "ldD5",
            "dD5p",
            "D5pV",
            "5pVk",
            "T9OHYMnaySYkJY05",
            "9OHYMnaySYkJY05n",
            "OHYMnaySYkJY05nT",
            "HYMnaySYkJY05nTu",
            "YMnaySYkJY05",
            "MnaySYkJY05n",
            "naySYkJY05nT",
            "aySYkJY05nTu",
            "ySYkJY05",
            "SYkJY05n",
            "YkJY05nT",
            "kJY05nTu",
            "JY05",
            "Y05n",
            "05nT",
            "5nTu",
            "Jb3e19n0IDVhGdJF",
            "b3e19n0IDVhGdJFP",
            "3e19n0IDVhGdJFPr",
            "e19n0IDVhGdJFPrM",
            "19n0IDVhGdJF",
            "9n0IDVhGdJFP",
            "n0IDVhGdJFPr",
            "0IDVhGdJFPrM",
            "IDVhGdJF",
            "DVhGdJFP",
            "VhGdJFPr",
            "hGdJFPrM",
            "GdJF",
            "dJFP",
            "JFPr",
            "FPrM",
            "tDKL4enANllmAtMd",
            "DKL4enANllmAtMd0",
            "KL4enANllmAtMd0V",
            "L4enANllmAtMd0VX",
            "4enANllmAtMd",
            "enANllmAtMd0",
            "nANllmAtMd0V",
            "ANllmAtMd0VX",
            "NllmAtMd",
            "llmAtMd0",
            "lmAtMd0V",
            "mAtMd0VX",
            "AtMd",
            "tMd0",
            "Md0V",
            "d0VX",
            "ov0tIjnOV1ClMWQ4",
            "v0tIjnOV1ClMWQ4B",
            "0tIjnOV1ClMWQ4Bl",
            "tIjnOV1ClMWQ4Bl4",
            "IjnOV1ClMWQ4",
            "jnOV1ClMWQ4B",
            "nOV1ClMWQ4Bl",
            "OV1ClMWQ4Bl4",
            "V1ClMWQ4",
            "1ClMWQ4B",
            "ClMWQ4Bl",
            "lMWQ4Bl4",
            "MWQ4",
            "WQ4B",
            "Q4Bl",
            "4Bl4",
            "ESH427noWTPxXXDq",
            "SH427noWTPxXXDqf",
            "H427noWTPxXXDqfG",
            "427noWTPxXXDqfGF",
            "27noWTPxXXDq",
            "7noWTPxXXDqf",
            "noWTPxXXDqfG",
            "oWTPxXXDqfGF",
            "WTPxXXDq",
            "TPxXXDqf",
            "PxXXDqfG",
            "xXXDqfGF",
            "XXDq",
            "XDqf",
            "DqfG",
            "qfGF",
            "y2k93xnjUjuUCBxY",
            "2k93xnjUjuUCBxYt",
            "k93xnjUjuUCBxYtn",
            "93xnjUjuUCBxYtnq",
            "3xnjUjuUCBxY",
            "xnjUjuUCBxYt",
            "njUjuUCBxYtn",
            "jUjuUCBxYtnq",
            "UjuUCBxY",
            "juUCBxYt",
            "uUCBxYtn",
            "UCBxYtnq",
            "CBxY",
            "BxYt",
            "xYtn",
            "Ytnq",
            "Enum",
            "hII3SMnbqMu9tUfG",
            "II3SMnbqMu9tUfGL",
            "I3SMnbqMu9tUfGLB",
            "3SMnbqMu9tUfGLB8",
            "SMnbqMu9tUfG",
            "MnbqMu9tUfGL",
            "nbqMu9tUfGLB",
            "bqMu9tUfGLB8",
            "qMu9tUfG",
            "Mu9tUfGL",
            "u9tUfGLB",
            "9tUfGLB8",
            "tUfG",
            "UfGL",
            "fGLB",
            "GLB8",
            "AyT5WCnQZ0uUPe6C",
            "yT5WCnQZ0uUPe6Cs",
            "T5WCnQZ0uUPe6Csp",
            "5WCnQZ0uUPe6CspV",
            "WCnQZ0uUPe6C",
            "CnQZ0uUPe6Cs",
            "nQZ0uUPe6Csp",
            "QZ0uUPe6CspV",
            "Z0uUPe6C",
            "0uUPe6Cs",
            "uUPe6Csp",
            "UPe6CspV",
            "Pe6C",
            "e6Cs",
            "6Csp",
            "CspV",
            "Crf22ZEG1SWCYGxb",
            "rf22ZEG1SWCYGxb5",
            "f22ZEG1SWCYGxb5h",
            "22ZEG1SWCYGxb5hg",
            "2ZEG1SWCYGxb",
            "ZEG1SWCYGxb5",
            "EG1SWCYGxb5h",
            "G1SWCYGxb5hg",
            "1SWCYGxb",
            "SWCYGxb5",
            "WCYGxb5h",
            "CYGxb5hg",
            "YGxb",
            "Gxb5",
            "xb5h",
            "b5hg",
            "aN2CxCElA79vSjFL",
            "N2CxCElA79vSjFL3",
            "2CxCElA79vSjFL3E",
            "CxCElA79vSjFL3ET",
            "xCElA79vSjFL",
            "CElA79vSjFL3",
            "ElA79vSjFL3E",
            "lA79vSjFL3ET",
            "A79vSjFL",
            "79vSjFL3",
            "9vSjFL3E",
            "vSjFL3ET",
            "SjFL",
            "jFL3",
            "FL3E",
            "L3ET",
            "bILQBvECiUe2MRnX",
            "ILQBvECiUe2MRnXd",
            "LQBvECiUe2MRnXdv",
            "QBvECiUe2MRnXdvC",
            "BvECiUe2MRnX",
            "vECiUe2MRnXd",
            "ECiUe2MRnXdv",
            "CiUe2MRnXdvC",
            "iUe2MRnX",
            "Ue2MRnXd",
            "e2MRnXdv",
            "2MRnXdvC",
            "MRnX",
            "RnXd",
            "nXdv",
            "XdvC",
            "eEYiepZEYQFERSI9",
            "EYiepZEYQFERSI9c",
            "YiepZEYQFERSI9cN",
            "iepZEYQFERSI9cNe",
            "epZEYQFERSI9",
            "pZEYQFERSI9c",
            "ZEYQFERSI9cN",
            "EYQFERSI9cNe",
            "YQFERSI9",
            "QFERSI9c",
            "FERSI9cN",
            "ERSI9cNe",
            "RSI9",
            "SI9c",
            "I9cN",
            "9cNe",
            "sqN7NaZ6AvxHnT9q",
            "qN7NaZ6AvxHnT9qC",
            "N7NaZ6AvxHnT9qCB",
            "7NaZ6AvxHnT9qCBr",
            "NaZ6AvxHnT9q",
            "aZ6AvxHnT9qC",
            "Z6AvxHnT9qCB",
            "6AvxHnT9qCBr",
            "AvxHnT9q",
            "vxHnT9qC",
            "xHnT9qCB",
            "HnT9qCBr",
            "nT9q",
            "T9qC",
            "9qCB",
            "qCBr",
            "nfFAF8ZGYCpLmKaA",
            "fFAF8ZGYCpLmKaAg",
            "FAF8ZGYCpLmKaAgg",
            "AF8ZGYCpLmKaAggM",
            "F8ZGYCpLmKaA",
            "8ZGYCpLmKaAg",
            "ZGYCpLmKaAgg",
            "GYCpLmKaAggM",
            "YCpLmKaA",
            "CpLmKaAg",
            "pLmKaAgg",
            "LmKaAggM",
            "mKaA",
            "KaAg",
            "aAgg",
            "AggM",
            "qcdTIIZ5PkcfxwSS",
            "cdTIIZ5PkcfxwSSg",
            "dTIIZ5PkcfxwSSgh",
            "TIIZ5PkcfxwSSghB",
            "IIZ5PkcfxwSS",
            "IZ5PkcfxwSSg",
            "Z5PkcfxwSSgh",
            "5PkcfxwSSghB",
            "PkcfxwSS",
            "kcfxwSSg",
            "cfxwSSgh",
            "fxwSSghB",
            "xwSS",
            "wSSg",
            "SSgh",
            "SghB",
            "m4ovJkZyiaePCH9S",
            "4ovJkZyiaePCH9Sa",
            "ovJkZyiaePCH9Sam",
            "vJkZyiaePCH9Samm",
            "JkZyiaePCH9S",
            "kZyiaePCH9Sa",
            "ZyiaePCH9Sam",
            "yiaePCH9Samm",
            "iaePCH9S",
            "aePCH9Sa",
            "ePCH9Sam",
            "PCH9Samm",
            "CH9S",
            "H9Sa",
            "9Sam",
            "Samm",
            "q4eR9bZppH8OXQ5m",
            "4eR9bZppH8OXQ5mm",
            "eR9bZppH8OXQ5mmy",
            "R9bZppH8OXQ5mmyJ",
            "9bZppH8OXQ5m",
            "bZppH8OXQ5mm",
            "ZppH8OXQ5mmy",
            "ppH8OXQ5mmyJ",
            "pH8OXQ5m",
            "H8OXQ5mm",
            "8OXQ5mmy",
            "OXQ5mmyJ",
            "XQ5m",
            "Q5mm",
            "5mmy",
            "mmyJ",
            "MLs45FZSTd2TiolY",
            "Ls45FZSTd2TiolYQ",
            "s45FZSTd2TiolYQe",
            "45FZSTd2TiolYQe0",
            "5FZSTd2TiolY",
            "FZSTd2TiolYQ",
            "ZSTd2TiolYQe",
            "STd2TiolYQe0",
            "Td2TiolY",
            "d2TiolYQ",
            "2TiolYQe",
            "TiolYQe0",
            "iolY",
            "olYQ",
            "lYQe",
            "YQe0",
            "AX1MdQZclsPF6Dle",
            "X1MdQZclsPF6Dlec",
            "1MdQZclsPF6DlecJ",
            "MdQZclsPF6DlecJ9",
            "dQZclsPF6Dle",
            "QZclsPF6Dlec",
            "ZclsPF6DlecJ",
            "clsPF6DlecJ9",
            "lsPF6Dle",
            "sPF6Dlec",
            "PF6DlecJ",
            "F6DlecJ9",
            "6Dle",
            "Dlec",
            "lecJ",
            "ecJ9",
            "PEKuIAZgrySKtMEn",
            "EKuIAZgrySKtMEn5",
            "KuIAZgrySKtMEn5G",
            "uIAZgrySKtMEn5G6",
            "IAZgrySKtMEn",
            "AZgrySKtMEn5",
            "ZgrySKtMEn5G",
            "grySKtMEn5G6",
            "rySKtMEn",
            "ySKtMEn5",
            "SKtMEn5G",
            "KtMEn5G6",
            "tMEn",
            "MEn5",
            "En5G",
            "n5G6",
            "Exceptio",
            "xception",
            "cept",
            "epti",
            "ptio",
            "G0PLweZFUarMcHkd",
            "0PLweZFUarMcHkd2",
            "PLweZFUarMcHkd2I",
            "LweZFUarMcHkd2Ij",
            "weZFUarMcHkd",
            "eZFUarMcHkd2",
            "ZFUarMcHkd2I",
            "FUarMcHkd2Ij",
            "UarMcHkd",
            "arMcHkd2",
            "rMcHkd2I",
            "McHkd2Ij",
            "cHkd",
            "Hkd2",
            "kd2I",
            "d2Ij",
            "UAP4vtZaVfLr8cXy",
            "AP4vtZaVfLr8cXyu",
            "P4vtZaVfLr8cXyuG",
            "4vtZaVfLr8cXyuGU",
            "vtZaVfLr8cXy",
            "tZaVfLr8cXyu",
            "ZaVfLr8cXyuG",
            "aVfLr8cXyuGU",
            "VfLr8cXy",
            "fLr8cXyu",
            "Lr8cXyuG",
            "r8cXyuGU",
            "8cXy",
            "cXyu",
            "XyuG",
            "yuGU",
            "mTYLjCZOmYjchmLt",
            "TYLjCZOmYjchmLtA",
            "YLjCZOmYjchmLtAm",
            "LjCZOmYjchmLtAmE",
            "jCZOmYjchmLt",
            "CZOmYjchmLtA",
            "ZOmYjchmLtAm",
            "OmYjchmLtAmE",
            "mYjchmLt",
            "YjchmLtA",
            "jchmLtAm",
            "chmLtAmE",
            "hmLt",
            "mLtA",
            "LtAm",
            "tAmE",
            "f9DRwnZouqJtBI4o",
            "9DRwnZouqJtBI4o3",
            "DRwnZouqJtBI4o3P",
            "RwnZouqJtBI4o3P3",
            "wnZouqJtBI4o",
            "nZouqJtBI4o3",
            "ZouqJtBI4o3P",
            "ouqJtBI4o3P3",
            "uqJtBI4o",
            "qJtBI4o3",
            "JtBI4o3P",
            "tBI4o3P3",
            "BI4o",
            "I4o3",
            "4o3P",
            "o3P3",
            "kkO1N0ZQrNkfq0Qv",
            "kO1N0ZQrNkfq0Qvn",
            "O1N0ZQrNkfq0Qvng",
            "1N0ZQrNkfq0Qvngq",
            "N0ZQrNkfq0Qv",
            "0ZQrNkfq0Qvn",
            "ZQrNkfq0Qvng",
            "QrNkfq0Qvngq",
            "rNkfq0Qv",
            "Nkfq0Qvn",
            "kfq0Qvng",
            "fq0Qvngq",
            "q0Qv",
            "0Qvn",
            "Qvng",
            "vngq",
            "edDYLYZdyGOpcxZ2",
            "dDYLYZdyGOpcxZ21",
            "DYLYZdyGOpcxZ21y",
            "YLYZdyGOpcxZ21y1",
            "LYZdyGOpcxZ2",
            "YZdyGOpcxZ21",
            "ZdyGOpcxZ21y",
            "dyGOpcxZ21y1",
            "yGOpcxZ2",
            "GOpcxZ21",
            "OpcxZ21y",
            "pcxZ21y1",
            "cxZ2",
            "xZ21",
            "Z21y",
            "21y1",
            "TSwuArZxMcJgGs7n",
            "SwuArZxMcJgGs7nO",
            "wuArZxMcJgGs7nO9",
            "uArZxMcJgGs7nO94",
            "ArZxMcJgGs7n",
            "rZxMcJgGs7nO",
            "ZxMcJgGs7nO9",
            "xMcJgGs7nO94",
            "McJgGs7n",
            "cJgGs7nO",
            "JgGs7nO9",
            "gGs7nO94",
            "Gs7n",
            "s7nO",
            "7nO9",
            "nO94",
            "vVGPKJ7HJILhLkXU",
            "VGPKJ7HJILhLkXU7",
            "GPKJ7HJILhLkXU7l",
            "PKJ7HJILhLkXU7lr",
            "KJ7HJILhLkXU",
            "J7HJILhLkXU7",
            "7HJILhLkXU7l",
            "HJILhLkXU7lr",
            "JILhLkXU",
            "ILhLkXU7",
            "LhLkXU7l",
            "hLkXU7lr",
            "LkXU",
            "kXU7",
            "XU7l",
            "U7lr",
            "PmgkF37Z800GqTma",
            "mgkF37Z800GqTmab",
            "gkF37Z800GqTmab7",
            "kF37Z800GqTmab72",
            "F37Z800GqTma",
            "37Z800GqTmab",
            "7Z800GqTmab7",
            "Z800GqTmab72",
            "800GqTma",
            "00GqTmab",
            "0GqTmab7",
            "GqTmab72",
            "qTma",
            "Tmab",
            "mab7",
            "ab72",
            "a43An57s4QboQnkD",
            "43An57s4QboQnkDl",
            "3An57s4QboQnkDlG",
            "An57s4QboQnkDlGU",
            "n57s4QboQnkD",
            "57s4QboQnkDl",
            "7s4QboQnkDlG",
            "s4QboQnkDlGU",
            "4QboQnkD",
            "QboQnkDl",
            "boQnkDlG",
            "oQnkDlGU",
            "QnkD",
            "nkDl",
            "kDlG",
            "DlGU",
            "KCmIX67URdY8wTxH",
            "CmIX67URdY8wTxHc",
            "mIX67URdY8wTxHcR",
            "IX67URdY8wTxHcRk",
            "X67URdY8wTxH",
            "67URdY8wTxHc",
            "7URdY8wTxHcR",
            "URdY8wTxHcRk",
            "RdY8wTxH",
            "dY8wTxHc",
            "Y8wTxHcR",
            "8wTxHcRk",
            "wTxH",
            "TxHc",
            "xHcR",
            "HcRk",
            "jHMZUB7PSB8BFaPt",
            "HMZUB7PSB8BFaPtM",
            "MZUB7PSB8BFaPtMW",
            "ZUB7PSB8BFaPtMWe",
            "UB7PSB8BFaPt",
            "B7PSB8BFaPtM",
            "7PSB8BFaPtMW",
            "PSB8BFaPtMWe",
            "SB8BFaPt",
            "B8BFaPtM",
            "8BFaPtMW",
            "BFaPtMWe",
            "FaPt",
            "aPtM",
            "PtMW",
            "tMWe",
            "ts1IdQ75ae4NyEyi",
            "s1IdQ75ae4NyEyii",
            "1IdQ75ae4NyEyiit",
            "IdQ75ae4NyEyiite",
            "dQ75ae4NyEyi",
            "Q75ae4NyEyii",
            "75ae4NyEyiit",
            "5ae4NyEyiite",
            "ae4NyEyi",
            "e4NyEyii",
            "4NyEyiit",
            "NyEyiite",
            "yEyi",
            "Eyii",
            "yiit",
            "iite",
            "n0VnKI71Hj1Hfvpe",
            "0VnKI71Hj1Hfvpe7",
            "VnKI71Hj1Hfvpe72",
            "nKI71Hj1Hfvpe72r",
            "KI71Hj1Hfvpe",
            "I71Hj1Hfvpe7",
            "71Hj1Hfvpe72",
            "1Hj1Hfvpe72r",
            "Hj1Hfvpe",
            "j1Hfvpe7",
            "1Hfvpe72",
            "Hfvpe72r",
            "fvpe",
            "vpe7",
            "pe72",
            "e72r",
            "zefdOA7k6NVlTE0X",
            "efdOA7k6NVlTE0XM",
            "fdOA7k6NVlTE0XMr",
            "dOA7k6NVlTE0XMr4",
            "OA7k6NVlTE0X",
            "A7k6NVlTE0XM",
            "7k6NVlTE0XMr",
            "k6NVlTE0XMr4",
            "6NVlTE0X",
            "NVlTE0XM",
            "VlTE0XMr",
            "lTE0XMr4",
            "TE0X",
            "E0XM",
            "0XMr",
            "XMr4",
            "DwheO273r7o3I1Dr",
            "wheO273r7o3I1Drm",
            "heO273r7o3I1Drmn",
            "eO273r7o3I1Drmny",
            "O273r7o3I1Dr",
            "273r7o3I1Drm",
            "73r7o3I1Drmn",
            "3r7o3I1Drmny",
            "r7o3I1Dr",
            "7o3I1Drm",
            "o3I1Drmn",
            "3I1Drmny",
            "I1Dr",
            "1Drm",
            "Drmn",
            "rmny",
            "oRqAkK7ypJcSrOOS",
            "RqAkK7ypJcSrOOSr",
            "qAkK7ypJcSrOOSrX",
            "AkK7ypJcSrOOSrXq",
            "kK7ypJcSrOOS",
            "K7ypJcSrOOSr",
            "7ypJcSrOOSrX",
            "ypJcSrOOSrXq",
            "pJcSrOOS",
            "JcSrOOSr",
            "cSrOOSrX",
            "SrOOSrXq",
            "rOOS",
            "OOSr",
            "OSrX",
            "SrXq",
            "gtOrT97pB7YK24CQ",
            "tOrT97pB7YK24CQD",
            "OrT97pB7YK24CQDX",
            "rT97pB7YK24CQDXF",
            "T97pB7YK24CQ",
            "97pB7YK24CQD",
            "7pB7YK24CQDX",
            "pB7YK24CQDXF",
            "B7YK24CQ",
            "7YK24CQD",
            "YK24CQDX",
            "K24CQDXF",
            "24CQ",
            "4CQD",
            "CQDX",
            "QDXF",
            "YagRTL7Jna4qy3bW",
            "agRTL7Jna4qy3bWE",
            "gRTL7Jna4qy3bWEr",
            "RTL7Jna4qy3bWErY",
            "TL7Jna4qy3bW",
            "L7Jna4qy3bWE",
            "7Jna4qy3bWEr",
            "Jna4qy3bWErY",
            "na4qy3bW",
            "a4qy3bWE",
            "4qy3bWEr",
            "qy3bWErY",
            "y3bW",
            "3bWE",
            "bWEr",
            "WErY",
            "Mt1Veh78BubfcaBL",
            "t1Veh78BubfcaBLG",
            "1Veh78BubfcaBLG1",
            "Veh78BubfcaBLG1Y",
            "eh78BubfcaBL",
            "h78BubfcaBLG",
            "78BubfcaBLG1",
            "8BubfcaBLG1Y",
            "BubfcaBL",
            "ubfcaBLG",
            "bfcaBLG1",
            "fcaBLG1Y",
            "caBL",
            "aBLG",
            "BLG1",
            "LG1Y",
            "BgTr2I7SqG3SuYLi",
            "gTr2I7SqG3SuYLii",
            "Tr2I7SqG3SuYLiir",
            "r2I7SqG3SuYLiiru",
            "2I7SqG3SuYLi",
            "I7SqG3SuYLii",
            "7SqG3SuYLiir",
            "SqG3SuYLiiru",
            "qG3SuYLi",
            "G3SuYLii",
            "3SuYLiir",
            "SuYLiiru",
            "uYLi",
            "YLii",
            "Liir",
            "iiru",
            "L20T6L6IcLaXIrAN",
            "20T6L6IcLaXIrANR",
            "0T6L6IcLaXIrANR3",
            "T6L6IcLaXIrANR3F",
            "6L6IcLaXIrAN",
            "L6IcLaXIrANR",
            "6IcLaXIrANR3",
            "IcLaXIrANR3F",
            "cLaXIrAN",
            "LaXIrANR",
            "aXIrANR3",
            "XIrANR3F",
            "IrAN",
            "rANR",
            "ANR3",
            "NR3F",
            "FwrX5yPtqhsabjCg",
            "wrX5yPtqhsabjCgR",
            "rX5yPtqhsabjCgRn",
            "X5yPtqhsabjCgRnP",
            "5yPtqhsabjCg",
            "yPtqhsabjCgR",
            "PtqhsabjCgRn",
            "tqhsabjCgRnP",
            "qhsabjCg",
            "hsabjCgR",
            "sabjCgRn",
            "abjCgRnP",
            "bjCg",
            "jCgR",
            "CgRn",
            "gRnP",
            "srf2836LgQlWsOlt",
            "rf2836LgQlWsOltO",
            "f2836LgQlWsOltOh",
            "2836LgQlWsOltOhD",
            "836LgQlWsOlt",
            "36LgQlWsOltO",
            "6LgQlWsOltOh",
            "LgQlWsOltOhD",
            "gQlWsOlt",
            "QlWsOltO",
            "lWsOltOh",
            "WsOltOhD",
            "sOlt",
            "OltO",
            "ltOh",
            "tOhD",
            "Hi8dEi6RnPKsS0aa",
            "i8dEi6RnPKsS0aaO",
            "8dEi6RnPKsS0aaOc",
            "dEi6RnPKsS0aaOc1",
            "Ei6RnPKsS0aa",
            "i6RnPKsS0aaO",
            "6RnPKsS0aaOc",
            "RnPKsS0aaOc1",
            "nPKsS0aa",
            "PKsS0aaO",
            "KsS0aaOc",
            "sS0aaOc1",
            "S0aa",
            "0aaO",
            "aaOc",
            "aOc1",
            "mV5sgs6fOJQtReSu",
            "V5sgs6fOJQtReSuV",
            "5sgs6fOJQtReSuV6",
            "sgs6fOJQtReSuV6I",
            "gs6fOJQtReSu",
            "s6fOJQtReSuV",
            "6fOJQtReSuV6",
            "fOJQtReSuV6I",
            "OJQtReSu",
            "JQtReSuV",
            "QtReSuV6",
            "tReSuV6I",
            "ReSu",
            "eSuV",
            "SuV6",
            "uV6I",
            "heNJpU6uwphP8kwI",
            "eNJpU6uwphP8kwIS",
            "NJpU6uwphP8kwISl",
            "JpU6uwphP8kwISlf",
            "pU6uwphP8kwI",
            "U6uwphP8kwIS",
            "6uwphP8kwISl",
            "uwphP8kwISlf",
            "wphP8kwI",
            "phP8kwIS",
            "hP8kwISl",
            "P8kwISlf",
            "8kwI",
            "kwIS",
            "wISl",
            "ISlf",
            "KnO4xW6yxlPT8Abt",
            "nO4xW6yxlPT8Abto",
            "O4xW6yxlPT8AbtoA",
            "4xW6yxlPT8AbtoAJ",
            "xW6yxlPT8Abt",
            "W6yxlPT8Abto",
            "6yxlPT8AbtoA",
            "yxlPT8AbtoAJ",
            "xlPT8Abt",
            "lPT8Abto",
            "PT8AbtoA",
            "T8AbtoAJ",
            "8Abt",
            "Abto",
            "toAJ",
            "bgb85G6Jhf589wyb",
            "gb85G6Jhf589wybm",
            "b85G6Jhf589wybml",
            "85G6Jhf589wybmlZ",
            "5G6Jhf589wyb",
            "G6Jhf589wybm",
            "6Jhf589wybml",
            "Jhf589wybmlZ",
            "hf589wyb",
            "f589wybm",
            "589wybml",
            "89wybmlZ",
            "9wyb",
            "wybm",
            "ybml",
            "bmlZ",
            "L1sarQ6c4x9u6QhD",
            "1sarQ6c4x9u6QhDS",
            "sarQ6c4x9u6QhDS5",
            "arQ6c4x9u6QhDS59",
            "rQ6c4x9u6QhD",
            "Q6c4x9u6QhDS",
            "6c4x9u6QhDS5",
            "c4x9u6QhDS59",
            "4x9u6QhD",
            "x9u6QhDS",
            "9u6QhDS5",
            "u6QhDS59",
            "6QhD",
            "QhDS",
            "hDS5",
            "DS59",
            "YfvXSQ6FAg8ViQL9",
            "fvXSQ6FAg8ViQL9M",
            "vXSQ6FAg8ViQL9M2",
            "XSQ6FAg8ViQL9M29",
            "SQ6FAg8ViQL9",
            "Q6FAg8ViQL9M",
            "6FAg8ViQL9M2",
            "FAg8ViQL9M29",
            "Ag8ViQL9",
            "g8ViQL9M",
            "8ViQL9M2",
            "ViQL9M29",
            "iQL9",
            "QL9M",
            "L9M2",
            "9M29",
            "CsWkun6A9Is4RyqD",
            "sWkun6A9Is4RyqD9",
            "Wkun6A9Is4RyqD9v",
            "kun6A9Is4RyqD9vJ",
            "un6A9Is4RyqD",
            "n6A9Is4RyqD9",
            "6A9Is4RyqD9v",
            "A9Is4RyqD9vJ",
            "9Is4RyqD",
            "Is4RyqD9",
            "s4RyqD9v",
            "4RyqD9vJ",
            "RyqD",
            "yqD9",
            "qD9v",
            "D9vJ",
            "S5CS3I6iRaAlKeCb",
            "5CS3I6iRaAlKeCbf",
            "CS3I6iRaAlKeCbfk",
            "S3I6iRaAlKeCbfkZ",
            "3I6iRaAlKeCb",
            "I6iRaAlKeCbf",
            "6iRaAlKeCbfk",
            "iRaAlKeCbfkZ",
            "RaAlKeCb",
            "aAlKeCbf",
            "AlKeCbfk",
            "lKeCbfkZ",
            "KeCb",
            "eCbf",
            "Cbfk",
            "bfkZ",
            "wm5qBthe7PWiyp6Q",
            "m5qBthe7PWiyp6Qw",
            "5qBthe7PWiyp6QwX",
            "qBthe7PWiyp6QwXj",
            "Bthe7PWiyp6Q",
            "the7PWiyp6Qw",
            "he7PWiyp6QwX",
            "e7PWiyp6QwXj",
            "7PWiyp6Q",
            "PWiyp6Qw",
            "Wiyp6QwX",
            "iyp6QwXj",
            "yp6Q",
            "p6Qw",
            "6QwX",
            "QwXj",
            "O1q2liP6LGPIEYif",
            "1q2liP6LGPIEYifL",
            "q2liP6LGPIEYifLA",
            "2liP6LGPIEYifLAe",
            "liP6LGPIEYif",
            "iP6LGPIEYifL",
            "P6LGPIEYifLA",
            "6LGPIEYifLAe",
            "LGPIEYif",
            "GPIEYifL",
            "PIEYifLA",
            "IEYifLAe",
            "EYif",
            "YifL",
            "ifLA",
            "fLAe",
            "PrivateImplementationDetails",
            "rivateImplementationDeta",
            "ivateImplementationDetai",
            "vateImplementationDetail",
            "ateImplementationDetails",
            "teImplementationDeta",
            "eImplementationDetai",
            "ImplementationDetail",
            "mplementationDetails",
            "plementationDeta",
            "lementationDetai",
            "ementationDetail",
            "mentationDetails",
            "entationDeta",
            "ntationDetai",
            "tationDetail",
            "ationDetails",
            "tionDeta",
            "ionDetai",
            "onDetail",
            "nDetails",
            "Deta",
            "etai",
            "tail",
            "ails",
            "987D5E06",
            "87D5",
            "7D5E",
            "D5E0",
            "5E06",
            "59D6",
            "4C51",
            "9ADF",
            "C3C0AE4FC498",
            "3C0AE4FC",
            "C0AE4FC4",
            "0AE4FC49",
            "AE4FC498",
            "E4FC",
            "4FC4",
            "FC49",
            "C498",
            "StaticArrayInitTypeSize=",
            "taticArrayInitTypeSi",
            "aticArrayInitTypeSiz",
            "ticArrayInitTypeSize",
            "icArrayInitTypeSize=",
            "cArrayInitTypeSi",
            "ArrayInitTypeSiz",
            "rrayInitTypeSize",
            "rayInitTypeSize=",
            "ayInitTypeSi",
            "yInitTypeSiz",
            "InitTypeSize",
            "nitTypeSize=",
            "itTypeSi",
            "tTypeSiz",
            "TypeSize",
            "ypeSize=",
            "peSi",
            "eSiz",
            "Size",
            "ize=",
            "b8bddd2a",
            "8bdd",
            "bddd",
            "ddd2",
            "dd2a",
            "a952",
            "4523",
            "8049",
            "3c5b3829d6dc",
            "c5b3829d",
            "5b3829d6",
            "b3829d6d",
            "3829d6dc",
            "829d",
            "29d6",
            "9d6d",
            "d6dc",
            "omOQJrKemiAP7Z2x",
            "mOQJrKemiAP7Z2xy",
            "OQJrKemiAP7Z2xyM",
            "QJrKemiAP7Z2xyMT",
            "JrKemiAP7Z2x",
            "rKemiAP7Z2xy",
            "KemiAP7Z2xyM",
            "emiAP7Z2xyMT",
            "miAP7Z2x",
            "iAP7Z2xy",
            "AP7Z2xyM",
            "P7Z2xyMT",
            "7Z2x",
            "Z2xy",
            "2xyM",
            "xyMT",
            "z2G8uZKG117QRUpG",
            "2G8uZKG117QRUpGh",
            "G8uZKG117QRUpGhT",
            "8uZKG117QRUpGhTC",
            "uZKG117QRUpG",
            "ZKG117QRUpGh",
            "KG117QRUpGhT",
            "G117QRUpGhTC",
            "117QRUpG",
            "17QRUpGh",
            "7QRUpGhT",
            "QRUpGhTC",
            "RUpG",
            "UpGh",
            "pGhT",
            "GhTC",
            "SKJNgtKIXnVETvnX",
            "KJNgtKIXnVETvnXa",
            "JNgtKIXnVETvnXa6",
            "NgtKIXnVETvnXa68",
            "gtKIXnVETvnX",
            "tKIXnVETvnXa",
            "KIXnVETvnXa6",
            "IXnVETvnXa68",
            "XnVETvnX",
            "nVETvnXa",
            "VETvnXa6",
            "ETvnXa68",
            "TvnX",
            "vnXa",
            "nXa6",
            "Xa68",
            "EdSpWlKRhBJMWAXP",
            "dSpWlKRhBJMWAXPe",
            "SpWlKRhBJMWAXPeu",
            "pWlKRhBJMWAXPeuC",
            "WlKRhBJMWAXP",
            "lKRhBJMWAXPe",
            "KRhBJMWAXPeu",
            "RhBJMWAXPeuC",
            "hBJMWAXP",
            "BJMWAXPe",
            "JMWAXPeu",
            "MWAXPeuC",
            "WAXP",
            "AXPe",
            "XPeu",
            "PeuC",
            "xvAQZ9K5ArSQPRjf",
            "vAQZ9K5ArSQPRjfS",
            "AQZ9K5ArSQPRjfSC",
            "QZ9K5ArSQPRjfSCC",
            "Z9K5ArSQPRjf",
            "9K5ArSQPRjfS",
            "K5ArSQPRjfSC",
            "5ArSQPRjfSCC",
            "ArSQPRjf",
            "rSQPRjfS",
            "SQPRjfSC",
            "QPRjfSCC",
            "PRjf",
            "RjfS",
            "jfSC",
            "fSCC",
            "KsRkatKmW4f39LXK",
            "sRkatKmW4f39LXKC",
            "RkatKmW4f39LXKCr",
            "katKmW4f39LXKCr4",
            "atKmW4f39LXK",
            "tKmW4f39LXKC",
            "KmW4f39LXKCr",
            "mW4f39LXKCr4",
            "W4f39LXK",
            "4f39LXKC",
            "f39LXKCr",
            "39LXKCr4",
            "9LXK",
            "LXKC",
            "XKCr",
            "KCr4",
            "EYZVM3K4Ltpo7YmH",
            "YZVM3K4Ltpo7YmHY",
            "ZVM3K4Ltpo7YmHYm",
            "VM3K4Ltpo7YmHYmg",
            "M3K4Ltpo7YmH",
            "3K4Ltpo7YmHY",
            "K4Ltpo7YmHYm",
            "4Ltpo7YmHYmg",
            "Ltpo7YmH",
            "tpo7YmHY",
            "po7YmHYm",
            "o7YmHYmg",
            "7YmH",
            "YmHY",
            "mHYm",
            "HYmg",
            "aaLtLCK1KPASf3CM",
            "aLtLCK1KPASf3CME",
            "LtLCK1KPASf3CMEX",
            "tLCK1KPASf3CMEXv",
            "LCK1KPASf3CM",
            "CK1KPASf3CME",
            "K1KPASf3CMEX",
            "1KPASf3CMEXv",
            "KPASf3CM",
            "PASf3CME",
            "ASf3CMEX",
            "Sf3CMEXv",
            "f3CM",
            "3CME",
            "CMEX",
            "MEXv",
            "fZWrWaKqtwaBqdVF",
            "ZWrWaKqtwaBqdVF0",
            "WrWaKqtwaBqdVF0b",
            "rWaKqtwaBqdVF0b4",
            "WaKqtwaBqdVF",
            "aKqtwaBqdVF0",
            "KqtwaBqdVF0b",
            "qtwaBqdVF0b4",
            "twaBqdVF",
            "waBqdVF0",
            "aBqdVF0b",
            "BqdVF0b4",
            "qdVF",
            "dVF0",
            "VF0b",
            "F0b4",
            "jQYWXQKYAPerw4Wf",
            "QYWXQKYAPerw4Wfd",
            "YWXQKYAPerw4WfdC",
            "WXQKYAPerw4WfdCs",
            "XQKYAPerw4Wf",
            "QKYAPerw4Wfd",
            "KYAPerw4WfdC",
            "YAPerw4WfdCs",
            "APerw4Wf",
            "Perw4Wfd",
            "erw4WfdC",
            "rw4WfdCs",
            "w4Wf",
            "4Wfd",
            "WfdC",
            "fdCs",
            "A4HaU4Kut45feEMP",
            "4HaU4Kut45feEMPE",
            "HaU4Kut45feEMPEx",
            "aU4Kut45feEMPExx",
            "U4Kut45feEMP",
            "4Kut45feEMPE",
            "Kut45feEMPEx",
            "ut45feEMPExx",
            "t45feEMP",
            "45feEMPE",
            "5feEMPEx",
            "feEMPExx",
            "eEMP",
            "EMPE",
            "MPEx",
            "PExx",
            "neoWA0K3k6wIGyMd",
            "eoWA0K3k6wIGyMdX",
            "oWA0K3k6wIGyMdXf",
            "WA0K3k6wIGyMdXfa",
            "A0K3k6wIGyMd",
            "0K3k6wIGyMdX",
            "K3k6wIGyMdXf",
            "3k6wIGyMdXfa",
            "k6wIGyMd",
            "6wIGyMdX",
            "wIGyMdXf",
            "IGyMdXfa",
            "GyMd",
            "yMdX",
            "MdXf",
            "dXfa",
            "sgvsLfKpUSFAHYp6",
            "gvsLfKpUSFAHYp6q",
            "vsLfKpUSFAHYp6q8",
            "sLfKpUSFAHYp6q8Z",
            "LfKpUSFAHYp6",
            "fKpUSFAHYp6q",
            "KpUSFAHYp6q8",
            "pUSFAHYp6q8Z",
            "USFAHYp6",
            "SFAHYp6q",
            "FAHYp6q8",
            "AHYp6q8Z",
            "HYp6",
            "Yp6q",
            "p6q8",
            "6q8Z",
            "mAJGWwK8TArvLw8P",
            "AJGWwK8TArvLw8P4",
            "JGWwK8TArvLw8P4q",
            "GWwK8TArvLw8P4qN",
            "WwK8TArvLw8P",
            "wK8TArvLw8P4",
            "K8TArvLw8P4q",
            "8TArvLw8P4qN",
            "TArvLw8P",
            "ArvLw8P4",
            "rvLw8P4q",
            "vLw8P4qN",
            "Lw8P",
            "w8P4",
            "8P4q",
            "P4qN",
            "hYMKsIKc9TVB7OhC",
            "YMKsIKc9TVB7OhCB",
            "MKsIKc9TVB7OhCBm",
            "KsIKc9TVB7OhCBmh",
            "sIKc9TVB7OhC",
            "IKc9TVB7OhCB",
            "Kc9TVB7OhCBm",
            "c9TVB7OhCBmh",
            "9TVB7OhC",
            "TVB7OhCB",
            "VB7OhCBm",
            "B7OhCBmh",
            "7OhC",
            "OhCB",
            "hCBm",
            "CBmh",
            "V8mIk0KF0B35LNuS",
            "8mIk0KF0B35LNuSY",
            "mIk0KF0B35LNuSY1",
            "Ik0KF0B35LNuSY1K",
            "k0KF0B35LNuS",
            "0KF0B35LNuSY",
            "KF0B35LNuSY1",
            "F0B35LNuSY1K",
            "0B35LNuS",
            "B35LNuSY",
            "35LNuSY1",
            "5LNuSY1K",
            "LNuS",
            "NuSY",
            "uSY1",
            "SY1K",
            "cHawEkK0OATIEU27",
            "HawEkK0OATIEU27s",
            "awEkK0OATIEU27so",
            "wEkK0OATIEU27soM",
            "EkK0OATIEU27",
            "kK0OATIEU27s",
            "K0OATIEU27so",
            "0OATIEU27soM",
            "OATIEU27",
            "ATIEU27s",
            "TIEU27so",
            "IEU27soM",
            "EU27",
            "U27s",
            "27so",
            "7soM",
            "O5YJGXKOrMUjJNfi",
            "5YJGXKOrMUjJNfi7",
            "YJGXKOrMUjJNfi7U",
            "JGXKOrMUjJNfi7UN",
            "GXKOrMUjJNfi",
            "XKOrMUjJNfi7",
            "KOrMUjJNfi7U",
            "OrMUjJNfi7UN",
            "rMUjJNfi",
            "MUjJNfi7",
            "UjJNfi7U",
            "jJNfi7UN",
            "JNfi",
            "Nfi7",
            "fi7U",
            "i7UN",
            "AEjd30Kj4CsNeWXv",
            "Ejd30Kj4CsNeWXvG",
            "jd30Kj4CsNeWXvGO",
            "d30Kj4CsNeWXvGOU",
            "30Kj4CsNeWXv",
            "0Kj4CsNeWXvG",
            "Kj4CsNeWXvGO",
            "j4CsNeWXvGOU",
            "4CsNeWXv",
            "CsNeWXvG",
            "sNeWXvGO",
            "NeWXvGOU",
            "eWXv",
            "WXvG",
            "XvGO",
            "vGOU",
            "w8QP5wKQRuXLC69a",
            "8QP5wKQRuXLC69ap",
            "QP5wKQRuXLC69apo",
            "P5wKQRuXLC69apo5",
            "5wKQRuXLC69a",
            "wKQRuXLC69ap",
            "KQRuXLC69apo",
            "QRuXLC69apo5",
            "RuXLC69a",
            "uXLC69ap",
            "XLC69apo",
            "LC69apo5",
            "C69a",
            "69ap",
            "9apo",
            "apo5",
            "lj7eyIKt3ZTs1Vmj",
            "j7eyIKt3ZTs1VmjD",
            "7eyIKt3ZTs1VmjDw",
            "eyIKt3ZTs1VmjDww",
            "yIKt3ZTs1Vmj",
            "IKt3ZTs1VmjD",
            "Kt3ZTs1VmjDw",
            "t3ZTs1VmjDww",
            "3ZTs1Vmj",
            "ZTs1VmjD",
            "Ts1VmjDw",
            "s1VmjDww",
            "1Vmj",
            "VmjD",
            "mjDw",
            "jDww",
            "MUoWTRKCaqM1BJ33",
            "UoWTRKCaqM1BJ334",
            "oWTRKCaqM1BJ334q",
            "WTRKCaqM1BJ334qD",
            "TRKCaqM1BJ33",
            "RKCaqM1BJ334",
            "KCaqM1BJ334q",
            "CaqM1BJ334qD",
            "aqM1BJ33",
            "qM1BJ334",
            "M1BJ334q",
            "1BJ334qD",
            "BJ33",
            "J334",
            "334q",
            "34qD",
            "yK06gIKxRqHBFoeE",
            "K06gIKxRqHBFoeEr",
            "06gIKxRqHBFoeErj",
            "6gIKxRqHBFoeErjs",
            "gIKxRqHBFoeE",
            "IKxRqHBFoeEr",
            "KxRqHBFoeErj",
            "xRqHBFoeErjs",
            "RqHBFoeE",
            "qHBFoeEr",
            "HBFoeErj",
            "BFoeErjs",
            "FoeE",
            "oeEr",
            "eErj",
            "Erjs",
            "olaA1xUVZAC5WHf2",
            "laA1xUVZAC5WHf2a",
            "aA1xUVZAC5WHf2a1",
            "A1xUVZAC5WHf2a1g",
            "1xUVZAC5WHf2",
            "xUVZAC5WHf2a",
            "UVZAC5WHf2a1",
            "VZAC5WHf2a1g",
            "ZAC5WHf2",
            "AC5WHf2a",
            "C5WHf2a1",
            "5WHf2a1g",
            "WHf2",
            "Hf2a",
            "f2a1",
            "2a1g",
            "Euex6WUnqFCfZEDV",
            "uex6WUnqFCfZEDVk",
            "ex6WUnqFCfZEDVkR",
            "x6WUnqFCfZEDVkRp",
            "6WUnqFCfZEDV",
            "WUnqFCfZEDVk",
            "UnqFCfZEDVkR",
            "nqFCfZEDVkRp",
            "qFCfZEDV",
            "FCfZEDVk",
            "CfZEDVkR",
            "fZEDVkRp",
            "ZEDV",
            "EDVk",
            "DVkR",
            "VkRp",
            "ox12UJUZM3aWAF2t",
            "x12UJUZM3aWAF2tF",
            "12UJUZM3aWAF2tFW",
            "2UJUZM3aWAF2tFW7",
            "UJUZM3aWAF2t",
            "JUZM3aWAF2tF",
            "UZM3aWAF2tFW",
            "ZM3aWAF2tFW7",
            "M3aWAF2t",
            "3aWAF2tF",
            "aWAF2tFW",
            "WAF2tFW7",
            "AF2t",
            "F2tF",
            "2tFW",
            "tFW7",
            "M0AU4uUWNxhN671d",
            "0AU4uUWNxhN671dm",
            "AU4uUWNxhN671dmj",
            "U4uUWNxhN671dmjH",
            "4uUWNxhN671d",
            "uUWNxhN671dm",
            "UWNxhN671dmj",
            "WNxhN671dmjH",
            "NxhN671d",
            "xhN671dm",
            "hN671dmj",
            "N671dmjH",
            "671d",
            "71dm",
            "1dmj",
            "dmjH",
            "cinM6yUs7DXpxV2u",
            "inM6yUs7DXpxV2uw",
            "nM6yUs7DXpxV2uwy",
            "M6yUs7DXpxV2uwyl",
            "6yUs7DXpxV2u",
            "yUs7DXpxV2uw",
            "Us7DXpxV2uwy",
            "s7DXpxV2uwyl",
            "7DXpxV2u",
            "DXpxV2uw",
            "XpxV2uwy",
            "pxV2uwyl",
            "xV2u",
            "V2uw",
            "2uwy",
            "uwyl",
            "WJ88isUhykuSdAqr",
            "J88isUhykuSdAqrK",
            "88isUhykuSdAqrKQ",
            "8isUhykuSdAqrKQM",
            "isUhykuSdAqr",
            "sUhykuSdAqrK",
            "UhykuSdAqrKQ",
            "hykuSdAqrKQM",
            "ykuSdAqr",
            "kuSdAqrK",
            "uSdAqrKQ",
            "SdAqrKQM",
            "dAqr",
            "AqrK",
            "qrKQ",
            "rKQM",
            "CdZpBvUKmPxZsqJr",
            "dZpBvUKmPxZsqJrr",
            "ZpBvUKmPxZsqJrra",
            "pBvUKmPxZsqJrraj",
            "BvUKmPxZsqJr",
            "vUKmPxZsqJrr",
            "UKmPxZsqJrra",
            "KmPxZsqJrraj",
            "mPxZsqJr",
            "PxZsqJrr",
            "xZsqJrra",
            "ZsqJrraj",
            "sqJr",
            "qJrr",
            "Jrra",
            "rraj",
            "Cv5RkZUrIhrNK9QI",
            "v5RkZUrIhrNK9QIP",
            "5RkZUrIhrNK9QIPr",
            "RkZUrIhrNK9QIPrw",
            "kZUrIhrNK9QI",
            "ZUrIhrNK9QIP",
            "UrIhrNK9QIPr",
            "rIhrNK9QIPrw",
            "IhrNK9QI",
            "hrNK9QIP",
            "rNK9QIPr",
            "NK9QIPrw",
            "K9QI",
            "9QIP",
            "QIPr",
            "IPrw",
            "O32pEpUetR7rZqcT",
            "32pEpUetR7rZqcTS",
            "2pEpUetR7rZqcTSu",
            "pEpUetR7rZqcTSuh",
            "EpUetR7rZqcT",
            "pUetR7rZqcTS",
            "UetR7rZqcTSu",
            "etR7rZqcTSuh",
            "tR7rZqcT",
            "R7rZqcTS",
            "7rZqcTSu",
            "rZqcTSuh",
            "ZqcT",
            "qcTS",
            "cTSu",
            "TSuh",
            "IaVBMLUGU3u26AYm",
            "aVBMLUGU3u26AYmp",
            "VBMLUGU3u26AYmpG",
            "BMLUGU3u26AYmpG8",
            "MLUGU3u26AYm",
            "LUGU3u26AYmp",
            "UGU3u26AYmpG",
            "GU3u26AYmpG8",
            "U3u26AYm",
            "3u26AYmp",
            "u26AYmpG",
            "26AYmpG8",
            "6AYm",
            "AYmp",
            "YmpG",
            "mpG8",
            "qFBhwiUIpY2WrSKd",
            "FBhwiUIpY2WrSKd1",
            "BhwiUIpY2WrSKd1o",
            "hwiUIpY2WrSKd1o7",
            "wiUIpY2WrSKd",
            "iUIpY2WrSKd1",
            "UIpY2WrSKd1o",
            "IpY2WrSKd1o7",
            "pY2WrSKd",
            "Y2WrSKd1",
            "2WrSKd1o",
            "WrSKd1o7",
            "rSKd",
            "SKd1",
            "Kd1o",
            "d1o7",
            "fn0QUuURGMUER1pe",
            "n0QUuURGMUER1peM",
            "0QUuURGMUER1peMo",
            "QUuURGMUER1peMoI",
            "UuURGMUER1pe",
            "uURGMUER1peM",
            "URGMUER1peMo",
            "RGMUER1peMoI",
            "GMUER1pe",
            "MUER1peM",
            "UER1peMo",
            "ER1peMoI",
            "R1pe",
            "1peM",
            "peMo",
            "eMoI",
            "AOeQetU5paa7atWr",
            "OeQetU5paa7atWrL",
            "eQetU5paa7atWrL1",
            "QetU5paa7atWrL1J",
            "etU5paa7atWr",
            "tU5paa7atWrL",
            "U5paa7atWrL1",
            "5paa7atWrL1J",
            "paa7atWr",
            "aa7atWrL",
            "a7atWrL1",
            "7atWrL1J",
            "atWr",
            "tWrL",
            "WrL1",
            "rL1J",
            "P0YsgYUm6k73rZ2g",
            "0YsgYUm6k73rZ2gk",
            "YsgYUm6k73rZ2gkO",
            "sgYUm6k73rZ2gkOp",
            "gYUm6k73rZ2g",
            "YUm6k73rZ2gk",
            "Um6k73rZ2gkO",
            "m6k73rZ2gkOp",
            "6k73rZ2g",
            "k73rZ2gk",
            "73rZ2gkO",
            "3rZ2gkOp",
            "rZ2g",
            "Z2gk",
            "2gkO",
            "gkOp",
            "neRr2IU43cQl3tIv",
            "eRr2IU43cQl3tIvw",
            "Rr2IU43cQl3tIvw3",
            "r2IU43cQl3tIvw32",
            "2IU43cQl3tIv",
            "IU43cQl3tIvw",
            "U43cQl3tIvw3",
            "43cQl3tIvw32",
            "3cQl3tIv",
            "cQl3tIvw",
            "Ql3tIvw3",
            "l3tIvw32",
            "3tIv",
            "tIvw",
            "Ivw3",
            "vw32",
            "mxyOjyU1eVaBCOKr",
            "xyOjyU1eVaBCOKrs",
            "yOjyU1eVaBCOKrsE",
            "OjyU1eVaBCOKrsEc",
            "jyU1eVaBCOKr",
            "yU1eVaBCOKrs",
            "U1eVaBCOKrsE",
            "1eVaBCOKrsEc",
            "eVaBCOKr",
            "VaBCOKrs",
            "aBCOKrsE",
            "BCOKrsEc",
            "COKr",
            "OKrs",
            "KrsE",
            "rsEc",
            "gLqAwmUqVtdQPLON",
            "LqAwmUqVtdQPLONg",
            "qAwmUqVtdQPLONg1",
            "AwmUqVtdQPLONg11",
            "wmUqVtdQPLON",
            "mUqVtdQPLONg",
            "UqVtdQPLONg1",
            "qVtdQPLONg11",
            "VtdQPLON",
            "tdQPLONg",
            "dQPLONg1",
            "QPLONg11",
            "PLON",
            "LONg",
            "ONg1",
            "Ng11",
            "AIGeKAUYJMbwf7i1",
            "IGeKAUYJMbwf7i1n",
            "GeKAUYJMbwf7i1nb",
            "eKAUYJMbwf7i1nb2",
            "KAUYJMbwf7i1",
            "AUYJMbwf7i1n",
            "UYJMbwf7i1nb",
            "YJMbwf7i1nb2",
            "JMbwf7i1",
            "Mbwf7i1n",
            "bwf7i1nb",
            "wf7i1nb2",
            "f7i1",
            "7i1n",
            "i1nb",
            "1nb2",
            "I9YGd0UupLOvr6Pa",
            "9YGd0UupLOvr6Pa4",
            "YGd0UupLOvr6Pa4g",
            "Gd0UupLOvr6Pa4gA",
            "d0UupLOvr6Pa",
            "0UupLOvr6Pa4",
            "UupLOvr6Pa4g",
            "upLOvr6Pa4gA",
            "pLOvr6Pa",
            "LOvr6Pa4",
            "Ovr6Pa4g",
            "vr6Pa4gA",
            "r6Pa",
            "6Pa4",
            "Pa4g",
            "a4gA",
            "JVPoERU3E474Dndo",
            "VPoERU3E474DndoD",
            "PoERU3E474DndoDD",
            "oERU3E474DndoDDV",
            "ERU3E474Dndo",
            "RU3E474DndoD",
            "U3E474DndoDD",
            "3E474DndoDDV",
            "E474Dndo",
            "474DndoD",
            "74DndoDD",
            "4DndoDDV",
            "Dndo",
            "ndoD",
            "doDD",
            "oDDV",
            "GP4KXDUp154wYrFC",
            "P4KXDUp154wYrFCt",
            "4KXDUp154wYrFCtc",
            "KXDUp154wYrFCtcJ",
            "XDUp154wYrFC",
            "DUp154wYrFCt",
            "Up154wYrFCtc",
            "p154wYrFCtcJ",
            "154wYrFC",
            "54wYrFCt",
            "4wYrFCtc",
            "wYrFCtcJ",
            "YrFC",
            "rFCt",
            "FCtc",
            "CtcJ",
            "refYt5U8I3WJrRHa",
            "efYt5U8I3WJrRHaw",
            "fYt5U8I3WJrRHawO",
            "Yt5U8I3WJrRHawOw",
            "t5U8I3WJrRHa",
            "5U8I3WJrRHaw",
            "U8I3WJrRHawO",
            "8I3WJrRHawOw",
            "I3WJrRHa",
            "3WJrRHaw",
            "WJrRHawO",
            "JrRHawOw",
            "rRHa",
            "RHaw",
            "HawO",
            "awOw",
            "qxMLGBUcJuYFUOYo",
            "xMLGBUcJuYFUOYoe",
            "MLGBUcJuYFUOYoeM",
            "LGBUcJuYFUOYoeMo",
            "GBUcJuYFUOYo",
            "BUcJuYFUOYoe",
            "UcJuYFUOYoeM",
            "cJuYFUOYoeMo",
            "JuYFUOYo",
            "uYFUOYoe",
            "YFUOYoeM",
            "FUOYoeMo",
            "UOYo",
            "OYoe",
            "YoeM",
            "oeMo",
            "AhyhHEUFryR0ueeH",
            "hyhHEUFryR0ueeHf",
            "yhHEUFryR0ueeHfC",
            "hHEUFryR0ueeHfCw",
            "HEUFryR0ueeH",
            "EUFryR0ueeHf",
            "UFryR0ueeHfC",
            "FryR0ueeHfCw",
            "ryR0ueeH",
            "yR0ueeHf",
            "R0ueeHfC",
            "0ueeHfCw",
            "ueeH",
            "eeHf",
            "eHfC",
            "HfCw",
            "LE0EUmU0Io8ro13f",
            "E0EUmU0Io8ro13fS",
            "0EUmU0Io8ro13fS4",
            "EUmU0Io8ro13fS4v",
            "UmU0Io8ro13f",
            "mU0Io8ro13fS",
            "U0Io8ro13fS4",
            "0Io8ro13fS4v",
            "Io8ro13f",
            "o8ro13fS",
            "8ro13fS4",
            "ro13fS4v",
            "o13f",
            "13fS",
            "3fS4",
            "fS4v",
            "ggghL4UO435ugSPh",
            "gghL4UO435ugSPhL",
            "ghL4UO435ugSPhLM",
            "hL4UO435ugSPhLMx",
            "L4UO435ugSPh",
            "4UO435ugSPhL",
            "UO435ugSPhLM",
            "O435ugSPhLMx",
            "435ugSPh",
            "35ugSPhL",
            "5ugSPhLM",
            "ugSPhLMx",
            "gSPh",
            "SPhL",
            "PhLM",
            "hLMx",
            "OfE1sLUj2HEEDN6K",
            "fE1sLUj2HEEDN6KY",
            "E1sLUj2HEEDN6KYl",
            "1sLUj2HEEDN6KYll",
            "sLUj2HEEDN6K",
            "LUj2HEEDN6KY",
            "Uj2HEEDN6KYl",
            "j2HEEDN6KYll",
            "2HEEDN6K",
            "HEEDN6KY",
            "EEDN6KYl",
            "EDN6KYll",
            "DN6K",
            "N6KY",
            "6KYl",
            "KYll",
            "iJjG0UUQmwxMnpP7",
            "JjG0UUQmwxMnpP7k",
            "jG0UUQmwxMnpP7km",
            "G0UUQmwxMnpP7kmf",
            "0UUQmwxMnpP7",
            "UUQmwxMnpP7k",
            "UQmwxMnpP7km",
            "QmwxMnpP7kmf",
            "mwxMnpP7",
            "wxMnpP7k",
            "xMnpP7km",
            "MnpP7kmf",
            "npP7",
            "pP7k",
            "P7km",
            "7kmf",
            "xNRQwKUtFnYYN8ds",
            "NRQwKUtFnYYN8ds6",
            "RQwKUtFnYYN8ds6R",
            "QwKUtFnYYN8ds6Rv",
            "wKUtFnYYN8ds",
            "KUtFnYYN8ds6",
            "UtFnYYN8ds6R",
            "tFnYYN8ds6Rv",
            "FnYYN8ds",
            "nYYN8ds6",
            "YYN8ds6R",
            "YN8ds6Rv",
            "N8ds",
            "8ds6",
            "ds6R",
            "s6Rv",
            "rEY7iYUCJkiqFAhT",
            "EY7iYUCJkiqFAhTi",
            "Y7iYUCJkiqFAhTiE",
            "7iYUCJkiqFAhTiEU",
            "iYUCJkiqFAhT",
            "YUCJkiqFAhTi",
            "UCJkiqFAhTiE",
            "CJkiqFAhTiEU",
            "JkiqFAhT",
            "kiqFAhTi",
            "iqFAhTiE",
            "qFAhTiEU",
            "FAhT",
            "AhTi",
            "hTiE",
            "TiEU",
            "yXi1UpUxlQChMtTn",
            "Xi1UpUxlQChMtTnB",
            "i1UpUxlQChMtTnBp",
            "1UpUxlQChMtTnBpN",
            "UpUxlQChMtTn",
            "pUxlQChMtTnB",
            "UxlQChMtTnBp",
            "xlQChMtTnBpN",
            "lQChMtTn",
            "QChMtTnB",
            "ChMtTnBp",
            "hMtTnBpN",
            "MtTn",
            "tTnB",
            "TnBp",
            "nBpN",
            "G438qkrVcUO7yndh",
            "438qkrVcUO7yndhn",
            "38qkrVcUO7yndhnW",
            "8qkrVcUO7yndhnWy",
            "qkrVcUO7yndh",
            "krVcUO7yndhn",
            "rVcUO7yndhnW",
            "VcUO7yndhnWy",
            "cUO7yndh",
            "UO7yndhn",
            "O7yndhnW",
            "7yndhnWy",
            "yndh",
            "ndhn",
            "dhnW",
            "hnWy",
            "sYDKpernMCMqfDpR",
            "YDKpernMCMqfDpRT",
            "DKpernMCMqfDpRTw",
            "KpernMCMqfDpRTwE",
            "pernMCMqfDpR",
            "ernMCMqfDpRT",
            "rnMCMqfDpRTw",
            "nMCMqfDpRTwE",
            "MCMqfDpR",
            "CMqfDpRT",
            "MqfDpRTw",
            "qfDpRTwE",
            "fDpR",
            "DpRT",
            "pRTw",
            "RTwE",
            "o4unxurZc2gToNad",
            "4unxurZc2gToNadJ",
            "unxurZc2gToNadJS",
            "nxurZc2gToNadJSp",
            "xurZc2gToNad",
            "urZc2gToNadJ",
            "rZc2gToNadJS",
            "Zc2gToNadJSp",
            "c2gToNad",
            "2gToNadJ",
            "gToNadJS",
            "ToNadJSp",
            "oNad",
            "NadJ",
            "adJS",
            "dJSp",
            "v0lkGsrW6YIFE0Bb",
            "0lkGsrW6YIFE0BbL",
            "lkGsrW6YIFE0BbLG",
            "kGsrW6YIFE0BbLGy",
            "GsrW6YIFE0Bb",
            "srW6YIFE0BbL",
            "rW6YIFE0BbLG",
            "W6YIFE0BbLGy",
            "6YIFE0Bb",
            "YIFE0BbL",
            "IFE0BbLG",
            "FE0BbLGy",
            "E0Bb",
            "0BbL",
            "BbLG",
            "bLGy",
            "V5D5djrsaThPDZj8",
            "5D5djrsaThPDZj8T",
            "D5djrsaThPDZj8Ta",
            "5djrsaThPDZj8Tau",
            "djrsaThPDZj8",
            "jrsaThPDZj8T",
            "rsaThPDZj8Ta",
            "saThPDZj8Tau",
            "aThPDZj8",
            "ThPDZj8T",
            "hPDZj8Ta",
            "PDZj8Tau",
            "DZj8",
            "Zj8T",
            "j8Ta",
            "8Tau",
            "OUGxxQrhibuv2px9",
            "UGxxQrhibuv2px9X",
            "GxxQrhibuv2px9Xn",
            "xxQrhibuv2px9Xn9",
            "xQrhibuv2px9",
            "Qrhibuv2px9X",
            "rhibuv2px9Xn",
            "hibuv2px9Xn9",
            "ibuv2px9",
            "buv2px9X",
            "uv2px9Xn",
            "v2px9Xn9",
            "2px9",
            "px9X",
            "x9Xn",
            "9Xn9",
            "sOaxBdrKbf0RWYM2",
            "OaxBdrKbf0RWYM2s",
            "axBdrKbf0RWYM2ss",
            "xBdrKbf0RWYM2ssw",
            "BdrKbf0RWYM2",
            "drKbf0RWYM2s",
            "rKbf0RWYM2ss",
            "Kbf0RWYM2ssw",
            "bf0RWYM2",
            "f0RWYM2s",
            "0RWYM2ss",
            "RWYM2ssw",
            "WYM2",
            "YM2s",
            "M2ss",
            "2ssw",
            "NdkEIQrrFMdB5jH1",
            "dkEIQrrFMdB5jH18",
            "kEIQrrFMdB5jH183",
            "EIQrrFMdB5jH183Q",
            "IQrrFMdB5jH1",
            "QrrFMdB5jH18",
            "rrFMdB5jH183",
            "rFMdB5jH183Q",
            "FMdB5jH1",
            "MdB5jH18",
            "dB5jH183",
            "B5jH183Q",
            "5jH1",
            "jH18",
            "H183",
            "183Q",
            "oawGFYrem2HVnZPn",
            "awGFYrem2HVnZPnU",
            "wGFYrem2HVnZPnUr",
            "GFYrem2HVnZPnUr9",
            "FYrem2HVnZPn",
            "Yrem2HVnZPnU",
            "rem2HVnZPnUr",
            "em2HVnZPnUr9",
            "m2HVnZPn",
            "2HVnZPnU",
            "HVnZPnUr",
            "VnZPnUr9",
            "nZPn",
            "ZPnU",
            "PnUr",
            "nUr9",
            "mqnyYHrG4oPf70Dg",
            "qnyYHrG4oPf70Dgb",
            "nyYHrG4oPf70DgbF",
            "yYHrG4oPf70DgbFZ",
            "YHrG4oPf70Dg",
            "HrG4oPf70Dgb",
            "rG4oPf70DgbF",
            "G4oPf70DgbFZ",
            "4oPf70Dg",
            "oPf70Dgb",
            "Pf70DgbF",
            "f70DgbFZ",
            "70Dg",
            "0Dgb",
            "DgbF",
            "gbFZ",
            "rAmSjYrI5jfBVhyY",
            "AmSjYrI5jfBVhyYv",
            "mSjYrI5jfBVhyYvR",
            "SjYrI5jfBVhyYvR1",
            "jYrI5jfBVhyY",
            "YrI5jfBVhyYv",
            "rI5jfBVhyYvR",
            "I5jfBVhyYvR1",
            "5jfBVhyY",
            "jfBVhyYv",
            "fBVhyYvR",
            "BVhyYvR1",
            "VhyY",
            "hyYv",
            "yYvR",
            "YvR1",
            "ii2YcUrRE5CcZXDV",
            "i2YcUrRE5CcZXDVa",
            "2YcUrRE5CcZXDVaS",
            "YcUrRE5CcZXDVaSy",
            "cUrRE5CcZXDV",
            "UrRE5CcZXDVa",
            "rRE5CcZXDVaS",
            "RE5CcZXDVaSy",
            "E5CcZXDV",
            "5CcZXDVa",
            "CcZXDVaS",
            "cZXDVaSy",
            "ZXDV",
            "XDVa",
            "DVaS",
            "VaSy",
            "qGt063r5GJBrTW4f",
            "Gt063r5GJBrTW4fa",
            "t063r5GJBrTW4faq",
            "063r5GJBrTW4faq6",
            "63r5GJBrTW4f",
            "3r5GJBrTW4fa",
            "r5GJBrTW4faq",
            "5GJBrTW4faq6",
            "GJBrTW4f",
            "JBrTW4fa",
            "BrTW4faq",
            "rTW4faq6",
            "TW4f",
            "W4fa",
            "4faq",
            "faq6",
            "jg7Gl1rm3VxOHZX3",
            "g7Gl1rm3VxOHZX3D",
            "7Gl1rm3VxOHZX3D4",
            "Gl1rm3VxOHZX3D4y",
            "l1rm3VxOHZX3",
            "1rm3VxOHZX3D",
            "rm3VxOHZX3D4",
            "m3VxOHZX3D4y",
            "3VxOHZX3",
            "VxOHZX3D",
            "xOHZX3D4",
            "OHZX3D4y",
            "HZX3",
            "ZX3D",
            "X3D4",
            "3D4y",
            "UV7af7r4xrZcCISZ",
            "V7af7r4xrZcCISZQ",
            "7af7r4xrZcCISZQc",
            "af7r4xrZcCISZQcN",
            "f7r4xrZcCISZ",
            "7r4xrZcCISZQ",
            "r4xrZcCISZQc",
            "4xrZcCISZQcN",
            "xrZcCISZ",
            "rZcCISZQ",
            "ZcCISZQc",
            "cCISZQcN",
            "CISZ",
            "ISZQ",
            "SZQc",
            "ZQcN",
            "S56PIgr1MjKFkcRX",
            "56PIgr1MjKFkcRXd",
            "6PIgr1MjKFkcRXdf",
            "PIgr1MjKFkcRXdfT",
            "Igr1MjKFkcRX",
            "gr1MjKFkcRXd",
            "r1MjKFkcRXdf",
            "1MjKFkcRXdfT",
            "MjKFkcRX",
            "jKFkcRXd",
            "KFkcRXdf",
            "FkcRXdfT",
            "kcRX",
            "cRXd",
            "RXdf",
            "XdfT",
            "kytXZjrqtCSYiYSJ",
            "ytXZjrqtCSYiYSJK",
            "tXZjrqtCSYiYSJKJ",
            "XZjrqtCSYiYSJKJL",
            "ZjrqtCSYiYSJ",
            "jrqtCSYiYSJK",
            "rqtCSYiYSJKJ",
            "qtCSYiYSJKJL",
            "tCSYiYSJ",
            "CSYiYSJK",
            "SYiYSJKJ",
            "YiYSJKJL",
            "iYSJ",
            "YSJK",
            "SJKJ",
            "JKJL",
            "U7F8A4rYqJ2ZQdh1",
            "7F8A4rYqJ2ZQdh1N",
            "F8A4rYqJ2ZQdh1NM",
            "8A4rYqJ2ZQdh1NMl",
            "A4rYqJ2ZQdh1",
            "4rYqJ2ZQdh1N",
            "rYqJ2ZQdh1NM",
            "YqJ2ZQdh1NMl",
            "qJ2ZQdh1",
            "J2ZQdh1N",
            "2ZQdh1NM",
            "ZQdh1NMl",
            "Qdh1",
            "dh1N",
            "h1NM",
            "1NMl",
            "XYBnwsrukPqdYQ3K",
            "YBnwsrukPqdYQ3Ks",
            "BnwsrukPqdYQ3Kso",
            "nwsrukPqdYQ3Kso6",
            "wsrukPqdYQ3K",
            "srukPqdYQ3Ks",
            "rukPqdYQ3Kso",
            "ukPqdYQ3Kso6",
            "kPqdYQ3K",
            "PqdYQ3Ks",
            "qdYQ3Kso",
            "dYQ3Kso6",
            "YQ3K",
            "Q3Ks",
            "3Kso",
            "Kso6",
            "URaq3Nr3LpFTL3if",
            "Raq3Nr3LpFTL3if2",
            "aq3Nr3LpFTL3if2m",
            "q3Nr3LpFTL3if2mP",
            "3Nr3LpFTL3if",
            "Nr3LpFTL3if2",
            "r3LpFTL3if2m",
            "3LpFTL3if2mP",
            "LpFTL3if",
            "pFTL3if2",
            "FTL3if2m",
            "TL3if2mP",
            "L3if",
            "3if2",
            "if2m",
            "f2mP",
            "Qv2Xx5rpEZgu0621",
            "v2Xx5rpEZgu0621h",
            "2Xx5rpEZgu0621hf",
            "Xx5rpEZgu0621hfp",
            "x5rpEZgu0621",
            "5rpEZgu0621h",
            "rpEZgu0621hf",
            "pEZgu0621hfp",
            "EZgu0621",
            "Zgu0621h",
            "gu0621hf",
            "u0621hfp",
            "0621",
            "621h",
            "21hf",
            "1hfp",
            "XDLoffr8R4EK7XwJ",
            "DLoffr8R4EK7XwJJ",
            "Loffr8R4EK7XwJJp",
            "offr8R4EK7XwJJpn",
            "ffr8R4EK7XwJ",
            "fr8R4EK7XwJJ",
            "r8R4EK7XwJJp",
            "8R4EK7XwJJpn",
            "R4EK7XwJ",
            "4EK7XwJJ",
            "EK7XwJJp",
            "K7XwJJpn",
            "7XwJ",
            "XwJJ",
            "wJJp",
            "JJpn",
            "E2sVHZrcUHugAlwA",
            "2sVHZrcUHugAlwAx",
            "sVHZrcUHugAlwAxS",
            "VHZrcUHugAlwAxSj",
            "HZrcUHugAlwA",
            "ZrcUHugAlwAx",
            "rcUHugAlwAxS",
            "cUHugAlwAxSj",
            "UHugAlwA",
            "HugAlwAx",
            "ugAlwAxS",
            "gAlwAxSj",
            "AlwA",
            "lwAx",
            "wAxS",
            "AxSj",
            "N4GijkrF7fZCtH9Q",
            "4GijkrF7fZCtH9Qt",
            "GijkrF7fZCtH9QtS",
            "ijkrF7fZCtH9QtSi",
            "jkrF7fZCtH9Q",
            "krF7fZCtH9Qt",
            "rF7fZCtH9QtS",
            "F7fZCtH9QtSi",
            "7fZCtH9Q",
            "fZCtH9Qt",
            "ZCtH9QtS",
            "CtH9QtSi",
            "tH9Q",
            "H9Qt",
            "9QtS",
            "QtSi",
            "bIQOJ9r0bVEdbDZ1",
            "IQOJ9r0bVEdbDZ17",
            "QOJ9r0bVEdbDZ17F",
            "OJ9r0bVEdbDZ17Fg",
            "J9r0bVEdbDZ1",
            "9r0bVEdbDZ17",
            "r0bVEdbDZ17F",
            "0bVEdbDZ17Fg",
            "bVEdbDZ1",
            "VEdbDZ17",
            "EdbDZ17F",
            "dbDZ17Fg",
            "bDZ1",
            "DZ17",
            "Z17F",
            "17Fg",
            "cQIyjqrOy0LwdNNx",
            "QIyjqrOy0LwdNNxi",
            "IyjqrOy0LwdNNxim",
            "yjqrOy0LwdNNximd",
            "jqrOy0LwdNNx",
            "qrOy0LwdNNxi",
            "rOy0LwdNNxim",
            "Oy0LwdNNximd",
            "y0LwdNNx",
            "0LwdNNxi",
            "LwdNNxim",
            "wdNNximd",
            "dNNx",
            "NNxi",
            "Nxim",
            "ximd",
            "VSy2nCrj3cmCJ131",
            "Sy2nCrj3cmCJ131F",
            "y2nCrj3cmCJ131Fi",
            "2nCrj3cmCJ131FiF",
            "nCrj3cmCJ131",
            "Crj3cmCJ131F",
            "rj3cmCJ131Fi",
            "j3cmCJ131FiF",
            "3cmCJ131",
            "cmCJ131F",
            "mCJ131Fi",
            "CJ131FiF",
            "J131",
            "131F",
            "31Fi",
            "1FiF",
            "BFvNDsrQwbUCIUjV",
            "FvNDsrQwbUCIUjVC",
            "vNDsrQwbUCIUjVCO",
            "NDsrQwbUCIUjVCO4",
            "DsrQwbUCIUjV",
            "srQwbUCIUjVC",
            "rQwbUCIUjVCO",
            "QwbUCIUjVCO4",
            "wbUCIUjV",
            "bUCIUjVC",
            "UCIUjVCO",
            "CIUjVCO4",
            "IUjV",
            "UjVC",
            "jVCO",
            "VCO4",
            "WodSNrrtAbUWlXv4",
            "odSNrrtAbUWlXv4f",
            "dSNrrtAbUWlXv4fJ",
            "SNrrtAbUWlXv4fJy",
            "NrrtAbUWlXv4",
            "rrtAbUWlXv4f",
            "rtAbUWlXv4fJ",
            "tAbUWlXv4fJy",
            "AbUWlXv4",
            "bUWlXv4f",
            "UWlXv4fJ",
            "WlXv4fJy",
            "lXv4",
            "Xv4f",
            "v4fJ",
            "4fJy",
            "ca4IjWrCbTOwqvLo",
            "a4IjWrCbTOwqvLoQ",
            "4IjWrCbTOwqvLoQR",
            "IjWrCbTOwqvLoQRy",
            "jWrCbTOwqvLo",
            "WrCbTOwqvLoQ",
            "rCbTOwqvLoQR",
            "CbTOwqvLoQRy",
            "bTOwqvLo",
            "TOwqvLoQ",
            "OwqvLoQR",
            "wqvLoQRy",
            "qvLo",
            "vLoQ",
            "LoQR",
            "oQRy",
            "SwOhpFrxEgCFQvya",
            "wOhpFrxEgCFQvyaV",
            "OhpFrxEgCFQvyaVx",
            "hpFrxEgCFQvyaVxN",
            "pFrxEgCFQvya",
            "FrxEgCFQvyaV",
            "rxEgCFQvyaVx",
            "xEgCFQvyaVxN",
            "EgCFQvya",
            "gCFQvyaV",
            "CFQvyaVx",
            "FQvyaVxN",
            "Qvya",
            "vyaV",
            "yaVx",
            "aVxN",
            "DPPeoMTVmgG4Wbym",
            "PPeoMTVmgG4WbymX",
            "PeoMTVmgG4WbymXT",
            "eoMTVmgG4WbymXT1",
            "oMTVmgG4Wbym",
            "MTVmgG4WbymX",
            "TVmgG4WbymXT",
            "VmgG4WbymXT1",
            "mgG4Wbym",
            "gG4WbymX",
            "G4WbymXT",
            "4WbymXT1",
            "Wbym",
            "bymX",
            "ymXT",
            "mXT1",
            "e27eL3TnVhQTcYvw",
            "27eL3TnVhQTcYvwd",
            "7eL3TnVhQTcYvwdI",
            "eL3TnVhQTcYvwdI3",
            "L3TnVhQTcYvw",
            "3TnVhQTcYvwd",
            "TnVhQTcYvwdI",
            "nVhQTcYvwdI3",
            "VhQTcYvw",
            "hQTcYvwd",
            "QTcYvwdI",
            "TcYvwdI3",
            "cYvw",
            "Yvwd",
            "vwdI",
            "wdI3",
            "ssLT1kTZbHlweTgQ",
            "sLT1kTZbHlweTgQU",
            "LT1kTZbHlweTgQUo",
            "T1kTZbHlweTgQUoY",
            "1kTZbHlweTgQ",
            "kTZbHlweTgQU",
            "TZbHlweTgQUo",
            "ZbHlweTgQUoY",
            "bHlweTgQ",
            "HlweTgQU",
            "lweTgQUo",
            "weTgQUoY",
            "eTgQ",
            "TgQU",
            "gQUo",
            "QUoY",
            "If0wWFTWq0OOBYHq",
            "f0wWFTWq0OOBYHqU",
            "0wWFTWq0OOBYHqU1",
            "wWFTWq0OOBYHqU1O",
            "WFTWq0OOBYHq",
            "FTWq0OOBYHqU",
            "TWq0OOBYHqU1",
            "Wq0OOBYHqU1O",
            "q0OOBYHq",
            "0OOBYHqU",
            "OOBYHqU1",
            "OBYHqU1O",
            "BYHq",
            "YHqU",
            "HqU1",
            "qU1O",
            "AfwAnfTshDlpXhOD",
            "fwAnfTshDlpXhODV",
            "wAnfTshDlpXhODVE",
            "AnfTshDlpXhODVEb",
            "nfTshDlpXhOD",
            "fTshDlpXhODV",
            "TshDlpXhODVE",
            "shDlpXhODVEb",
            "hDlpXhOD",
            "DlpXhODV",
            "lpXhODVE",
            "pXhODVEb",
            "XhOD",
            "hODV",
            "ODVE",
            "DVEb",
            "fypgVBThttn1bCNF",
            "ypgVBThttn1bCNFq",
            "pgVBThttn1bCNFqJ",
            "gVBThttn1bCNFqJd",
            "VBThttn1bCNF",
            "BThttn1bCNFq",
            "Thttn1bCNFqJ",
            "httn1bCNFqJd",
            "ttn1bCNF",
            "tn1bCNFq",
            "n1bCNFqJ",
            "1bCNFqJd",
            "bCNF",
            "CNFq",
            "NFqJ",
            "FqJd",
            "ymlgoaTKIRoiTar9",
            "mlgoaTKIRoiTar9W",
            "lgoaTKIRoiTar9WQ",
            "goaTKIRoiTar9WQ9",
            "oaTKIRoiTar9",
            "aTKIRoiTar9W",
            "TKIRoiTar9WQ",
            "KIRoiTar9WQ9",
            "IRoiTar9",
            "RoiTar9W",
            "oiTar9WQ",
            "iTar9WQ9",
            "Tar9",
            "ar9W",
            "r9WQ",
            "9WQ9",
            "TaioR7TrmL5kx47w",
            "aioR7TrmL5kx47wT",
            "ioR7TrmL5kx47wTI",
            "oR7TrmL5kx47wTI6",
            "R7TrmL5kx47w",
            "7TrmL5kx47wT",
            "TrmL5kx47wTI",
            "rmL5kx47wTI6",
            "mL5kx47w",
            "L5kx47wT",
            "5kx47wTI",
            "kx47wTI6",
            "x47w",
            "47wT",
            "7wTI",
            "wTI6",
            "yioMiiTeHwXQ0Ym4",
            "ioMiiTeHwXQ0Ym4Z",
            "oMiiTeHwXQ0Ym4Z7",
            "MiiTeHwXQ0Ym4Z7S",
            "iiTeHwXQ0Ym4",
            "iTeHwXQ0Ym4Z",
            "TeHwXQ0Ym4Z7",
            "eHwXQ0Ym4Z7S",
            "HwXQ0Ym4",
            "wXQ0Ym4Z",
            "XQ0Ym4Z7",
            "Q0Ym4Z7S",
            "0Ym4",
            "Ym4Z",
            "m4Z7",
            "4Z7S",
            "lf9Pa2TGtHLERbyp",
            "f9Pa2TGtHLERbypK",
            "9Pa2TGtHLERbypKd",
            "Pa2TGtHLERbypKdk",
            "a2TGtHLERbyp",
            "2TGtHLERbypK",
            "TGtHLERbypKd",
            "GtHLERbypKdk",
            "tHLERbyp",
            "HLERbypK",
            "LERbypKd",
            "ERbypKdk",
            "Rbyp",
            "bypK",
            "ypKd",
            "pKdk",
            "Cxxy82TIyVYRnK7j",
            "xxy82TIyVYRnK7jG",
            "xy82TIyVYRnK7jGe",
            "y82TIyVYRnK7jGeL",
            "82TIyVYRnK7j",
            "2TIyVYRnK7jG",
            "TIyVYRnK7jGe",
            "IyVYRnK7jGeL",
            "yVYRnK7j",
            "VYRnK7jG",
            "YRnK7jGe",
            "RnK7jGeL",
            "nK7j",
            "K7jG",
            "7jGe",
            "jGeL",
            "r96fPGTRePHnhtjh",
            "96fPGTRePHnhtjhb",
            "6fPGTRePHnhtjhbM",
            "fPGTRePHnhtjhbMw",
            "PGTRePHnhtjh",
            "GTRePHnhtjhb",
            "TRePHnhtjhbM",
            "RePHnhtjhbMw",
            "ePHnhtjh",
            "PHnhtjhb",
            "HnhtjhbM",
            "nhtjhbMw",
            "htjh",
            "tjhb",
            "jhbM",
            "hbMw",
            "XyUFl4T5r0OsPTuq",
            "yUFl4T5r0OsPTuqU",
            "UFl4T5r0OsPTuqU9",
            "Fl4T5r0OsPTuqU91",
            "l4T5r0OsPTuq",
            "4T5r0OsPTuqU",
            "T5r0OsPTuqU9",
            "5r0OsPTuqU91",
            "r0OsPTuq",
            "0OsPTuqU",
            "OsPTuqU9",
            "sPTuqU91",
            "PTuq",
            "TuqU",
            "uqU9",
            "qU91",
            "iJaSADTmjoNPme1y",
            "JaSADTmjoNPme1yI",
            "aSADTmjoNPme1yI6",
            "SADTmjoNPme1yI63",
            "ADTmjoNPme1y",
            "DTmjoNPme1yI",
            "TmjoNPme1yI6",
            "mjoNPme1yI63",
            "joNPme1y",
            "oNPme1yI",
            "NPme1yI6",
            "Pme1yI63",
            "me1y",
            "e1yI",
            "1yI6",
            "yI63",
            "XN5BNJT4IGjydrv3",
            "N5BNJT4IGjydrv3T",
            "5BNJT4IGjydrv3T9",
            "BNJT4IGjydrv3T9n",
            "NJT4IGjydrv3",
            "JT4IGjydrv3T",
            "T4IGjydrv3T9",
            "4IGjydrv3T9n",
            "IGjydrv3",
            "Gjydrv3T",
            "jydrv3T9",
            "ydrv3T9n",
            "drv3",
            "rv3T",
            "v3T9",
            "3T9n",
            "UiRWkuT1WRoO6qvP",
            "iRWkuT1WRoO6qvPC",
            "RWkuT1WRoO6qvPCe",
            "WkuT1WRoO6qvPCeb",
            "kuT1WRoO6qvP",
            "uT1WRoO6qvPC",
            "T1WRoO6qvPCe",
            "1WRoO6qvPCeb",
            "WRoO6qvP",
            "RoO6qvPC",
            "oO6qvPCe",
            "O6qvPCeb",
            "6qvP",
            "qvPC",
            "vPCe",
            "PCeb",
            "dxNXlPTqkgOYCTVw",
            "xNXlPTqkgOYCTVwn",
            "NXlPTqkgOYCTVwn2",
            "XlPTqkgOYCTVwn2o",
            "lPTqkgOYCTVw",
            "PTqkgOYCTVwn",
            "TqkgOYCTVwn2",
            "qkgOYCTVwn2o",
            "kgOYCTVw",
            "gOYCTVwn",
            "OYCTVwn2",
            "YCTVwn2o",
            "CTVw",
            "TVwn",
            "Vwn2",
            "wn2o",
            "faGmLsTYcS0iQ5eJ",
            "aGmLsTYcS0iQ5eJZ",
            "GmLsTYcS0iQ5eJZi",
            "mLsTYcS0iQ5eJZii",
            "LsTYcS0iQ5eJ",
            "sTYcS0iQ5eJZ",
            "TYcS0iQ5eJZi",
            "YcS0iQ5eJZii",
            "cS0iQ5eJ",
            "S0iQ5eJZ",
            "0iQ5eJZi",
            "iQ5eJZii",
            "Q5eJ",
            "5eJZ",
            "eJZi",
            "JZii",
            "pct2HeTuuji49o5E",
            "ct2HeTuuji49o5Ex",
            "t2HeTuuji49o5Exk",
            "2HeTuuji49o5Exko",
            "HeTuuji49o5E",
            "eTuuji49o5Ex",
            "Tuuji49o5Exk",
            "uuji49o5Exko",
            "uji49o5E",
            "ji49o5Ex",
            "i49o5Exk",
            "49o5Exko",
            "9o5E",
            "o5Ex",
            "5Exk",
            "Exko",
            "XQoQ4NT3ih7kjOXs",
            "QoQ4NT3ih7kjOXsZ",
            "oQ4NT3ih7kjOXsZW",
            "Q4NT3ih7kjOXsZWp",
            "4NT3ih7kjOXs",
            "NT3ih7kjOXsZ",
            "T3ih7kjOXsZW",
            "3ih7kjOXsZWp",
            "ih7kjOXs",
            "h7kjOXsZ",
            "7kjOXsZW",
            "kjOXsZWp",
            "jOXs",
            "OXsZ",
            "XsZW",
            "sZWp",
            "SU1gC5Tp0jnRwUXn",
            "U1gC5Tp0jnRwUXnV",
            "1gC5Tp0jnRwUXnV2",
            "gC5Tp0jnRwUXnV2V",
            "C5Tp0jnRwUXn",
            "5Tp0jnRwUXnV",
            "Tp0jnRwUXnV2",
            "p0jnRwUXnV2V",
            "0jnRwUXn",
            "jnRwUXnV",
            "nRwUXnV2",
            "RwUXnV2V",
            "wUXn",
            "UXnV",
            "XnV2",
            "nV2V",
            "y8MCqVT8qUUEH6TL",
            "8MCqVT8qUUEH6TLb",
            "MCqVT8qUUEH6TLb2",
            "CqVT8qUUEH6TLb2t",
            "qVT8qUUEH6TL",
            "VT8qUUEH6TLb",
            "T8qUUEH6TLb2",
            "8qUUEH6TLb2t",
            "qUUEH6TL",
            "UUEH6TLb",
            "UEH6TLb2",
            "EH6TLb2t",
            "H6TL",
            "6TLb",
            "TLb2",
            "Lb2t",
            "n5NrBXTcyrXpLmNo",
            "5NrBXTcyrXpLmNoD",
            "NrBXTcyrXpLmNoDl",
            "rBXTcyrXpLmNoDlP",
            "BXTcyrXpLmNo",
            "XTcyrXpLmNoD",
            "TcyrXpLmNoDl",
            "cyrXpLmNoDlP",
            "yrXpLmNo",
            "rXpLmNoD",
            "XpLmNoDl",
            "pLmNoDlP",
            "LmNo",
            "mNoD",
            "NoDl",
            "oDlP",
            "GN9QpVTFScoA66S7",
            "N9QpVTFScoA66S7L",
            "9QpVTFScoA66S7L9",
            "QpVTFScoA66S7L9U",
            "pVTFScoA66S7",
            "VTFScoA66S7L",
            "TFScoA66S7L9",
            "FScoA66S7L9U",
            "ScoA66S7",
            "coA66S7L",
            "oA66S7L9",
            "A66S7L9U",
            "66S7",
            "6S7L",
            "S7L9",
            "7L9U",
            "IENXlST0s5B0UrfC",
            "ENXlST0s5B0UrfCH",
            "NXlST0s5B0UrfCHY",
            "XlST0s5B0UrfCHYU",
            "lST0s5B0UrfC",
            "ST0s5B0UrfCH",
            "T0s5B0UrfCHY",
            "0s5B0UrfCHYU",
            "s5B0UrfC",
            "5B0UrfCH",
            "B0UrfCHY",
            "0UrfCHYU",
            "UrfC",
            "rfCH",
            "fCHY",
            "CHYU",
            "YkgmEkTOSM6lHn7w",
            "kgmEkTOSM6lHn7wl",
            "gmEkTOSM6lHn7wlh",
            "mEkTOSM6lHn7wlhh",
            "EkTOSM6lHn7w",
            "kTOSM6lHn7wl",
            "TOSM6lHn7wlh",
            "OSM6lHn7wlhh",
            "SM6lHn7w",
            "M6lHn7wl",
            "6lHn7wlh",
            "lHn7wlhh",
            "Hn7w",
            "n7wl",
            "7wlh",
            "wlhh",
            "jLxnB7Tj4qGrU6wX",
            "LxnB7Tj4qGrU6wXe",
            "xnB7Tj4qGrU6wXeg",
            "nB7Tj4qGrU6wXegR",
            "B7Tj4qGrU6wX",
            "7Tj4qGrU6wXe",
            "Tj4qGrU6wXeg",
            "j4qGrU6wXegR",
            "4qGrU6wX",
            "qGrU6wXe",
            "GrU6wXeg",
            "rU6wXegR",
            "U6wX",
            "6wXe",
            "wXeg",
            "XegR",
            "QjaXJUTQD3K88Qy7",
            "jaXJUTQD3K88Qy7P",
            "aXJUTQD3K88Qy7PM",
            "XJUTQD3K88Qy7PMk",
            "JUTQD3K88Qy7",
            "UTQD3K88Qy7P",
            "TQD3K88Qy7PM",
            "QD3K88Qy7PMk",
            "D3K88Qy7",
            "3K88Qy7P",
            "K88Qy7PM",
            "88Qy7PMk",
            "8Qy7",
            "Qy7P",
            "y7PM",
            "7PMk",
            "rmUY2vTtK6S8GOD7",
            "mUY2vTtK6S8GOD7E",
            "UY2vTtK6S8GOD7Ek",
            "Y2vTtK6S8GOD7Eku",
            "2vTtK6S8GOD7",
            "vTtK6S8GOD7E",
            "TtK6S8GOD7Ek",
            "tK6S8GOD7Eku",
            "K6S8GOD7",
            "6S8GOD7E",
            "S8GOD7Ek",
            "8GOD7Eku",
            "GOD7",
            "OD7E",
            "D7Ek",
            "7Eku",
            "QVdshlTCgluF8YV2",
            "VdshlTCgluF8YV2I",
            "dshlTCgluF8YV2Ik",
            "shlTCgluF8YV2Iks",
            "hlTCgluF8YV2",
            "lTCgluF8YV2I",
            "TCgluF8YV2Ik",
            "CgluF8YV2Iks",
            "gluF8YV2",
            "luF8YV2I",
            "uF8YV2Ik",
            "F8YV2Iks",
            "8YV2",
            "YV2I",
            "V2Ik",
            "2Iks",
            "jn8oA1Tx84gsY8YI",
            "n8oA1Tx84gsY8YIY",
            "8oA1Tx84gsY8YIYs",
            "oA1Tx84gsY8YIYsr",
            "A1Tx84gsY8YI",
            "1Tx84gsY8YIY",
            "Tx84gsY8YIYs",
            "x84gsY8YIYsr",
            "84gsY8YI",
            "4gsY8YIY",
            "gsY8YIYs",
            "sY8YIYsr",
            "Y8YI",
            "8YIY",
            "YIYs",
            "IYsr",
            "WlHe7CeVLyK2Z25R",
            "lHe7CeVLyK2Z25RE",
            "He7CeVLyK2Z25REb",
            "e7CeVLyK2Z25REb2",
            "7CeVLyK2Z25R",
            "CeVLyK2Z25RE",
            "eVLyK2Z25REb",
            "VLyK2Z25REb2",
            "LyK2Z25R",
            "yK2Z25RE",
            "K2Z25REb",
            "2Z25REb2",
            "Z25R",
            "25RE",
            "5REb",
            "REb2",
            "DVYlSkenBubjFM0x",
            "VYlSkenBubjFM0x0",
            "YlSkenBubjFM0x0R",
            "lSkenBubjFM0x0R2",
            "SkenBubjFM0x",
            "kenBubjFM0x0",
            "enBubjFM0x0R",
            "nBubjFM0x0R2",
            "BubjFM0x",
            "ubjFM0x0",
            "bjFM0x0R",
            "jFM0x0R2",
            "FM0x",
            "M0x0",
            "0x0R",
            "x0R2",
            "s5iCBZeZv7JBKB3Z",
            "5iCBZeZv7JBKB3ZW",
            "iCBZeZv7JBKB3ZW9",
            "CBZeZv7JBKB3ZW9y",
            "BZeZv7JBKB3Z",
            "ZeZv7JBKB3ZW",
            "eZv7JBKB3ZW9",
            "Zv7JBKB3ZW9y",
            "v7JBKB3Z",
            "7JBKB3ZW",
            "JBKB3ZW9",
            "BKB3ZW9y",
            "KB3Z",
            "B3ZW",
            "3ZW9",
            "ZW9y",
            "HrUWhteWbl0NpT7j",
            "rUWhteWbl0NpT7jn",
            "UWhteWbl0NpT7jnR",
            "WhteWbl0NpT7jnRJ",
            "hteWbl0NpT7j",
            "teWbl0NpT7jn",
            "eWbl0NpT7jnR",
            "Wbl0NpT7jnRJ",
            "bl0NpT7j",
            "l0NpT7jn",
            "0NpT7jnR",
            "NpT7jnRJ",
            "pT7j",
            "T7jn",
            "7jnR",
            "jnRJ",
            "EaGAeoesYA61v43d",
            "aGAeoesYA61v43dK",
            "GAeoesYA61v43dKo",
            "AeoesYA61v43dKoY",
            "eoesYA61v43d",
            "oesYA61v43dK",
            "esYA61v43dKo",
            "sYA61v43dKoY",
            "YA61v43d",
            "A61v43dK",
            "61v43dKo",
            "1v43dKoY",
            "v43d",
            "43dK",
            "3dKo",
            "dKoY",
            "PPooX7eh6TNC2EmF",
            "PooX7eh6TNC2EmFU",
            "ooX7eh6TNC2EmFUP",
            "oX7eh6TNC2EmFUP2",
            "X7eh6TNC2EmF",
            "7eh6TNC2EmFU",
            "eh6TNC2EmFUP",
            "h6TNC2EmFUP2",
            "6TNC2EmF",
            "TNC2EmFU",
            "NC2EmFUP",
            "C2EmFUP2",
            "2EmF",
            "EmFU",
            "mFUP",
            "FUP2",
            "lnpvpoeKwkyLN3t5",
            "npvpoeKwkyLN3t5W",
            "pvpoeKwkyLN3t5Wo",
            "vpoeKwkyLN3t5Wox",
            "poeKwkyLN3t5",
            "oeKwkyLN3t5W",
            "eKwkyLN3t5Wo",
            "KwkyLN3t5Wox",
            "wkyLN3t5",
            "kyLN3t5W",
            "yLN3t5Wo",
            "LN3t5Wox",
            "N3t5",
            "3t5W",
            "t5Wo",
            "5Wox",
            "nyJosAerrOmKAqOI",
            "yJosAerrOmKAqOIp",
            "JosAerrOmKAqOIpx",
            "osAerrOmKAqOIpxU",
            "sAerrOmKAqOI",
            "AerrOmKAqOIp",
            "errOmKAqOIpx",
            "rrOmKAqOIpxU",
            "rOmKAqOI",
            "OmKAqOIp",
            "mKAqOIpx",
            "KAqOIpxU",
            "AqOI",
            "qOIp",
            "OIpx",
            "IpxU",
            "FF60YneeLnPm01pw",
            "F60YneeLnPm01pwP",
            "60YneeLnPm01pwPl",
            "0YneeLnPm01pwPlX",
            "YneeLnPm01pw",
            "neeLnPm01pwP",
            "eeLnPm01pwPl",
            "eLnPm01pwPlX",
            "LnPm01pw",
            "nPm01pwP",
            "Pm01pwPl",
            "m01pwPlX",
            "01pw",
            "1pwP",
            "pwPl",
            "wPlX",
            "eq57rCeGLZISo9e9",
            "q57rCeGLZISo9e9p",
            "57rCeGLZISo9e9pP",
            "7rCeGLZISo9e9pPd",
            "rCeGLZISo9e9",
            "CeGLZISo9e9p",
            "eGLZISo9e9pP",
            "GLZISo9e9pPd",
            "LZISo9e9",
            "ZISo9e9p",
            "ISo9e9pP",
            "So9e9pPd",
            "o9e9",
            "9e9p",
            "e9pP",
            "9pPd",
            "FEJOEGeIrT9K7pfu",
            "EJOEGeIrT9K7pfuK",
            "JOEGeIrT9K7pfuK5",
            "OEGeIrT9K7pfuK57",
            "EGeIrT9K7pfu",
            "GeIrT9K7pfuK",
            "eIrT9K7pfuK5",
            "IrT9K7pfuK57",
            "rT9K7pfu",
            "T9K7pfuK",
            "9K7pfuK5",
            "K7pfuK57",
            "7pfu",
            "pfuK",
            "fuK5",
            "uK57",
            "Ng5m6WeR8nOr2Kqr",
            "g5m6WeR8nOr2Kqrs",
            "5m6WeR8nOr2KqrsD",
            "m6WeR8nOr2KqrsDI",
            "6WeR8nOr2Kqr",
            "WeR8nOr2Kqrs",
            "eR8nOr2KqrsD",
            "R8nOr2KqrsDI",
            "8nOr2Kqr",
            "nOr2Kqrs",
            "Or2KqrsD",
            "r2KqrsDI",
            "2Kqr",
            "Kqrs",
            "qrsD",
            "rsDI",
            "AKmwfje5nOjm9Tc5",
            "Kmwfje5nOjm9Tc5A",
            "mwfje5nOjm9Tc5Al",
            "wfje5nOjm9Tc5AlY",
            "fje5nOjm9Tc5",
            "je5nOjm9Tc5A",
            "e5nOjm9Tc5Al",
            "5nOjm9Tc5AlY",
            "nOjm9Tc5",
            "Ojm9Tc5A",
            "jm9Tc5Al",
            "m9Tc5AlY",
            "9Tc5",
            "Tc5A",
            "c5Al",
            "5AlY",
            "wvCt1semMHYMxJdf",
            "vCt1semMHYMxJdfr",
            "Ct1semMHYMxJdfrq",
            "t1semMHYMxJdfrq2",
            "1semMHYMxJdf",
            "semMHYMxJdfr",
            "emMHYMxJdfrq",
            "mMHYMxJdfrq2",
            "MHYMxJdf",
            "HYMxJdfr",
            "YMxJdfrq",
            "MxJdfrq2",
            "xJdf",
            "Jdfr",
            "dfrq",
            "frq2",
            "GPDKfAe4CqRX7Zmk",
            "PDKfAe4CqRX7ZmkR",
            "DKfAe4CqRX7ZmkRi",
            "KfAe4CqRX7ZmkRi6",
            "fAe4CqRX7Zmk",
            "Ae4CqRX7ZmkR",
            "e4CqRX7ZmkRi",
            "4CqRX7ZmkRi6",
            "CqRX7Zmk",
            "qRX7ZmkR",
            "RX7ZmkRi",
            "X7ZmkRi6",
            "7Zmk",
            "ZmkR",
            "mkRi",
            "kRi6",
            "HNWxt9e1nrXkd73h",
            "NWxt9e1nrXkd73hF",
            "Wxt9e1nrXkd73hFL",
            "xt9e1nrXkd73hFLb",
            "t9e1nrXkd73h",
            "9e1nrXkd73hF",
            "e1nrXkd73hFL",
            "1nrXkd73hFLb",
            "nrXkd73h",
            "rXkd73hF",
            "Xkd73hFL",
            "kd73hFLb",
            "d73h",
            "73hF",
            "3hFL",
            "hFLb",
            "mTPU8deqrh4oeEXW",
            "TPU8deqrh4oeEXWP",
            "PU8deqrh4oeEXWP5",
            "U8deqrh4oeEXWP5q",
            "8deqrh4oeEXW",
            "deqrh4oeEXWP",
            "eqrh4oeEXWP5",
            "qrh4oeEXWP5q",
            "rh4oeEXW",
            "h4oeEXWP",
            "4oeEXWP5",
            "oeEXWP5q",
            "eEXW",
            "EXWP",
            "XWP5",
            "WP5q",
            "FxEZiWeY0pr796hv",
            "xEZiWeY0pr796hvn",
            "EZiWeY0pr796hvnm",
            "ZiWeY0pr796hvnmi",
            "iWeY0pr796hv",
            "WeY0pr796hvn",
            "eY0pr796hvnm",
            "Y0pr796hvnmi",
            "0pr796hv",
            "pr796hvn",
            "r796hvnm",
            "796hvnmi",
            "96hv",
            "6hvn",
            "hvnm",
            "vnmi",
            "b7ZHI2euo13rvdM2",
            "7ZHI2euo13rvdM2k",
            "ZHI2euo13rvdM2kv",
            "HI2euo13rvdM2kvn",
            "I2euo13rvdM2",
            "2euo13rvdM2k",
            "euo13rvdM2kv",
            "uo13rvdM2kvn",
            "o13rvdM2",
            "13rvdM2k",
            "3rvdM2kv",
            "rvdM2kvn",
            "vdM2",
            "dM2k",
            "M2kv",
            "2kvn",
            "kP3KFAe3iBWHUJ44",
            "P3KFAe3iBWHUJ44K",
            "3KFAe3iBWHUJ44KT",
            "KFAe3iBWHUJ44KTN",
            "FAe3iBWHUJ44",
            "Ae3iBWHUJ44K",
            "e3iBWHUJ44KT",
            "3iBWHUJ44KTN",
            "iBWHUJ44",
            "BWHUJ44K",
            "WHUJ44KT",
            "HUJ44KTN",
            "UJ44",
            "J44K",
            "44KT",
            "4KTN",
            "SqrpvNep4jtdgMYl",
            "qrpvNep4jtdgMYli",
            "rpvNep4jtdgMYlix",
            "pvNep4jtdgMYlixY",
            "vNep4jtdgMYl",
            "Nep4jtdgMYli",
            "ep4jtdgMYlix",
            "p4jtdgMYlixY",
            "4jtdgMYl",
            "jtdgMYli",
            "tdgMYlix",
            "dgMYlixY",
            "gMYl",
            "MYli",
            "Ylix",
            "lixY",
            "gJ0A6Se8034Ok5lK",
            "J0A6Se8034Ok5lKd",
            "0A6Se8034Ok5lKd6",
            "A6Se8034Ok5lKd6w",
            "6Se8034Ok5lK",
            "Se8034Ok5lKd",
            "e8034Ok5lKd6",
            "8034Ok5lKd6w",
            "034Ok5lK",
            "34Ok5lKd",
            "4Ok5lKd6",
            "Ok5lKd6w",
            "k5lK",
            "5lKd",
            "lKd6",
            "Kd6w",
            "PXZV8kecy9bmaFd3",
            "XZV8kecy9bmaFd3y",
            "ZV8kecy9bmaFd3yw",
            "V8kecy9bmaFd3ywu",
            "8kecy9bmaFd3",
            "kecy9bmaFd3y",
            "ecy9bmaFd3yw",
            "cy9bmaFd3ywu",
            "y9bmaFd3",
            "9bmaFd3y",
            "bmaFd3yw",
            "maFd3ywu",
            "aFd3",
            "Fd3y",
            "d3yw",
            "3ywu",
            "oA2Fk1eFYgwisMxb",
            "A2Fk1eFYgwisMxb4",
            "2Fk1eFYgwisMxb4P",
            "Fk1eFYgwisMxb4Pi",
            "k1eFYgwisMxb",
            "1eFYgwisMxb4",
            "eFYgwisMxb4P",
            "FYgwisMxb4Pi",
            "YgwisMxb",
            "gwisMxb4",
            "wisMxb4P",
            "isMxb4Pi",
            "sMxb",
            "Mxb4",
            "xb4P",
            "b4Pi",
            "xGIXpoe0PPQj01VU",
            "GIXpoe0PPQj01VUK",
            "IXpoe0PPQj01VUK8",
            "Xpoe0PPQj01VUK83",
            "poe0PPQj01VU",
            "oe0PPQj01VUK",
            "e0PPQj01VUK8",
            "0PPQj01VUK83",
            "PPQj01VU",
            "PQj01VUK",
            "Qj01VUK8",
            "j01VUK83",
            "01VU",
            "1VUK",
            "VUK8",
            "UK83",
            "g4ORuTeOEcrqgbwm",
            "4ORuTeOEcrqgbwmJ",
            "ORuTeOEcrqgbwmJ8",
            "RuTeOEcrqgbwmJ8f",
            "uTeOEcrqgbwm",
            "TeOEcrqgbwmJ",
            "eOEcrqgbwmJ8",
            "OEcrqgbwmJ8f",
            "Ecrqgbwm",
            "crqgbwmJ",
            "rqgbwmJ8",
            "qgbwmJ8f",
            "gbwm",
            "bwmJ",
            "wmJ8",
            "mJ8f",
            "RP6scyejX1ere9FR",
            "P6scyejX1ere9FRY",
            "6scyejX1ere9FRY8",
            "scyejX1ere9FRY8R",
            "cyejX1ere9FR",
            "yejX1ere9FRY",
            "ejX1ere9FRY8",
            "jX1ere9FRY8R",
            "X1ere9FR",
            "1ere9FRY",
            "ere9FRY8",
            "re9FRY8R",
            "e9FR",
            "9FRY",
            "FRY8",
            "RY8R",
            "QxQkYJeQZahyQBja",
            "xQkYJeQZahyQBjaI",
            "QkYJeQZahyQBjaIv",
            "kYJeQZahyQBjaIvS",
            "YJeQZahyQBja",
            "JeQZahyQBjaI",
            "eQZahyQBjaIv",
            "QZahyQBjaIvS",
            "ZahyQBja",
            "ahyQBjaI",
            "hyQBjaIv",
            "yQBjaIvS",
            "QBja",
            "BjaI",
            "jaIv",
            "aIvS",
            "qDaefPetNZYvvwgV",
            "DaefPetNZYvvwgVp",
            "aefPetNZYvvwgVpC",
            "efPetNZYvvwgVpCP",
            "fPetNZYvvwgV",
            "PetNZYvvwgVp",
            "etNZYvvwgVpC",
            "tNZYvvwgVpCP",
            "NZYvvwgV",
            "ZYvvwgVp",
            "YvvwgVpC",
            "vvwgVpCP",
            "vwgV",
            "wgVp",
            "gVpC",
            "VpCP",
            "R7oU3AeC4iPfwq1n",
            "7oU3AeC4iPfwq1nn",
            "oU3AeC4iPfwq1nnL",
            "U3AeC4iPfwq1nnLr",
            "3AeC4iPfwq1n",
            "AeC4iPfwq1nn",
            "eC4iPfwq1nnL",
            "C4iPfwq1nnLr",
            "4iPfwq1n",
            "iPfwq1nn",
            "Pfwq1nnL",
            "fwq1nnLr",
            "wq1n",
            "q1nn",
            "1nnL",
            "nnLr",
            "ftZYkqex9qHgslRK",
            "tZYkqex9qHgslRKk",
            "ZYkqex9qHgslRKkU",
            "Ykqex9qHgslRKkUB",
            "kqex9qHgslRK",
            "qex9qHgslRKk",
            "ex9qHgslRKkU",
            "x9qHgslRKkUB",
            "9qHgslRK",
            "qHgslRKk",
            "HgslRKkU",
            "gslRKkUB",
            "slRK",
            "lRKk",
            "RKkU",
            "KkUB",
            "bDENPfPVxHreHxZd",
            "DENPfPVxHreHxZdo",
            "ENPfPVxHreHxZdo0",
            "NPfPVxHreHxZdo0E",
            "PfPVxHreHxZd",
            "fPVxHreHxZdo",
            "PVxHreHxZdo0",
            "VxHreHxZdo0E",
            "xHreHxZd",
            "HreHxZdo",
            "reHxZdo0",
            "eHxZdo0E",
            "HxZd",
            "xZdo",
            "Zdo0",
            "do0E",
            "uqJTLbPnTk59Mk3Y",
            "qJTLbPnTk59Mk3Y3",
            "JTLbPnTk59Mk3Y3c",
            "TLbPnTk59Mk3Y3cO",
            "LbPnTk59Mk3Y",
            "bPnTk59Mk3Y3",
            "PnTk59Mk3Y3c",
            "nTk59Mk3Y3cO",
            "Tk59Mk3Y",
            "k59Mk3Y3",
            "59Mk3Y3c",
            "9Mk3Y3cO",
            "Mk3Y",
            "k3Y3",
            "3Y3c",
            "Y3cO",
            "nO5W8RPZyyXMMyAp",
            "O5W8RPZyyXMMyApc",
            "5W8RPZyyXMMyApc4",
            "W8RPZyyXMMyApc4y",
            "8RPZyyXMMyAp",
            "RPZyyXMMyApc",
            "PZyyXMMyApc4",
            "ZyyXMMyApc4y",
            "yyXMMyAp",
            "yXMMyApc",
            "XMMyApc4",
            "MMyApc4y",
            "MyAp",
            "yApc",
            "Apc4",
            "pc4y",
            "J1u68pPW662xJcBN",
            "1u68pPW662xJcBNH",
            "u68pPW662xJcBNHx",
            "68pPW662xJcBNHxc",
            "8pPW662xJcBN",
            "pPW662xJcBNH",
            "PW662xJcBNHx",
            "W662xJcBNHxc",
            "662xJcBN",
            "62xJcBNH",
            "2xJcBNHx",
            "xJcBNHxc",
            "JcBN",
            "cBNH",
            "BNHx",
            "NHxc",
            "yAaWHAPs5945x8Kp",
            "AaWHAPs5945x8Kpj",
            "aWHAPs5945x8KpjI",
            "WHAPs5945x8KpjIO",
            "HAPs5945x8Kp",
            "APs5945x8Kpj",
            "Ps5945x8KpjI",
            "s5945x8KpjIO",
            "5945x8Kp",
            "945x8Kpj",
            "45x8KpjI",
            "5x8KpjIO",
            "x8Kp",
            "8Kpj",
            "KpjI",
            "pjIO",
            "RQUuV0PhR65FVLDN",
            "QUuV0PhR65FVLDNO",
            "UuV0PhR65FVLDNOH",
            "uV0PhR65FVLDNOHp",
            "V0PhR65FVLDN",
            "0PhR65FVLDNO",
            "PhR65FVLDNOH",
            "hR65FVLDNOHp",
            "R65FVLDN",
            "65FVLDNO",
            "5FVLDNOH",
            "FVLDNOHp",
            "VLDN",
            "LDNO",
            "DNOH",
            "NOHp",
            "UlOfakPKb29XMN2q",
            "lOfakPKb29XMN2qB",
            "OfakPKb29XMN2qBn",
            "fakPKb29XMN2qBnN",
            "akPKb29XMN2q",
            "kPKb29XMN2qB",
            "PKb29XMN2qBn",
            "Kb29XMN2qBnN",
            "b29XMN2q",
            "29XMN2qB",
            "9XMN2qBn",
            "XMN2qBnN",
            "MN2q",
            "N2qB",
            "2qBn",
            "qBnN",
            "Jbec75Prpe3Eo9Ug",
            "bec75Prpe3Eo9Ugx",
            "ec75Prpe3Eo9UgxS",
            "c75Prpe3Eo9UgxSd",
            "75Prpe3Eo9Ug",
            "5Prpe3Eo9Ugx",
            "Prpe3Eo9UgxS",
            "rpe3Eo9UgxSd",
            "pe3Eo9Ug",
            "e3Eo9Ugx",
            "3Eo9UgxS",
            "Eo9UgxSd",
            "o9Ug",
            "9Ugx",
            "UgxS",
            "gxSd",
            "AXjK2DPeCtjdlGyd",
            "XjK2DPeCtjdlGyd4",
            "jK2DPeCtjdlGyd44",
            "K2DPeCtjdlGyd44C",
            "2DPeCtjdlGyd",
            "DPeCtjdlGyd4",
            "PeCtjdlGyd44",
            "eCtjdlGyd44C",
            "CtjdlGyd",
            "tjdlGyd4",
            "jdlGyd44",
            "dlGyd44C",
            "lGyd",
            "Gyd4",
            "yd44",
            "d44C",
            "GH9gG7PGLKFQPpIn",
            "H9gG7PGLKFQPpInT",
            "9gG7PGLKFQPpInTT",
            "gG7PGLKFQPpInTTL",
            "G7PGLKFQPpIn",
            "7PGLKFQPpInT",
            "PGLKFQPpInTT",
            "GLKFQPpInTTL",
            "LKFQPpIn",
            "KFQPpInT",
            "FQPpInTT",
            "QPpInTTL",
            "PpIn",
            "pInT",
            "InTT",
            "nTTL",
            "ewmu3dPI0Z9MPFd8",
            "wmu3dPI0Z9MPFd8l",
            "mu3dPI0Z9MPFd8ls",
            "u3dPI0Z9MPFd8lsn",
            "3dPI0Z9MPFd8",
            "dPI0Z9MPFd8l",
            "PI0Z9MPFd8ls",
            "I0Z9MPFd8lsn",
            "0Z9MPFd8",
            "Z9MPFd8l",
            "9MPFd8ls",
            "MPFd8lsn",
            "PFd8",
            "Fd8l",
            "d8ls",
            "8lsn",
            "HEb6RbPRSUGn76df",
            "Eb6RbPRSUGn76dfT",
            "b6RbPRSUGn76dfTu",
            "6RbPRSUGn76dfTuw",
            "RbPRSUGn76df",
            "bPRSUGn76dfT",
            "PRSUGn76dfTu",
            "RSUGn76dfTuw",
            "SUGn76df",
            "UGn76dfT",
            "Gn76dfTu",
            "n76dfTuw",
            "76df",
            "6dfT",
            "dfTu",
            "fTuw",
            "MsQG8DP5LBX0PaaS",
            "sQG8DP5LBX0PaaSx",
            "QG8DP5LBX0PaaSxv",
            "G8DP5LBX0PaaSxvQ",
            "8DP5LBX0PaaS",
            "DP5LBX0PaaSx",
            "P5LBX0PaaSxv",
            "5LBX0PaaSxvQ",
            "LBX0PaaS",
            "BX0PaaSx",
            "X0PaaSxv",
            "0PaaSxvQ",
            "PaaS",
            "aaSx",
            "aSxv",
            "SxvQ",
            "X1BpsBPmJJn7vO3P",
            "1BpsBPmJJn7vO3PB",
            "BpsBPmJJn7vO3PBs",
            "psBPmJJn7vO3PBsc",
            "sBPmJJn7vO3P",
            "BPmJJn7vO3PB",
            "PmJJn7vO3PBs",
            "mJJn7vO3PBsc",
            "JJn7vO3P",
            "Jn7vO3PB",
            "n7vO3PBs",
            "7vO3PBsc",
            "vO3P",
            "O3PB",
            "3PBs",
            "PBsc",
            "Kyc7luP4MleWGXSU",
            "yc7luP4MleWGXSUe",
            "c7luP4MleWGXSUeb",
            "7luP4MleWGXSUebt",
            "luP4MleWGXSU",
            "uP4MleWGXSUe",
            "P4MleWGXSUeb",
            "4MleWGXSUebt",
            "MleWGXSU",
            "leWGXSUe",
            "eWGXSUeb",
            "WGXSUebt",
            "GXSU",
            "XSUe",
            "SUeb",
            "Uebt",
            "D2XTY9P1yycrVNid",
            "2XTY9P1yycrVNidr",
            "XTY9P1yycrVNidrM",
            "TY9P1yycrVNidrMG",
            "Y9P1yycrVNid",
            "9P1yycrVNidr",
            "P1yycrVNidrM",
            "1yycrVNidrMG",
            "yycrVNid",
            "ycrVNidr",
            "crVNidrM",
            "rVNidrMG",
            "VNid",
            "Nidr",
            "idrM",
            "drMG",
            "s3iMX6PqEdpucpo3",
            "3iMX6PqEdpucpo3k",
            "iMX6PqEdpucpo3kj",
            "MX6PqEdpucpo3kju",
            "X6PqEdpucpo3",
            "6PqEdpucpo3k",
            "PqEdpucpo3kj",
            "qEdpucpo3kju",
            "Edpucpo3",
            "dpucpo3k",
            "pucpo3kj",
            "ucpo3kju",
            "cpo3",
            "po3k",
            "o3kj",
            "3kju",
            "unsUCmPYWk9J44dN",
            "nsUCmPYWk9J44dNu",
            "sUCmPYWk9J44dNuc",
            "UCmPYWk9J44dNuch",
            "CmPYWk9J44dN",
            "mPYWk9J44dNu",
            "PYWk9J44dNuc",
            "YWk9J44dNuch",
            "Wk9J44dN",
            "k9J44dNu",
            "9J44dNuc",
            "J44dNuch",
            "44dN",
            "4dNu",
            "dNuc",
            "Nuch",
            "KkdPwXPukYfv2TcD",
            "kdPwXPukYfv2TcDL",
            "dPwXPukYfv2TcDLP",
            "PwXPukYfv2TcDLP3",
            "wXPukYfv2TcD",
            "XPukYfv2TcDL",
            "PukYfv2TcDLP",
            "ukYfv2TcDLP3",
            "kYfv2TcD",
            "Yfv2TcDL",
            "fv2TcDLP",
            "v2TcDLP3",
            "2TcD",
            "TcDL",
            "cDLP",
            "DLP3",
            "kIUGVuP3UTjKmsEl",
            "IUGVuP3UTjKmsEls",
            "UGVuP3UTjKmsElsh",
            "GVuP3UTjKmsElshE",
            "VuP3UTjKmsEl",
            "uP3UTjKmsEls",
            "P3UTjKmsElsh",
            "3UTjKmsElshE",
            "UTjKmsEl",
            "TjKmsEls",
            "jKmsElsh",
            "KmsElshE",
            "msEl",
            "sEls",
            "Elsh",
            "lshE",
            "JmFCPwPpD7IXqabb",
            "mFCPwPpD7IXqabb1",
            "FCPwPpD7IXqabb1y",
            "CPwPpD7IXqabb1yN",
            "PwPpD7IXqabb",
            "wPpD7IXqabb1",
            "PpD7IXqabb1y",
            "pD7IXqabb1yN",
            "D7IXqabb",
            "7IXqabb1",
            "IXqabb1y",
            "Xqabb1yN",
            "qabb",
            "abb1",
            "bb1y",
            "b1yN",
            "zF2hvyP8GkVDdZG9",
            "F2hvyP8GkVDdZG9k",
            "2hvyP8GkVDdZG9kv",
            "hvyP8GkVDdZG9kvj",
            "vyP8GkVDdZG9",
            "yP8GkVDdZG9k",
            "P8GkVDdZG9kv",
            "8GkVDdZG9kvj",
            "GkVDdZG9",
            "kVDdZG9k",
            "VDdZG9kv",
            "DdZG9kvj",
            "dZG9",
            "ZG9k",
            "G9kv",
            "9kvj",
            "i4cl1iPcJOewiCBX",
            "4cl1iPcJOewiCBXE",
            "cl1iPcJOewiCBXEm",
            "l1iPcJOewiCBXEmb",
            "1iPcJOewiCBX",
            "iPcJOewiCBXE",
            "PcJOewiCBXEm",
            "cJOewiCBXEmb",
            "JOewiCBX",
            "OewiCBXE",
            "ewiCBXEm",
            "wiCBXEmb",
            "iCBX",
            "CBXE",
            "BXEm",
            "XEmb",
            "wVSHaqPFXWFq3not",
            "VSHaqPFXWFq3notQ",
            "SHaqPFXWFq3notQ9",
            "HaqPFXWFq3notQ9F",
            "aqPFXWFq3not",
            "qPFXWFq3notQ",
            "PFXWFq3notQ9",
            "FXWFq3notQ9F",
            "XWFq3not",
            "WFq3notQ",
            "Fq3notQ9",
            "q3notQ9F",
            "3not",
            "notQ",
            "otQ9",
            "tQ9F",
            "n9q3DSP0BPr7BAvq",
            "9q3DSP0BPr7BAvqd",
            "q3DSP0BPr7BAvqdn",
            "3DSP0BPr7BAvqdnm",
            "DSP0BPr7BAvq",
            "SP0BPr7BAvqd",
            "P0BPr7BAvqdn",
            "0BPr7BAvqdnm",
            "BPr7BAvq",
            "Pr7BAvqd",
            "r7BAvqdn",
            "7BAvqdnm",
            "BAvq",
            "Avqd",
            "vqdn",
            "qdnm",
            "geFyeTPOxoA61re6",
            "eFyeTPOxoA61re6Q",
            "FyeTPOxoA61re6Qa",
            "yeTPOxoA61re6QaR",
            "eTPOxoA61re6",
            "TPOxoA61re6Q",
            "POxoA61re6Qa",
            "OxoA61re6QaR",
            "xoA61re6",
            "oA61re6Q",
            "A61re6Qa",
            "61re6QaR",
            "1re6",
            "re6Q",
            "e6Qa",
            "6QaR",
            "B5vQMnPjZfcLE4HQ",
            "5vQMnPjZfcLE4HQM",
            "vQMnPjZfcLE4HQM8",
            "QMnPjZfcLE4HQM8V",
            "MnPjZfcLE4HQ",
            "nPjZfcLE4HQM",
            "PjZfcLE4HQM8",
            "jZfcLE4HQM8V",
            "ZfcLE4HQ",
            "fcLE4HQM",
            "cLE4HQM8",
            "LE4HQM8V",
            "E4HQ",
            "4HQM",
            "HQM8",
            "QM8V",
            "CLICrcPQpuoOCxjD",
            "LICrcPQpuoOCxjDC",
            "ICrcPQpuoOCxjDCL",
            "CrcPQpuoOCxjDCLy",
            "rcPQpuoOCxjD",
            "cPQpuoOCxjDC",
            "PQpuoOCxjDCL",
            "QpuoOCxjDCLy",
            "puoOCxjD",
            "uoOCxjDC",
            "oOCxjDCL",
            "OCxjDCLy",
            "CxjD",
            "xjDC",
            "jDCL",
            "DCLy",
            "jCJ3M2PtN61gdiVF",
            "CJ3M2PtN61gdiVFP",
            "J3M2PtN61gdiVFPM",
            "3M2PtN61gdiVFPMn",
            "M2PtN61gdiVF",
            "2PtN61gdiVFP",
            "PtN61gdiVFPM",
            "tN61gdiVFPMn",
            "N61gdiVF",
            "61gdiVFP",
            "1gdiVFPM",
            "gdiVFPMn",
            "diVF",
            "iVFP",
            "VFPM",
            "FPMn",
            "N8qgDAPCkMR6kecL",
            "8qgDAPCkMR6kecLF",
            "qgDAPCkMR6kecLFQ",
            "gDAPCkMR6kecLFQX",
            "DAPCkMR6kecL",
            "APCkMR6kecLF",
            "PCkMR6kecLFQ",
            "CkMR6kecLFQX",
            "kMR6kecL",
            "MR6kecLF",
            "R6kecLFQ",
            "6kecLFQX",
            "kecL",
            "ecLF",
            "cLFQ",
            "LFQX",
            "snntaJPxmwMkW8lv",
            "nntaJPxmwMkW8lvC",
            "ntaJPxmwMkW8lvC2",
            "taJPxmwMkW8lvC2e",
            "aJPxmwMkW8lv",
            "JPxmwMkW8lvC",
            "PxmwMkW8lvC2",
            "xmwMkW8lvC2e",
            "mwMkW8lv",
            "wMkW8lvC",
            "MkW8lvC2",
            "kW8lvC2e",
            "W8lv",
            "8lvC",
            "lvC2",
            "vC2e",
            "UwkItgGV0VG6GHV3",
            "wkItgGV0VG6GHV3Y",
            "kItgGV0VG6GHV3Ym",
            "ItgGV0VG6GHV3YmW",
            "tgGV0VG6GHV3",
            "gGV0VG6GHV3Y",
            "GV0VG6GHV3Ym",
            "V0VG6GHV3YmW",
            "0VG6GHV3",
            "VG6GHV3Y",
            "G6GHV3Ym",
            "6GHV3YmW",
            "GHV3",
            "HV3Y",
            "V3Ym",
            "3YmW",
            "aYfE7JGnaqa8C6xE",
            "YfE7JGnaqa8C6xE6",
            "fE7JGnaqa8C6xE6C",
            "E7JGnaqa8C6xE6C9",
            "7JGnaqa8C6xE",
            "JGnaqa8C6xE6",
            "Gnaqa8C6xE6C",
            "naqa8C6xE6C9",
            "aqa8C6xE",
            "qa8C6xE6",
            "a8C6xE6C",
            "8C6xE6C9",
            "C6xE",
            "6xE6",
            "xE6C",
            "E6C9",
            "M5jXTAGZ1CKe4rPO",
            "5jXTAGZ1CKe4rPOh",
            "jXTAGZ1CKe4rPOhZ",
            "XTAGZ1CKe4rPOhZ6",
            "TAGZ1CKe4rPO",
            "AGZ1CKe4rPOh",
            "GZ1CKe4rPOhZ",
            "Z1CKe4rPOhZ6",
            "1CKe4rPO",
            "CKe4rPOh",
            "Ke4rPOhZ",
            "e4rPOhZ6",
            "4rPO",
            "rPOh",
            "POhZ",
            "OhZ6",
            "IXsCIgGWaVa0OLyD",
            "XsCIgGWaVa0OLyDQ",
            "sCIgGWaVa0OLyDQ7",
            "CIgGWaVa0OLyDQ7A",
            "IgGWaVa0OLyD",
            "gGWaVa0OLyDQ",
            "GWaVa0OLyDQ7",
            "WaVa0OLyDQ7A",
            "aVa0OLyD",
            "Va0OLyDQ",
            "a0OLyDQ7",
            "0OLyDQ7A",
            "OLyD",
            "LyDQ",
            "yDQ7",
            "DQ7A",
            "AVubQcGskkT78yRf",
            "VubQcGskkT78yRfs",
            "ubQcGskkT78yRfsc",
            "bQcGskkT78yRfscQ",
            "QcGskkT78yRf",
            "cGskkT78yRfs",
            "GskkT78yRfsc",
            "skkT78yRfscQ",
            "kkT78yRf",
            "kT78yRfs",
            "T78yRfsc",
            "78yRfscQ",
            "8yRf",
            "yRfs",
            "Rfsc",
            "fscQ",
            "CcQiZEGhKA0KusZN",
            "cQiZEGhKA0KusZN3",
            "QiZEGhKA0KusZN3o",
            "iZEGhKA0KusZN3oi",
            "ZEGhKA0KusZN",
            "EGhKA0KusZN3",
            "GhKA0KusZN3o",
            "hKA0KusZN3oi",
            "KA0KusZN",
            "A0KusZN3",
            "0KusZN3o",
            "KusZN3oi",
            "usZN",
            "sZN3",
            "ZN3o",
            "N3oi",
            "PVV4LRGKkvJ9P1cA",
            "VV4LRGKkvJ9P1cAp",
            "V4LRGKkvJ9P1cApv",
            "4LRGKkvJ9P1cApvr",
            "LRGKkvJ9P1cA",
            "RGKkvJ9P1cAp",
            "GKkvJ9P1cApv",
            "KkvJ9P1cApvr",
            "kvJ9P1cA",
            "vJ9P1cAp",
            "J9P1cApv",
            "9P1cApvr",
            "P1cA",
            "1cAp",
            "cApv",
            "Apvr",
            "DbJM2EGrhNfPjSpx",
            "bJM2EGrhNfPjSpxj",
            "JM2EGrhNfPjSpxjq",
            "M2EGrhNfPjSpxjqd",
            "2EGrhNfPjSpx",
            "EGrhNfPjSpxj",
            "GrhNfPjSpxjq",
            "rhNfPjSpxjqd",
            "hNfPjSpx",
            "NfPjSpxj",
            "fPjSpxjq",
            "PjSpxjqd",
            "jSpx",
            "Spxj",
            "pxjq",
            "xjqd",
            "cXp9cRGeZP9Vhq5F",
            "Xp9cRGeZP9Vhq5FF",
            "p9cRGeZP9Vhq5FFk",
            "9cRGeZP9Vhq5FFkZ",
            "cRGeZP9Vhq5F",
            "RGeZP9Vhq5FF",
            "GeZP9Vhq5FFk",
            "eZP9Vhq5FFkZ",
            "ZP9Vhq5F",
            "P9Vhq5FF",
            "9Vhq5FFk",
            "Vhq5FFkZ",
            "hq5F",
            "q5FF",
            "5FFk",
            "FFkZ",
            "OfJPyYGGrEo3YWI7",
            "fJPyYGGrEo3YWI76",
            "JPyYGGrEo3YWI763",
            "PyYGGrEo3YWI763P",
            "yYGGrEo3YWI7",
            "YGGrEo3YWI76",
            "GGrEo3YWI763",
            "GrEo3YWI763P",
            "rEo3YWI7",
            "Eo3YWI76",
            "o3YWI763",
            "3YWI763P",
            "YWI7",
            "WI76",
            "I763",
            "763P",
            "B8EIqjGIQdIdklFW",
            "8EIqjGIQdIdklFWg",
            "EIqjGIQdIdklFWgW",
            "IqjGIQdIdklFWgWm",
            "qjGIQdIdklFW",
            "jGIQdIdklFWg",
            "GIQdIdklFWgW",
            "IQdIdklFWgWm",
            "QdIdklFW",
            "dIdklFWg",
            "IdklFWgW",
            "dklFWgWm",
            "klFW",
            "lFWg",
            "FWgW",
            "WgWm",
            "vvMZlMGRfHGUoMwL",
            "vMZlMGRfHGUoMwLq",
            "MZlMGRfHGUoMwLqg",
            "ZlMGRfHGUoMwLqgd",
            "lMGRfHGUoMwL",
            "MGRfHGUoMwLq",
            "GRfHGUoMwLqg",
            "RfHGUoMwLqgd",
            "fHGUoMwL",
            "HGUoMwLq",
            "GUoMwLqg",
            "UoMwLqgd",
            "oMwL",
            "MwLq",
            "wLqg",
            "Lqgd",
            "EPcRDIG5jwsv4KSu",
            "PcRDIG5jwsv4KSuX",
            "cRDIG5jwsv4KSuX7",
            "RDIG5jwsv4KSuX7X",
            "DIG5jwsv4KSu",
            "IG5jwsv4KSuX",
            "G5jwsv4KSuX7",
            "5jwsv4KSuX7X",
            "jwsv4KSu",
            "wsv4KSuX",
            "sv4KSuX7",
            "v4KSuX7X",
            "4KSu",
            "KSuX",
            "SuX7",
            "uX7X",
            "FQ7pjNGmuGi3bJO5",
            "Q7pjNGmuGi3bJO5l",
            "7pjNGmuGi3bJO5lD",
            "pjNGmuGi3bJO5lDc",
            "jNGmuGi3bJO5",
            "NGmuGi3bJO5l",
            "GmuGi3bJO5lD",
            "muGi3bJO5lDc",
            "uGi3bJO5",
            "Gi3bJO5l",
            "i3bJO5lD",
            "3bJO5lDc",
            "bJO5",
            "JO5l",
            "O5lD",
            "5lDc",
            "tNADkJG4oxgDiHCI",
            "NADkJG4oxgDiHCIN",
            "ADkJG4oxgDiHCIN3",
            "DkJG4oxgDiHCIN35",
            "kJG4oxgDiHCI",
            "JG4oxgDiHCIN",
            "G4oxgDiHCIN3",
            "4oxgDiHCIN35",
            "oxgDiHCI",
            "xgDiHCIN",
            "gDiHCIN3",
            "DiHCIN35",
            "iHCI",
            "HCIN",
            "CIN3",
            "IN35",
            "pSVgTnG1gcQV8MWt",
            "SVgTnG1gcQV8MWtc",
            "VgTnG1gcQV8MWtc8",
            "gTnG1gcQV8MWtc8V",
            "TnG1gcQV8MWt",
            "nG1gcQV8MWtc",
            "G1gcQV8MWtc8",
            "1gcQV8MWtc8V",
            "gcQV8MWt",
            "cQV8MWtc",
            "QV8MWtc8",
            "V8MWtc8V",
            "8MWt",
            "MWtc",
            "Wtc8",
            "tc8V",
            "HBFpu2Gq03TxRIS4",
            "BFpu2Gq03TxRIS4b",
            "Fpu2Gq03TxRIS4bx",
            "pu2Gq03TxRIS4bxt",
            "u2Gq03TxRIS4",
            "2Gq03TxRIS4b",
            "Gq03TxRIS4bx",
            "q03TxRIS4bxt",
            "03TxRIS4",
            "3TxRIS4b",
            "TxRIS4bx",
            "xRIS4bxt",
            "RIS4",
            "IS4b",
            "S4bx",
            "4bxt",
            "j9f1IGGYUVFCg4S9",
            "9f1IGGYUVFCg4S9G",
            "f1IGGYUVFCg4S9GS",
            "1IGGYUVFCg4S9GSp",
            "IGGYUVFCg4S9",
            "GGYUVFCg4S9G",
            "GYUVFCg4S9GS",
            "YUVFCg4S9GSp",
            "UVFCg4S9",
            "VFCg4S9G",
            "FCg4S9GS",
            "Cg4S9GSp",
            "g4S9",
            "4S9G",
            "S9GS",
            "9GSp",
            "sIwALYGul5cr8lUy",
            "IwALYGul5cr8lUyc",
            "wALYGul5cr8lUycv",
            "ALYGul5cr8lUycv2",
            "LYGul5cr8lUy",
            "YGul5cr8lUyc",
            "Gul5cr8lUycv",
            "ul5cr8lUycv2",
            "l5cr8lUy",
            "5cr8lUyc",
            "cr8lUycv",
            "r8lUycv2",
            "8lUy",
            "lUyc",
            "Uycv",
            "ycv2",
            "KSArKIG3UhgndsSl",
            "SArKIG3UhgndsSlq",
            "ArKIG3UhgndsSlqR",
            "rKIG3UhgndsSlqRC",
            "KIG3UhgndsSl",
            "IG3UhgndsSlq",
            "G3UhgndsSlqR",
            "3UhgndsSlqRC",
            "UhgndsSl",
            "hgndsSlq",
            "gndsSlqR",
            "ndsSlqRC",
            "dsSl",
            "sSlq",
            "SlqR",
            "lqRC",
            "UuxKndGpUBFnrfYi",
            "uxKndGpUBFnrfYiT",
            "xKndGpUBFnrfYiT1",
            "KndGpUBFnrfYiT1H",
            "ndGpUBFnrfYi",
            "dGpUBFnrfYiT",
            "GpUBFnrfYiT1",
            "pUBFnrfYiT1H",
            "UBFnrfYi",
            "BFnrfYiT",
            "FnrfYiT1",
            "nrfYiT1H",
            "rfYi",
            "fYiT",
            "YiT1",
            "iT1H",
            "oDfhe0G82DZFEbPJ",
            "Dfhe0G82DZFEbPJh",
            "fhe0G82DZFEbPJh6",
            "he0G82DZFEbPJh6l",
            "e0G82DZFEbPJ",
            "0G82DZFEbPJh",
            "G82DZFEbPJh6",
            "82DZFEbPJh6l",
            "2DZFEbPJ",
            "DZFEbPJh",
            "ZFEbPJh6",
            "FEbPJh6l",
            "EbPJ",
            "bPJh",
            "PJh6",
            "Jh6l",
            "djulbdGcbroIlHx8",
            "julbdGcbroIlHx8o",
            "ulbdGcbroIlHx8oQ",
            "lbdGcbroIlHx8oQ6",
            "bdGcbroIlHx8",
            "dGcbroIlHx8o",
            "GcbroIlHx8oQ",
            "cbroIlHx8oQ6",
            "broIlHx8",
            "roIlHx8o",
            "oIlHx8oQ",
            "IlHx8oQ6",
            "lHx8",
            "Hx8o",
            "x8oQ",
            "8oQ6",
            "bJelTmGFPRNlLmnE",
            "JelTmGFPRNlLmnEm",
            "elTmGFPRNlLmnEm9",
            "lTmGFPRNlLmnEm92",
            "TmGFPRNlLmnE",
            "mGFPRNlLmnEm",
            "GFPRNlLmnEm9",
            "FPRNlLmnEm92",
            "PRNlLmnE",
            "RNlLmnEm",
            "NlLmnEm9",
            "lLmnEm92",
            "LmnE",
            "mnEm",
            "nEm9",
            "Em92",
            "BDL78LG0of0B29ht",
            "DL78LG0of0B29htw",
            "L78LG0of0B29htwR",
            "78LG0of0B29htwRd",
            "8LG0of0B29ht",
            "LG0of0B29htw",
            "G0of0B29htwR",
            "0of0B29htwRd",
            "of0B29ht",
            "f0B29htw",
            "0B29htwR",
            "B29htwRd",
            "29ht",
            "9htw",
            "htwR",
            "twRd",
            "idXdi7GOMKmnSq6M",
            "dXdi7GOMKmnSq6MR",
            "Xdi7GOMKmnSq6MRZ",
            "di7GOMKmnSq6MRZn",
            "i7GOMKmnSq6M",
            "7GOMKmnSq6MR",
            "GOMKmnSq6MRZ",
            "OMKmnSq6MRZn",
            "MKmnSq6M",
            "KmnSq6MR",
            "mnSq6MRZ",
            "nSq6MRZn",
            "Sq6M",
            "q6MR",
            "6MRZ",
            "MRZn",
            "IsbCYAGjWjB0hqJh",
            "sbCYAGjWjB0hqJhX",
            "bCYAGjWjB0hqJhXD",
            "CYAGjWjB0hqJhXDM",
            "YAGjWjB0hqJh",
            "AGjWjB0hqJhX",
            "GjWjB0hqJhXD",
            "jWjB0hqJhXDM",
            "WjB0hqJh",
            "jB0hqJhX",
            "B0hqJhXD",
            "0hqJhXDM",
            "hqJh",
            "qJhX",
            "JhXD",
            "hXDM",
            "Hw8qiGGQU58JxMnu",
            "w8qiGGQU58JxMnuS",
            "8qiGGQU58JxMnuST",
            "qiGGQU58JxMnuSTj",
            "iGGQU58JxMnu",
            "GGQU58JxMnuS",
            "GQU58JxMnuST",
            "QU58JxMnuSTj",
            "U58JxMnu",
            "58JxMnuS",
            "8JxMnuST",
            "JxMnuSTj",
            "xMnu",
            "MnuS",
            "nuST",
            "uSTj",
            "P2umuYGt6ReeNetb",
            "2umuYGt6ReeNetbX",
            "umuYGt6ReeNetbX8",
            "muYGt6ReeNetbX8i",
            "uYGt6ReeNetb",
            "YGt6ReeNetbX",
            "Gt6ReeNetbX8",
            "t6ReeNetbX8i",
            "6ReeNetb",
            "ReeNetbX",
            "eeNetbX8",
            "eNetbX8i",
            "Netb",
            "etbX",
            "tbX8",
            "bX8i",
            "DLfg5xGCda1seJdh",
            "Lfg5xGCda1seJdhN",
            "fg5xGCda1seJdhNx",
            "g5xGCda1seJdhNxd",
            "5xGCda1seJdh",
            "xGCda1seJdhN",
            "GCda1seJdhNx",
            "Cda1seJdhNxd",
            "da1seJdh",
            "a1seJdhN",
            "1seJdhNx",
            "seJdhNxd",
            "eJdh",
            "JdhN",
            "dhNx",
            "hNxd",
            "d9qAAwGxM3GTCU8l",
            "9qAAwGxM3GTCU8lf",
            "qAAwGxM3GTCU8lf2",
            "AAwGxM3GTCU8lf2X",
            "AwGxM3GTCU8l",
            "wGxM3GTCU8lf",
            "GxM3GTCU8lf2",
            "xM3GTCU8lf2X",
            "M3GTCU8l",
            "3GTCU8lf",
            "GTCU8lf2",
            "TCU8lf2X",
            "CU8l",
            "U8lf",
            "8lf2",
            "lf2X",
            "dwD5BFlVSbcEVTZJ",
            "wD5BFlVSbcEVTZJm",
            "D5BFlVSbcEVTZJmY",
            "5BFlVSbcEVTZJmYb",
            "BFlVSbcEVTZJ",
            "FlVSbcEVTZJm",
            "lVSbcEVTZJmY",
            "VSbcEVTZJmYb",
            "SbcEVTZJ",
            "bcEVTZJm",
            "cEVTZJmY",
            "EVTZJmYb",
            "VTZJ",
            "TZJm",
            "ZJmY",
            "JmYb",
            "qb9UbhlnMajOf4na",
            "b9UbhlnMajOf4naE",
            "9UbhlnMajOf4naEm",
            "UbhlnMajOf4naEms",
            "bhlnMajOf4na",
            "hlnMajOf4naE",
            "lnMajOf4naEm",
            "nMajOf4naEms",
            "MajOf4na",
            "ajOf4naE",
            "jOf4naEm",
            "Of4naEms",
            "f4na",
            "4naE",
            "naEm",
            "aEms",
            "tkEP9AlZBnRnCBiR",
            "kEP9AlZBnRnCBiRa",
            "EP9AlZBnRnCBiRaP",
            "P9AlZBnRnCBiRaPv",
            "9AlZBnRnCBiR",
            "AlZBnRnCBiRa",
            "lZBnRnCBiRaP",
            "ZBnRnCBiRaPv",
            "BnRnCBiR",
            "nRnCBiRa",
            "RnCBiRaP",
            "nCBiRaPv",
            "CBiR",
            "BiRa",
            "iRaP",
            "RaPv",
            "RAq0UolWatajXeQC",
            "Aq0UolWatajXeQCg",
            "q0UolWatajXeQCgx",
            "0UolWatajXeQCgxx",
            "UolWatajXeQC",
            "olWatajXeQCg",
            "lWatajXeQCgx",
            "WatajXeQCgxx",
            "atajXeQC",
            "tajXeQCg",
            "ajXeQCgx",
            "jXeQCgxx",
            "XeQC",
            "eQCg",
            "QCgx",
            "Cgxx",
            "vqx3TflsRqkvooLS",
            "qx3TflsRqkvooLSp",
            "x3TflsRqkvooLSpG",
            "3TflsRqkvooLSpGA",
            "TflsRqkvooLS",
            "flsRqkvooLSp",
            "lsRqkvooLSpG",
            "sRqkvooLSpGA",
            "RqkvooLS",
            "qkvooLSp",
            "kvooLSpG",
            "vooLSpGA",
            "ooLS",
            "oLSp",
            "LSpG",
            "SpGA",
            "GEJkIQlhvkOsLULk",
            "EJkIQlhvkOsLULky",
            "JkIQlhvkOsLULkyM",
            "kIQlhvkOsLULkyM1",
            "IQlhvkOsLULk",
            "QlhvkOsLULky",
            "lhvkOsLULkyM",
            "hvkOsLULkyM1",
            "vkOsLULk",
            "kOsLULky",
            "OsLULkyM",
            "sLULkyM1",
            "LULk",
            "ULky",
            "LkyM",
            "kyM1",
            "beDwP3lKXmAFqmYw",
            "eDwP3lKXmAFqmYwS",
            "DwP3lKXmAFqmYwSM",
            "wP3lKXmAFqmYwSMk",
            "P3lKXmAFqmYw",
            "3lKXmAFqmYwS",
            "lKXmAFqmYwSM",
            "KXmAFqmYwSMk",
            "XmAFqmYw",
            "mAFqmYwS",
            "AFqmYwSM",
            "FqmYwSMk",
            "qmYw",
            "mYwS",
            "YwSM",
            "wSMk",
            "Bi5mGYlr07gqnsiE",
            "i5mGYlr07gqnsiE5",
            "5mGYlr07gqnsiE53",
            "mGYlr07gqnsiE53i",
            "GYlr07gqnsiE",
            "Ylr07gqnsiE5",
            "lr07gqnsiE53",
            "r07gqnsiE53i",
            "07gqnsiE",
            "7gqnsiE5",
            "gqnsiE53",
            "qnsiE53i",
            "nsiE",
            "siE5",
            "iE53",
            "E53i",
            "lNd5sJleolUwKn7b",
            "Nd5sJleolUwKn7bn",
            "d5sJleolUwKn7bnw",
            "5sJleolUwKn7bnw3",
            "sJleolUwKn7b",
            "JleolUwKn7bn",
            "leolUwKn7bnw",
            "eolUwKn7bnw3",
            "olUwKn7b",
            "lUwKn7bn",
            "UwKn7bnw",
            "wKn7bnw3",
            "Kn7b",
            "n7bn",
            "7bnw",
            "bnw3",
            "H0JEVJlGodu0emAC",
            "0JEVJlGodu0emACv",
            "JEVJlGodu0emACvy",
            "EVJlGodu0emACvyW",
            "VJlGodu0emAC",
            "JlGodu0emACv",
            "lGodu0emACvy",
            "Godu0emACvyW",
            "odu0emAC",
            "du0emACv",
            "u0emACvy",
            "0emACvyW",
            "emAC",
            "mACv",
            "ACvy",
            "CvyW",
            "wpfYGDlIeTMVrcQe",
            "pfYGDlIeTMVrcQeE",
            "fYGDlIeTMVrcQeEQ",
            "YGDlIeTMVrcQeEQX",
            "GDlIeTMVrcQe",
            "DlIeTMVrcQeE",
            "lIeTMVrcQeEQ",
            "IeTMVrcQeEQX",
            "eTMVrcQe",
            "TMVrcQeE",
            "MVrcQeEQ",
            "VrcQeEQX",
            "rcQe",
            "cQeE",
            "QeEQ",
            "eEQX",
            "XngvpjlRNdh7QtUB",
            "ngvpjlRNdh7QtUBI",
            "gvpjlRNdh7QtUBIN",
            "vpjlRNdh7QtUBINZ",
            "pjlRNdh7QtUB",
            "jlRNdh7QtUBI",
            "lRNdh7QtUBIN",
            "RNdh7QtUBINZ",
            "Ndh7QtUB",
            "dh7QtUBI",
            "h7QtUBIN",
            "7QtUBINZ",
            "QtUB",
            "tUBI",
            "UBIN",
            "BINZ",
            "iuEEPwl5teTI37uF",
            "uEEPwl5teTI37uFq",
            "EEPwl5teTI37uFq9",
            "EPwl5teTI37uFq9f",
            "Pwl5teTI37uF",
            "wl5teTI37uFq",
            "l5teTI37uFq9",
            "5teTI37uFq9f",
            "teTI37uF",
            "eTI37uFq",
            "TI37uFq9",
            "I37uFq9f",
            "37uF",
            "7uFq",
            "uFq9",
            "Fq9f",
            "VMTmrElmIvEjhC5F",
            "MTmrElmIvEjhC5Fu",
            "TmrElmIvEjhC5FuT",
            "mrElmIvEjhC5FuTB",
            "rElmIvEjhC5F",
            "ElmIvEjhC5Fu",
            "lmIvEjhC5FuT",
            "mIvEjhC5FuTB",
            "IvEjhC5F",
            "vEjhC5Fu",
            "EjhC5FuT",
            "jhC5FuTB",
            "hC5F",
            "C5Fu",
            "5FuT",
            "FuTB",
            "bu60Qkl4Ya3sLo7F",
            "u60Qkl4Ya3sLo7FK",
            "60Qkl4Ya3sLo7FKe",
            "0Qkl4Ya3sLo7FKeY",
            "Qkl4Ya3sLo7F",
            "kl4Ya3sLo7FK",
            "l4Ya3sLo7FKe",
            "4Ya3sLo7FKeY",
            "Ya3sLo7F",
            "a3sLo7FK",
            "3sLo7FKe",
            "sLo7FKeY",
            "Lo7F",
            "o7FK",
            "7FKe",
            "FKeY",
            "EeKPRjl1pYCAALtq",
            "eKPRjl1pYCAALtqN",
            "KPRjl1pYCAALtqNl",
            "PRjl1pYCAALtqNll",
            "Rjl1pYCAALtq",
            "jl1pYCAALtqN",
            "l1pYCAALtqNl",
            "1pYCAALtqNll",
            "pYCAALtq",
            "YCAALtqN",
            "CAALtqNl",
            "AALtqNll",
            "ALtq",
            "LtqN",
            "tqNl",
            "qNll",
            "BjJUDAlq2JGIDsvc",
            "jJUDAlq2JGIDsvc7",
            "JUDAlq2JGIDsvc72",
            "UDAlq2JGIDsvc72g",
            "DAlq2JGIDsvc",
            "Alq2JGIDsvc7",
            "lq2JGIDsvc72",
            "q2JGIDsvc72g",
            "2JGIDsvc",
            "JGIDsvc7",
            "GIDsvc72",
            "IDsvc72g",
            "Dsvc",
            "svc7",
            "vc72",
            "c72g",
            "mi7VRtlYALtt23nv",
            "i7VRtlYALtt23nva",
            "7VRtlYALtt23nvaw",
            "VRtlYALtt23nvaw3",
            "RtlYALtt23nv",
            "tlYALtt23nva",
            "lYALtt23nvaw",
            "YALtt23nvaw3",
            "ALtt23nv",
            "Ltt23nva",
            "tt23nvaw",
            "t23nvaw3",
            "23nv",
            "3nva",
            "nvaw",
            "vaw3",
            "PbT7LWlucWjBsHBR",
            "bT7LWlucWjBsHBRc",
            "T7LWlucWjBsHBRcg",
            "7LWlucWjBsHBRcgg",
            "LWlucWjBsHBR",
            "WlucWjBsHBRc",
            "lucWjBsHBRcg",
            "ucWjBsHBRcgg",
            "cWjBsHBR",
            "WjBsHBRc",
            "jBsHBRcg",
            "BsHBRcgg",
            "sHBR",
            "HBRc",
            "BRcg",
            "Rcgg",
            "yQwEDGl3FBkoNK7Y",
            "QwEDGl3FBkoNK7Yx",
            "wEDGl3FBkoNK7YxV",
            "EDGl3FBkoNK7YxVV",
            "DGl3FBkoNK7Y",
            "Gl3FBkoNK7Yx",
            "l3FBkoNK7YxV",
            "3FBkoNK7YxVV",
            "FBkoNK7Y",
            "BkoNK7Yx",
            "koNK7YxV",
            "oNK7YxVV",
            "NK7Y",
            "K7Yx",
            "7YxV",
            "YxVV",
            "MXMN61lpbcTboB84",
            "XMN61lpbcTboB84a",
            "MN61lpbcTboB84aa",
            "N61lpbcTboB84aa5",
            "61lpbcTboB84",
            "1lpbcTboB84a",
            "lpbcTboB84aa",
            "pbcTboB84aa5",
            "bcTboB84",
            "cTboB84a",
            "TboB84aa",
            "boB84aa5",
            "oB84",
            "B84a",
            "84aa",
            "4aa5",
            "IUvfMWl8lDbtFWrF",
            "UvfMWl8lDbtFWrFx",
            "vfMWl8lDbtFWrFxp",
            "fMWl8lDbtFWrFxpG",
            "MWl8lDbtFWrF",
            "Wl8lDbtFWrFx",
            "l8lDbtFWrFxp",
            "8lDbtFWrFxpG",
            "lDbtFWrF",
            "DbtFWrFx",
            "btFWrFxp",
            "tFWrFxpG",
            "FWrF",
            "WrFx",
            "rFxp",
            "FxpG",
            "nL7D4glc6yKQOfVj",
            "L7D4glc6yKQOfVjq",
            "7D4glc6yKQOfVjqm",
            "D4glc6yKQOfVjqmI",
            "4glc6yKQOfVj",
            "glc6yKQOfVjq",
            "lc6yKQOfVjqm",
            "c6yKQOfVjqmI",
            "6yKQOfVj",
            "yKQOfVjq",
            "KQOfVjqm",
            "QOfVjqmI",
            "OfVj",
            "fVjq",
            "Vjqm",
            "jqmI",
            "iINn56lFFgdWRQoJ",
            "INn56lFFgdWRQoJq",
            "Nn56lFFgdWRQoJqS",
            "n56lFFgdWRQoJqSk",
            "56lFFgdWRQoJ",
            "6lFFgdWRQoJq",
            "lFFgdWRQoJqS",
            "FFgdWRQoJqSk",
            "FgdWRQoJ",
            "gdWRQoJq",
            "dWRQoJqS",
            "WRQoJqSk",
            "RQoJ",
            "QoJq",
            "oJqS",
            "JqSk",
            "Vd82gml0O47Dy4Is",
            "d82gml0O47Dy4Isv",
            "82gml0O47Dy4Isvo",
            "2gml0O47Dy4IsvoH",
            "gml0O47Dy4Is",
            "ml0O47Dy4Isv",
            "l0O47Dy4Isvo",
            "0O47Dy4IsvoH",
            "O47Dy4Is",
            "47Dy4Isv",
            "7Dy4Isvo",
            "Dy4IsvoH",
            "y4Is",
            "4Isv",
            "Isvo",
            "svoH",
            "dErCUhlOnPf5DaX2",
            "ErCUhlOnPf5DaX2M",
            "rCUhlOnPf5DaX2Mh",
            "CUhlOnPf5DaX2MhQ",
            "UhlOnPf5DaX2",
            "hlOnPf5DaX2M",
            "lOnPf5DaX2Mh",
            "OnPf5DaX2MhQ",
            "nPf5DaX2",
            "Pf5DaX2M",
            "f5DaX2Mh",
            "5DaX2MhQ",
            "DaX2",
            "aX2M",
            "X2Mh",
            "2MhQ",
            "RV1ruxlj87A58hy4",
            "V1ruxlj87A58hy4W",
            "1ruxlj87A58hy4W1",
            "ruxlj87A58hy4W1p",
            "uxlj87A58hy4",
            "xlj87A58hy4W",
            "lj87A58hy4W1",
            "j87A58hy4W1p",
            "87A58hy4",
            "7A58hy4W",
            "A58hy4W1",
            "58hy4W1p",
            "8hy4",
            "hy4W",
            "y4W1",
            "4W1p",
            "ysCBgulQLVV3QIye",
            "sCBgulQLVV3QIyev",
            "CBgulQLVV3QIyevR",
            "BgulQLVV3QIyevRs",
            "gulQLVV3QIye",
            "ulQLVV3QIyev",
            "lQLVV3QIyevR",
            "QLVV3QIyevRs",
            "LVV3QIye",
            "VV3QIyev",
            "V3QIyevR",
            "3QIyevRs",
            "QIye",
            "Iyev",
            "yevR",
            "evRs",
            "D8cnT3ltIB3GCJ9D",
            "8cnT3ltIB3GCJ9Dm",
            "cnT3ltIB3GCJ9DmG",
            "nT3ltIB3GCJ9DmGV",
            "T3ltIB3GCJ9D",
            "3ltIB3GCJ9Dm",
            "ltIB3GCJ9DmG",
            "tIB3GCJ9DmGV",
            "IB3GCJ9D",
            "B3GCJ9Dm",
            "3GCJ9DmG",
            "GCJ9DmGV",
            "CJ9D",
            "J9Dm",
            "9DmG",
            "DmGV",
            "o9QbZ6lCGHIYeQI6",
            "9QbZ6lCGHIYeQI66",
            "QbZ6lCGHIYeQI66S",
            "bZ6lCGHIYeQI66Sf",
            "Z6lCGHIYeQI6",
            "6lCGHIYeQI66",
            "lCGHIYeQI66S",
            "CGHIYeQI66Sf",
            "GHIYeQI6",
            "HIYeQI66",
            "IYeQI66S",
            "YeQI66Sf",
            "eQI6",
            "QI66",
            "I66S",
            "66Sf",
            "HmyY5OlxVgfsu2kS",
            "myY5OlxVgfsu2kS2",
            "yY5OlxVgfsu2kS2C",
            "Y5OlxVgfsu2kS2CL",
            "5OlxVgfsu2kS",
            "OlxVgfsu2kS2",
            "lxVgfsu2kS2C",
            "xVgfsu2kS2CL",
            "Vgfsu2kS",
            "gfsu2kS2",
            "fsu2kS2C",
            "su2kS2CL",
            "u2kS",
            "2kS2",
            "kS2C",
            "S2CL",
            "xB0SDlIVE8M2TYqc",
            "B0SDlIVE8M2TYqcs",
            "0SDlIVE8M2TYqcsL",
            "SDlIVE8M2TYqcsLX",
            "DlIVE8M2TYqc",
            "lIVE8M2TYqcs",
            "IVE8M2TYqcsL",
            "VE8M2TYqcsLX",
            "E8M2TYqc",
            "8M2TYqcs",
            "M2TYqcsL",
            "2TYqcsLX",
            "TYqc",
            "Yqcs",
            "qcsL",
            "csLX",
            "kFhsUiInpNdcDrob",
            "FhsUiInpNdcDrobB",
            "hsUiInpNdcDrobBf",
            "sUiInpNdcDrobBfi",
            "UiInpNdcDrob",
            "iInpNdcDrobB",
            "InpNdcDrobBf",
            "npNdcDrobBfi",
            "pNdcDrob",
            "NdcDrobB",
            "dcDrobBf",
            "cDrobBfi",
            "Drob",
            "robB",
            "obBf",
            "bBfi",
            "jjtomNIZ57cv4IuV",
            "jtomNIZ57cv4IuVi",
            "tomNIZ57cv4IuVid",
            "omNIZ57cv4IuVidb",
            "mNIZ57cv4IuV",
            "NIZ57cv4IuVi",
            "IZ57cv4IuVid",
            "Z57cv4IuVidb",
            "57cv4IuV",
            "7cv4IuVi",
            "cv4IuVid",
            "v4IuVidb",
            "4IuV",
            "IuVi",
            "uVid",
            "Vidb",
            "Gj8VpfIW09A9aX7h",
            "j8VpfIW09A9aX7h4",
            "8VpfIW09A9aX7h4V",
            "VpfIW09A9aX7h4VI",
            "pfIW09A9aX7h",
            "fIW09A9aX7h4",
            "IW09A9aX7h4V",
            "W09A9aX7h4VI",
            "09A9aX7h",
            "9A9aX7h4",
            "A9aX7h4V",
            "9aX7h4VI",
            "aX7h",
            "X7h4",
            "7h4V",
            "h4VI",
            "cPqEG7IsYReEGbm4",
            "PqEG7IsYReEGbm4A",
            "qEG7IsYReEGbm4AH",
            "EG7IsYReEGbm4AHL",
            "G7IsYReEGbm4",
            "7IsYReEGbm4A",
            "IsYReEGbm4AH",
            "sYReEGbm4AHL",
            "YReEGbm4",
            "ReEGbm4A",
            "eEGbm4AH",
            "EGbm4AHL",
            "Gbm4",
            "bm4A",
            "m4AH",
            "4AHL",
            "n0qdBOIhGIuEqvpU",
            "0qdBOIhGIuEqvpUr",
            "qdBOIhGIuEqvpUrZ",
            "dBOIhGIuEqvpUrZC",
            "BOIhGIuEqvpU",
            "OIhGIuEqvpUr",
            "IhGIuEqvpUrZ",
            "hGIuEqvpUrZC",
            "GIuEqvpU",
            "IuEqvpUr",
            "uEqvpUrZ",
            "EqvpUrZC",
            "qvpU",
            "vpUr",
            "pUrZ",
            "UrZC",
            "vyeAVIIKBRitfYnF",
            "yeAVIIKBRitfYnFm",
            "eAVIIKBRitfYnFmg",
            "AVIIKBRitfYnFmgd",
            "VIIKBRitfYnF",
            "IIKBRitfYnFm",
            "IKBRitfYnFmg",
            "KBRitfYnFmgd",
            "BRitfYnF",
            "RitfYnFm",
            "itfYnFmg",
            "tfYnFmgd",
            "fYnF",
            "YnFm",
            "nFmg",
            "Fmgd",
            "OHWs1cIrF8VORxxd",
            "HWs1cIrF8VORxxd9",
            "Ws1cIrF8VORxxd92",
            "s1cIrF8VORxxd92c",
            "1cIrF8VORxxd",
            "cIrF8VORxxd9",
            "IrF8VORxxd92",
            "rF8VORxxd92c",
            "F8VORxxd",
            "8VORxxd9",
            "VORxxd92",
            "ORxxd92c",
            "Rxxd",
            "xxd9",
            "xd92",
            "d92c",
            "L5crm3IeNcRWUAXj",
            "5crm3IeNcRWUAXjK",
            "crm3IeNcRWUAXjKd",
            "rm3IeNcRWUAXjKdy",
            "m3IeNcRWUAXj",
            "3IeNcRWUAXjK",
            "IeNcRWUAXjKd",
            "eNcRWUAXjKdy",
            "NcRWUAXj",
            "cRWUAXjK",
            "RWUAXjKd",
            "WUAXjKdy",
            "UAXj",
            "AXjK",
            "XjKd",
            "jKdy",
            "t8x7usIGdRAoo5mQ",
            "8x7usIGdRAoo5mQp",
            "x7usIGdRAoo5mQpm",
            "7usIGdRAoo5mQpmp",
            "usIGdRAoo5mQ",
            "sIGdRAoo5mQp",
            "IGdRAoo5mQpm",
            "GdRAoo5mQpmp",
            "dRAoo5mQ",
            "RAoo5mQp",
            "Aoo5mQpm",
            "oo5mQpmp",
            "o5mQ",
            "5mQp",
            "mQpm",
            "Qpmp",
            "OFDNmpIIJoZAJTvW",
            "FDNmpIIJoZAJTvWd",
            "DNmpIIJoZAJTvWdR",
            "NmpIIJoZAJTvWdRl",
            "mpIIJoZAJTvW",
            "pIIJoZAJTvWd",
            "IIJoZAJTvWdR",
            "IJoZAJTvWdRl",
            "JoZAJTvW",
            "oZAJTvWd",
            "ZAJTvWdR",
            "AJTvWdRl",
            "JTvW",
            "TvWd",
            "vWdR",
            "WdRl",
            "g5CxwOIRP8Ijn7K4",
            "5CxwOIRP8Ijn7K4x",
            "CxwOIRP8Ijn7K4xC",
            "xwOIRP8Ijn7K4xC7",
            "wOIRP8Ijn7K4",
            "OIRP8Ijn7K4x",
            "IRP8Ijn7K4xC",
            "RP8Ijn7K4xC7",
            "P8Ijn7K4",
            "8Ijn7K4x",
            "Ijn7K4xC",
            "jn7K4xC7",
            "n7K4",
            "7K4x",
            "K4xC",
            "4xC7",
            "nxIdXJI5hrcSKZ39",
            "xIdXJI5hrcSKZ39O",
            "IdXJI5hrcSKZ39OD",
            "dXJI5hrcSKZ39ODq",
            "XJI5hrcSKZ39",
            "JI5hrcSKZ39O",
            "I5hrcSKZ39OD",
            "5hrcSKZ39ODq",
            "hrcSKZ39",
            "rcSKZ39O",
            "cSKZ39OD",
            "SKZ39ODq",
            "KZ39",
            "Z39O",
            "39OD",
            "9ODq",
            "BDond8Imd8OgN3Ky",
            "Dond8Imd8OgN3KyZ",
            "ond8Imd8OgN3KyZW",
            "nd8Imd8OgN3KyZWh",
            "d8Imd8OgN3Ky",
            "8Imd8OgN3KyZ",
            "Imd8OgN3KyZW",
            "md8OgN3KyZWh",
            "d8OgN3Ky",
            "8OgN3KyZ",
            "OgN3KyZW",
            "gN3KyZWh",
            "N3Ky",
            "3KyZ",
            "KyZW",
            "yZWh",
            "HNRi13I4pEK8xLZJ",
            "NRi13I4pEK8xLZJe",
            "Ri13I4pEK8xLZJeG",
            "i13I4pEK8xLZJeGP",
            "13I4pEK8xLZJ",
            "3I4pEK8xLZJe",
            "I4pEK8xLZJeG",
            "4pEK8xLZJeGP",
            "pEK8xLZJ",
            "EK8xLZJe",
            "K8xLZJeG",
            "8xLZJeGP",
            "xLZJ",
            "LZJe",
            "ZJeG",
            "JeGP",
            "RhsJSoI1EVdnAeAS",
            "hsJSoI1EVdnAeASc",
            "sJSoI1EVdnAeAScn",
            "JSoI1EVdnAeAScnx",
            "SoI1EVdnAeAS",
            "oI1EVdnAeASc",
            "I1EVdnAeAScn",
            "1EVdnAeAScnx",
            "EVdnAeAS",
            "VdnAeASc",
            "dnAeAScn",
            "nAeAScnx",
            "AeAS",
            "eASc",
            "AScn",
            "Scnx",
            "GaKtxXIqMOGG7EiD",
            "aKtxXIqMOGG7EiDT",
            "KtxXIqMOGG7EiDT2",
            "txXIqMOGG7EiDT2i",
            "xXIqMOGG7EiD",
            "XIqMOGG7EiDT",
            "IqMOGG7EiDT2",
            "qMOGG7EiDT2i",
            "MOGG7EiD",
            "OGG7EiDT",
            "GG7EiDT2",
            "G7EiDT2i",
            "7EiD",
            "EiDT",
            "iDT2",
            "DT2i",
            "STPEKkIYbBrs8sKw",
            "TPEKkIYbBrs8sKw0",
            "PEKkIYbBrs8sKw0w",
            "EKkIYbBrs8sKw0ws",
            "KkIYbBrs8sKw",
            "kIYbBrs8sKw0",
            "IYbBrs8sKw0w",
            "YbBrs8sKw0ws",
            "bBrs8sKw",
            "Brs8sKw0",
            "rs8sKw0w",
            "s8sKw0ws",
            "8sKw",
            "sKw0",
            "Kw0w",
            "w0ws",
            "jetMm3IuCme2GmBP",
            "etMm3IuCme2GmBPi",
            "tMm3IuCme2GmBPiX",
            "Mm3IuCme2GmBPiXS",
            "m3IuCme2GmBP",
            "3IuCme2GmBPi",
            "IuCme2GmBPiX",
            "uCme2GmBPiXS",
            "Cme2GmBP",
            "me2GmBPi",
            "e2GmBPiX",
            "2GmBPiXS",
            "GmBP",
            "mBPi",
            "BPiX",
            "PiXS",
            "siCDZoI3RQ7xrHgj",
            "iCDZoI3RQ7xrHgj0",
            "CDZoI3RQ7xrHgj0n",
            "DZoI3RQ7xrHgj0nZ",
            "ZoI3RQ7xrHgj",
            "oI3RQ7xrHgj0",
            "I3RQ7xrHgj0n",
            "3RQ7xrHgj0nZ",
            "RQ7xrHgj",
            "Q7xrHgj0",
            "7xrHgj0n",
            "xrHgj0nZ",
            "rHgj",
            "Hgj0",
            "gj0n",
            "j0nZ",
            "m4OymgIp6ttwtu4b",
            "4OymgIp6ttwtu4be",
            "OymgIp6ttwtu4beZ",
            "ymgIp6ttwtu4beZa",
            "mgIp6ttwtu4b",
            "gIp6ttwtu4be",
            "Ip6ttwtu4beZ",
            "p6ttwtu4beZa",
            "6ttwtu4b",
            "ttwtu4be",
            "twtu4beZ",
            "wtu4beZa",
            "tu4b",
            "u4be",
            "4beZ",
            "beZa",
            "TPu0LOI8S2oC0Llg",
            "Pu0LOI8S2oC0LlgU",
            "u0LOI8S2oC0LlgUf",
            "0LOI8S2oC0LlgUfd",
            "LOI8S2oC0Llg",
            "OI8S2oC0LlgU",
            "I8S2oC0LlgUf",
            "8S2oC0LlgUfd",
            "S2oC0Llg",
            "2oC0LlgU",
            "oC0LlgUf",
            "C0LlgUfd",
            "0Llg",
            "LlgU",
            "lgUf",
            "gUfd",
            "zCj3NhIcSpm63hKK",
            "Cj3NhIcSpm63hKKG",
            "j3NhIcSpm63hKKGH",
            "3NhIcSpm63hKKGHP",
            "NhIcSpm63hKK",
            "hIcSpm63hKKG",
            "IcSpm63hKKGH",
            "cSpm63hKKGHP",
            "Spm63hKK",
            "pm63hKKG",
            "m63hKKGH",
            "63hKKGHP",
            "3hKK",
            "hKKG",
            "KKGH",
            "KGHP",
            "xh8cGIIFxILlC8ZL",
            "h8cGIIFxILlC8ZLX",
            "8cGIIFxILlC8ZLXg",
            "cGIIFxILlC8ZLXgE",
            "GIIFxILlC8ZL",
            "IIFxILlC8ZLX",
            "IFxILlC8ZLXg",
            "FxILlC8ZLXgE",
            "xILlC8ZL",
            "ILlC8ZLX",
            "LlC8ZLXg",
            "lC8ZLXgE",
            "C8ZL",
            "8ZLX",
            "ZLXg",
            "LXgE",
            "LrXB1GI0QWLv9kLg",
            "rXB1GI0QWLv9kLgH",
            "XB1GI0QWLv9kLgH7",
            "B1GI0QWLv9kLgH7Y",
            "1GI0QWLv9kLg",
            "GI0QWLv9kLgH",
            "I0QWLv9kLgH7",
            "0QWLv9kLgH7Y",
            "QWLv9kLg",
            "WLv9kLgH",
            "Lv9kLgH7",
            "v9kLgH7Y",
            "9kLg",
            "kLgH",
            "LgH7",
            "gH7Y",
            "cxBRXyIOWoB8S8j0",
            "xBRXyIOWoB8S8j0b",
            "BRXyIOWoB8S8j0bK",
            "RXyIOWoB8S8j0bKC",
            "XyIOWoB8S8j0",
            "yIOWoB8S8j0b",
            "IOWoB8S8j0bK",
            "OWoB8S8j0bKC",
            "WoB8S8j0",
            "oB8S8j0b",
            "B8S8j0bK",
            "8S8j0bKC",
            "S8j0",
            "8j0b",
            "j0bK",
            "0bKC",
            "jdYAy3IjjXrJE8Sl",
            "dYAy3IjjXrJE8Slx",
            "YAy3IjjXrJE8SlxT",
            "Ay3IjjXrJE8SlxTY",
            "y3IjjXrJE8Sl",
            "3IjjXrJE8Slx",
            "IjjXrJE8SlxT",
            "jjXrJE8SlxTY",
            "jXrJE8Sl",
            "XrJE8Slx",
            "rJE8SlxT",
            "JE8SlxTY",
            "E8Sl",
            "8Slx",
            "SlxT",
            "lxTY",
            "kXc7DLIQKMlO07BR",
            "Xc7DLIQKMlO07BR7",
            "c7DLIQKMlO07BR7J",
            "7DLIQKMlO07BR7Jw",
            "DLIQKMlO07BR",
            "LIQKMlO07BR7",
            "IQKMlO07BR7J",
            "QKMlO07BR7Jw",
            "KMlO07BR",
            "MlO07BR7",
            "lO07BR7J",
            "O07BR7Jw",
            "07BR",
            "7BR7",
            "BR7J",
            "R7Jw",
            "OngmyOItRKm97bXZ",
            "ngmyOItRKm97bXZH",
            "gmyOItRKm97bXZHg",
            "myOItRKm97bXZHgZ",
            "yOItRKm97bXZ",
            "OItRKm97bXZH",
            "ItRKm97bXZHg",
            "tRKm97bXZHgZ",
            "RKm97bXZ",
            "Km97bXZH",
            "m97bXZHg",
            "97bXZHgZ",
            "7bXZ",
            "bXZH",
            "XZHg",
            "ZHgZ",
            "loIVacIC5ap44CAM",
            "oIVacIC5ap44CAMa",
            "IVacIC5ap44CAMaS",
            "VacIC5ap44CAMaSA",
            "acIC5ap44CAM",
            "cIC5ap44CAMa",
            "IC5ap44CAMaS",
            "C5ap44CAMaSA",
            "5ap44CAM",
            "ap44CAMa",
            "p44CAMaS",
            "44CAMaSA",
            "4CAM",
            "CAMa",
            "AMaS",
            "MaSA",
            "OwdNTvIxTfNWQ0X1",
            "wdNTvIxTfNWQ0X1Q",
            "dNTvIxTfNWQ0X1QM",
            "NTvIxTfNWQ0X1QMa",
            "TvIxTfNWQ0X1",
            "vIxTfNWQ0X1Q",
            "IxTfNWQ0X1QM",
            "xTfNWQ0X1QMa",
            "TfNWQ0X1",
            "fNWQ0X1Q",
            "NWQ0X1QM",
            "WQ0X1QMa",
            "Q0X1",
            "0X1Q",
            "X1QM",
            "1QMa",
            "km4DQ5LVCSDvKgHw",
            "m4DQ5LVCSDvKgHw1",
            "4DQ5LVCSDvKgHw19",
            "DQ5LVCSDvKgHw19h",
            "Q5LVCSDvKgHw",
            "5LVCSDvKgHw1",
            "LVCSDvKgHw19",
            "VCSDvKgHw19h",
            "CSDvKgHw",
            "SDvKgHw1",
            "DvKgHw19",
            "vKgHw19h",
            "KgHw",
            "gHw1",
            "Hw19",
            "w19h",
            "m8DE78A63BFBEA70",
            "8DE78A63BFBE",
            "DE78A63BFBEA",
            "E78A63BFBEA7",
            "78A63BFBEA70",
            "8A63BFBE",
            "A63BFBEA",
            "63BFBEA7",
            "3BFBEA70",
            "BFBE",
            "FBEA",
            "BEA7",
            "EA70",
            "ccto",
            "QG3SIDL72Z0LWjLs",
            "G3SIDL72Z0LWjLsw",
            "3SIDL72Z0LWjLswB",
            "SIDL72Z0LWjLswBe",
            "IDL72Z0LWjLs",
            "DL72Z0LWjLsw",
            "L72Z0LWjLswB",
            "72Z0LWjLswBe",
            "2Z0LWjLs",
            "Z0LWjLsw",
            "0LWjLswB",
            "LWjLswBe",
            "WjLs",
            "jLsw",
            "LswB",
            "swBe",
            "Ghwgc4LW7yD5E7ln",
            "hwgc4LW7yD5E7lnk",
            "wgc4LW7yD5E7lnkh",
            "gc4LW7yD5E7lnkhj",
            "c4LW7yD5E7ln",
            "4LW7yD5E7lnk",
            "LW7yD5E7lnkh",
            "W7yD5E7lnkhj",
            "7yD5E7ln",
            "yD5E7lnk",
            "D5E7lnkh",
            "5E7lnkhj",
            "E7ln",
            "7lnk",
            "lnkh",
            "nkhj",
            "w21fV5LNgjFfcjOL",
            "21fV5LNgjFfcjOLH",
            "1fV5LNgjFfcjOLH5",
            "fV5LNgjFfcjOLH5X",
            "V5LNgjFfcjOL",
            "5LNgjFfcjOLH",
            "LNgjFfcjOLH5",
            "NgjFfcjOLH5X",
            "gjFfcjOL",
            "jFfcjOLH",
            "FfcjOLH5",
            "fcjOLH5X",
            "cjOL",
            "jOLH",
            "OLH5",
            "LH5X",
            "Vers",
            "ersi",
            "rsio",
            "dnSjoeLsUv7PHNPW",
            "nSjoeLsUv7PHNPWD",
            "SjoeLsUv7PHNPWDZ",
            "joeLsUv7PHNPWDZY",
            "oeLsUv7PHNPW",
            "eLsUv7PHNPWD",
            "LsUv7PHNPWDZ",
            "sUv7PHNPWDZY",
            "Uv7PHNPW",
            "v7PHNPWD",
            "7PHNPWDZ",
            "PHNPWDZY",
            "HNPW",
            "NPWD",
            "PWDZ",
            "WDZY",
            "eZXK6pL6FSAUKMnJ",
            "ZXK6pL6FSAUKMnJi",
            "XK6pL6FSAUKMnJiO",
            "K6pL6FSAUKMnJiOQ",
            "6pL6FSAUKMnJ",
            "pL6FSAUKMnJi",
            "L6FSAUKMnJiO",
            "6FSAUKMnJiOQ",
            "FSAUKMnJ",
            "SAUKMnJi",
            "AUKMnJiO",
            "UKMnJiOQ",
            "KMnJ",
            "MnJi",
            "nJiO",
            "JiOQ",
            "qgVXSPLhIl5ci7ZH",
            "gVXSPLhIl5ci7ZHZ",
            "VXSPLhIl5ci7ZHZA",
            "XSPLhIl5ci7ZHZAB",
            "SPLhIl5ci7ZH",
            "PLhIl5ci7ZHZ",
            "LhIl5ci7ZHZA",
            "hIl5ci7ZHZAB",
            "Il5ci7ZH",
            "l5ci7ZHZ",
            "5ci7ZHZA",
            "ci7ZHZAB",
            "i7ZH",
            "7ZHZ",
            "ZHZA",
            "HZAB",
            "A1wRc4LBZ9ynMaRv",
            "1wRc4LBZ9ynMaRvH",
            "wRc4LBZ9ynMaRvHC",
            "Rc4LBZ9ynMaRvHC4",
            "c4LBZ9ynMaRv",
            "4LBZ9ynMaRvH",
            "LBZ9ynMaRvHC",
            "BZ9ynMaRvHC4",
            "Z9ynMaRv",
            "9ynMaRvH",
            "ynMaRvHC",
            "nMaRvHC4",
            "MaRv",
            "aRvH",
            "RvHC",
            "vHC4",
            "KedTgyFC",
            "edTgyFC3",
            "dTgy",
            "TgyF",
            "gyFC",
            "yFC3",
            "InvalidOperationExceptio",
            "nvalidOperationException",
            "validOperationExcept",
            "alidOperationExcepti",
            "lidOperationExceptio",
            "idOperationException",
            "dOperationExcept",
            "OperationExcepti",
            "perationExceptio",
            "erationException",
            "rationExcept",
            "ationExcepti",
            "tionExceptio",
            "ionException",
            "onExcept",
            "nExcepti",
            "IuSCx5LKPmw8UyqW",
            "uSCx5LKPmw8UyqWa",
            "SCx5LKPmw8UyqWat",
            "Cx5LKPmw8UyqWatm",
            "x5LKPmw8UyqW",
            "5LKPmw8UyqWa",
            "LKPmw8UyqWat",
            "KPmw8UyqWatm",
            "Pmw8UyqW",
            "mw8UyqWa",
            "w8UyqWat",
            "8UyqWatm",
            "UyqW",
            "yqWa",
            "qWat",
            "Watm",
            "d8t9gOLUQmJjnhk5",
            "8t9gOLUQmJjnhk5h",
            "t9gOLUQmJjnhk5h6",
            "9gOLUQmJjnhk5h6F",
            "gOLUQmJjnhk5",
            "OLUQmJjnhk5h",
            "LUQmJjnhk5h6",
            "UQmJjnhk5h6F",
            "QmJjnhk5",
            "mJjnhk5h",
            "Jjnhk5h6",
            "jnhk5h6F",
            "nhk5",
            "hk5h",
            "k5h6",
            "5h6F",
            "MObfuAEx",
            "ObfuAExT",
            "bfuA",
            "fuAE",
            "uAEx",
            "AExT",
            "qx4TvRLroRiXFfNs",
            "x4TvRLroRiXFfNsG",
            "4TvRLroRiXFfNsGW",
            "TvRLroRiXFfNsGWe",
            "vRLroRiXFfNs",
            "RLroRiXFfNsG",
            "LroRiXFfNsGW",
            "roRiXFfNsGWe",
            "oRiXFfNs",
            "RiXFfNsG",
            "iXFfNsGW",
            "XFfNsGWe",
            "FfNs",
            "fNsG",
            "NsGW",
            "sGWe",
            "RZTI4UOp",
            "ZTI4UOpm",
            "TI4U",
            "I4UO",
            "4UOp",
            "UOpm",
            "OHJLigBR",
            "HJLigBRe",
            "JLig",
            "LigB",
            "igBR",
            "gBRe",
            "APTGwrQu",
            "PTGwrQuf",
            "TGwr",
            "GwrQ",
            "wrQu",
            "rQuf",
            "Byte",
            "MemoryStream",
            "emoryStr",
            "moryStre",
            "oryStrea",
            "ryStream",
            "yStr",
            "Stre",
            "trea",
            "ream",
            "GZipStre",
            "ZipStrea",
            "ipStream",
            "pStr",
            "Compress",
            "ompressi",
            "mpressio",
            "pression",
            "ress",
            "essi",
            "ssio",
            "CompressionM",
            "ompressionMo",
            "mpressionMod",
            "pressionMode",
            "ressionM",
            "essionMo",
            "ssionMod",
            "sionMode",
            "ionM",
            "onMo",
            "nMod",
            "jfRlcSJN",
            "fRlcSJNU",
            "RlcS",
            "lcSJ",
            "cSJN",
            "SJNU",
            "BZunCuLTO55KqLQP",
            "ZunCuLTO55KqLQPc",
            "unCuLTO55KqLQPc8",
            "nCuLTO55KqLQPc8v",
            "CuLTO55KqLQP",
            "uLTO55KqLQPc",
            "LTO55KqLQPc8",
            "TO55KqLQPc8v",
            "O55KqLQP",
            "55KqLQPc",
            "5KqLQPc8",
            "KqLQPc8v",
            "qLQP",
            "LQPc",
            "QPc8",
            "Pc8v",
            "wgqN7OLem4FLQAnh",
            "gqN7OLem4FLQAnhJ",
            "qN7OLem4FLQAnhJU",
            "N7OLem4FLQAnhJU8",
            "7OLem4FLQAnh",
            "OLem4FLQAnhJ",
            "Lem4FLQAnhJU",
            "em4FLQAnhJU8",
            "m4FLQAnh",
            "4FLQAnhJ",
            "FLQAnhJU",
            "LQAnhJU8",
            "QAnh",
            "AnhJ",
            "nhJU",
            "hJU8",
            "WbV1PATm",
            "bV1PATmN",
            "V1PA",
            "1PAT",
            "PATm",
            "ATmN",
            "TnyXn6LPMbe3JXo0",
            "nyXn6LPMbe3JXo01",
            "yXn6LPMbe3JXo01P",
            "Xn6LPMbe3JXo01P9",
            "n6LPMbe3JXo0",
            "6LPMbe3JXo01",
            "LPMbe3JXo01P",
            "PMbe3JXo01P9",
            "Mbe3JXo0",
            "be3JXo01",
            "e3JXo01P",
            "3JXo01P9",
            "JXo0",
            "Xo01",
            "o01P",
            "01P9",
            "NOSvdaP6",
            "OSvdaP6M",
            "Svda",
            "vdaP",
            "daP6",
            "aP6M",
            "qxk4p1aR",
            "xk4p1aRp",
            "k4p1",
            "4p1a",
            "p1aR",
            "1aRp",
            "Xl5mwNmf",
            "l5mwNmfl",
            "5mwN",
            "mwNm",
            "wNmf",
            "Nmfl",
            "TripleDE",
            "ripleDES",
            "iple",
            "pleD",
            "leDE",
            "eDES",
            "Security",
            "ecur",
            "curi",
            "urit",
            "rity",
            "Cryptography",
            "ryptogra",
            "yptograp",
            "ptograph",
            "tography",
            "grap",
            "raph",
            "aphy",
            "CryptoStream",
            "ryptoStr",
            "yptoStre",
            "ptoStrea",
            "toStream",
            "oStr",
            "ArgumentExceptio",
            "rgumentException",
            "gumentExcept",
            "umentExcepti",
            "mentExceptio",
            "entException",
            "ntExcept",
            "tExcepti",
            "ICryptoTransform",
            "CryptoTransf",
            "ryptoTransfo",
            "yptoTransfor",
            "ptoTransform",
            "toTransf",
            "oTransfo",
            "Transfor",
            "ransform",
            "ansf",
            "nsfo",
            "sfor",
            "form",
            "CryptoStreamMode",
            "ryptoStreamM",
            "yptoStreamMo",
            "ptoStreamMod",
            "toStreamMode",
            "oStreamM",
            "StreamMo",
            "treamMod",
            "reamMode",
            "eamM",
            "amMo",
            "mMod",
            "bJ3sjvLGYtJ2swQw",
            "J3sjvLGYtJ2swQwo",
            "3sjvLGYtJ2swQwob",
            "sjvLGYtJ2swQwob1",
            "jvLGYtJ2swQw",
            "vLGYtJ2swQwo",
            "LGYtJ2swQwob",
            "GYtJ2swQwob1",
            "YtJ2swQw",
            "tJ2swQwo",
            "J2swQwob",
            "2swQwob1",
            "swQw",
            "wQwo",
            "Qwob",
            "wob1",
            "YBBhxGLlpEnafpQk",
            "BBhxGLlpEnafpQkS",
            "BhxGLlpEnafpQkST",
            "hxGLlpEnafpQkSTU",
            "xGLlpEnafpQk",
            "GLlpEnafpQkS",
            "LlpEnafpQkST",
            "lpEnafpQkSTU",
            "pEnafpQk",
            "EnafpQkS",
            "nafpQkST",
            "afpQkSTU",
            "fpQk",
            "pQkS",
            "QkST",
            "kSTU",
            "i1v2PZm0",
            "1v2PZm0J",
            "v2PZ",
            "2PZm",
            "PZm0",
            "Zm0J",
            "mED3msLIoCOXmqNH",
            "ED3msLIoCOXmqNHj",
            "D3msLIoCOXmqNHjy",
            "3msLIoCOXmqNHjyV",
            "msLIoCOXmqNH",
            "sLIoCOXmqNHj",
            "LIoCOXmqNHjy",
            "IoCOXmqNHjyV",
            "oCOXmqNH",
            "COXmqNHj",
            "OXmqNHjy",
            "XmqNHjyV",
            "mqNH",
            "qNHj",
            "NHjy",
            "HjyV",
            "sDikMOWK",
            "DikMOWKE",
            "ikMO",
            "kMOW",
            "MOWK",
            "OWKE",
            "HxyYwdy1",
            "xyYwdy1J",
            "yYwd",
            "Ywdy",
            "wdy1",
            "dy1J",
            "SdiMiHLLOak1HqlL",
            "diMiHLLOak1HqlLT",
            "iMiHLLOak1HqlLTt",
            "MiHLLOak1HqlLTtt",
            "iHLLOak1HqlL",
            "HLLOak1HqlLT",
            "LLOak1HqlLTt",
            "LOak1HqlLTtt",
            "Oak1HqlL",
            "ak1HqlLT",
            "k1HqlLTt",
            "1HqlLTtt",
            "HqlL",
            "qlLT",
            "lLTt",
            "LTtt",
            "tvwltuLR9IuBHEKR",
            "vwltuLR9IuBHEKRL",
            "wltuLR9IuBHEKRLk",
            "ltuLR9IuBHEKRLk7",
            "tuLR9IuBHEKR",
            "uLR9IuBHEKRL",
            "LR9IuBHEKRLk",
            "R9IuBHEKRLk7",
            "9IuBHEKR",
            "IuBHEKRL",
            "uBHEKRLk",
            "BHEKRLk7",
            "HEKR",
            "EKRL",
            "KRLk",
            "RLk7",
            "VaWSoBey",
            "aWSoBeyS",
            "WSoB",
            "SoBe",
            "oBey",
            "BeyS",
            "enFThnLfcve3i3iN",
            "nFThnLfcve3i3iN7",
            "FThnLfcve3i3iN7m",
            "ThnLfcve3i3iN7mZ",
            "hnLfcve3i3iN",
            "nLfcve3i3iN7",
            "Lfcve3i3iN7m",
            "fcve3i3iN7mZ",
            "cve3i3iN",
            "ve3i3iN7",
            "e3i3iN7m",
            "3i3iN7mZ",
            "i3iN",
            "3iN7",
            "iN7m",
            "N7mZ",
            "BrtpQQan",
            "rtpQQanV",
            "tpQQ",
            "pQQa",
            "QQan",
            "QanV",
            "bYgJ0a5j",
            "YgJ0a5jH",
            "gJ0a",
            "J0a5",
            "0a5j",
            "a5jH",
            "yqZ3kdLA",
            "qZ3kdLAi",
            "Z3kd",
            "3kdL",
            "kdLA",
            "dLAi",
            "Assembly",
            "ssem",
            "semb",
            "embl",
            "mbly",
            "wiFyHgwr",
            "iFyHgwrh",
            "FyHg",
            "yHgw",
            "Hgwr",
            "gwrh",
            "r9upeGL5Tgy331CT",
            "9upeGL5Tgy331CTC",
            "upeGL5Tgy331CTCl",
            "peGL5Tgy331CTClf",
            "eGL5Tgy331CT",
            "GL5Tgy331CTC",
            "L5Tgy331CTCl",
            "5Tgy331CTClf",
            "Tgy331CT",
            "gy331CTC",
            "y331CTCl",
            "331CTClf",
            "31CT",
            "1CTC",
            "CTCl",
            "TClf",
            "iuuvmeLDJVN4Sa8f",
            "uuvmeLDJVN4Sa8fX",
            "uvmeLDJVN4Sa8fXI",
            "vmeLDJVN4Sa8fXIT",
            "meLDJVN4Sa8f",
            "eLDJVN4Sa8fX",
            "LDJVN4Sa8fXI",
            "DJVN4Sa8fXIT",
            "JVN4Sa8f",
            "VN4Sa8fX",
            "N4Sa8fXI",
            "4Sa8fXIT",
            "Sa8f",
            "a8fX",
            "8fXI",
            "fXIT",
            "CFUiBYhP",
            "FUiBYhPp",
            "UiBY",
            "iBYh",
            "BYhP",
            "YhPp",
            "cCOtsJX1",
            "COtsJX1l",
            "OtsJ",
            "tsJX",
            "sJX1",
            "JX1l",
            "L6TLLrLmbFjyDpar",
            "6TLLrLmbFjyDparS",
            "TLLrLmbFjyDparSv",
            "LLrLmbFjyDparSvM",
            "LrLmbFjyDpar",
            "rLmbFjyDparS",
            "LmbFjyDparSv",
            "mbFjyDparSvM",
            "bFjyDpar",
            "FjyDparS",
            "jyDparSv",
            "yDparSvM",
            "Dpar",
            "parS",
            "arSv",
            "rSvM",
            "LVXAsVt2",
            "VXAsVt2Q",
            "XAsV",
            "AsVt",
            "sVt2",
            "Vt2Q",
            "bFEOiGWl",
            "FEOiGWlx",
            "EOiG",
            "OiGW",
            "iGWl",
            "GWlx",
            "vn0jxqy3",
            "n0jxqy33",
            "0jxq",
            "jxqy",
            "xqy3",
            "qy33",
            "fH0bPqiq",
            "H0bPqiqZ",
            "0bPq",
            "bPqi",
            "Pqiq",
            "qiqZ",
            "pb6Fry1g",
            "b6Fry1gR",
            "6Fry",
            "Fry1",
            "ry1g",
            "y1gR",
            "Fw1a1wIr",
            "w1a1wIrn",
            "1a1w",
            "a1wI",
            "1wIr",
            "wIrn",
            "q810l36u",
            "810l36us",
            "10l3",
            "0l36",
            "l36u",
            "36us",
            "MethodIn",
            "ethodInf",
            "thodInfo",
            "hodI",
            "odIn",
            "dInf",
            "Info",
            "MethodBa",
            "ethodBas",
            "thodBase",
            "hodB",
            "odBa",
            "dBas",
            "Base",
            "Invo",
            "nvok",
            "voke",
            "Oil5WELv2NkrlEnY",
            "il5WELv2NkrlEnYW",
            "l5WELv2NkrlEnYWo",
            "5WELv2NkrlEnYWol",
            "WELv2NkrlEnY",
            "ELv2NkrlEnYW",
            "Lv2NkrlEnYWo",
            "v2NkrlEnYWol",
            "2NkrlEnY",
            "NkrlEnYW",
            "krlEnYWo",
            "rlEnYWol",
            "lEnY",
            "EnYW",
            "nYWo",
            "YWol",
            "bJyANdL4JXOj8CDZ",
            "JyANdL4JXOj8CDZ4",
            "yANdL4JXOj8CDZ4v",
            "ANdL4JXOj8CDZ4vq",
            "NdL4JXOj8CDZ",
            "dL4JXOj8CDZ4",
            "L4JXOj8CDZ4v",
            "4JXOj8CDZ4vq",
            "JXOj8CDZ",
            "XOj8CDZ4",
            "Oj8CDZ4v",
            "j8CDZ4vq",
            "8CDZ",
            "CDZ4",
            "DZ4v",
            "Z4vq",
            "uEAdobon",
            "EAdobonp",
            "Adob",
            "dobo",
            "obon",
            "bonp",
            "ResourceMana",
            "esourceManag",
            "sourceManage",
            "ourceManager",
            "urceMana",
            "rceManag",
            "ceManage",
            "eManager",
            "Mana",
            "anag",
            "nage",
            "ager",
            "Resource",
            "esources",
            "sour",
            "ourc",
            "urce",
            "rces",
            "stuCEPhC",
            "tuCEPhCA",
            "uCEP",
            "CEPh",
            "EPhC",
            "PhCA",
            "CultureI",
            "ultureIn",
            "ltureInf",
            "tureInfo",
            "ureI",
            "reIn",
            "eInf",
            "Globalizatio",
            "lobalization",
            "obalizat",
            "balizati",
            "alizatio",
            "lization",
            "izat",
            "zati",
            "atio",
            "h0bUwqLXt3dCfBCs",
            "0bUwqLXt3dCfBCsV",
            "bUwqLXt3dCfBCsVF",
            "UwqLXt3dCfBCsVFy",
            "wqLXt3dCfBCs",
            "qLXt3dCfBCsV",
            "LXt3dCfBCsVF",
            "Xt3dCfBCsVFy",
            "t3dCfBCs",
            "3dCfBCsV",
            "dCfBCsVF",
            "CfBCsVFy",
            "fBCs",
            "BCsV",
            "CsVF",
            "sVFy",
            "Cult",
            "ultu",
            "ltur",
            "ture",
            "Uivddewb",
            "ivddewbi",
            "vddewbij",
            "ddewbijc",
            "dewb",
            "ewbi",
            "wbij",
            "bijc",
            "Omit",
            "mitp",
            "itpg",
            "gyMas2L12R17UtFQ",
            "yMas2L12R17UtFQf",
            "Mas2L12R17UtFQfs",
            "as2L12R17UtFQfsJ",
            "s2L12R17UtFQ",
            "2L12R17UtFQf",
            "L12R17UtFQfs",
            "12R17UtFQfsJ",
            "2R17UtFQ",
            "R17UtFQf",
            "17UtFQfs",
            "7UtFQfsJ",
            "UtFQ",
            "tFQf",
            "FQfs",
            "QfsJ",
            "s0j50xL9rMfdMgto",
            "0j50xL9rMfdMgtoD",
            "j50xL9rMfdMgtoDS",
            "50xL9rMfdMgtoDS3",
            "0xL9rMfdMgto",
            "xL9rMfdMgtoD",
            "L9rMfdMgtoDS",
            "9rMfdMgtoDS3",
            "rMfdMgto",
            "MfdMgtoD",
            "fdMgtoDS",
            "dMgtoDS3",
            "Mgto",
            "gtoD",
            "toDS",
            "oDS3",
            "Hhyb",
            "hybt",
            "Cljdkwhz",
            "ljdkwhzk",
            "jdkwhzks",
            "dkwh",
            "kwhz",
            "whzk",
            "hzks",
            "Pork",
            "orkb",
            "Ra8zcVqH",
            "a8zcVqHc",
            "8zcV",
            "zcVq",
            "cVqH",
            "VqHc",
            "QDev67L2YLdXVO5o",
            "Dev67L2YLdXVO5oK",
            "ev67L2YLdXVO5oKH",
            "v67L2YLdXVO5oKHX",
            "67L2YLdXVO5o",
            "7L2YLdXVO5oK",
            "L2YLdXVO5oKH",
            "2YLdXVO5oKHX",
            "YLdXVO5o",
            "LdXVO5oK",
            "dXVO5oKH",
            "XVO5oKHX",
            "VO5o",
            "O5oK",
            "5oKH",
            "oKHX",
            "Xiq52tbU",
            "iq52tbU0",
            "q52tbU0K",
            "52tb",
            "2tbU",
            "tbU0",
            "bU0K",
            "type",
            "ypem",
            "pemd",
            "emdt",
            "FieldInf",
            "ieldInfo",
            "eldI",
            "ldIn",
            "sScvjfLuJw12gB6q",
            "ScvjfLuJw12gB6qP",
            "cvjfLuJw12gB6qPc",
            "vjfLuJw12gB6qPcj",
            "jfLuJw12gB6q",
            "fLuJw12gB6qP",
            "LuJw12gB6qPc",
            "uJw12gB6qPcj",
            "Jw12gB6q",
            "w12gB6qP",
            "12gB6qPc",
            "2gB6qPcj",
            "gB6q",
            "B6qP",
            "6qPc",
            "qPcj",
            "EsyClrLwFvPXZ9Rc",
            "syClrLwFvPXZ9RcZ",
            "yClrLwFvPXZ9RcZg",
            "ClrLwFvPXZ9RcZgC",
            "lrLwFvPXZ9Rc",
            "rLwFvPXZ9RcZ",
            "LwFvPXZ9RcZg",
            "wFvPXZ9RcZgC",
            "FvPXZ9Rc",
            "vPXZ9RcZ",
            "PXZ9RcZg",
            "XZ9RcZgC",
            "Z9Rc",
            "9RcZ",
            "RcZg",
            "cZgC",
            "IntP",
            "ntPt",
            "tPtr",
            "BeginInv",
            "eginInvo",
            "ginInvok",
            "inInvoke",
            "nInv",
            "IAsyncResult",
            "AsyncRes",
            "syncResu",
            "yncResul",
            "ncResult",
            "cRes",
            "Resu",
            "esul",
            "sult",
            "AsyncCallbac",
            "syncCallback",
            "yncCallb",
            "ncCallba",
            "cCallbac",
            "Callback",
            "allb",
            "llba",
            "lbac",
            "back",
            "callback",
            "obje",
            "EndInvok",
            "ndInvoke",
            "dInv",
            "resu",
            "WLKHoQEM",
            "LKHoQEM3",
            "KHoQEM3N",
            "HoQE",
            "oQEM",
            "QEM3",
            "EM3N",
            "ASiHQYZ2",
            "SiHQYZ2g",
            "iHQYZ2gf",
            "HQYZ",
            "QYZ2",
            "YZ2g",
            "Z2gf",
            "jSQHtyjM",
            "SQHtyjMP",
            "QHtyjMPQ",
            "Htyj",
            "tyjM",
            "yjMP",
            "jMPQ",
            "sHNnVFfr",
            "HNnVFfrg",
            "NnVFfrgq",
            "nVFf",
            "VFfr",
            "Ffrg",
            "frgq",
            "List",
            "Collecti",
            "ollectio",
            "llection",
            "lections",
            "ions",
            "Gene",
            "ener",
            "neri",
            "eric",
            "BjRnEgf4",
            "jRnEgf49",
            "RnEgf49u",
            "nEgf",
            "Egf4",
            "gf49",
            "f49u",
            "vhqn7ygb",
            "hqn7ygbU",
            "qn7ygbUg",
            "n7yg",
            "7ygb",
            "ygbU",
            "gbUg",
            "ct5nWAij",
            "t5nWAijp",
            "5nWAijpG",
            "nWAi",
            "WAij",
            "Aijp",
            "ijpG",
            "IAJnrSjX",
            "AJnrSjXX",
            "JnrSjXXP",
            "nrSj",
            "rSjX",
            "SjXX",
            "jXXP",
            "Int6",
            "nt64",
            "gXcnTPfY",
            "XcnTPfYj",
            "cnTPfYjj",
            "nTPf",
            "TPfY",
            "PfYj",
            "fYjj",
            "LNwnl0wT",
            "Nwnl0wTG",
            "wnl0wTGA",
            "nl0w",
            "l0wT",
            "0wTG",
            "wTGA",
            "Mx1nLpOO",
            "x1nLpOOy",
            "1nLpOOyX",
            "nLpO",
            "LpOO",
            "pOOy",
            "OOyX",
            "tMWn59TX",
            "MWn59TXk",
            "Wn59TXkN",
            "n59T",
            "59TX",
            "9TXk",
            "TXkN",
            "hObnmDtX",
            "ObnmDtXb",
            "bnmDtXbI",
            "nmDt",
            "mDtX",
            "DtXb",
            "tXbI",
            "N34n4fCn",
            "34n4fCne",
            "4n4fCneO",
            "n4fC",
            "4fCn",
            "fCne",
            "CneO",
            "tjPn6KrM",
            "jPn6KrMB",
            "Pn6KrMBE",
            "n6Kr",
            "6KrM",
            "KrMB",
            "rMBE",
            "hgMHd2o4",
            "gMHd2o4c",
            "MHd2o4ca",
            "Hd2o",
            "d2o4",
            "2o4c",
            "o4ca",
            "Dictiona",
            "ictionar",
            "ctionary",
            "iona",
            "onar",
            "nary",
            "LoynDEMw",
            "oynDEMwD",
            "ynDEMwDo",
            "nDEM",
            "DEMw",
            "EMwD",
            "MwDo",
            "tJYnUqlZ",
            "JYnUqlZj",
            "YnUqlZju",
            "nUql",
            "UqlZ",
            "qlZj",
            "lZju",
            "KqxnfEMd",
            "qxnfEMdS",
            "xnfEMdST",
            "nfEM",
            "fEMd",
            "EMdS",
            "MdST",
            "nwjHzAiq",
            "wjHzAiqB",
            "jHzAiqBL",
            "HzAi",
            "zAiq",
            "AiqB",
            "iqBL",
            "YwRHxgSn",
            "wRHxgSn6",
            "RHxgSn6O",
            "HxgS",
            "xgSn",
            "gSn6",
            "Sn6O",
            "WcoHMZvx",
            "coHMZvxI",
            "oHMZvxIU",
            "HMZv",
            "MZvx",
            "ZvxI",
            "vxIU",
            "PPvnHZNL",
            "PvnHZNLv",
            "vnHZNLvB",
            "nHZN",
            "HZNL",
            "ZNLv",
            "NLvB",
            "p40nKo8N",
            "40nKo8NC",
            "0nKo8NC6",
            "nKo8",
            "Ko8N",
            "o8NC",
            "8NC6",
            "M4NnsRQq",
            "4NnsRQqm",
            "NnsRQqmh",
            "nsRQ",
            "sRQq",
            "RQqm",
            "Qqmh",
            "rhsnPNJK",
            "hsnPNJKu",
            "snPNJKuP",
            "nPNJ",
            "PNJK",
            "NJKu",
            "JKuP",
            "wEOnBBf5",
            "EOnBBf5w",
            "OnBBf5wl",
            "nBBf",
            "BBf5",
            "Bf5w",
            "f5wl",
            "AC3Hj7Qd",
            "C3Hj7QdX",
            "3Hj7QdXb",
            "Hj7Q",
            "j7Qd",
            "7QdX",
            "QdXb",
            "dmDnN8YW",
            "mDnN8YWj",
            "DnN8YWjS",
            "nN8Y",
            "N8YW",
            "8YWj",
            "YWjS",
            "TmwnGV6H",
            "mwnGV6HM",
            "wnGV6HMm",
            "nGV6",
            "GV6H",
            "V6HM",
            "6HMm",
            "mFLHbjlK",
            "FLHbjlKY",
            "LHbjlKYn",
            "Hbjl",
            "bjlK",
            "jlKY",
            "lKYn",
            "mNFneJqG",
            "NFneJqGS",
            "FneJqGSM",
            "neJq",
            "eJqG",
            "JqGS",
            "qGSM",
            "IjVnv013",
            "jVnv013e",
            "Vnv013ev",
            "nv01",
            "v013",
            "013e",
            "13ev",
            "EIrnZN0m",
            "IrnZN0mH",
            "rnZN0mHB",
            "nZN0",
            "ZN0m",
            "N0mH",
            "0mHB",
            "uNMnnK2M",
            "NMnnK2Ml",
            "MnnK2Mlt",
            "nnK2",
            "nK2M",
            "K2Ml",
            "2Mlt",
            "QTsnRpOc",
            "TsnRpOcj",
            "snRpOcjM",
            "nRpO",
            "RpOc",
            "pOcj",
            "OcjM",
            "EfhnhGaB",
            "fhnhGaBQ",
            "hnhGaBQq",
            "nhGa",
            "hGaB",
            "GaBQ",
            "aBQq",
            "PJ4HiQKu",
            "J4HiQKuh",
            "4HiQKuhW",
            "HiQK",
            "iQKu",
            "QKuh",
            "KuhW",
            "DDZnIGmG",
            "DZnIGmGC",
            "ZnIGmGCs",
            "nIGm",
            "IGmG",
            "GmGC",
            "mGCs",
            "kTfHCFJW",
            "TfHCFJWY",
            "fHCFJWYa",
            "HCFJ",
            "CFJW",
            "FJWY",
            "JWYa",
            "GetTypeFromHandl",
            "etTypeFromHandle",
            "tTypeFromHan",
            "TypeFromHand",
            "ypeFromHandl",
            "peFromHandle",
            "eFromHan",
            "FromHand",
            "romHandl",
            "omHandle",
            "mHan",
            "Hand",
            "andl",
            "ndle",
            "RuntimeTypeHandl",
            "untimeTypeHandle",
            "ntimeTypeHan",
            "timeTypeHand",
            "imeTypeHandl",
            "meTypeHandle",
            "eTypeHan",
            "TypeHand",
            "ypeHandl",
            "peHandle",
            "eHan",
            "UInt",
            "RuntimeHelpe",
            "untimeHelper",
            "ntimeHelpers",
            "timeHelp",
            "imeHelpe",
            "meHelper",
            "eHelpers",
            "Help",
            "elpe",
            "lper",
            "pers",
            "InitializeAr",
            "nitializeArr",
            "itializeArra",
            "tializeArray",
            "ializeAr",
            "alizeArr",
            "lizeArra",
            "izeArray",
            "zeAr",
            "eArr",
            "Arra",
            "rray",
            "RuntimeFieldHand",
            "untimeFieldHandl",
            "ntimeFieldHandle",
            "timeFieldHan",
            "imeFieldHand",
            "meFieldHandl",
            "eFieldHandle",
            "FieldHan",
            "ieldHand",
            "eldHandl",
            "ldHandle",
            "dHan",
            "Zero",
            "SortedLi",
            "ortedLis",
            "rtedList",
            "tedL",
            "edLi",
            "dLis",
            "Hashtabl",
            "ashtable",
            "shta",
            "htab",
            "tabl",
            "able",
            "RSACryptoServiceProvider",
            "SACryptoServiceProvi",
            "ACryptoServiceProvid",
            "CryptoServiceProvide",
            "ryptoServiceProvider",
            "yptoServiceProvi",
            "ptoServiceProvid",
            "toServiceProvide",
            "oServiceProvider",
            "ServiceProvi",
            "erviceProvid",
            "rviceProvide",
            "viceProvider",
            "iceProvi",
            "ceProvid",
            "eProvide",
            "Provider",
            "rovi",
            "ovid",
            "vide",
            "ider",
            "UseMachineKeySto",
            "seMachineKeyStor",
            "eMachineKeyStore",
            "MachineKeySt",
            "achineKeySto",
            "chineKeyStor",
            "hineKeyStore",
            "ineKeySt",
            "neKeySto",
            "eKeyStor",
            "KeyStore",
            "eySt",
            "ySto",
            "Stor",
            "tore",
            "BMj5uUm6",
            "Mj5uUm6e",
            "j5uUm6e7",
            "5uUm",
            "uUm6",
            "Um6e",
            "m6e7",
            "CJ4HEjQV",
            "J4HEjQV7",
            "4HEjQV77",
            "HEjQ",
            "EjQV",
            "jQV7",
            "QV77",
            "BitConverter",
            "itConver",
            "tConvert",
            "Converte",
            "onverter",
            "nver",
            "vert",
            "erte",
            "rter",
            "GetBytes",
            "etBy",
            "tByt",
            "ytes",
            "Copy",
            "pdjHZAAw",
            "djHZAAwr",
            "jHZAAwrH",
            "HZAA",
            "ZAAw",
            "AAwr",
            "AwrH",
            "Int1",
            "nt16",
            "kgTH7kXO",
            "gTH7kXOj",
            "TH7kXOjo",
            "H7kX",
            "7kXO",
            "kXOj",
            "XOjo",
            "jUqHWer1",
            "UqHWer1g",
            "qHWer1gE",
            "HWer",
            "Wer1",
            "er1g",
            "r1gE",
            "j3cHN6JM",
            "3cHN6JMu",
            "cHN6JMun",
            "HN6J",
            "N6JM",
            "6JMu",
            "JMun",
            "ALvHsFHm",
            "LvHsFHml",
            "vHsFHmlO",
            "HsFH",
            "sFHm",
            "FHml",
            "HmlO",
            "KG4H67ar",
            "G4H67arI",
            "4H67arIH",
            "H67a",
            "67ar",
            "7arI",
            "arIH",
            "WdnHhygS",
            "dnHhygSf",
            "nHhygSfN",
            "Hhyg",
            "hygS",
            "ygSf",
            "gSfN",
            "SNbHB5n5",
            "NbHB5n5h",
            "bHB5n5hx",
            "HB5n",
            "B5n5",
            "5n5h",
            "n5hx",
            "SymmetricAlgorit",
            "ymmetricAlgorith",
            "mmetricAlgorithm",
            "metricAlgori",
            "etricAlgorit",
            "tricAlgorith",
            "ricAlgorithm",
            "icAlgori",
            "cAlgorit",
            "Algorith",
            "lgorithm",
            "gori",
            "orit",
            "rith",
            "ithm",
            "AesCryptoServiceProvider",
            "esCryptoServiceProvi",
            "sCryptoServiceProvid",
            "Core",
            "RijndaelMana",
            "ijndaelManag",
            "jndaelManage",
            "ndaelManaged",
            "daelMana",
            "aelManag",
            "elManage",
            "lManaged",
            "aged",
            "Activato",
            "ctivator",
            "tiva",
            "ivat",
            "vato",
            "ator",
            "CreateInstan",
            "reateInstanc",
            "eateInstance",
            "ateInsta",
            "teInstan",
            "eInstanc",
            "Instance",
            "nsta",
            "stan",
            "tanc",
            "ance",
            "ObjectHandle",
            "bjectHan",
            "jectHand",
            "ectHandl",
            "ctHandle",
            "tHan",
            "Remoting",
            "emot",
            "moti",
            "otin",
            "ting",
            "Unwr",
            "nwra",
            "wrap",
            "tFWHKlMJ",
            "FWHKlMJC",
            "WHKlMJC2",
            "HKlM",
            "KlMJ",
            "lMJC",
            "MJC2",
            "MD5CryptoServiceProvider",
            "D5CryptoServiceProvi",
            "5CryptoServiceProvid",
            "CryptoConfig",
            "ryptoCon",
            "yptoConf",
            "ptoConfi",
            "toConfig",
            "oCon",
            "Conf",
            "onfi",
            "nfig",
            "AllowOnlyFipsAlgorit",
            "llowOnlyFipsAlgorith",
            "lowOnlyFipsAlgorithm",
            "owOnlyFipsAlgorithms",
            "wOnlyFipsAlgorit",
            "OnlyFipsAlgorith",
            "nlyFipsAlgorithm",
            "lyFipsAlgorithms",
            "yFipsAlgorit",
            "FipsAlgorith",
            "ipsAlgorithm",
            "psAlgorithms",
            "sAlgorit",
            "gorithms",
            "thms",
            "aA0HUYSu",
            "A0HUYSuR",
            "0HUYSuRT",
            "HUYS",
            "UYSu",
            "YSuR",
            "SuRT",
            "HashAlgorith",
            "ashAlgorithm",
            "shAlgori",
            "hAlgorit",
            "ComputeH",
            "omputeHa",
            "mputeHas",
            "puteHash",
            "uteH",
            "teHa",
            "eHas",
            "Hash",
            "y0fHrL9S",
            "0fHrL9SO",
            "fHrL9SOV",
            "HrL9",
            "rL9S",
            "L9SO",
            "9SOV",
            "Read",
            "TTTHTNb0",
            "TTHTNb0Q",
            "THTNb0Qc",
            "HTNb",
            "TNb0",
            "Nb0Q",
            "b0Qc",
            "TransformBlo",
            "ransformBloc",
            "ansformBlock",
            "nsformBl",
            "sformBlo",
            "formBloc",
            "ormBlock",
            "rmBl",
            "mBlo",
            "Bloc",
            "lock",
            "fVVHe7v0",
            "VVHe7v0F",
            "VHe7v0FW",
            "He7v",
            "e7v0",
            "7v0F",
            "v0FW",
            "BinaryReader",
            "inaryRea",
            "naryRead",
            "aryReade",
            "ryReader",
            "yRea",
            "eade",
            "ader",
            "BaseStre",
            "aseStrea",
            "seStream",
            "eStr",
            "Position",
            "osit",
            "siti",
            "itio",
            "ReadUInt",
            "eadUInt3",
            "adUInt32",
            "dUIn",
            "oJOHP2wc",
            "JOHP2wcR",
            "OHP2wcRw",
            "HP2w",
            "P2wc",
            "2wcR",
            "wcRw",
            "ParameterInf",
            "arameterInfo",
            "rameterI",
            "ameterIn",
            "meterInf",
            "eterInfo",
            "terI",
            "erIn",
            "rInf",
            "DynamicMetho",
            "ynamicMethod",
            "namicMet",
            "amicMeth",
            "micMetho",
            "icMethod",
            "cMet",
            "Meth",
            "etho",
            "thod",
            "Emit",
            "ILGenera",
            "LGenerat",
            "Generato",
            "enerator",
            "nera",
            "erat",
            "rato",
            "Moni",
            "onit",
            "nito",
            "itor",
            "Threadin",
            "hreading",
            "read",
            "eadi",
            "adin",
            "ding",
            "Ente",
            "nter",
            "GetManifestResourceStrea",
            "etManifestResourceStream",
            "tManifestResourceStr",
            "ManifestResourceStre",
            "anifestResourceStrea",
            "nifestResourceStream",
            "ifestResourceStr",
            "festResourceStre",
            "estResourceStrea",
            "stResourceStream",
            "tResourceStr",
            "ResourceStre",
            "esourceStrea",
            "sourceStream",
            "ourceStr",
            "urceStre",
            "rceStrea",
            "ceStream",
            "Leng",
            "engt",
            "ngth",
            "ReadByte",
            "eadBytes",
            "adBy",
            "dByt",
            "Clos",
            "lose",
            "Exit",
            "GetField",
            "etFields",
            "tFie",
            "Fiel",
            "ield",
            "elds",
            "BindingFlags",
            "indingFl",
            "ndingFla",
            "dingFlag",
            "ingFlags",
            "ngFl",
            "gFla",
            "Flag",
            "lags",
            "MemberIn",
            "emberInf",
            "mberInfo",
            "berI",
            "MetadataToke",
            "etadataToken",
            "tadataTo",
            "adataTok",
            "dataToke",
            "ataToken",
            "taTo",
            "aTok",
            "Toke",
            "oken",
            "Item",
            "GetGenericArgume",
            "etGenericArgumen",
            "tGenericArgument",
            "GenericArguments",
            "enericArgume",
            "nericArgumen",
            "ericArgument",
            "ricArguments",
            "icArgume",
            "cArgumen",
            "Argument",
            "rguments",
            "gume",
            "umen",
            "ment",
            "ents",
            "ResolveMetho",
            "esolveMethod",
            "solveMet",
            "olveMeth",
            "lveMetho",
            "veMethod",
            "eMet",
            "IsStatic",
            "sSta",
            "Stat",
            "tati",
            "atic",
            "FieldTyp",
            "ieldType",
            "eldT",
            "ldTy",
            "dTyp",
            "CreateDelega",
            "reateDelegat",
            "eateDelegate",
            "ateDeleg",
            "teDelega",
            "eDelegat",
            "SetValue",
            "etVa",
            "tVal",
            "Valu",
            "alue",
            "GetParameter",
            "etParameters",
            "tParamet",
            "Paramete",
            "arameter",
            "rameters",
            "amet",
            "mete",
            "eter",
            "ters",
            "DeclaringTyp",
            "eclaringType",
            "claringT",
            "laringTy",
            "aringTyp",
            "ringType",
            "ingT",
            "ngTy",
            "gTyp",
            "IsValueT",
            "sValueTy",
            "MakeByRefTyp",
            "akeByRefType",
            "keByRefT",
            "eByRefTy",
            "ByRefTyp",
            "yRefType",
            "RefT",
            "efTy",
            "fTyp",
            "ParameterTyp",
            "arameterType",
            "rameterT",
            "ameterTy",
            "meterTyp",
            "eterType",
            "terT",
            "erTy",
            "rTyp",
            "Empt",
            "mpty",
            "ReturnTy",
            "eturnTyp",
            "turnType",
            "urnT",
            "rnTy",
            "nTyp",
            "GetILGenerat",
            "etILGenerato",
            "tILGenerator",
            "OpCo",
            "pCod",
            "Code",
            "Ldar",
            "darg",
            "Tailcall",
            "ailc",
            "ilca",
            "lcal",
            "call",
            "Call",
            "Callvirt",
            "allv",
            "llvi",
            "lvir",
            "virt",
            "KCGHlhtQ",
            "CGHlhtQF",
            "GHlhtQFi",
            "Hlht",
            "lhtQ",
            "htQF",
            "tQFi",
            "FEwHLwOR",
            "EwHLwORs",
            "wHLwORsI",
            "HLwO",
            "LwOR",
            "wORs",
            "ORsI",
            "hU1HREL8",
            "U1HREL8f",
            "1HREL8fC",
            "HREL",
            "REL8",
            "EL8f",
            "L8fC",
            "eZ7HfWmj",
            "Z7HfWmjw",
            "7HfWmjwO",
            "HfWm",
            "fWmj",
            "Wmjw",
            "mjwO",
            "AssemblyName",
            "ssemblyN",
            "semblyNa",
            "emblyNam",
            "mblyName",
            "blyN",
            "lyNa",
            "yNam",
            "Name",
            "StackFra",
            "tackFram",
            "ackFrame",
            "ckFr",
            "kFra",
            "Fram",
            "rame",
            "GetMetho",
            "etMethod",
            "tMet",
            "Inequali",
            "nequalit",
            "equality",
            "qual",
            "uali",
            "alit",
            "lity",
            "GetN",
            "etNa",
            "tNam",
            "GetReferencedAssembl",
            "etReferencedAssembli",
            "tReferencedAssemblie",
            "ReferencedAssemblies",
            "eferencedAssembl",
            "ferencedAssembli",
            "erencedAssemblie",
            "rencedAssemblies",
            "encedAssembl",
            "ncedAssembli",
            "cedAssemblie",
            "edAssemblies",
            "dAssembl",
            "Assembli",
            "ssemblie",
            "semblies",
            "mbli",
            "blie",
            "lies",
            "Equality",
            "ToIn",
            "oInt",
            "Coun",
            "ount",
            "Encoding",
            "ncod",
            "codi",
            "odin",
            "Text",
            "Unic",
            "nico",
            "icod",
            "code",
            "GetStrin",
            "etString",
            "tStr",
            "ae4H5bup",
            "e4H5bupe",
            "4H5bupex",
            "H5bu",
            "5bup",
            "bupe",
            "upex",
            "Trim",
            "Conv",
            "onve",
            "FromBase64String",
            "romBase64Str",
            "omBase64Stri",
            "mBase64Strin",
            "Base64String",
            "ase64Str",
            "se64Stri",
            "e64Strin",
            "64String",
            "4Str",
            "ayMHD9QE",
            "yMHD9QEg",
            "MHD9QEgo",
            "HD9Q",
            "D9QE",
            "9QEg",
            "QEgo",
            "CP2HmQ3M",
            "P2HmQ3MH",
            "2HmQ3MH6",
            "HmQ3",
            "mQ3M",
            "Q3MH",
            "3MH6",
            "LtWHvWZd",
            "tWHvWZde",
            "WHvWZdeP",
            "HvWZ",
            "vWZd",
            "WZde",
            "ZdeP",
            "Mars",
            "arsh",
            "rsha",
            "shal",
            "yC3H4Nww",
            "C3H4NwwI",
            "3H4NwwIj",
            "H4Nw",
            "4Nww",
            "NwwI",
            "wwIj",
            "Location",
            "ocat",
            "cati",
            "File",
            "Exis",
            "xist",
            "ists",
            "CodeBase",
            "odeB",
            "deBa",
            "eBas",
            "ToString",
            "Repl",
            "epla",
            "plac",
            "lace",
            "GetT",
            "etTy",
            "tTyp",
            "GetPrope",
            "etProper",
            "tPropert",
            "Property",
            "rope",
            "oper",
            "erty",
            "PropertyInfo",
            "ropertyI",
            "opertyIn",
            "pertyInf",
            "ertyInfo",
            "rtyI",
            "tyIn",
            "yInf",
            "GetValue",
            "dTWHXgNN",
            "TWHXgNNW",
            "WHXgNNWQ",
            "HXgN",
            "XgNN",
            "gNNW",
            "NNWQ",
            "LoadLibr",
            "oadLibra",
            "adLibrar",
            "dLibrary",
            "Libr",
            "ibra",
            "brar",
            "rary",
            "kernel32",
            "erne",
            "rnel",
            "nel3",
            "el32",
            "kIiH1IDC",
            "IiH1IDCp",
            "iH1IDCpe",
            "H1ID",
            "1IDC",
            "IDCp",
            "DCpe",
            "GetProcAddre",
            "etProcAddres",
            "tProcAddress",
            "ProcAddr",
            "rocAddre",
            "ocAddres",
            "cAddress",
            "Addr",
            "ddre",
            "dres",
            "IB4H9OS8",
            "B4H9OS8e",
            "4H9OS8e0",
            "H9OS",
            "9OS8",
            "OS8e",
            "S8e0",
            "Conc",
            "onca",
            "ncat",
            "GetDelegateForFunctionPointe",
            "etDelegateForFunctionPointer",
            "tDelegateForFunctionPoin",
            "DelegateForFunctionPoint",
            "elegateForFunctionPointe",
            "legateForFunctionPointer",
            "egateForFunctionPoin",
            "gateForFunctionPoint",
            "ateForFunctionPointe",
            "teForFunctionPointer",
            "eForFunctionPoin",
            "ForFunctionPoint",
            "orFunctionPointe",
            "rFunctionPointer",
            "FunctionPoin",
            "unctionPoint",
            "nctionPointe",
            "ctionPointer",
            "tionPoin",
            "ionPoint",
            "onPointe",
            "nPointer",
            "Poin",
            "oint",
            "inte",
            "uOXHqyhI",
            "OXHqyhIa",
            "XHqyhIaS",
            "Hqyh",
            "qyhI",
            "yhIa",
            "hIaS",
            "l71HkhvE",
            "71HkhvEG",
            "1HkhvEGF",
            "Hkhv",
            "khvE",
            "hvEG",
            "vEGF",
            "tggHYhTg",
            "ggHYhTg7",
            "gHYhTg7s",
            "HYhT",
            "YhTg",
            "hTg7",
            "Tg7s",
            "U72H2Jkf",
            "72H2JkfI",
            "2H2JkfIP",
            "H2Jk",
            "2Jkf",
            "JkfI",
            "kfIP",
            "Y0pHusBn",
            "0pHusBnt",
            "pHusBnt0",
            "HusB",
            "usBn",
            "sBnt",
            "Bnt0",
            "gEHrfEJa",
            "EHrfEJaJ",
            "HrfE",
            "rfEJ",
            "fEJa",
            "EJaJ",
            "wWBHw78R",
            "WBHw78Rp",
            "BHw78RpX",
            "Hw78",
            "w78R",
            "78Rp",
            "8RpX",
            "FileStre",
            "ileStrea",
            "leStream",
            "FileMode",
            "ileM",
            "leMo",
            "eMod",
            "FileAcce",
            "ileAcces",
            "leAccess",
            "eAcc",
            "Acce",
            "cces",
            "cess",
            "FileShar",
            "ileShare",
            "leSh",
            "eSha",
            "Shar",
            "hare",
            "IDisposa",
            "Disposab",
            "isposabl",
            "sposable",
            "posa",
            "osab",
            "sabl",
            "Disp",
            "ispo",
            "spos",
            "pose",
            "amqH33Tn",
            "mqH33Tnr",
            "qH33Tnrd",
            "H33T",
            "33Tn",
            "3Tnr",
            "Tnrd",
            "lbUHysDL",
            "bUHysDLt",
            "UHysDLtM",
            "HysD",
            "ysDL",
            "sDLt",
            "DLtM",
            "ToAr",
            "oArr",
            "A6WHpW5l",
            "6WHpW5ls",
            "WHpW5lsW",
            "HpW5",
            "pW5l",
            "W5ls",
            "5lsW",
            "CreateDecryp",
            "reateDecrypt",
            "eateDecrypto",
            "ateDecryptor",
            "teDecryp",
            "eDecrypt",
            "Decrypto",
            "ecryptor",
            "cryp",
            "rypt",
            "ypto",
            "ptor",
            "Writ",
            "rite",
            "RhQHJAls",
            "hQHJAlsH",
            "QHJAlsHJ",
            "HJAl",
            "JAls",
            "AlsH",
            "lsHJ",
            "S1AH8NJW",
            "1AH8NJWT",
            "AH8NJWTY",
            "H8NJ",
            "8NJW",
            "NJWT",
            "JWTY",
            "DUqHSrIZ",
            "UqHSrIZh",
            "qHSrIZhB",
            "HSrI",
            "SrIZ",
            "rIZh",
            "IZhB",
            "F4xHcRwo",
            "4xHcRwoa",
            "xHcRwoaQ",
            "HcRw",
            "cRwo",
            "Rwoa",
            "woaQ",
            "R6vHgpxK",
            "6vHgpxKx",
            "vHgpxKxw",
            "Hgpx",
            "gpxK",
            "pxKx",
            "xKxw",
            "gudHFgNW",
            "udHFgNWA",
            "dHFgNWAS",
            "HFgN",
            "FgNW",
            "gNWA",
            "NWAS",
            "cWpHaXn8",
            "WpHaXn81",
            "pHaXn810",
            "HaXn",
            "aXn8",
            "Xn81",
            "n810",
            "k6dH0Cgv",
            "6dH0Cgvn",
            "dH0Cgvnf",
            "H0Cg",
            "0Cgv",
            "Cgvn",
            "gvnf",
            "VqeHAClj",
            "qeHACljL",
            "eHACljLH",
            "HACl",
            "AClj",
            "CljL",
            "ljLH",
            "IQjHORJY",
            "QjHORJY1",
            "jHORJY1k",
            "HORJ",
            "ORJY",
            "RJY1",
            "JY1k",
            "fWHKHCBMk8RmiVZU",
            "WHKHCBMk8RmiVZU7",
            "HKHCBMk8RmiVZU7K",
            "KHCBMk8RmiVZU7K3",
            "HCBMk8RmiVZU",
            "CBMk8RmiVZU7",
            "BMk8RmiVZU7K",
            "Mk8RmiVZU7K3",
            "k8RmiVZU",
            "8RmiVZU7",
            "RmiVZU7K",
            "miVZU7K3",
            "iVZU",
            "VZU7",
            "ZU7K",
            "U7K3",
            "aNrno9BxSZ9C94I9",
            "Nrno9BxSZ9C94I99",
            "rno9BxSZ9C94I99V",
            "no9BxSZ9C94I99VC",
            "o9BxSZ9C94I9",
            "9BxSZ9C94I99",
            "BxSZ9C94I99V",
            "xSZ9C94I99VC",
            "SZ9C94I9",
            "Z9C94I99",
            "9C94I99V",
            "C94I99VC",
            "94I9",
            "4I99",
            "I99V",
            "99VC",
            "YoEAByBzxC0wcOeT",
            "oEAByBzxC0wcOeTM",
            "EAByBzxC0wcOeTM5",
            "AByBzxC0wcOeTM5A",
            "ByBzxC0wcOeT",
            "yBzxC0wcOeTM",
            "BzxC0wcOeTM5",
            "zxC0wcOeTM5A",
            "xC0wcOeT",
            "C0wcOeTM",
            "0wcOeTM5",
            "wcOeTM5A",
            "cOeT",
            "OeTM",
            "eTM5",
            "TM5A",
            "lETua8KVGFTFNnui",
            "ETua8KVGFTFNnuiE",
            "Tua8KVGFTFNnuiEw",
            "ua8KVGFTFNnuiEw4",
            "a8KVGFTFNnui",
            "8KVGFTFNnuiE",
            "KVGFTFNnuiEw",
            "VGFTFNnuiEw4",
            "GFTFNnui",
            "FTFNnuiE",
            "TFNnuiEw",
            "FNnuiEw4",
            "Nnui",
            "nuiE",
            "uiEw",
            "iEw4",
            "AGx73NKHt2bss6Lf",
            "Gx73NKHt2bss6LfA",
            "x73NKHt2bss6LfAS",
            "73NKHt2bss6LfASM",
            "3NKHt2bss6Lf",
            "NKHt2bss6LfA",
            "KHt2bss6LfAS",
            "Ht2bss6LfASM",
            "t2bss6Lf",
            "2bss6LfA",
            "bss6LfAS",
            "ss6LfASM",
            "s6Lf",
            "6LfA",
            "LfAS",
            "fASM",
            "C8GwpUKninAGEBNS",
            "8GwpUKninAGEBNSL",
            "GwpUKninAGEBNSL8",
            "wpUKninAGEBNSL8V",
            "pUKninAGEBNS",
            "UKninAGEBNSL",
            "KninAGEBNSL8",
            "ninAGEBNSL8V",
            "inAGEBNS",
            "nAGEBNSL",
            "AGEBNSL8",
            "GEBNSL8V",
            "EBNS",
            "BNSL",
            "NSL8",
            "SL8V",
            "Reve",
            "ever",
            "vers",
            "erse",
            "lqN2G0KExuMfavIZ",
            "qN2G0KExuMfavIZH",
            "N2G0KExuMfavIZHC",
            "2G0KExuMfavIZHCA",
            "G0KExuMfavIZ",
            "0KExuMfavIZH",
            "KExuMfavIZHC",
            "ExuMfavIZHCA",
            "xuMfavIZ",
            "uMfavIZH",
            "MfavIZHC",
            "favIZHCA",
            "avIZ",
            "vIZH",
            "IZHC",
            "ZHCA",
            "ccAyUVKZOeYYLG2l",
            "cAyUVKZOeYYLG2ln",
            "AyUVKZOeYYLG2lnD",
            "yUVKZOeYYLG2lnDX",
            "UVKZOeYYLG2l",
            "VKZOeYYLG2ln",
            "KZOeYYLG2lnD",
            "ZOeYYLG2lnDX",
            "OeYYLG2l",
            "eYYLG2ln",
            "YYLG2lnD",
            "YLG2lnDX",
            "LG2l",
            "G2ln",
            "2lnD",
            "lnDX",
            "GetPublicKeyToke",
            "etPublicKeyToken",
            "tPublicKeyTo",
            "PublicKeyTok",
            "ublicKeyToke",
            "blicKeyToken",
            "licKeyTo",
            "icKeyTok",
            "cKeyToke",
            "KeyToken",
            "eyTo",
            "yTok",
            "Q0ywkXK70Gc3cl8X",
            "0ywkXK70Gc3cl8X6",
            "ywkXK70Gc3cl8X68",
            "wkXK70Gc3cl8X68X",
            "kXK70Gc3cl8X",
            "XK70Gc3cl8X6",
            "K70Gc3cl8X68",
            "70Gc3cl8X68X",
            "0Gc3cl8X",
            "Gc3cl8X6",
            "c3cl8X68",
            "3cl8X68X",
            "cl8X",
            "l8X6",
            "8X68",
            "X68X",
            "xJXEMLKWNieklTtV",
            "JXEMLKWNieklTtVr",
            "XEMLKWNieklTtVre",
            "EMLKWNieklTtVreD",
            "MLKWNieklTtV",
            "LKWNieklTtVr",
            "KWNieklTtVre",
            "WNieklTtVreD",
            "NieklTtV",
            "ieklTtVr",
            "eklTtVre",
            "klTtVreD",
            "lTtV",
            "TtVr",
            "tVre",
            "VreD",
            "CipherMo",
            "ipherMod",
            "pherMode",
            "herM",
            "erMo",
            "rMod",
            "qhflmHKNKhLXQsnM",
            "hflmHKNKhLXQsnMM",
            "flmHKNKhLXQsnMMM",
            "lmHKNKhLXQsnMMMV",
            "mHKNKhLXQsnM",
            "HKNKhLXQsnMM",
            "KNKhLXQsnMMM",
            "NKhLXQsnMMMV",
            "KhLXQsnM",
            "hLXQsnMM",
            "LXQsnMMM",
            "XQsnMMMV",
            "QsnM",
            "snMM",
            "nMMM",
            "MMMV",
            "RAECwXKsB5PKXan6",
            "AECwXKsB5PKXan6H",
            "ECwXKsB5PKXan6HH",
            "CwXKsB5PKXan6HHG",
            "wXKsB5PKXan6",
            "XKsB5PKXan6H",
            "KsB5PKXan6HH",
            "sB5PKXan6HHG",
            "B5PKXan6",
            "5PKXan6H",
            "PKXan6HH",
            "KXan6HHG",
            "Xan6",
            "an6H",
            "n6HH",
            "6HHG",
            "TYMBMAK68Q9Tq6wW",
            "YMBMAK68Q9Tq6wWS",
            "MBMAK68Q9Tq6wWS7",
            "BMAK68Q9Tq6wWS7y",
            "MAK68Q9Tq6wW",
            "AK68Q9Tq6wWS",
            "K68Q9Tq6wWS7",
            "68Q9Tq6wWS7y",
            "8Q9Tq6wW",
            "Q9Tq6wWS",
            "9Tq6wWS7",
            "Tq6wWS7y",
            "q6wW",
            "6wWS",
            "wWS7",
            "WS7y",
            "XQpm33KhUJadrxqZ",
            "Qpm33KhUJadrxqZS",
            "pm33KhUJadrxqZSI",
            "m33KhUJadrxqZSIm",
            "33KhUJadrxqZ",
            "3KhUJadrxqZS",
            "KhUJadrxqZSI",
            "hUJadrxqZSIm",
            "UJadrxqZ",
            "JadrxqZS",
            "adrxqZSI",
            "drxqZSIm",
            "rxqZ",
            "xqZS",
            "qZSI",
            "ZSIm",
            "FlushFinalBl",
            "lushFinalBlo",
            "ushFinalBloc",
            "shFinalBlock",
            "hFinalBl",
            "FinalBlo",
            "inalBloc",
            "nalBlock",
            "alBl",
            "lBlo",
            "bfFCfXKBIs1QCilS",
            "fFCfXKBIs1QCilSt",
            "FCfXKBIs1QCilSt3",
            "CfXKBIs1QCilSt37",
            "fXKBIs1QCilS",
            "XKBIs1QCilSt",
            "KBIs1QCilSt3",
            "BIs1QCilSt37",
            "Is1QCilS",
            "s1QCilSt",
            "1QCilSt3",
            "QCilSt37",
            "CilS",
            "ilSt",
            "lSt3",
            "St37",
            "Vn4PLCKKlgZ3yAnV",
            "n4PLCKKlgZ3yAnV0",
            "4PLCKKlgZ3yAnV01",
            "PLCKKlgZ3yAnV01U",
            "LCKKlgZ3yAnV",
            "CKKlgZ3yAnV0",
            "KKlgZ3yAnV01",
            "KlgZ3yAnV01U",
            "lgZ3yAnV",
            "gZ3yAnV0",
            "Z3yAnV01",
            "3yAnV01U",
            "yAnV",
            "AnV0",
            "nV01",
            "V01U",
            "hJrTdRKUCJfQy5ih",
            "JrTdRKUCJfQy5ih3",
            "rTdRKUCJfQy5ih3w",
            "TdRKUCJfQy5ih3wd",
            "dRKUCJfQy5ih",
            "RKUCJfQy5ih3",
            "KUCJfQy5ih3w",
            "UCJfQy5ih3wd",
            "CJfQy5ih",
            "JfQy5ih3",
            "fQy5ih3w",
            "Qy5ih3wd",
            "y5ih",
            "5ih3",
            "ih3w",
            "h3wd",
            "EntryPoi",
            "ntryPoin",
            "tryPoint",
            "ryPo",
            "yPoi",
            "zTCSeZKrw5PThQ9k",
            "TCSeZKrw5PThQ9ku",
            "CSeZKrw5PThQ9kux",
            "SeZKrw5PThQ9kuxF",
            "eZKrw5PThQ9k",
            "ZKrw5PThQ9ku",
            "Krw5PThQ9kux",
            "rw5PThQ9kuxF",
            "w5PThQ9k",
            "5PThQ9ku",
            "PThQ9kux",
            "ThQ9kuxF",
            "hQ9k",
            "Q9ku",
            "9kux",
            "kuxF",
            "SFObT7BdNQx3OBmw",
            "FObT7BdNQx3OBmwr",
            "ObT7BdNQx3OBmwrf",
            "bT7BdNQx3OBmwrfj",
            "T7BdNQx3OBmw",
            "7BdNQx3OBmwr",
            "BdNQx3OBmwrf",
            "dNQx3OBmwrfj",
            "NQx3OBmw",
            "Qx3OBmwr",
            "x3OBmwrf",
            "3OBmwrfj",
            "OBmw",
            "Bmwr",
            "mwrf",
            "wrfj",
            "d2wIUbBCeWqr2Nlb",
            "2wIUbBCeWqr2Nlb5",
            "wIUbBCeWqr2Nlb5K",
            "IUbBCeWqr2Nlb5Kj",
            "UbBCeWqr2Nlb",
            "bBCeWqr2Nlb5",
            "BCeWqr2Nlb5K",
            "CeWqr2Nlb5Kj",
            "eWqr2Nlb",
            "Wqr2Nlb5",
            "qr2Nlb5K",
            "r2Nlb5Kj",
            "2Nlb",
            "Nlb5",
            "lb5K",
            "b5Kj",
            "WyFsCTLJ5QqUnPiI",
            "yFsCTLJ5QqUnPiIY",
            "FsCTLJ5QqUnPiIYf",
            "sCTLJ5QqUnPiIYfI",
            "CTLJ5QqUnPiI",
            "TLJ5QqUnPiIY",
            "LJ5QqUnPiIYf",
            "J5QqUnPiIYfI",
            "5QqUnPiI",
            "QqUnPiIY",
            "qUnPiIYf",
            "UnPiIYfI",
            "nPiI",
            "PiIY",
            "iIYf",
            "IYfI",
            "du9curL8hdgUrEbG",
            "u9curL8hdgUrEbGZ",
            "9curL8hdgUrEbGZU",
            "curL8hdgUrEbGZUr",
            "urL8hdgUrEbG",
            "rL8hdgUrEbGZ",
            "L8hdgUrEbGZU",
            "8hdgUrEbGZUr",
            "hdgUrEbG",
            "dgUrEbGZ",
            "gUrEbGZU",
            "UrEbGZUr",
            "rEbG",
            "EbGZ",
            "bGZU",
            "GZUr",
            "j2IhntLStUmqMX05",
            "2IhntLStUmqMX05e",
            "IhntLStUmqMX05eH",
            "hntLStUmqMX05eHp",
            "ntLStUmqMX05",
            "tLStUmqMX05e",
            "LStUmqMX05eH",
            "StUmqMX05eHp",
            "tUmqMX05",
            "UmqMX05e",
            "mqMX05eH",
            "qMX05eHp",
            "MX05",
            "X05e",
            "05eH",
            "5eHp",
            "UOsYX6nqjBtcgwV3",
            "OsYX6nqjBtcgwV3o",
            "sYX6nqjBtcgwV3oI",
            "YX6nqjBtcgwV3oIb",
            "X6nqjBtcgwV3",
            "6nqjBtcgwV3o",
            "nqjBtcgwV3oI",
            "qjBtcgwV3oIb",
            "jBtcgwV3",
            "BtcgwV3o",
            "tcgwV3oI",
            "cgwV3oIb",
            "gwV3",
            "wV3o",
            "V3oI",
            "3oIb",
            "yIanYXFt",
            "IanYXFt9",
            "anYXFt9g",
            "nYXF",
            "YXFt",
            "XFt9",
            "Ft9g",
            "CreateEncryp",
            "reateEncrypt",
            "eateEncrypto",
            "ateEncryptor",
            "teEncryp",
            "eEncrypt",
            "Encrypto",
            "ncryptor",
            "ToBase64Stri",
            "oBase64Strin",
            "classthi",
            "lassthis",
            "asst",
            "ssth",
            "sthi",
            "this",
            "comp",
            "info",
            "flag",
            "nativeEn",
            "ativeEnt",
            "tiveEntr",
            "iveEntry",
            "veEn",
            "eEnt",
            "Entr",
            "ntry",
            "nativeSizeOfCode",
            "ativeSizeOfC",
            "tiveSizeOfCo",
            "iveSizeOfCod",
            "veSizeOfCode",
            "eSizeOfC",
            "SizeOfCo",
            "izeOfCod",
            "zeOfCode",
            "eOfC",
            "OfCo",
            "fCod",
            "tnAn34G0",
            "nAn34G0A",
            "An34G0AN",
            "n34G",
            "34G0",
            "4G0A",
            "G0AN",
            "nb3nyl2p",
            "b3nyl2pu",
            "3nyl2puH",
            "nyl2",
            "yl2p",
            "l2pu",
            "2puH",
            "AGJngIyr",
            "GJngIyrb",
            "JngIyrbt",
            "ngIy",
            "gIyr",
            "Iyrb",
            "yrbt",
            "KCFlcDdR",
            "CFlcDdR6",
            "FlcDdR6L",
            "lcDd",
            "cDdR",
            "DdR6",
            "dR6L",
            "EANnJx5j",
            "ANnJx5j0",
            "NnJx5j0h",
            "nJx5",
            "Jx5j",
            "x5j0",
            "5j0h",
            "rrCn8HJ5",
            "rCn8HJ5O",
            "Cn8HJ5Ox",
            "n8HJ",
            "8HJ5",
            "HJ5O",
            "J5Ox",
            "G3mnSLIk",
            "3mnSLIku",
            "mnSLIkus",
            "nSLI",
            "SLIk",
            "LIku",
            "Ikus",
            "ReadInt3",
            "eadInt32",
            "adIn",
            "dInt",
            "cvBncy6o",
            "vBncy6oE",
            "Bncy6oEJ",
            "ncy6",
            "cy6o",
            "y6oE",
            "6oEJ",
            "hMod",
            "lpNa",
            "pNam",
            "lpTy",
            "pTyp",
            "lpAddres",
            "pAddress",
            "dwSi",
            "wSiz",
            "flAllocationType",
            "lAllocationT",
            "AllocationTy",
            "llocationTyp",
            "locationType",
            "ocationT",
            "cationTy",
            "ationTyp",
            "tionType",
            "ionT",
            "onTy",
            "flProtec",
            "lProtect",
            "Prot",
            "rote",
            "otec",
            "tect",
            "hProcess",
            "Proc",
            "roce",
            "oces",
            "lpBaseAddres",
            "pBaseAddress",
            "BaseAddr",
            "aseAddre",
            "seAddres",
            "eAddress",
            "buff",
            "uffe",
            "ffer",
            "size",
            "lpNumberOfBytesWritt",
            "pNumberOfBytesWritte",
            "NumberOfBytesWritten",
            "umberOfBytesWrit",
            "mberOfBytesWritt",
            "berOfBytesWritte",
            "erOfBytesWritten",
            "rOfBytesWrit",
            "OfBytesWritt",
            "fBytesWritte",
            "BytesWritten",
            "ytesWrit",
            "tesWritt",
            "esWritte",
            "sWritten",
            "ritt",
            "itte",
            "tten",
            "flNewProtect",
            "lNewProt",
            "NewProte",
            "ewProtec",
            "wProtect",
            "lpflOldProte",
            "pflOldProtec",
            "flOldProtect",
            "lOldProt",
            "OldProte",
            "ldProtec",
            "dProtect",
            "dwDesiredAcc",
            "wDesiredAcce",
            "DesiredAcces",
            "esiredAccess",
            "siredAcc",
            "iredAcce",
            "redAcces",
            "edAccess",
            "dAcc",
            "bInheritHand",
            "InheritHandl",
            "nheritHandle",
            "heritHan",
            "eritHand",
            "ritHandl",
            "itHandle",
            "dwProces",
            "wProcess",
            "ProcessI",
            "rocessId",
            "essI",
            "ssId",
            "valu",
            "CwrnicIa",
            "wrnicIa9",
            "rnicIa9T",
            "nicI",
            "icIa",
            "cIa9",
            "Ia9T",
            "HEy5wMGu",
            "Ey5wMGuJ",
            "y5wMGuJY",
            "5wMG",
            "wMGu",
            "MGuJ",
            "GuJY",
            "phFESeB4",
            "hFESeB4L",
            "FESeB4L3",
            "ESeB",
            "SeB4",
            "eB4L",
            "B4L3",
            "D6iEcs6w",
            "6iEcs6wq",
            "iEcs6wqH",
            "Ecs6",
            "cs6w",
            "s6wq",
            "6wqH",
            "gq1EgOyX",
            "q1EgOyXl",
            "1EgOyXl2",
            "EgOy",
            "gOyX",
            "OyXl",
            "yXl2",
            "Qa3EFsRx",
            "a3EFsRxn",
            "3EFsRxnc",
            "EFsR",
            "FsRx",
            "sRxn",
            "Rxnc",
            "yI7EaD7c",
            "I7EaD7ci",
            "7EaD7ci6",
            "EaD7",
            "aD7c",
            "D7ci",
            "7ci6",
            "Im8E0cL5",
            "m8E0cL5B",
            "8E0cL5BO",
            "E0cL",
            "0cL5",
            "cL5B",
            "L5BO",
            "hqcEA8lt",
            "qcEA8ltn",
            "cEA8ltn2",
            "EA8l",
            "A8lt",
            "8ltn",
            "ltn2",
            "BRgEOiGc",
            "RgEOiGcw",
            "gEOiGcwI",
            "OiGc",
            "iGcw",
            "GcwI",
            "ijkEoThw",
            "jkEoThw7",
            "kEoThw7F",
            "EoTh",
            "oThw",
            "Thw7",
            "hw7F",
            "mbiEj4eq",
            "biEj4eqr",
            "iEj4eqrO",
            "Ej4e",
            "j4eq",
            "4eqr",
            "eqrO",
            "i69EbM53",
            "69EbM53O",
            "9EbM53Og",
            "EbM5",
            "bM53",
            "M53O",
            "53Og",
            "hFPEQ07X",
            "FPEQ07XS",
            "PEQ07XSj",
            "EQ07",
            "Q07X",
            "07XS",
            "7XSj",
            "wpQEiiYl",
            "pQEiiYlq",
            "QEiiYlqT",
            "EiiY",
            "iiYl",
            "iYlq",
            "YlqT",
            "N4xEtEjM",
            "4xEtEjM3",
            "xEtEjM3I",
            "EtEj",
            "tEjM",
            "EjM3",
            "jM3I",
            "UXgEdxr6",
            "XgEdxr6J",
            "gEdxr6Jl",
            "Edxr",
            "dxr6",
            "xr6J",
            "r6Jl",
            "MCYdB9RVO7JM1IMc",
            "CYdB9RVO7JM1IMcC",
            "YdB9RVO7JM1IMcCP",
            "dB9RVO7JM1IMcCPc",
            "B9RVO7JM1IMc",
            "9RVO7JM1IMcC",
            "RVO7JM1IMcCP",
            "VO7JM1IMcCPc",
            "O7JM1IMc",
            "7JM1IMcC",
            "JM1IMcCP",
            "M1IMcCPc",
            "1IMc",
            "IMcC",
            "McCP",
            "cCPc",
            "yEKEIT9i",
            "EKEIT9iw",
            "KEIT9iwd",
            "EIT9",
            "IT9i",
            "T9iw",
            "9iwd",
            "YdBELiOT",
            "dBELiOTB",
            "BELiOTBx",
            "ELiO",
            "LiOT",
            "iOTB",
            "OTBx",
            "P7nER3EM",
            "7nER3EMB",
            "nER3EMBI",
            "ER3E",
            "R3EM",
            "3EMB",
            "EMBI",
            "HMrEfTTD",
            "MrEfTTD1",
            "rEfTTD1e",
            "EfTT",
            "fTTD",
            "TTD1",
            "TD1e",
            "KvAE5FBi",
            "vAE5FBi7",
            "AE5FBi7A",
            "E5FB",
            "5FBi",
            "FBi7",
            "Bi7A",
            "bIfEDVRv",
            "IfEDVRvL",
            "fEDVRvLp",
            "EDVR",
            "DVRv",
            "VRvL",
            "RvLp",
            "B1SEmhH1",
            "1SEmhH1X",
            "SEmhH1X9",
            "EmhH",
            "mhH1",
            "hH1X",
            "H1X9",
            "IiBEvZKm",
            "iBEvZKmG",
            "BEvZKmGD",
            "EvZK",
            "vZKm",
            "ZKmG",
            "KmGD",
            "pq6E4dNi",
            "q6E4dNib",
            "6E4dNibH",
            "E4dN",
            "4dNi",
            "dNib",
            "NibH",
            "eTuEXb5i",
            "TuEXb5iy",
            "uEXb5iy9",
            "EXb5",
            "Xb5i",
            "b5iy",
            "5iy9",
            "RuntimeMethodHan",
            "untimeMethodHand",
            "ntimeMethodHandl",
            "timeMethodHandle",
            "imeMethodHan",
            "meMethodHand",
            "eMethodHandl",
            "MethodHandle",
            "ethodHan",
            "thodHand",
            "hodHandl",
            "odHandle",
            "wsaE1Ibs",
            "saE1Ibsq",
            "aE1IbsqY",
            "E1Ib",
            "1Ibs",
            "Ibsq",
            "bsqY",
            "ThoE9v6o",
            "hoE9v6oq",
            "oE9v6oqu",
            "E9v6",
            "9v6o",
            "v6oq",
            "6oqu",
            "NotSupportedExceptio",
            "otSupportedException",
            "tSupportedExcept",
            "SupportedExcepti",
            "upportedExceptio",
            "pportedException",
            "portedExcept",
            "ortedExcepti",
            "rtedExceptio",
            "tedException",
            "edExcept",
            "dExcepti",
            "s8PEqMWu",
            "8PEqMWuI",
            "PEqMWuIp",
            "EqMW",
            "qMWu",
            "MWuI",
            "WuIp",
            "E2KEkM7P",
            "2KEkM7PJ",
            "KEkM7PJI",
            "EkM7",
            "kM7P",
            "M7PJ",
            "7PJI",
            "mN1EYt05",
            "N1EYt05p",
            "1EYt05pb",
            "EYt0",
            "Yt05",
            "t05p",
            "05pb",
            "YZxE2QwF",
            "ZxE2QwFu",
            "xE2QwFuG",
            "E2Qw",
            "2QwF",
            "QwFu",
            "wFuG",
            "wvUfIFEu29WgjAMb",
            "vUfIFEu29WgjAMb7",
            "UfIFEu29WgjAMb7E",
            "fIFEu29WgjAMb7Eb",
            "IFEu29WgjAMb",
            "FEu29WgjAMb7",
            "Eu29WgjAMb7E",
            "u29WgjAMb7Eb",
            "29WgjAMb",
            "9WgjAMb7",
            "WgjAMb7E",
            "gjAMb7Eb",
            "jAMb",
            "AMb7",
            "Mb7E",
            "b7Eb",
            "SByt",
            "Sing",
            "ingl",
            "ngle",
            "Doub",
            "oubl",
            "uble",
            "Char",
            "Comparis",
            "ompariso",
            "mparison",
            "pari",
            "aris",
            "riso",
            "ison",
            "aO83AL6F",
            "O83AL6Fa",
            "83AL6Fau",
            "3AL6",
            "AL6F",
            "L6Fa",
            "6Fau",
            "Sort",
            "KxqEwUvg",
            "xqEwUvgs",
            "qEwUvgsI",
            "EwUv",
            "wUvg",
            "Uvgs",
            "vgsI",
            "licE3V4O",
            "icE3V4OM",
            "cE3V4OMe",
            "E3V4",
            "3V4O",
            "V4OM",
            "4OMe",
            "wVfqVNEyRMnxw8G9",
            "VfqVNEyRMnxw8G9k",
            "fqVNEyRMnxw8G9kM",
            "qVNEyRMnxw8G9kM4",
            "VNEyRMnxw8G9",
            "NEyRMnxw8G9k",
            "EyRMnxw8G9kM",
            "yRMnxw8G9kM4",
            "RMnxw8G9",
            "Mnxw8G9k",
            "nxw8G9kM",
            "xw8G9kM4",
            "w8G9",
            "8G9k",
            "G9kM",
            "9kM4",
            "wPuEp6SG",
            "PuEp6SG2",
            "uEp6SG26",
            "Ep6S",
            "p6SG",
            "6SG2",
            "SG26",
            "VkDEJGwi",
            "kDEJGwi0",
            "DEJGwi0O",
            "EJGw",
            "JGwi",
            "Gwi0",
            "wi0O",
            "pjSE86wv",
            "jSE86wvv",
            "SE86wvvN",
            "E86w",
            "86wv",
            "6wvv",
            "wvvN",
            "lVx1hTRHxIewqobb",
            "Vx1hTRHxIewqobb3",
            "x1hTRHxIewqobb3G",
            "1hTRHxIewqobb3GJ",
            "hTRHxIewqobb",
            "TRHxIewqobb3",
            "RHxIewqobb3G",
            "HxIewqobb3GJ",
            "xIewqobb",
            "Iewqobb3",
            "ewqobb3G",
            "wqobb3GJ",
            "qobb",
            "obb3",
            "bb3G",
            "b3GJ",
            "Yf9fvaRnbKHZkv3J",
            "f9fvaRnbKHZkv3J7",
            "9fvaRnbKHZkv3J7C",
            "fvaRnbKHZkv3J7C0",
            "vaRnbKHZkv3J",
            "aRnbKHZkv3J7",
            "RnbKHZkv3J7C",
            "nbKHZkv3J7C0",
            "bKHZkv3J",
            "KHZkv3J7",
            "HZkv3J7C",
            "Zkv3J7C0",
            "kv3J",
            "v3J7",
            "3J7C",
            "J7C0",
            "kXpEMRiv",
            "XpEMRivi",
            "pEMRiviV",
            "EMRi",
            "MRiv",
            "Rivi",
            "iviV",
            "MaEExkZN",
            "aEExkZNQ",
            "EExkZNQc",
            "ExkZ",
            "xkZN",
            "kZNQ",
            "ZNQc",
            "TFxEzOYU",
            "FxEzOYU9",
            "xEzOYU99",
            "EzOY",
            "zOYU",
            "OYU9",
            "YU99",
            "heWZVe2E",
            "eWZVe2ET",
            "WZVe2ETX",
            "ZVe2",
            "Ve2E",
            "e2ET",
            "2ETX",
            "iEaZH5v9",
            "EaZH5v9A",
            "aZH5v9AX",
            "ZH5v",
            "H5v9",
            "5v9A",
            "v9AX",
            "aoIZn8Fy",
            "oIZn8Fyj",
            "IZn8Fyjy",
            "Zn8F",
            "n8Fy",
            "8Fyj",
            "Fyjy",
            "DkVZN0Y5",
            "kVZN0Y5H",
            "VZN0Y5Hv",
            "ZN0Y",
            "N0Y5",
            "0Y5H",
            "Y5Hv",
            "LGhZs1a9",
            "GhZs1a9F",
            "hZs1a9FW",
            "Zs1a",
            "s1a9",
            "1a9F",
            "a9FW",
            "VDlyUjRWJVtYu98a",
            "DlyUjRWJVtYu98aS",
            "lyUjRWJVtYu98aSP",
            "yUjRWJVtYu98aSP4",
            "UjRWJVtYu98a",
            "jRWJVtYu98aS",
            "RWJVtYu98aSP",
            "WJVtYu98aSP4",
            "JVtYu98a",
            "VtYu98aS",
            "tYu98aSP",
            "Yu98aSP4",
            "u98a",
            "98aS",
            "8aSP",
            "aSP4",
            "T7MhRDMc",
            "7MhRDMcv",
            "MhRDMcvi",
            "hRDM",
            "RDMc",
            "DMcv",
            "Mcvi",
            "rHvhfZTj",
            "HvhfZTjp",
            "vhfZTjpD",
            "hfZT",
            "fZTj",
            "ZTjp",
            "TjpD",
            "PQch5BK6",
            "Qch5BK6b",
            "ch5BK6bF",
            "h5BK",
            "5BK6",
            "BK6b",
            "K6bF",
            "I7YhDMQr",
            "7YhDMQrH",
            "YhDMQrHp",
            "hDMQ",
            "DMQr",
            "MQrH",
            "QrHp",
            "uqxhmmb8",
            "qxhmmb8H",
            "xhmmb8H3",
            "hmmb",
            "mmb8",
            "mb8H",
            "b8H3",
            "HymhvB9M",
            "ymhvB9Mu",
            "mhvB9Mu7",
            "hvB9",
            "vB9M",
            "B9Mu",
            "9Mu7",
            "VTvh44Vk",
            "Tvh44VkN",
            "vh44VkNE",
            "h44V",
            "44Vk",
            "4VkN",
            "VkNE",
            "GX8ZZZW9",
            "X8ZZZW9O",
            "8ZZZW9Ou",
            "ZZZW",
            "ZZW9",
            "ZW9O",
            "W9Ou",
            "JI6hXc6S",
            "I6hXc6SZ",
            "6hXc6SZU",
            "hXc6",
            "Xc6S",
            "c6SZ",
            "6SZU",
            "JQDh1ZSg",
            "QDh1ZSgi",
            "Dh1ZSgiw",
            "h1ZS",
            "1ZSg",
            "ZSgi",
            "Sgiw",
            "xG2h9dJc",
            "G2h9dJcH",
            "2h9dJcHa",
            "h9dJ",
            "9dJc",
            "dJcH",
            "JcHa",
            "Y4rZ7NJC",
            "4rZ7NJCy",
            "rZ7NJCyW",
            "Z7NJ",
            "7NJC",
            "NJCy",
            "JCyW",
            "LUPhqJEm",
            "UPhqJEmh",
            "PhqJEmhw",
            "hqJE",
            "qJEm",
            "JEmh",
            "Emhw",
            "Ms1hkNwy",
            "s1hkNwyv",
            "1hkNwyvm",
            "hkNw",
            "kNwy",
            "Nwyv",
            "wyvm",
            "BGLhYJO1",
            "GLhYJO1b",
            "LhYJO1b0",
            "hYJO",
            "YJO1",
            "JO1b",
            "O1b0",
            "iNCh2Oil",
            "NCh2OilS",
            "Ch2OilSm",
            "h2Oi",
            "2Oil",
            "OilS",
            "ilSm",
            "t9ahuiBh",
            "9ahuiBh1",
            "ahuiBh1J",
            "huiB",
            "uiBh",
            "iBh1",
            "Bh1J",
            "YoNhwU3w",
            "oNhwU3wp",
            "NhwU3wpo",
            "hwU3",
            "wU3w",
            "U3wp",
            "3wpo",
            "uDLh3unY",
            "DLh3unYb",
            "Lh3unYbe",
            "h3un",
            "3unY",
            "unYb",
            "nYbe",
            "esLhyDoW",
            "sLhyDoWN",
            "LhyDoWNv",
            "hyDo",
            "yDoW",
            "DoWN",
            "oWNv",
            "clNhp3Xc",
            "lNhp3XcJ",
            "Nhp3XcJE",
            "hp3X",
            "p3Xc",
            "3XcJ",
            "XcJE",
            "UrehJHGD",
            "rehJHGDD",
            "ehJHGDDd",
            "hJHG",
            "JHGD",
            "HGDD",
            "GDDd",
            "QObh8ANB",
            "Obh8ANBt",
            "bh8ANBtU",
            "h8AN",
            "8ANB",
            "ANBt",
            "NBtU",
            "QTKhS2t6",
            "TKhS2t6r",
            "KhS2t6rA",
            "hS2t",
            "S2t6",
            "2t6r",
            "t6rA",
            "Tw7hcUoa",
            "w7hcUoa7",
            "7hcUoa7j",
            "hcUo",
            "cUoa",
            "Uoa7",
            "oa7j",
            "UBAhgc9f",
            "BAhgc9f7",
            "Ahgc9f77",
            "hgc9",
            "gc9f",
            "c9f7",
            "9f77",
            "MTKhFJDd",
            "TKhFJDdj",
            "KhFJDdj4",
            "hFJD",
            "FJDd",
            "JDdj",
            "Ddj4",
            "yeShaO43",
            "eShaO43N",
            "ShaO43Nb",
            "haO4",
            "aO43",
            "O43N",
            "43Nb",
            "nC3h0gFn",
            "C3h0gFnc",
            "3h0gFnc2",
            "h0gF",
            "0gFn",
            "gFnc",
            "Fnc2",
            "k0ghA5dX",
            "0ghA5dXh",
            "ghA5dXha",
            "hA5d",
            "A5dX",
            "5dXh",
            "dXha",
            "dwahOq06",
            "wahOq06J",
            "ahOq06JD",
            "hOq0",
            "Oq06",
            "q06J",
            "06JD",
            "Xephoqhd",
            "ephoqhdF",
            "phoqhdFO",
            "hoqh",
            "oqhd",
            "qhdF",
            "hdFO",
            "QBEhjhne",
            "BEhjhneC",
            "EhjhneCg",
            "hjhn",
            "jhne",
            "hneC",
            "neCg",
            "slwhbguM",
            "lwhbguM8",
            "whbguM8j",
            "hbgu",
            "bguM",
            "guM8",
            "uM8j",
            "I8chQAHs",
            "8chQAHsa",
            "chQAHsa4",
            "hQAH",
            "QAHs",
            "AHsa",
            "Hsa4",
            "DQ2hiqeF",
            "Q2hiqeFg",
            "2hiqeFgI",
            "hiqe",
            "iqeF",
            "qeFg",
            "eFgI",
            "SZoht2am",
            "Zoht2amg",
            "oht2amg7",
            "ht2a",
            "t2am",
            "2amg",
            "amg7",
            "pFDhdFQG",
            "FDhdFQG2",
            "DhdFQG2f",
            "hdFQ",
            "dFQG",
            "FQG2",
            "QG2f",
            "bQDhCp9J",
            "QDhCp9J3",
            "DhCp9J3N",
            "hCp9",
            "Cp9J",
            "p9J3",
            "9J3N",
            "H3QhMGjs",
            "3QhMGjsa",
            "QhMGjsan",
            "hMGj",
            "MGjs",
            "Gjsa",
            "jsan",
            "cQhhxhKA",
            "QhhxhKAB",
            "hhxhKABq",
            "hxhK",
            "xhKA",
            "hKAB",
            "KABq",
            "z4JhzgW1",
            "4JhzgW1W",
            "JhzgW1Wd",
            "hzgW",
            "zgW1",
            "gW1W",
            "W1Wd",
            "VbQBVFV0",
            "bQBVFV0e",
            "QBVFV0ep",
            "BVFV",
            "VFV0",
            "FV0e",
            "V0ep",
            "SvqBH78a",
            "vqBH78aJ",
            "qBH78aJq",
            "BH78",
            "H78a",
            "78aJ",
            "8aJq",
            "YxEBnOxU",
            "xEBnOxUt",
            "EBnOxUtY",
            "BnOx",
            "nOxU",
            "OxUt",
            "xUtY",
            "XDbBE6I0",
            "DbBE6I08",
            "bBE6I08m",
            "BE6I",
            "E6I0",
            "6I08",
            "I08m",
            "KcTBZtUP",
            "cTBZtUP5",
            "TBZtUP5P",
            "BZtU",
            "ZtUP",
            "tUP5",
            "UP5P",
            "cAcB74eG",
            "AcB74eGt",
            "cB74eGtY",
            "B74e",
            "74eG",
            "4eGt",
            "eGtY",
            "g47BWrCW",
            "47BWrCWL",
            "7BWrCWLV",
            "BWrC",
            "WrCW",
            "rCWL",
            "CWLV",
            "MhDBNAux",
            "hDBNAuxe",
            "DBNAuxeb",
            "BNAu",
            "NAux",
            "Auxe",
            "uxeb",
            "aVfBstI6",
            "VfBstI61",
            "fBstI61o",
            "BstI",
            "stI6",
            "tI61",
            "I61o",
            "lTVB6Vgh",
            "TVB6VghP",
            "VB6VghP8",
            "B6Vg",
            "6Vgh",
            "VghP",
            "ghP8",
            "LNPBhmgr",
            "NPBhmgr1",
            "PBhmgr1m",
            "Bhmg",
            "hmgr",
            "mgr1",
            "gr1m",
            "pg5BBDVW",
            "g5BBDVWT",
            "5BBDVWTr",
            "BBDV",
            "BDVW",
            "DVWT",
            "VWTr",
            "UNDBKvWk",
            "NDBKvWky",
            "DBKvWkyn",
            "BKvW",
            "KvWk",
            "vWky",
            "Wkyn",
            "cqsBUclt",
            "qsBUcltj",
            "sBUcltjJ",
            "BUcl",
            "Uclt",
            "cltj",
            "ltjJ",
            "djdBreD2",
            "jdBreD2n",
            "dBreD2nB",
            "BreD",
            "reD2",
            "eD2n",
            "D2nB",
            "AZLBTSq3",
            "ZLBTSq3V",
            "LBTSq3Vl",
            "BTSq",
            "TSq3",
            "Sq3V",
            "q3Vl",
            "VTXBeTND",
            "TXBeTND2",
            "XBeTND2P",
            "BeTN",
            "eTND",
            "TND2",
            "ND2P",
            "lx0BPJp2",
            "x0BPJp2O",
            "0BPJp2On",
            "BPJp",
            "PJp2",
            "Jp2O",
            "p2On",
            "xQRBGtrf",
            "QRBGtrfv",
            "RBGtrfvf",
            "BGtr",
            "Gtrf",
            "trfv",
            "rfvf",
            "BSDBlxe8",
            "SDBlxe8c",
            "DBlxe8cU",
            "Blxe",
            "lxe8",
            "xe8c",
            "e8cU",
            "DbpBI6Nx",
            "bpBI6NxE",
            "pBI6NxEp",
            "BI6N",
            "I6Nx",
            "6NxE",
            "NxEp",
            "UjrBLSDj",
            "jrBLSDjZ",
            "rBLSDjZb",
            "BLSD",
            "LSDj",
            "SDjZ",
            "DjZb",
            "tyXBRPk2",
            "yXBRPk22",
            "XBRPk22r",
            "BRPk",
            "RPk2",
            "Pk22",
            "k22r",
            "nwFBfCVm",
            "wFBfCVmo",
            "FBfCVmok",
            "BfCV",
            "fCVm",
            "CVmo",
            "Vmok",
            "mSSB53fP",
            "SSB53fPw",
            "SB53fPwo",
            "B53f",
            "53fP",
            "3fPw",
            "fPwo",
            "xCOBDubO",
            "COBDubOP",
            "OBDubOPV",
            "BDub",
            "DubO",
            "ubOP",
            "bOPV",
            "M1IBmvpe",
            "1IBmvpeL",
            "IBmvpeLt",
            "Bmvp",
            "mvpe",
            "vpeL",
            "peLt",
            "T5RBv2ai",
            "5RBv2ai1",
            "RBv2ai19",
            "Bv2a",
            "v2ai",
            "2ai1",
            "ai19",
            "iGGB4SVB",
            "GGB4SVBV",
            "GB4SVBVT",
            "B4SV",
            "4SVB",
            "SVBV",
            "VBVT",
            "lfIBXkFa",
            "fIBXkFaT",
            "IBXkFaTA",
            "BXkF",
            "XkFa",
            "kFaT",
            "FaTA",
            "q6jB1p1x",
            "6jB1p1xd",
            "jB1p1xdK",
            "B1p1",
            "1p1x",
            "p1xd",
            "1xdK",
            "YnRBqZa3",
            "nRBqZa3h",
            "RBqZa3he",
            "BqZa",
            "qZa3",
            "Za3h",
            "a3he",
            "JPRBkZ3X",
            "PRBkZ3Xi",
            "RBkZ3Xiq",
            "BkZ3",
            "kZ3X",
            "Z3Xi",
            "3Xiq",
            "iadBYjR0",
            "adBYjR0i",
            "dBYjR0io",
            "BYjR",
            "YjR0",
            "jR0i",
            "R0io",
            "SZNZW5LI",
            "ZNZW5LId",
            "NZW5LIdc",
            "ZW5L",
            "W5LI",
            "5LId",
            "LIdc",
            "tPqB2CUZ",
            "PqB2CUZt",
            "qB2CUZtI",
            "B2CU",
            "2CUZ",
            "CUZt",
            "UZtI",
            "PFYBuqfI",
            "FYBuqfIs",
            "YBuqfIsR",
            "Buqf",
            "uqfI",
            "qfIs",
            "fIsR",
            "BtiBwAxn",
            "tiBwAxn3",
            "iBwAxn3L",
            "BwAx",
            "wAxn",
            "Axn3",
            "xn3L",
            "CuFB35NG",
            "uFB35NGP",
            "FB35NGPq",
            "B35N",
            "35NG",
            "5NGP",
            "NGPq",
            "uXmBySeI",
            "XmBySeIv",
            "mBySeIvF",
            "BySe",
            "ySeI",
            "SeIv",
            "eIvF",
            "O4UBp22y",
            "4UBp22yb",
            "UBp22ybk",
            "Bp22",
            "p22y",
            "22yb",
            "2ybk",
            "DU2BJK3o",
            "U2BJK3or",
            "2BJK3orI",
            "BJK3",
            "JK3o",
            "K3or",
            "3orI",
            "lgYB8MHO",
            "gYB8MHOo",
            "YB8MHOo2",
            "B8MH",
            "8MHO",
            "MHOo",
            "HOo2",
            "veHBSOQQ",
            "eHBSOQQS",
            "HBSOQQSU",
            "BSOQ",
            "SOQQ",
            "OQQS",
            "QQSU",
            "k87bpRRNCEDLpvU4",
            "87bpRRNCEDLpvU4p",
            "7bpRRNCEDLpvU4pO",
            "bpRRNCEDLpvU4pOT",
            "pRRNCEDLpvU4",
            "RRNCEDLpvU4p",
            "RNCEDLpvU4pO",
            "NCEDLpvU4pOT",
            "CEDLpvU4",
            "EDLpvU4p",
            "DLpvU4pO",
            "LpvU4pOT",
            "pvU4",
            "vU4p",
            "U4pO",
            "4pOT",
            "M7JsoiRsXv6SGMtT",
            "7JsoiRsXv6SGMtTX",
            "JsoiRsXv6SGMtTXC",
            "soiRsXv6SGMtTXCd",
            "oiRsXv6SGMtT",
            "iRsXv6SGMtTX",
            "RsXv6SGMtTXC",
            "sXv6SGMtTXCd",
            "Xv6SGMtT",
            "v6SGMtTX",
            "6SGMtTXC",
            "SGMtTXCd",
            "GMtT",
            "MtTX",
            "tTXC",
            "TXCd",
            "VByZhnuM",
            "ByZhnuMn",
            "yZhnuMnS",
            "Zhnu",
            "hnuM",
            "nuMn",
            "uMnS",
            "rufZBX3s",
            "ufZBX3sP",
            "fZBX3sPp",
            "ZBX3",
            "BX3s",
            "X3sP",
            "3sPp",
            "lo9ZK5ns",
            "o9ZK5nsr",
            "9ZK5nsrH",
            "ZK5n",
            "K5ns",
            "5nsr",
            "nsrH",
            "cHaZUFMj",
            "HaZUFMjt",
            "aZUFMjtx",
            "ZUFM",
            "UFMj",
            "FMjt",
            "Mjtx",
            "lerZreo2",
            "erZreo2u",
            "rZreo2uB",
            "Zreo",
            "reo2",
            "eo2u",
            "o2uB",
            "mbqZTFZT",
            "bqZTFZTS",
            "qZTFZTS3",
            "ZTFZ",
            "TFZT",
            "FZTS",
            "ZTS3",
            "QnkZewau",
            "nkZewauU",
            "kZewauUA",
            "Zewa",
            "ewau",
            "wauU",
            "auUA",
            "dUrZP3wk",
            "UrZP3wk7",
            "rZP3wk7E",
            "ZP3w",
            "P3wk",
            "3wk7",
            "wk7E",
            "i7GZRmlB",
            "7GZRmlBm",
            "GZRmlBmN",
            "ZRml",
            "RmlB",
            "mlBm",
            "lBmN",
            "RISZfVfp",
            "ISZfVfpm",
            "SZfVfpm9",
            "ZfVf",
            "fVfp",
            "Vfpm",
            "fpm9",
            "JuiOVhRKbrpT5boa",
            "uiOVhRKbrpT5boaJ",
            "iOVhRKbrpT5boaJx",
            "OVhRKbrpT5boaJx2",
            "VhRKbrpT5boa",
            "hRKbrpT5boaJ",
            "RKbrpT5boaJx",
            "KbrpT5boaJx2",
            "brpT5boa",
            "rpT5boaJ",
            "pT5boaJx",
            "T5boaJx2",
            "5boa",
            "boaJ",
            "oaJx",
            "aJx2",
            "nA0Zl5nx",
            "A0Zl5nxq",
            "0Zl5nxqK",
            "Zl5n",
            "l5nx",
            "5nxq",
            "nxqK",
            "aANZIXAJ",
            "ANZIXAJ3",
            "NZIXAJ3V",
            "ZIXA",
            "IXAJ",
            "XAJ3",
            "AJ3V",
            "mLyZL9lD",
            "LyZL9lD8",
            "yZL9lD8I",
            "ZL9l",
            "L9lD",
            "9lD8",
            "lD8I",
            "grjFKrRUpMTbGmDK",
            "rjFKrRUpMTbGmDKC",
            "jFKrRUpMTbGmDKCQ",
            "FKrRUpMTbGmDKCQM",
            "KrRUpMTbGmDK",
            "rRUpMTbGmDKC",
            "RUpMTbGmDKCQ",
            "UpMTbGmDKCQM",
            "pMTbGmDK",
            "MTbGmDKC",
            "TbGmDKCQ",
            "bGmDKCQM",
            "GmDK",
            "mDKC",
            "DKCQ",
            "KCQM",
            "DIuyfJRr0SJmN9lS",
            "IuyfJRr0SJmN9lSs",
            "uyfJRr0SJmN9lSsg",
            "yfJRr0SJmN9lSsg0",
            "fJRr0SJmN9lS",
            "JRr0SJmN9lSs",
            "Rr0SJmN9lSsg",
            "r0SJmN9lSsg0",
            "0SJmN9lS",
            "SJmN9lSs",
            "JmN9lSsg",
            "mN9lSsg0",
            "N9lS",
            "9lSs",
            "lSsg",
            "Ssg0",
            "RnNZwTyw",
            "nNZwTywD",
            "NZwTywDV",
            "ZwTy",
            "wTyw",
            "TywD",
            "ywDV",
            "kv7Z3FA0",
            "v7Z3FA0m",
            "7Z3FA0m4",
            "Z3FA",
            "3FA0",
            "FA0m",
            "A0m4",
            "sZeO0iRT9upBM1q6",
            "ZeO0iRT9upBM1q67",
            "eO0iRT9upBM1q67R",
            "O0iRT9upBM1q67RS",
            "0iRT9upBM1q6",
            "iRT9upBM1q67",
            "RT9upBM1q67R",
            "T9upBM1q67RS",
            "9upBM1q6",
            "upBM1q67",
            "pBM1q67R",
            "BM1q67RS",
            "M1q6",
            "1q67",
            "q67R",
            "67RS",
            "GaVZDTAR",
            "aVZDTARi",
            "VZDTARiX",
            "ZDTA",
            "DTAR",
            "TARi",
            "ARiX",
            "CUKBcwvy",
            "UKBcwvyK",
            "KBcwvyKi",
            "Bcwv",
            "cwvy",
            "wvyK",
            "vyKi",
            "eb1ZmpRK",
            "b1ZmpRK4",
            "1ZmpRK4W",
            "ZmpR",
            "mpRK",
            "pRK4",
            "RK4W",
            "LDlZvh9q",
            "DlZvh9qG",
            "lZvh9qGQ",
            "Zvh9",
            "vh9q",
            "h9qG",
            "9qGQ",
            "qTIZ4Myk",
            "TIZ4Myks",
            "IZ4MyksM",
            "Z4My",
            "4Myk",
            "Myks",
            "yksM",
            "EZmZXI2a",
            "ZmZXI2aS",
            "mZXI2aSN",
            "ZXI2",
            "XI2a",
            "I2aS",
            "2aSN",
            "zJFZ1PvO",
            "JFZ1PvO9",
            "FZ1PvO9v",
            "Z1Pv",
            "1PvO",
            "PvO9",
            "vO9v",
            "LoiZ9D2p",
            "oiZ9D2pZ",
            "iZ9D2pZk",
            "Z9D2",
            "9D2p",
            "D2pZ",
            "2pZk",
            "QvDZqlfG",
            "vDZqlfG5",
            "DZqlfG52",
            "Zqlf",
            "qlfG",
            "lfG5",
            "fG52",
            "ajZZkZ3N",
            "jZZkZ3NS",
            "ZZkZ3NSZ",
            "ZkZ3",
            "kZ3N",
            "Z3NS",
            "3NSZ",
            "OGhZY2CY",
            "GhZY2CYb",
            "hZY2CYb5",
            "ZY2C",
            "Y2CY",
            "2CYb",
            "CYb5",
            "ra1Z2SSq",
            "a1Z2SSq3",
            "1Z2SSq3u",
            "Z2SS",
            "2SSq",
            "SSq3",
            "Sq3u",
            "PeQZu0uM",
            "eQZu0uMY",
            "QZu0uMYb",
            "Zu0u",
            "u0uM",
            "0uMY",
            "uMYb",
            "LADLQYReYsFOfSIW",
            "ADLQYReYsFOfSIW9",
            "DLQYReYsFOfSIW9f",
            "LQYReYsFOfSIW9fb",
            "QYReYsFOfSIW",
            "YReYsFOfSIW9",
            "ReYsFOfSIW9f",
            "eYsFOfSIW9fb",
            "YsFOfSIW",
            "sFOfSIW9",
            "FOfSIW9f",
            "OfSIW9fb",
            "fSIW",
            "SIW9",
            "IW9f",
            "W9fb",
            "SuGi1JRPyecpelLF",
            "uGi1JRPyecpelLFI",
            "Gi1JRPyecpelLFIL",
            "i1JRPyecpelLFILJ",
            "1JRPyecpelLF",
            "JRPyecpelLFI",
            "RPyecpelLFIL",
            "PyecpelLFILJ",
            "yecpelLF",
            "ecpelLFI",
            "cpelLFIL",
            "pelLFILJ",
            "elLF",
            "lLFI",
            "LFIL",
            "FILJ",
            "M53iVSRGDot6Bf2v",
            "53iVSRGDot6Bf2vw",
            "3iVSRGDot6Bf2vwP",
            "iVSRGDot6Bf2vwPp",
            "VSRGDot6Bf2v",
            "SRGDot6Bf2vw",
            "RGDot6Bf2vwP",
            "GDot6Bf2vwPp",
            "Dot6Bf2v",
            "ot6Bf2vw",
            "t6Bf2vwP",
            "6Bf2vwPp",
            "Bf2v",
            "f2vw",
            "2vwP",
            "vwPp",
            "leYBgoeq",
            "eYBgoeqM",
            "YBgoeqMB",
            "Bgoe",
            "goeq",
            "oeqM",
            "eqMB",
            "wxdKhURl9m6q2oNl",
            "xdKhURl9m6q2oNlw",
            "dKhURl9m6q2oNlwD",
            "KhURl9m6q2oNlwDT",
            "hURl9m6q2oNl",
            "URl9m6q2oNlw",
            "Rl9m6q2oNlwD",
            "l9m6q2oNlwDT",
            "9m6q2oNl",
            "m6q2oNlw",
            "6q2oNlwD",
            "q2oNlwDT",
            "2oNl",
            "oNlw",
            "NlwD",
            "lwDT",
            "WDtdbmRI7UkcjQja",
            "DtdbmRI7UkcjQja7",
            "tdbmRI7UkcjQja7a",
            "dbmRI7UkcjQja7ax",
            "bmRI7UkcjQja",
            "mRI7UkcjQja7",
            "RI7UkcjQja7a",
            "I7UkcjQja7ax",
            "7UkcjQja",
            "UkcjQja7",
            "kcjQja7a",
            "cjQja7ax",
            "jQja",
            "Qja7",
            "ja7a",
            "a7ax",
            "XmOZJhvt",
            "mOZJhvtB",
            "OZJhvtB0",
            "ZJhv",
            "Jhvt",
            "hvtB",
            "vtB0",
            "WWEZ82AZ",
            "WEZ82AZF",
            "EZ82AZFO",
            "Z82A",
            "82AZ",
            "2AZF",
            "AZFO",
            "e0llrHRLD8SAj5dl",
            "0llrHRLD8SAj5dla",
            "llrHRLD8SAj5dlaN",
            "lrHRLD8SAj5dlaN6",
            "rHRLD8SAj5dl",
            "HRLD8SAj5dla",
            "RLD8SAj5dlaN",
            "LD8SAj5dlaN6",
            "D8SAj5dl",
            "8SAj5dla",
            "SAj5dlaN",
            "Aj5dlaN6",
            "j5dl",
            "5dla",
            "dlaN",
            "laN6",
            "XBRkn5RRtBrxOhp6",
            "BRkn5RRtBrxOhp6H",
            "Rkn5RRtBrxOhp6HQ",
            "kn5RRtBrxOhp6HQB",
            "n5RRtBrxOhp6",
            "5RRtBrxOhp6H",
            "RRtBrxOhp6HQ",
            "RtBrxOhp6HQB",
            "tBrxOhp6",
            "BrxOhp6H",
            "rxOhp6HQ",
            "xOhp6HQB",
            "Ohp6",
            "hp6H",
            "p6HQ",
            "6HQB",
            "K98BgbRfXjXuTgso",
            "98BgbRfXjXuTgsoJ",
            "8BgbRfXjXuTgsoJy",
            "BgbRfXjXuTgsoJyQ",
            "gbRfXjXuTgso",
            "bRfXjXuTgsoJ",
            "RfXjXuTgsoJy",
            "fXjXuTgsoJyQ",
            "XjXuTgso",
            "jXuTgsoJ",
            "XuTgsoJy",
            "uTgsoJyQ",
            "Tgso",
            "gsoJ",
            "soJy",
            "oJyQ",
            "eKTKftR1erKf0Ocm",
            "KTKftR1erKf0Ocm7",
            "TKftR1erKf0Ocm7y",
            "KftR1erKf0Ocm7yJ",
            "ftR1erKf0Ocm",
            "tR1erKf0Ocm7",
            "R1erKf0Ocm7y",
            "1erKf0Ocm7yJ",
            "erKf0Ocm",
            "rKf0Ocm7",
            "Kf0Ocm7y",
            "f0Ocm7yJ",
            "0Ocm",
            "Ocm7",
            "cm7y",
            "m7yJ",
            "hmWhN8R9gAtgqyLG",
            "mWhN8R9gAtgqyLGJ",
            "WhN8R9gAtgqyLGJu",
            "hN8R9gAtgqyLGJuX",
            "N8R9gAtgqyLG",
            "8R9gAtgqyLGJ",
            "R9gAtgqyLGJu",
            "9gAtgqyLGJuX",
            "gAtgqyLG",
            "AtgqyLGJ",
            "tgqyLGJu",
            "gqyLGJuX",
            "qyLG",
            "yLGJ",
            "LGJu",
            "GJuX",
            "Ur5OdQRqPDlO3G6d",
            "r5OdQRqPDlO3G6de",
            "5OdQRqPDlO3G6deH",
            "OdQRqPDlO3G6deHZ",
            "dQRqPDlO3G6d",
            "QRqPDlO3G6de",
            "RqPDlO3G6deH",
            "qPDlO3G6deHZ",
            "PDlO3G6d",
            "DlO3G6de",
            "lO3G6deH",
            "O3G6deHZ",
            "3G6d",
            "G6de",
            "6deH",
            "deHZ",
            "GftkiPRkXI4pTxK7",
            "ftkiPRkXI4pTxK7R",
            "tkiPRkXI4pTxK7Rh",
            "kiPRkXI4pTxK7RhO",
            "iPRkXI4pTxK7",
            "PRkXI4pTxK7R",
            "RkXI4pTxK7Rh",
            "kXI4pTxK7RhO",
            "XI4pTxK7",
            "I4pTxK7R",
            "4pTxK7Rh",
            "pTxK7RhO",
            "TxK7",
            "xK7R",
            "K7Rh",
            "7RhO",
            "NyGrs0RYV89gQQZ0",
            "yGrs0RYV89gQQZ0x",
            "Grs0RYV89gQQZ0x9",
            "rs0RYV89gQQZ0x9D",
            "s0RYV89gQQZ0",
            "0RYV89gQQZ0x",
            "RYV89gQQZ0x9",
            "YV89gQQZ0x9D",
            "V89gQQZ0",
            "89gQQZ0x",
            "9gQQZ0x9",
            "gQQZ0x9D",
            "QQZ0",
            "QZ0x",
            "Z0x9",
            "0x9D",
            "pirkC5R2jl50EedK",
            "irkC5R2jl50EedKO",
            "rkC5R2jl50EedKOn",
            "kC5R2jl50EedKOnQ",
            "C5R2jl50EedK",
            "5R2jl50EedKO",
            "R2jl50EedKOn",
            "2jl50EedKOnQ",
            "jl50EedK",
            "l50EedKO",
            "50EedKOn",
            "0EedKOnQ",
            "EedK",
            "edKO",
            "dKOn",
            "KOnQ",
            "nIMZ0PNc",
            "IMZ0PNc0",
            "MZ0PNc0D",
            "Z0PN",
            "0PNc",
            "PNc0",
            "Nc0D",
            "XFCZAARa",
            "FCZAARaO",
            "CZAARaOx",
            "ZAAR",
            "AARa",
            "ARaO",
            "RaOx",
            "DJLEibRuXugTK14p",
            "JLEibRuXugTK14pF",
            "LEibRuXugTK14pFF",
            "EibRuXugTK14pFFN",
            "ibRuXugTK14p",
            "bRuXugTK14pF",
            "RuXugTK14pFF",
            "uXugTK14pFFN",
            "XugTK14p",
            "ugTK14pF",
            "gTK14pFF",
            "TK14pFFN",
            "K14p",
            "14pF",
            "4pFF",
            "pFFN",
            "KKQmlLRwrFICLfdC",
            "KQmlLRwrFICLfdCM",
            "QmlLRwrFICLfdCMK",
            "mlLRwrFICLfdCMK2",
            "lLRwrFICLfdC",
            "LRwrFICLfdCM",
            "RwrFICLfdCMK",
            "wrFICLfdCMK2",
            "rFICLfdC",
            "FICLfdCM",
            "ICLfdCMK",
            "CLfdCMK2",
            "LfdC",
            "fdCM",
            "dCMK",
            "CMK2",
            "xwo04vR3s5BGjVT9",
            "wo04vR3s5BGjVT9o",
            "o04vR3s5BGjVT9oH",
            "04vR3s5BGjVT9oHe",
            "4vR3s5BGjVT9",
            "vR3s5BGjVT9o",
            "R3s5BGjVT9oH",
            "3s5BGjVT9oHe",
            "s5BGjVT9",
            "5BGjVT9o",
            "BGjVT9oH",
            "GjVT9oHe",
            "jVT9",
            "VT9o",
            "T9oH",
            "9oHe",
            "GbW68qRytHwLwsOh",
            "bW68qRytHwLwsOhW",
            "W68qRytHwLwsOhW6",
            "68qRytHwLwsOhW60",
            "8qRytHwLwsOh",
            "qRytHwLwsOhW",
            "RytHwLwsOhW6",
            "ytHwLwsOhW60",
            "tHwLwsOh",
            "HwLwsOhW",
            "wLwsOhW6",
            "LwsOhW60",
            "wsOh",
            "sOhW",
            "OhW6",
            "hW60",
            "qr4BF91B",
            "r4BF91Bi",
            "4BF91BiI",
            "BF91",
            "F91B",
            "91Bi",
            "1BiI",
            "INaBag4E",
            "NaBag4Ej",
            "aBag4EjB",
            "Bag4",
            "ag4E",
            "g4Ej",
            "4EjB",
            "bowB0X2f",
            "owB0X2fZ",
            "wB0X2fZ8",
            "B0X2",
            "0X2f",
            "X2fZ",
            "2fZ8",
            "WhS4AhRpa4R0v7cJ",
            "hS4AhRpa4R0v7cJV",
            "S4AhRpa4R0v7cJV6",
            "4AhRpa4R0v7cJV6G",
            "AhRpa4R0v7cJ",
            "hRpa4R0v7cJV",
            "Rpa4R0v7cJV6",
            "pa4R0v7cJV6G",
            "a4R0v7cJ",
            "4R0v7cJV",
            "R0v7cJV6",
            "0v7cJV6G",
            "v7cJ",
            "7cJV",
            "cJV6",
            "JV6G",
            "TUvWurRJB28x4ZfS",
            "UvWurRJB28x4ZfS2",
            "vWurRJB28x4ZfS27",
            "WurRJB28x4ZfS27A",
            "urRJB28x4ZfS",
            "rRJB28x4ZfS2",
            "RJB28x4ZfS27",
            "JB28x4ZfS27A",
            "B28x4ZfS",
            "28x4ZfS2",
            "8x4ZfS27",
            "x4ZfS27A",
            "4ZfS",
            "ZfS2",
            "fS27",
            "S27A",
            "YDZZjH0t",
            "DZZjH0tu",
            "ZZjH0tut",
            "ZjH0",
            "jH0t",
            "H0tu",
            "0tut",
            "wtZZbHti",
            "tZZbHtif",
            "ZZbHtifZ",
            "ZbHt",
            "bHti",
            "Htif",
            "tifZ",
            "VgEQt3R8AxmmssoW",
            "gEQt3R8AxmmssoW9",
            "EQt3R8AxmmssoW9l",
            "Qt3R8AxmmssoW9lA",
            "t3R8AxmmssoW",
            "3R8AxmmssoW9",
            "R8AxmmssoW9l",
            "8AxmmssoW9lA",
            "AxmmssoW",
            "xmmssoW9",
            "mmssoW9l",
            "mssoW9lA",
            "ssoW",
            "soW9",
            "oW9l",
            "W9lA",
            "NotImplementedExcept",
            "otImplementedExcepti",
            "tImplementedExceptio",
            "ImplementedException",
            "mplementedExcept",
            "plementedExcepti",
            "lementedExceptio",
            "ementedException",
            "mentedExcept",
            "entedExcepti",
            "ntedExceptio",
            "anatkoRSCX9syrsb",
            "natkoRSCX9syrsbh",
            "atkoRSCX9syrsbhk",
            "tkoRSCX9syrsbhkB",
            "koRSCX9syrsb",
            "oRSCX9syrsbh",
            "RSCX9syrsbhk",
            "SCX9syrsbhkB",
            "CX9syrsb",
            "X9syrsbh",
            "9syrsbhk",
            "syrsbhkB",
            "yrsb",
            "rsbh",
            "sbhk",
            "bhkB",
            "x02p2kRciWX33ZUc",
            "02p2kRciWX33ZUcP",
            "2p2kRciWX33ZUcPS",
            "p2kRciWX33ZUcPSG",
            "2kRciWX33ZUc",
            "kRciWX33ZUcP",
            "RciWX33ZUcPS",
            "ciWX33ZUcPSG",
            "iWX33ZUc",
            "WX33ZUcP",
            "X33ZUcPS",
            "33ZUcPSG",
            "3ZUc",
            "ZUcP",
            "UcPS",
            "cPSG",
            "vmgZirA7",
            "mgZirA7Y",
            "gZirA7Yw",
            "ZirA",
            "irA7",
            "rA7Y",
            "A7Yw",
            "GE8ZtClS",
            "E8ZtClSp",
            "8ZtClSpD",
            "ZtCl",
            "tClS",
            "ClSp",
            "lSpD",
            "x87OP8RgSwaEOmlS",
            "87OP8RgSwaEOmlSO",
            "7OP8RgSwaEOmlSOx",
            "OP8RgSwaEOmlSOxK",
            "P8RgSwaEOmlS",
            "8RgSwaEOmlSO",
            "RgSwaEOmlSOx",
            "gSwaEOmlSOxK",
            "SwaEOmlS",
            "waEOmlSO",
            "aEOmlSOx",
            "EOmlSOxK",
            "OmlS",
            "mlSO",
            "lSOx",
            "SOxK",
            "rvOOPCRFTAD8gsFq",
            "vOOPCRFTAD8gsFqF",
            "OOPCRFTAD8gsFqFO",
            "OPCRFTAD8gsFqFOa",
            "PCRFTAD8gsFq",
            "CRFTAD8gsFqF",
            "RFTAD8gsFqFO",
            "FTAD8gsFqFOa",
            "TAD8gsFq",
            "AD8gsFqF",
            "D8gsFqFO",
            "8gsFqFOa",
            "gsFq",
            "sFqF",
            "FqFO",
            "qFOa",
            "NaDHe8RaFfe1PqDC",
            "aDHe8RaFfe1PqDCS",
            "DHe8RaFfe1PqDCSQ",
            "He8RaFfe1PqDCSQk",
            "e8RaFfe1PqDC",
            "8RaFfe1PqDCS",
            "RaFfe1PqDCSQ",
            "aFfe1PqDCSQk",
            "Ffe1PqDC",
            "fe1PqDCS",
            "e1PqDCSQ",
            "1PqDCSQk",
            "PqDC",
            "qDCS",
            "DCSQ",
            "CSQk",
            "phkZCOMt",
            "hkZCOMtH",
            "kZCOMtHg",
            "ZCOM",
            "COMt",
            "OMtH",
            "MtHg",
            "GXVZMTfb",
            "XVZMTfbe",
            "VZMTfbeF",
            "ZMTf",
            "MTfb",
            "Tfbe",
            "fbeF",
            "MsnSRlR0keyCJpfg",
            "snSRlR0keyCJpfgu",
            "nSRlR0keyCJpfgus",
            "SRlR0keyCJpfgus1",
            "RlR0keyCJpfg",
            "lR0keyCJpfgu",
            "R0keyCJpfgus",
            "0keyCJpfgus1",
            "keyCJpfg",
            "eyCJpfgu",
            "yCJpfgus",
            "CJpfgus1",
            "Jpfg",
            "pfgu",
            "fgus",
            "gus1",
            "rpDt8NRApEWJxLBW",
            "pDt8NRApEWJxLBWu",
            "Dt8NRApEWJxLBWuL",
            "t8NRApEWJxLBWuLX",
            "8NRApEWJxLBW",
            "NRApEWJxLBWu",
            "RApEWJxLBWuL",
            "ApEWJxLBWuLX",
            "pEWJxLBW",
            "EWJxLBWu",
            "WJxLBWuL",
            "JxLBWuLX",
            "xLBW",
            "LBWu",
            "BWuL",
            "WuLX",
            "R2prmkROheqS2uM9",
            "2prmkROheqS2uM99",
            "prmkROheqS2uM99Y",
            "rmkROheqS2uM99YC",
            "mkROheqS2uM9",
            "kROheqS2uM99",
            "ROheqS2uM99Y",
            "OheqS2uM99YC",
            "heqS2uM9",
            "eqS2uM99",
            "qS2uM99Y",
            "S2uM99YC",
            "2uM9",
            "uM99",
            "M99Y",
            "99YC",
            "FvkZzI2g",
            "vkZzI2gU",
            "kZzI2gUJ",
            "ZzI2",
            "zI2g",
            "I2gU",
            "2gUJ",
            "mwa7VWeE",
            "wa7VWeEM",
            "a7VWeEMW",
            "7VWe",
            "VWeE",
            "WeEM",
            "eEMW",
            "oHcJNARoFTZEF2KB",
            "HcJNARoFTZEF2KBd",
            "cJNARoFTZEF2KBdH",
            "JNARoFTZEF2KBdHo",
            "NARoFTZEF2KB",
            "ARoFTZEF2KBd",
            "RoFTZEF2KBdH",
            "oFTZEF2KBdHo",
            "FTZEF2KB",
            "TZEF2KBd",
            "ZEF2KBdH",
            "EF2KBdHo",
            "F2KB",
            "2KBd",
            "KBdH",
            "BdHo",
            "GLhQduRj1hfPl829",
            "LhQduRj1hfPl829f",
            "hQduRj1hfPl829fQ",
            "QduRj1hfPl829fQk",
            "duRj1hfPl829",
            "uRj1hfPl829f",
            "Rj1hfPl829fQ",
            "j1hfPl829fQk",
            "1hfPl829",
            "hfPl829f",
            "fPl829fQ",
            "Pl829fQk",
            "l829",
            "829f",
            "29fQ",
            "9fQk",
            "u6cYu0Rb0XOr5tkG",
            "6cYu0Rb0XOr5tkG7",
            "cYu0Rb0XOr5tkG74",
            "Yu0Rb0XOr5tkG74G",
            "u0Rb0XOr5tkG",
            "0Rb0XOr5tkG7",
            "Rb0XOr5tkG74",
            "b0XOr5tkG74G",
            "0XOr5tkG",
            "XOr5tkG7",
            "Or5tkG74",
            "r5tkG74G",
            "5tkG",
            "tkG7",
            "kG74",
            "G74G",
            "Q3V7nGW3",
            "3V7nGW3F",
            "V7nGW3Fp",
            "7nGW",
            "nGW3",
            "GW3F",
            "W3Fp",
            "K3N7El22",
            "3N7El22F",
            "N7El22Fk",
            "7El2",
            "El22",
            "l22F",
            "22Fk",
            "Vr2g8sRQO29gutCx",
            "r2g8sRQO29gutCxa",
            "2g8sRQO29gutCxap",
            "g8sRQO29gutCxapB",
            "8sRQO29gutCx",
            "sRQO29gutCxa",
            "RQO29gutCxap",
            "QO29gutCxapB",
            "O29gutCx",
            "29gutCxa",
            "9gutCxap",
            "gutCxapB",
            "utCx",
            "tCxa",
            "Cxap",
            "xapB",
            "rFRnruRitXWSO9BH",
            "FRnruRitXWSO9BHQ",
            "RnruRitXWSO9BHQA",
            "nruRitXWSO9BHQA1",
            "ruRitXWSO9BH",
            "uRitXWSO9BHQ",
            "RitXWSO9BHQA",
            "itXWSO9BHQA1",
            "tXWSO9BH",
            "XWSO9BHQ",
            "WSO9BHQA",
            "SO9BHQA1",
            "O9BH",
            "9BHQ",
            "BHQA",
            "HQA1",
            "KpfnyiRtrsFp8WC0",
            "pfnyiRtrsFp8WC0F",
            "fnyiRtrsFp8WC0FX",
            "nyiRtrsFp8WC0FXA",
            "yiRtrsFp8WC0",
            "iRtrsFp8WC0F",
            "RtrsFp8WC0FX",
            "trsFp8WC0FXA",
            "rsFp8WC0",
            "sFp8WC0F",
            "Fp8WC0FX",
            "p8WC0FXA",
            "8WC0",
            "WC0F",
            "C0FX",
            "0FXA",
            "SZk77awE",
            "Zk77awEa",
            "k77awEaC",
            "77aw",
            "7awE",
            "awEa",
            "wEaC",
            "Raf7W2D3",
            "af7W2D3h",
            "f7W2D3hB",
            "7W2D",
            "W2D3",
            "2D3h",
            "D3hB",
            "usD7NY16",
            "sD7NY16c",
            "D7NY16cp",
            "7NY1",
            "NY16",
            "Y16c",
            "16cp",
            "IlphE0RdBsfEaejt",
            "lphE0RdBsfEaejtb",
            "phE0RdBsfEaejtbN",
            "hE0RdBsfEaejtbN5",
            "E0RdBsfEaejt",
            "0RdBsfEaejtb",
            "RdBsfEaejtbN",
            "dBsfEaejtbN5",
            "BsfEaejt",
            "sfEaejtb",
            "fEaejtbN",
            "EaejtbN5",
            "aejt",
            "ejtb",
            "jtbN",
            "tbN5",
            "yeSSUMRC2gLxa8gJ",
            "eSSUMRC2gLxa8gJ7",
            "SSUMRC2gLxa8gJ7V",
            "SUMRC2gLxa8gJ7Vs",
            "UMRC2gLxa8gJ",
            "MRC2gLxa8gJ7",
            "RC2gLxa8gJ7V",
            "C2gLxa8gJ7Vs",
            "2gLxa8gJ",
            "gLxa8gJ7",
            "Lxa8gJ7V",
            "xa8gJ7Vs",
            "a8gJ",
            "8gJ7",
            "gJ7V",
            "J7Vs",
            "ImrC1SRMY0YOHZ9n",
            "mrC1SRMY0YOHZ9na",
            "rC1SRMY0YOHZ9naW",
            "C1SRMY0YOHZ9naWw",
            "1SRMY0YOHZ9n",
            "SRMY0YOHZ9na",
            "RMY0YOHZ9naW",
            "MY0YOHZ9naWw",
            "Y0YOHZ9n",
            "0YOHZ9na",
            "YOHZ9naW",
            "OHZ9naWw",
            "HZ9n",
            "Z9na",
            "9naW",
            "naWw",
            "YLm76ERv",
            "Lm76ERvQ",
            "m76ERvQR",
            "76ER",
            "6ERv",
            "ERvQ",
            "RvQR",
            "N337h3nj",
            "337h3njP",
            "37h3njPh",
            "7h3n",
            "h3nj",
            "3njP",
            "njPh",
            "f4u7BoF1",
            "4u7BoF1D",
            "u7BoF1Db",
            "7BoF",
            "BoF1",
            "oF1D",
            "F1Db",
            "Ux67KNyb",
            "x67KNybr",
            "67KNybrS",
            "7KNy",
            "KNyb",
            "Nybr",
            "ybrS",
            "sNnYPeRxaRBL8h2s",
            "NnYPeRxaRBL8h2st",
            "nYPeRxaRBL8h2std",
            "YPeRxaRBL8h2stdp",
            "PeRxaRBL8h2s",
            "eRxaRBL8h2st",
            "RxaRBL8h2std",
            "xaRBL8h2stdp",
            "aRBL8h2s",
            "RBL8h2st",
            "BL8h2std",
            "L8h2stdp",
            "8h2s",
            "h2st",
            "2std",
            "stdp",
            "tctyWiRzQVUZN2pY",
            "ctyWiRzQVUZN2pYn",
            "tyWiRzQVUZN2pYnX",
            "yWiRzQVUZN2pYnX7",
            "WiRzQVUZN2pY",
            "iRzQVUZN2pYn",
            "RzQVUZN2pYnX",
            "zQVUZN2pYnX7",
            "QVUZN2pY",
            "VUZN2pYn",
            "UZN2pYnX",
            "ZN2pYnX7",
            "N2pY",
            "2pYn",
            "pYnX",
            "YnX7",
            "zaJLmWfVI73pdmBS",
            "aJLmWfVI73pdmBSr",
            "JLmWfVI73pdmBSrt",
            "LmWfVI73pdmBSrtP",
            "mWfVI73pdmBS",
            "WfVI73pdmBSr",
            "fVI73pdmBSrt",
            "VI73pdmBSrtP",
            "I73pdmBS",
            "73pdmBSr",
            "3pdmBSrt",
            "pdmBSrtP",
            "dmBS",
            "mBSr",
            "BSrt",
            "SrtP",
            "Auk7ritv",
            "uk7ritvh",
            "k7ritvh5",
            "7rit",
            "ritv",
            "itvh",
            "tvh5",
            "rvd7TY9I",
            "vd7TY9If",
            "d7TY9IfL",
            "7TY9",
            "TY9I",
            "Y9If",
            "9IfL",
            "hCm7eHqo",
            "Cm7eHqoi",
            "m7eHqoiE",
            "7eHq",
            "eHqo",
            "Hqoi",
            "qoiE",
            "GRwleQfHRSYMHjXE",
            "RwleQfHRSYMHjXEW",
            "wleQfHRSYMHjXEWs",
            "leQfHRSYMHjXEWs7",
            "eQfHRSYMHjXE",
            "QfHRSYMHjXEW",
            "fHRSYMHjXEWs",
            "HRSYMHjXEWs7",
            "RSYMHjXE",
            "SYMHjXEW",
            "YMHjXEWs",
            "MHjXEWs7",
            "HjXE",
            "jXEW",
            "XEWs",
            "EWs7",
            "aoqbZJfnq7ir5nPJ",
            "oqbZJfnq7ir5nPJA",
            "qbZJfnq7ir5nPJAw",
            "bZJfnq7ir5nPJAwW",
            "ZJfnq7ir5nPJ",
            "Jfnq7ir5nPJA",
            "fnq7ir5nPJAw",
            "nq7ir5nPJAwW",
            "q7ir5nPJ",
            "7ir5nPJA",
            "ir5nPJAw",
            "r5nPJAwW",
            "5nPJ",
            "nPJA",
            "PJAw",
            "JAwW",
            "mIFd86fEgt2W73h2",
            "IFd86fEgt2W73h2B",
            "Fd86fEgt2W73h2BC",
            "d86fEgt2W73h2BCV",
            "86fEgt2W73h2",
            "6fEgt2W73h2B",
            "fEgt2W73h2BC",
            "Egt2W73h2BCV",
            "gt2W73h2",
            "t2W73h2B",
            "2W73h2BC",
            "W73h2BCV",
            "73h2",
            "3h2B",
            "h2BC",
            "2BCV",
            "qJI7GnC1",
            "JI7GnC10",
            "I7GnC10n",
            "7GnC",
            "GnC1",
            "nC10",
            "C10n",
            "YI37l5uB",
            "I37l5uBR",
            "37l5uBR4",
            "7l5u",
            "l5uB",
            "5uBR",
            "uBR4",
            "VVK7IMB5",
            "VK7IMB5J",
            "K7IMB5JY",
            "7IMB",
            "IMB5",
            "MB5J",
            "B5JY",
            "YxD7Lmiw",
            "xD7LmiwF",
            "D7LmiwFh",
            "7Lmi",
            "Lmiw",
            "miwF",
            "iwFh",
            "DCG7RyqX",
            "CG7RyqXE",
            "G7RyqXEF",
            "7Ryq",
            "RyqX",
            "yqXE",
            "qXEF",
            "th17fCEJ",
            "h17fCEJ0",
            "17fCEJ0X",
            "7fCE",
            "fCEJ",
            "CEJ0",
            "EJ0X",
            "Dn4KyefZE1WYxQHo",
            "n4KyefZE1WYxQHob",
            "4KyefZE1WYxQHobv",
            "KyefZE1WYxQHobvT",
            "yefZE1WYxQHo",
            "efZE1WYxQHob",
            "fZE1WYxQHobv",
            "ZE1WYxQHobvT",
            "E1WYxQHo",
            "1WYxQHob",
            "WYxQHobv",
            "YxQHobvT",
            "xQHo",
            "QHob",
            "Hobv",
            "obvT",
            "PhrsCNf7UU5DC3Q6",
            "hrsCNf7UU5DC3Q6c",
            "rsCNf7UU5DC3Q6cy",
            "sCNf7UU5DC3Q6cy0",
            "CNf7UU5DC3Q6",
            "Nf7UU5DC3Q6c",
            "f7UU5DC3Q6cy",
            "7UU5DC3Q6cy0",
            "UU5DC3Q6",
            "U5DC3Q6c",
            "5DC3Q6cy",
            "DC3Q6cy0",
            "C3Q6",
            "3Q6c",
            "Q6cy",
            "6cy0",
            "R2ql6MfWLd0sQ8QW",
            "2ql6MfWLd0sQ8QWK",
            "ql6MfWLd0sQ8QWKN",
            "l6MfWLd0sQ8QWKNs",
            "6MfWLd0sQ8QW",
            "MfWLd0sQ8QWK",
            "fWLd0sQ8QWKN",
            "WLd0sQ8QWKNs",
            "Ld0sQ8QW",
            "d0sQ8QWK",
            "0sQ8QWKN",
            "sQ8QWKNs",
            "Q8QW",
            "8QWK",
            "QWKN",
            "WKNs",
            "afV7Dbki",
            "fV7Dbkib",
            "V7DbkibE",
            "7Dbk",
            "Dbki",
            "bkib",
            "kibE",
            "HAG7mg48",
            "AG7mg48T",
            "G7mg48T1",
            "7mg4",
            "mg48",
            "g48T",
            "48T1",
            "dbF7vHQD",
            "bF7vHQDk",
            "F7vHQDkw",
            "7vHQ",
            "vHQD",
            "HQDk",
            "QDkw",
            "IDw74Xy5",
            "Dw74Xy5P",
            "w74Xy5Pe",
            "74Xy",
            "4Xy5",
            "Xy5P",
            "y5Pe",
            "vp97XCnj",
            "p97XCnjg",
            "97XCnjgR",
            "7XCn",
            "XCnj",
            "Cnjg",
            "njgR",
            "GL3MMPfNg6Z4IX4A",
            "L3MMPfNg6Z4IX4Ab",
            "3MMPfNg6Z4IX4Aba",
            "MMPfNg6Z4IX4Aban",
            "MPfNg6Z4IX4A",
            "PfNg6Z4IX4Ab",
            "fNg6Z4IX4Aba",
            "Ng6Z4IX4Aban",
            "g6Z4IX4A",
            "6Z4IX4Ab",
            "Z4IX4Aba",
            "4IX4Aban",
            "IX4A",
            "X4Ab",
            "4Aba",
            "Aban",
            "gZm6WvfsFF5a2BuX",
            "Zm6WvfsFF5a2BuXF",
            "m6WvfsFF5a2BuXFD",
            "6WvfsFF5a2BuXFDR",
            "WvfsFF5a2BuX",
            "vfsFF5a2BuXF",
            "fsFF5a2BuXFD",
            "sFF5a2BuXFDR",
            "FF5a2BuX",
            "F5a2BuXF",
            "5a2BuXFD",
            "a2BuXFDR",
            "2BuX",
            "BuXF",
            "uXFD",
            "XFDR",
            "EGTlr4f6cbuXAPUX",
            "GTlr4f6cbuXAPUXc",
            "Tlr4f6cbuXAPUXc8",
            "lr4f6cbuXAPUXc8s",
            "r4f6cbuXAPUX",
            "4f6cbuXAPUXc",
            "f6cbuXAPUXc8",
            "6cbuXAPUXc8s",
            "cbuXAPUX",
            "buXAPUXc",
            "uXAPUXc8",
            "XAPUXc8s",
            "APUX",
            "PUXc",
            "UXc8",
            "Xc8s",
            "qs379u1o",
            "s379u1oS",
            "379u1oS7",
            "79u1",
            "9u1o",
            "u1oS",
            "1oS7",
            "GJ97qXw2",
            "J97qXw25",
            "97qXw25C",
            "7qXw",
            "qXw2",
            "Xw25",
            "w25C",
            "P1vbF7fhcIGmMK0u",
            "1vbF7fhcIGmMK0uj",
            "vbF7fhcIGmMK0ujG",
            "bF7fhcIGmMK0ujGg",
            "F7fhcIGmMK0u",
            "7fhcIGmMK0uj",
            "fhcIGmMK0ujG",
            "hcIGmMK0ujGg",
            "cIGmMK0u",
            "IGmMK0uj",
            "GmMK0ujG",
            "mMK0ujGg",
            "MK0u",
            "K0uj",
            "0ujG",
            "ujGg",
            "TDQRQvfBqqGmbpaH",
            "DQRQvfBqqGmbpaHq",
            "QRQvfBqqGmbpaHqW",
            "RQvfBqqGmbpaHqWQ",
            "QvfBqqGmbpaH",
            "vfBqqGmbpaHq",
            "fBqqGmbpaHqW",
            "BqqGmbpaHqWQ",
            "qqGmbpaH",
            "qGmbpaHq",
            "GmbpaHqW",
            "mbpaHqWQ",
            "bpaH",
            "paHq",
            "aHqW",
            "HqWQ",
            "bymMwAfK5E6akKNQ",
            "ymMwAfK5E6akKNQL",
            "mMwAfK5E6akKNQLR",
            "MwAfK5E6akKNQLRT",
            "wAfK5E6akKNQ",
            "AfK5E6akKNQL",
            "fK5E6akKNQLR",
            "K5E6akKNQLRT",
            "5E6akKNQ",
            "E6akKNQL",
            "6akKNQLR",
            "akKNQLRT",
            "kKNQ",
            "KNQL",
            "NQLR",
            "QLRT",
            "X7T7u5bR",
            "7T7u5bRh",
            "T7u5bRhC",
            "7u5b",
            "u5bR",
            "5bRh",
            "bRhC",
            "cCG7wYqf",
            "CG7wYqfq",
            "G7wYqfqk",
            "7wYq",
            "wYqf",
            "Yqfq",
            "qfqk",
            "LO4JCjfUTOcfy6YJ",
            "O4JCjfUTOcfy6YJK",
            "4JCjfUTOcfy6YJKX",
            "JCjfUTOcfy6YJKXX",
            "CjfUTOcfy6YJ",
            "jfUTOcfy6YJK",
            "fUTOcfy6YJKX",
            "UTOcfy6YJKXX",
            "TOcfy6YJ",
            "Ocfy6YJK",
            "cfy6YJKX",
            "fy6YJKXX",
            "y6YJ",
            "6YJK",
            "YJKX",
            "JKXX",
            "AddRange",
            "ddRa",
            "dRan",
            "Rang",
            "ange",
            "IEnumera",
            "Enumerab",
            "numerabl",
            "umerable",
            "mera",
            "erab",
            "rabl",
            "Equa",
            "uals",
            "GetHashC",
            "etHashCo",
            "tHashCod",
            "HashCode",
            "ashC",
            "shCo",
            "hCod",
            "Enumerat",
            "numerato",
            "umerator",
            "Curr",
            "urre",
            "rren",
            "rent",
            "MoveNext",
            "oveN",
            "veNe",
            "eNex",
            "Next",
            "GetEnumerato",
            "etEnumerator",
            "tEnumera",
            "oa07YFxQ",
            "a07YFxQ8",
            "07YFxQ8V",
            "7YFx",
            "YFxQ",
            "FxQ8",
            "xQ8V",
            "asj72wZe",
            "sj72wZeE",
            "j72wZeEA",
            "72wZ",
            "2wZe",
            "wZeE",
            "ZeEA",
            "pjjWgofru8HbBCo4",
            "jjWgofru8HbBCo4u",
            "jWgofru8HbBCo4ul",
            "Wgofru8HbBCo4ulZ",
            "gofru8HbBCo4",
            "ofru8HbBCo4u",
            "fru8HbBCo4ul",
            "ru8HbBCo4ulZ",
            "u8HbBCo4",
            "8HbBCo4u",
            "HbBCo4ul",
            "bBCo4ulZ",
            "BCo4",
            "Co4u",
            "o4ul",
            "4ulZ",
            "Phvd14fT3x6nDuvb",
            "hvd14fT3x6nDuvbS",
            "vd14fT3x6nDuvbSy",
            "d14fT3x6nDuvbSyi",
            "14fT3x6nDuvb",
            "4fT3x6nDuvbS",
            "fT3x6nDuvbSy",
            "T3x6nDuvbSyi",
            "3x6nDuvb",
            "x6nDuvbS",
            "6nDuvbSy",
            "nDuvbSyi",
            "Duvb",
            "uvbS",
            "vbSy",
            "bSyi",
            "targ",
            "arge",
            "rget",
            "paramter",
            "aramters",
            "ramt",
            "amte",
            "mter",
            "GINs83id",
            "INs83idw",
            "Ns83idwj",
            "s83i",
            "83id",
            "3idw",
            "idwj",
            "E5IsSaV6",
            "5IsSaV6I",
            "IsSaV6IQ",
            "sSaV",
            "SaV6",
            "aV6I",
            "V6IQ",
            "jX9scqBA",
            "X9scqBAf",
            "9scqBAfQ",
            "scqB",
            "cqBA",
            "qBAf",
            "BAfQ",
            "sb8sgtcI",
            "b8sgtcIu",
            "8sgtcIuI",
            "sgtc",
            "gtcI",
            "tcIu",
            "cIuI",
            "S6dsFUvg",
            "6dsFUvgQ",
            "dsFUvgQT",
            "sFUv",
            "FUvg",
            "UvgQ",
            "vgQT",
            "xVvsaQXw",
            "VvsaQXwH",
            "vsaQXwHc",
            "saQX",
            "aQXw",
            "QXwH",
            "XwHc",
            "Gr0s0jcp",
            "r0s0jcpV",
            "0s0jcpV9",
            "s0jc",
            "0jcp",
            "jcpV",
            "cpV9",
            "zMVsAseQ",
            "MVsAseQ9",
            "VsAseQ9X",
            "sAse",
            "AseQ",
            "seQ9",
            "eQ9X",
            "e9wsOQsG",
            "9wsOQsG6",
            "wsOQsG6r",
            "sOQs",
            "OQsG",
            "QsG6",
            "sG6r",
            "E9Pso3Up",
            "9Pso3Upy",
            "Pso3Upyl",
            "so3U",
            "o3Up",
            "3Upy",
            "Upyl",
            "riMsjsJA",
            "iMsjsJAS",
            "MsjsJASg",
            "sjsJ",
            "jsJA",
            "sJAS",
            "JASg",
            "DOHsbuiQ",
            "OHsbuiQL",
            "HsbuiQLT",
            "sbui",
            "buiQ",
            "uiQL",
            "iQLT",
            "hXssQo5V",
            "XssQo5Vw",
            "ssQo5Vw6",
            "sQo5",
            "Qo5V",
            "o5Vw",
            "5Vw6",
            "rkksivkd",
            "kksivkdJ",
            "ksivkdJg",
            "sivk",
            "ivkd",
            "vkdJ",
            "kdJg",
            "NUGstKq9",
            "UGstKq96",
            "GstKq96L",
            "stKq",
            "tKq9",
            "Kq96",
            "q96L",
            "wQRsdbQP",
            "QRsdbQPV",
            "RsdbQPV0",
            "sdbQ",
            "dbQP",
            "bQPV",
            "QPV0",
            "nc1sCSnv",
            "c1sCSnvT",
            "1sCSnvTC",
            "sCSn",
            "CSnv",
            "SnvT",
            "nvTC",
            "WWPsMcPP",
            "WPsMcPPe",
            "PsMcPPeh",
            "sMcP",
            "McPP",
            "cPPe",
            "PPeh",
            "n3ysxsmH",
            "3ysxsmH7",
            "ysxsmH7M",
            "sxsm",
            "xsmH",
            "smH7",
            "mH7M",
            "mMCszqJ5",
            "MCszqJ5t",
            "CszqJ5tC",
            "szqJ",
            "zqJ5",
            "qJ5t",
            "J5tC",
            "eCg6VLWH",
            "Cg6VLWHT",
            "g6VLWHTB",
            "6VLW",
            "VLWH",
            "LWHT",
            "WHTB",
            "GZc6HkOr",
            "Zc6HkOrb",
            "c6HkOrbL",
            "6HkO",
            "HkOr",
            "kOrb",
            "OrbL",
            "BZF6nr8Y",
            "ZF6nr8Yx",
            "F6nr8Yxv",
            "6nr8",
            "nr8Y",
            "r8Yx",
            "8Yxv",
            "x3s6Eqs8",
            "3s6Eqs8u",
            "s6Eqs8uY",
            "6Eqs",
            "Eqs8",
            "qs8u",
            "s8uY",
            "FGU6ZQRu",
            "GU6ZQRuZ",
            "U6ZQRuZe",
            "6ZQR",
            "ZQRu",
            "QRuZ",
            "RuZe",
            "HNp67RpZ",
            "Np67RpZL",
            "p67RpZLA",
            "67Rp",
            "7RpZ",
            "RpZL",
            "pZLA",
            "vor6WVyl",
            "or6WVyls",
            "r6WVylsr",
            "6WVy",
            "WVyl",
            "Vyls",
            "ylsr",
            "jWj6Nkcu",
            "Wj6NkcuG",
            "j6NkcuGN",
            "6Nkc",
            "Nkcu",
            "kcuG",
            "cuGN",
            "jMB6sDUq",
            "MB6sDUqe",
            "B6sDUqea",
            "6sDU",
            "sDUq",
            "DUqe",
            "Uqea",
            "EuY66BxL",
            "uY66BxL5",
            "Y66BxL5n",
            "66Bx",
            "6BxL",
            "BxL5",
            "xL5n",
            "gqH6hyhE",
            "qH6hyhEC",
            "H6hyhEC5",
            "6hyh",
            "hyhE",
            "yhEC",
            "hEC5",
            "cS96BjCI",
            "S96BjCIZ",
            "96BjCIZ6",
            "6BjC",
            "BjCI",
            "jCIZ",
            "CIZ6",
            "ops6KpLd",
            "ps6KpLds",
            "s6KpLds2",
            "6KpL",
            "KpLd",
            "pLds",
            "Lds2",
            "hEX6UxUA",
            "EX6UxUAD",
            "X6UxUADL",
            "6UxU",
            "UxUA",
            "xUAD",
            "UADL",
            "L3M6rc0P",
            "3M6rc0Pc",
            "M6rc0PcQ",
            "6rc0",
            "rc0P",
            "c0Pc",
            "0PcQ",
            "bmM6T56u",
            "mM6T56ud",
            "M6T56ud9",
            "6T56",
            "T56u",
            "56ud",
            "6ud9",
            "BrM6eKbg",
            "rM6eKbgb",
            "M6eKbgbx",
            "6eKb",
            "eKbg",
            "Kbgb",
            "bgbx",
            "SP06PQSf",
            "P06PQSfA",
            "06PQSfAZ",
            "6PQS",
            "PQSf",
            "QSfA",
            "SfAZ",
            "bKQ6GvoS",
            "KQ6GvoSY",
            "Q6GvoSYH",
            "6Gvo",
            "GvoS",
            "voSY",
            "oSYH",
            "s4p6lFH4",
            "4p6lFH45",
            "p6lFH45E",
            "6lFH",
            "lFH4",
            "FH45",
            "H45E",
            "kp0pmofeErPQbEGM",
            "p0pmofeErPQbEGMe",
            "0pmofeErPQbEGMeI",
            "pmofeErPQbEGMeIu",
            "mofeErPQbEGM",
            "ofeErPQbEGMe",
            "feErPQbEGMeI",
            "eErPQbEGMeIu",
            "ErPQbEGM",
            "rPQbEGMe",
            "PQbEGMeI",
            "QbEGMeIu",
            "bEGM",
            "EGMe",
            "GMeI",
            "MeIu",
            "L4Y7c5dJ",
            "4Y7c5dJR",
            "Y7c5dJRb",
            "7c5d",
            "c5dJ",
            "5dJR",
            "dJRb",
            "RMC7gT9J",
            "MC7gT9JD",
            "C7gT9JDL",
            "7gT9",
            "gT9J",
            "T9JD",
            "9JDL",
            "Clea",
            "lear",
            "iul7F0IE",
            "ul7F0IEk",
            "l7F0IEkG",
            "7F0I",
            "F0IE",
            "0IEk",
            "IEkG",
            "TargetInvocationExceptio",
            "argetInvocationException",
            "rgetInvocationExcept",
            "getInvocationExcepti",
            "etInvocationExceptio",
            "tInvocationException",
            "InvocationExcept",
            "nvocationExcepti",
            "vocationExceptio",
            "ocationException",
            "cationExcept",
            "YXQ7aQDY",
            "XQ7aQDY0",
            "Q7aQDY0r",
            "7aQD",
            "aQDY",
            "QDY0",
            "DY0r",
            "osO70miF",
            "sO70miFS",
            "O70miFS3",
            "70mi",
            "0miF",
            "miFS",
            "iFS3",
            "byv7AMsX",
            "yv7AMsX9",
            "v7AMsX9u",
            "7AMs",
            "AMsX",
            "MsX9",
            "sX9u",
            "tG07OUxh",
            "G07OUxhE",
            "07OUxhEl",
            "7OUx",
            "OUxh",
            "UxhE",
            "xhEl",
            "aQm7owUq",
            "Qm7owUqe",
            "m7owUqeP",
            "7owU",
            "owUq",
            "wUqe",
            "UqeP",
            "ConstructorI",
            "onstructorIn",
            "nstructorInf",
            "structorInfo",
            "tructorI",
            "ructorIn",
            "uctorInf",
            "ctorInfo",
            "torI",
            "orIn",
            "TryGetVa",
            "ryGetVal",
            "yGetValu",
            "OverflowExceptio",
            "verflowException",
            "erflowExcept",
            "rflowExcepti",
            "flowExceptio",
            "lowException",
            "owExcept",
            "wExcepti",
            "NullReferenceExcepti",
            "ullReferenceExceptio",
            "llReferenceException",
            "lReferenceExcept",
            "ReferenceExcepti",
            "eferenceExceptio",
            "ferenceException",
            "erenceExcept",
            "renceExcepti",
            "enceExceptio",
            "nceException",
            "ceExcept",
            "eExcepti",
            "ArithmeticExcept",
            "rithmeticExcepti",
            "ithmeticExceptio",
            "thmeticException",
            "hmeticExcept",
            "meticExcepti",
            "eticExceptio",
            "ticException",
            "icExcept",
            "cExcepti",
            "bWM7bsLC",
            "WM7bsLCP",
            "M7bsLCP7",
            "7bsL",
            "bsLC",
            "sLCP",
            "LCP7",
            "MhTNhe2e",
            "hTNhe2e5",
            "TNhe2e58",
            "Nhe2",
            "he2e",
            "e2e5",
            "2e58",
            "wuRNBUfK",
            "uRNBUfKU",
            "RNBUfKU2",
            "NBUf",
            "BUfK",
            "UfKU",
            "fKU2",
            "DnSsNGFb",
            "nSsNGFbs",
            "SsNGFbsF",
            "sNGF",
            "NGFb",
            "GFbs",
            "FbsF",
            "EmptyTyp",
            "mptyType",
            "ptyTypes",
            "tyTy",
            "yTyp",
            "ypes",
            "izeo",
            "zeof",
            "HIZsI9SZ",
            "IZsI9SZ5",
            "ZsI9SZ52",
            "sI9S",
            "I9SZ",
            "9SZ5",
            "SZ52",
            "ePVsLTta",
            "PVsLTtaI",
            "VsLTtaIp",
            "sLTt",
            "LTta",
            "TtaI",
            "taIp",
            "JLos1Dho",
            "Los1Dhor",
            "os1Dhorl",
            "s1Dh",
            "1Dho",
            "Dhor",
            "horl",
            "sJEs9xmI",
            "JEs9xmIw",
            "Es9xmIwE",
            "s9xm",
            "9xmI",
            "xmIw",
            "mIwE",
            "LocalBuilder",
            "ocalBuil",
            "calBuild",
            "alBuilde",
            "lBuilder",
            "Buil",
            "uild",
            "ilde",
            "lder",
            "Ldob",
            "dobj",
            "Stlo",
            "tloc",
            "Ldlo",
            "dloc",
            "Castclas",
            "astclass",
            "stcl",
            "tcla",
            "clas",
            "lass",
            "Stel",
            "tele",
            "elem",
            "Unbo",
            "nbox",
            "Ldel",
            "dele",
            "Ldnu",
            "dnul",
            "null",
            "loca",
            "Ldin",
            "dind",
            "nJssqXHR",
            "JssqXHRX",
            "ssqXHRXp",
            "sqXH",
            "qXHR",
            "XHRX",
            "HRXp",
            "Ldfl",
            "dfld",
            "flda",
            "Ldsf",
            "dsfl",
            "sfld",
            "rBXskrqs",
            "BXskrqsX",
            "XskrqsXq",
            "skrq",
            "krqs",
            "rqsX",
            "qsXq",
            "Newo",
            "ewob",
            "wobj",
            "ICesYN0i",
            "CesYN0ib",
            "esYN0ibX",
            "sYN0",
            "YN0i",
            "N0ib",
            "0ibX",
            "YfLs2e7J",
            "fLs2e7Jc",
            "Ls2e7Jcm",
            "s2e7",
            "2e7J",
            "e7Jc",
            "7Jcm",
            "Stin",
            "tind",
            "J7AsuoIM",
            "7AsuoIM2",
            "AsuoIM2x",
            "suoI",
            "uoIM",
            "oIM2",
            "IM2x",
            "fxXswTVa",
            "xXswTVar",
            "XswTVar3",
            "swTV",
            "wTVa",
            "TVar",
            "Var3",
            "eoLs3W8g",
            "oLs3W8gk",
            "Ls3W8gkm",
            "s3W8",
            "3W8g",
            "W8gk",
            "8gkm",
            "Vh5syBVE",
            "h5syBVEZ",
            "5syBVEZf",
            "syBV",
            "yBVE",
            "BVEZ",
            "VEZf",
            "XwTspJKE",
            "wTspJKEd",
            "TspJKEdZ",
            "spJK",
            "pJKE",
            "JKEd",
            "KEdZ",
            "Ht5sJUqe",
            "t5sJUqeN",
            "5sJUqeNm",
            "sJUq",
            "JUqe",
            "UqeN",
            "qeNm",
            "D19VvtfPW7AhNYOq",
            "19VvtfPW7AhNYOqV",
            "9VvtfPW7AhNYOqV2",
            "VvtfPW7AhNYOqV2k",
            "vtfPW7AhNYOq",
            "tfPW7AhNYOqV",
            "fPW7AhNYOqV2",
            "PW7AhNYOqV2k",
            "W7AhNYOq",
            "7AhNYOqV",
            "AhNYOqV2",
            "hNYOqV2k",
            "NYOq",
            "YOqV",
            "OqV2",
            "qV2k",
            "m08R8ifGeSPJJ2Vn",
            "08R8ifGeSPJJ2Vn5",
            "8R8ifGeSPJJ2Vn5L",
            "R8ifGeSPJJ2Vn5Lc",
            "8ifGeSPJJ2Vn",
            "ifGeSPJJ2Vn5",
            "fGeSPJJ2Vn5L",
            "GeSPJJ2Vn5Lc",
            "eSPJJ2Vn",
            "SPJJ2Vn5",
            "PJJ2Vn5L",
            "JJ2Vn5Lc",
            "J2Vn",
            "2Vn5",
            "Vn5L",
            "n5Lc",
            "RnoySOfl0uahvQxy",
            "noySOfl0uahvQxy9",
            "oySOfl0uahvQxy98",
            "ySOfl0uahvQxy988",
            "SOfl0uahvQxy",
            "Ofl0uahvQxy9",
            "fl0uahvQxy98",
            "l0uahvQxy988",
            "0uahvQxy",
            "uahvQxy9",
            "ahvQxy98",
            "hvQxy988",
            "vQxy",
            "Qxy9",
            "xy98",
            "y988",
            "lWa3HO70",
            "Wa3HO70q",
            "a3HO70qA",
            "3HO7",
            "HO70",
            "O70q",
            "70qA",
            "abYAC8fI7T7gBvo2",
            "bYAC8fI7T7gBvo2b",
            "YAC8fI7T7gBvo2b9",
            "AC8fI7T7gBvo2b9Y",
            "C8fI7T7gBvo2",
            "8fI7T7gBvo2b",
            "fI7T7gBvo2b9",
            "I7T7gBvo2b9Y",
            "7T7gBvo2",
            "T7gBvo2b",
            "7gBvo2b9",
            "gBvo2b9Y",
            "Bvo2",
            "vo2b",
            "o2b9",
            "2b9Y",
            "MekYHmfL0ucHoWo5",
            "ekYHmfL0ucHoWo58",
            "kYHmfL0ucHoWo58N",
            "YHmfL0ucHoWo58Ns",
            "HmfL0ucHoWo5",
            "mfL0ucHoWo58",
            "fL0ucHoWo58N",
            "L0ucHoWo58Ns",
            "0ucHoWo5",
            "ucHoWo58",
            "cHoWo58N",
            "HoWo58Ns",
            "oWo5",
            "Wo58",
            "o58N",
            "58Ns",
            "g5862uKr",
            "5862uKrZ",
            "862uKrZU",
            "62uK",
            "2uKr",
            "uKrZ",
            "KrZU",
            "LPvUcef4WnCZklKm",
            "PvUcef4WnCZklKmy",
            "vUcef4WnCZklKmyA",
            "Ucef4WnCZklKmyAY",
            "cef4WnCZklKm",
            "ef4WnCZklKmy",
            "f4WnCZklKmyA",
            "4WnCZklKmyAY",
            "WnCZklKm",
            "nCZklKmy",
            "CZklKmyA",
            "ZklKmyAY",
            "klKm",
            "lKmy",
            "KmyA",
            "myAY",
            "IF865HO2",
            "F865HO2C",
            "865HO2C9",
            "65HO",
            "5HO2",
            "HO2C",
            "O2C9",
            "pUd6Du5m",
            "Ud6Du5ms",
            "d6Du5msl",
            "6Du5",
            "Du5m",
            "u5ms",
            "5msl",
            "vdR6mpgj",
            "dR6mpgjM",
            "R6mpgjMP",
            "6mpg",
            "mpgj",
            "pgjM",
            "gjMP",
            "Py86vwY8",
            "y86vwY8G",
            "86vwY8GI",
            "6vwY",
            "vwY8",
            "wY8G",
            "Y8GI",
            "TJP64ilI",
            "JP64ilIk",
            "P64ilIkG",
            "64il",
            "4ilI",
            "ilIk",
            "lIkG",
            "lDQ6XUdU",
            "DQ6XUdUq",
            "Q6XUdUqd",
            "6XUd",
            "XUdU",
            "UdUq",
            "dUqd",
            "VBC61esX",
            "BC61esXN",
            "C61esXNp",
            "61es",
            "1esX",
            "esXN",
            "sXNp",
            "wcA69wyj",
            "cA69wyjt",
            "A69wyjtp",
            "69wy",
            "9wyj",
            "wyjt",
            "yjtp",
            "fKl6q01c",
            "Kl6q01cN",
            "l6q01cNL",
            "6q01",
            "q01c",
            "01cN",
            "1cNL",
            "InvalidCastException",
            "nvalidCastExcept",
            "validCastExcepti",
            "alidCastExceptio",
            "lidCastException",
            "idCastExcept",
            "dCastExcepti",
            "CastExceptio",
            "astException",
            "stExcept",
            "bRw6k0oN",
            "Rw6k0oNX",
            "w6k0oNXo",
            "6k0o",
            "k0oN",
            "0oNX",
            "oNXo",
            "qve6YiFZ",
            "ve6YiFZr",
            "e6YiFZru",
            "6YiF",
            "YiFZ",
            "iFZr",
            "FZru",
            "B1RsZufXixBEOhsf",
            "1RsZufXixBEOhsfg",
            "RsZufXixBEOhsfgv",
            "sZufXixBEOhsfgvL",
            "ZufXixBEOhsf",
            "ufXixBEOhsfg",
            "fXixBEOhsfgv",
            "XixBEOhsfgvL",
            "ixBEOhsf",
            "xBEOhsfg",
            "BEOhsfgv",
            "EOhsfgvL",
            "Ohsf",
            "hsfg",
            "sfgv",
            "fgvL",
            "QQbv9Tf1oQWJwyPn",
            "Qbv9Tf1oQWJwyPnw",
            "bv9Tf1oQWJwyPnwh",
            "v9Tf1oQWJwyPnwh8",
            "9Tf1oQWJwyPn",
            "Tf1oQWJwyPnw",
            "f1oQWJwyPnwh",
            "1oQWJwyPnwh8",
            "oQWJwyPn",
            "QWJwyPnw",
            "WJwyPnwh",
            "JwyPnwh8",
            "wyPn",
            "yPnw",
            "Pnwh",
            "nwh8",
            "ihA6wVTQ",
            "hA6wVTQD",
            "A6wVTQD1",
            "6wVT",
            "wVTQ",
            "VTQD",
            "TQD1",
            "Kju633fV",
            "ju633fVa",
            "u633fVaA",
            "633f",
            "33fV",
            "3fVa",
            "fVaA",
            "CdvAc0f9Bs7xio6N",
            "dvAc0f9Bs7xio6NY",
            "vAc0f9Bs7xio6NYm",
            "Ac0f9Bs7xio6NYm4",
            "c0f9Bs7xio6N",
            "0f9Bs7xio6NY",
            "f9Bs7xio6NYm",
            "9Bs7xio6NYm4",
            "Bs7xio6N",
            "s7xio6NY",
            "7xio6NYm",
            "xio6NYm4",
            "io6N",
            "o6NY",
            "6NYm",
            "NYm4",
            "YUVyRYfqWhxeFGos",
            "UVyRYfqWhxeFGosD",
            "VyRYfqWhxeFGosDP",
            "yRYfqWhxeFGosDPl",
            "RYfqWhxeFGos",
            "YfqWhxeFGosD",
            "fqWhxeFGosDP",
            "qWhxeFGosDPl",
            "WhxeFGos",
            "hxeFGosD",
            "xeFGosDP",
            "eFGosDPl",
            "FGos",
            "GosD",
            "osDP",
            "sDPl",
            "LLIO3xfkL54xFuh0",
            "LIO3xfkL54xFuh0p",
            "IO3xfkL54xFuh0pV",
            "O3xfkL54xFuh0pVg",
            "3xfkL54xFuh0",
            "xfkL54xFuh0p",
            "fkL54xFuh0pV",
            "kL54xFuh0pVg",
            "L54xFuh0",
            "54xFuh0p",
            "4xFuh0pV",
            "xFuh0pVg",
            "Fuh0",
            "uh0p",
            "h0pV",
            "0pVg",
            "FHT6p2X8",
            "HT6p2X8u",
            "T6p2X8uq",
            "6p2X",
            "p2X8",
            "2X8u",
            "X8uq",
            "T6tMbZfYnCORrPnm",
            "6tMbZfYnCORrPnmv",
            "tMbZfYnCORrPnmvK",
            "MbZfYnCORrPnmvKM",
            "bZfYnCORrPnm",
            "ZfYnCORrPnmv",
            "fYnCORrPnmvK",
            "YnCORrPnmvKM",
            "nCORrPnm",
            "CORrPnmv",
            "ORrPnmvK",
            "RrPnmvKM",
            "rPnm",
            "Pnmv",
            "nmvK",
            "mvKM",
            "Upln4Zf2uWmJ2tgB",
            "pln4Zf2uWmJ2tgBY",
            "ln4Zf2uWmJ2tgBYG",
            "n4Zf2uWmJ2tgBYGA",
            "4Zf2uWmJ2tgB",
            "Zf2uWmJ2tgBY",
            "f2uWmJ2tgBYG",
            "2uWmJ2tgBYGA",
            "uWmJ2tgB",
            "WmJ2tgBY",
            "mJ2tgBYG",
            "J2tgBYGA",
            "2tgB",
            "tgBY",
            "gBYG",
            "BYGA",
            "c7jEJDfueeGxILg6",
            "7jEJDfueeGxILg6c",
            "jEJDfueeGxILg6cH",
            "EJDfueeGxILg6cHG",
            "JDfueeGxILg6",
            "DfueeGxILg6c",
            "fueeGxILg6cH",
            "ueeGxILg6cHG",
            "eeGxILg6",
            "eGxILg6c",
            "GxILg6cH",
            "xILg6cHG",
            "ILg6",
            "Lg6c",
            "g6cH",
            "6cHG",
            "kbW68RAR",
            "bW68RARg",
            "W68RARgr",
            "68RA",
            "8RAR",
            "RARg",
            "ARgr",
            "ksp6SUFX",
            "sp6SUFXk",
            "p6SUFXkx",
            "6SUF",
            "SUFX",
            "UFXk",
            "FXkx",
            "eyu8ygfwydFLBRBG",
            "yu8ygfwydFLBRBGX",
            "u8ygfwydFLBRBGXb",
            "8ygfwydFLBRBGXbt",
            "ygfwydFLBRBG",
            "gfwydFLBRBGX",
            "fwydFLBRBGXb",
            "wydFLBRBGXbt",
            "ydFLBRBG",
            "dFLBRBGX",
            "FLBRBGXb",
            "LBRBGXbt",
            "BRBG",
            "RBGX",
            "BGXb",
            "GXbt",
            "yQ6Y3Mf3NEDaVijV",
            "Q6Y3Mf3NEDaVijVd",
            "6Y3Mf3NEDaVijVdc",
            "Y3Mf3NEDaVijVdc7",
            "3Mf3NEDaVijV",
            "Mf3NEDaVijVd",
            "f3NEDaVijVdc",
            "3NEDaVijVdc7",
            "NEDaVijV",
            "EDaVijVd",
            "DaVijVdc",
            "aVijVdc7",
            "VijV",
            "ijVd",
            "jVdc",
            "Vdc7",
            "nlhBMRfyBAHEwlTw",
            "lhBMRfyBAHEwlTwV",
            "hBMRfyBAHEwlTwV6",
            "BMRfyBAHEwlTwV6s",
            "MRfyBAHEwlTw",
            "RfyBAHEwlTwV",
            "fyBAHEwlTwV6",
            "yBAHEwlTwV6s",
            "BAHEwlTw",
            "AHEwlTwV",
            "HEwlTwV6",
            "EwlTwV6s",
            "wlTw",
            "lTwV",
            "TwV6",
            "wV6s",
            "m39UMWfp4sd384et",
            "39UMWfp4sd384et0",
            "9UMWfp4sd384et0S",
            "UMWfp4sd384et0SF",
            "MWfp4sd384et",
            "Wfp4sd384et0",
            "fp4sd384et0S",
            "p4sd384et0SF",
            "4sd384et",
            "sd384et0",
            "d384et0S",
            "384et0SF",
            "84et",
            "4et0",
            "et0S",
            "t0SF",
            "Ly7BoqAO",
            "y7BoqAOk",
            "7BoqAOkf",
            "BoqA",
            "oqAO",
            "qAOk",
            "AOkf",
            "idWBjJDC",
            "dWBjJDCF",
            "WBjJDCF2",
            "BjJD",
            "jJDC",
            "JDCF",
            "DCF2",
            "tMXBbPjC",
            "MXBbPjCt",
            "XBbPjCts",
            "BbPj",
            "bPjC",
            "PjCt",
            "jCts",
            "Bs3BQwG1",
            "s3BQwG1E",
            "3BQwG1EQ",
            "BQwG",
            "QwG1",
            "wG1E",
            "G1EQ",
            "UPrBiy1c",
            "PrBiy1cO",
            "rBiy1cOZ",
            "Biy1",
            "iy1c",
            "y1cO",
            "1cOZ",
            "eIeBtnya",
            "IeBtnyaQ",
            "eBtnyaQU",
            "Btny",
            "tnya",
            "nyaQ",
            "yaQU",
            "gML6gjTQ",
            "ML6gjTQT",
            "L6gjTQTC",
            "6gjT",
            "gjTQ",
            "jTQT",
            "TQTC",
            "yBwoGGfJSKtgSNXw",
            "BwoGGfJSKtgSNXwD",
            "woGGfJSKtgSNXwDI",
            "oGGfJSKtgSNXwDIi",
            "GGfJSKtgSNXw",
            "GfJSKtgSNXwD",
            "fJSKtgSNXwDI",
            "JSKtgSNXwDIi",
            "SKtgSNXw",
            "KtgSNXwD",
            "tgSNXwDI",
            "gSNXwDIi",
            "SNXw",
            "NXwD",
            "XwDI",
            "wDIi",
            "c9oUswf8SMtC3unm",
            "9oUswf8SMtC3unmy",
            "oUswf8SMtC3unmyA",
            "Uswf8SMtC3unmyAM",
            "swf8SMtC3unm",
            "wf8SMtC3unmy",
            "f8SMtC3unmyA",
            "8SMtC3unmyAM",
            "SMtC3unm",
            "MtC3unmy",
            "tC3unmyA",
            "C3unmyAM",
            "3unm",
            "unmy",
            "nmyA",
            "myAM",
            "n5P60kE8",
            "5P60kE8p",
            "P60kE8pO",
            "60kE",
            "0kE8",
            "kE8p",
            "E8pO",
            "Nullable",
            "ulla",
            "llab",
            "labl",
            "b8vZbufSroJXELW4",
            "8vZbufSroJXELW4R",
            "vZbufSroJXELW4RY",
            "ZbufSroJXELW4RY7",
            "bufSroJXELW4",
            "ufSroJXELW4R",
            "fSroJXELW4RY",
            "SroJXELW4RY7",
            "roJXELW4",
            "oJXELW4R",
            "JXELW4RY",
            "XELW4RY7",
            "ELW4",
            "LW4R",
            "W4RY",
            "4RY7",
            "HasValue",
            "asVa",
            "sVal",
            "GetValueOrDefaul",
            "etValueOrDefault",
            "tValueOrDefa",
            "ValueOrDefau",
            "alueOrDefaul",
            "lueOrDefault",
            "ueOrDefa",
            "eOrDefau",
            "OrDefaul",
            "rDefault",
            "Defa",
            "efau",
            "faul",
            "ault",
            "H4B64Afcp0XZA5SW",
            "4B64Afcp0XZA5SWG",
            "B64Afcp0XZA5SWGv",
            "64Afcp0XZA5SWGvn",
            "4Afcp0XZA5SW",
            "Afcp0XZA5SWG",
            "fcp0XZA5SWGv",
            "cp0XZA5SWGvn",
            "p0XZA5SW",
            "0XZA5SWG",
            "XZA5SWGv",
            "ZA5SWGvn",
            "A5SW",
            "5SWG",
            "SWGv",
            "WGvn",
            "Tg8aMofgCCGdyI8p",
            "g8aMofgCCGdyI8pN",
            "8aMofgCCGdyI8pNl",
            "aMofgCCGdyI8pNlK",
            "MofgCCGdyI8p",
            "ofgCCGdyI8pN",
            "fgCCGdyI8pNl",
            "gCCGdyI8pNlK",
            "CCGdyI8p",
            "CGdyI8pN",
            "GdyI8pNl",
            "dyI8pNlK",
            "yI8p",
            "I8pN",
            "8pNl",
            "pNlK",
            "Qx637W6ah8UZQlaY",
            "x637W6ah8UZQlaYE",
            "637W6ah8UZQlaYEL",
            "37W6ah8UZQlaYELv",
            "7W6ah8UZQlaY",
            "W6ah8UZQlaYE",
            "6ah8UZQlaYEL",
            "ah8UZQlaYELv",
            "h8UZQlaY",
            "8UZQlaYE",
            "UZQlaYEL",
            "ZQlaYELv",
            "QlaY",
            "laYE",
            "aYEL",
            "YELv",
            "Bd06QiJe",
            "d06QiJeo",
            "06QiJeo7",
            "6QiJ",
            "QiJe",
            "iJeo",
            "Jeo7",
            "ySxIiOfFdrQJxGkd",
            "SxIiOfFdrQJxGkdy",
            "xIiOfFdrQJxGkdyG",
            "IiOfFdrQJxGkdyGk",
            "iOfFdrQJxGkd",
            "OfFdrQJxGkdy",
            "fFdrQJxGkdyG",
            "FdrQJxGkdyGk",
            "drQJxGkd",
            "rQJxGkdy",
            "QJxGkdyG",
            "JxGkdyGk",
            "xGkd",
            "Gkdy",
            "kdyG",
            "dyGk",
            "Y9V3X8qi",
            "9V3X8qiT",
            "V3X8qiTW",
            "3X8q",
            "X8qi",
            "8qiT",
            "qiTW",
            "N8V6O1X4",
            "8V6O1X4y",
            "V6O1X4yx",
            "6O1X",
            "O1X4",
            "1X4y",
            "X4yx",
            "kMU6oBdY",
            "MU6oBdYn",
            "U6oBdYns",
            "6oBd",
            "oBdY",
            "BdYn",
            "dYns",
            "tt66jR72",
            "t66jR72o",
            "66jR72oJ",
            "6jR7",
            "jR72",
            "R72o",
            "72oJ",
            "QY86bPQ0",
            "Y86bPQ0c",
            "86bPQ0cv",
            "6bPQ",
            "bPQ0",
            "PQ0c",
            "Q0cv",
            "RemoveAt",
            "emov",
            "move",
            "oveA",
            "veAt",
            "fvwhuEfaVNKY1dkL",
            "vwhuEfaVNKY1dkLY",
            "whuEfaVNKY1dkLYC",
            "huEfaVNKY1dkLYCu",
            "uEfaVNKY1dkL",
            "EfaVNKY1dkLY",
            "faVNKY1dkLYC",
            "aVNKY1dkLYCu",
            "VNKY1dkL",
            "NKY1dkLY",
            "KY1dkLYC",
            "Y1dkLYCu",
            "1dkL",
            "dkLY",
            "kLYC",
            "LYCu",
            "sydFPef0ZCZNIcmh",
            "ydFPef0ZCZNIcmhJ",
            "dFPef0ZCZNIcmhJV",
            "FPef0ZCZNIcmhJVf",
            "Pef0ZCZNIcmh",
            "ef0ZCZNIcmhJ",
            "f0ZCZNIcmhJV",
            "0ZCZNIcmhJVf",
            "ZCZNIcmh",
            "CZNIcmhJ",
            "ZNIcmhJV",
            "NIcmhJVf",
            "Icmh",
            "cmhJ",
            "mhJV",
            "hJVf",
            "te3hTD4B",
            "e3hTD4B7",
            "3hTD4B7F",
            "hTD4",
            "TD4B",
            "D4B7",
            "4B7F",
            "StringBuilde",
            "tringBuilder",
            "ringBuil",
            "ingBuild",
            "ngBuilde",
            "gBuilder",
            "gm0KLlfAjjF630L2",
            "m0KLlfAjjF630L2b",
            "0KLlfAjjF630L2b8",
            "KLlfAjjF630L2b82",
            "LlfAjjF630L2",
            "lfAjjF630L2b",
            "fAjjF630L2b8",
            "AjjF630L2b82",
            "jjF630L2",
            "jF630L2b",
            "F630L2b8",
            "630L2b82",
            "30L2",
            "0L2b",
            "L2b8",
            "2b82",
            "IFormatProvi",
            "FormatProvid",
            "ormatProvide",
            "rmatProvider",
            "matProvi",
            "atProvid",
            "tProvide",
            "lfP6tUgv",
            "fP6tUgvX",
            "P6tUgvXg",
            "6tUg",
            "tUgv",
            "UgvX",
            "gvXg",
            "L4L6Ck62",
            "4L6Ck62Z",
            "L6Ck62Zh",
            "6Ck6",
            "Ck62",
            "k62Z",
            "62Zh",
            "nbJ5186MtH3CYq0E",
            "bJ5186MtH3CYq0E0",
            "J5186MtH3CYq0E07",
            "5186MtH3CYq0E07W",
            "186MtH3CYq0E",
            "86MtH3CYq0E0",
            "6MtH3CYq0E07",
            "MtH3CYq0E07W",
            "tH3CYq0E",
            "H3CYq0E0",
            "3CYq0E07",
            "CYq0E07W",
            "Yq0E",
            "q0E0",
            "0E07",
            "E07W",
            "x5v4fA6xpPhpJ8vX",
            "5v4fA6xpPhpJ8vXm",
            "v4fA6xpPhpJ8vXmp",
            "4fA6xpPhpJ8vXmpS",
            "fA6xpPhpJ8vX",
            "A6xpPhpJ8vXm",
            "6xpPhpJ8vXmp",
            "xpPhpJ8vXmpS",
            "pPhpJ8vX",
            "PhpJ8vXm",
            "hpJ8vXmp",
            "pJ8vXmpS",
            "J8vX",
            "8vXm",
            "vXmp",
            "XmpS",
            "QnNhV435",
            "nNhV435K",
            "NhV435K3",
            "hV43",
            "V435",
            "435K",
            "35K3",
            "koNpHqhHLE9NHTRI",
            "oNpHqhHLE9NHTRIu",
            "NpHqhHLE9NHTRIug",
            "pHqhHLE9NHTRIugd",
            "HqhHLE9NHTRI",
            "qhHLE9NHTRIu",
            "hHLE9NHTRIug",
            "HLE9NHTRIugd",
            "LE9NHTRI",
            "E9NHTRIu",
            "9NHTRIug",
            "NHTRIugd",
            "HTRI",
            "TRIu",
            "RIug",
            "Iugd",
            "geImdmhnnVeAf1JO",
            "eImdmhnnVeAf1JOW",
            "ImdmhnnVeAf1JOWi",
            "mdmhnnVeAf1JOWiO",
            "dmhnnVeAf1JO",
            "mhnnVeAf1JOW",
            "hnnVeAf1JOWi",
            "nnVeAf1JOWiO",
            "nVeAf1JO",
            "VeAf1JOW",
            "eAf1JOWi",
            "Af1JOWiO",
            "f1JO",
            "1JOW",
            "JOWi",
            "OWiO",
            "sjqhZjJj",
            "jqhZjJjU",
            "qhZjJjU0",
            "hZjJ",
            "ZjJj",
            "jJjU",
            "JjU0",
            "hp4DYyh7viWR6qKn",
            "p4DYyh7viWR6qKno",
            "4DYyh7viWR6qKnoh",
            "DYyh7viWR6qKnohl",
            "Yyh7viWR6qKn",
            "yh7viWR6qKno",
            "h7viWR6qKnoh",
            "7viWR6qKnohl",
            "viWR6qKn",
            "iWR6qKno",
            "WR6qKnoh",
            "R6qKnohl",
            "6qKn",
            "qKno",
            "Knoh",
            "nohl",
            "FnliVyhWbQ3uQ7d3",
            "nliVyhWbQ3uQ7d3A",
            "liVyhWbQ3uQ7d3Ag",
            "iVyhWbQ3uQ7d3AgS",
            "VyhWbQ3uQ7d3",
            "yhWbQ3uQ7d3A",
            "hWbQ3uQ7d3Ag",
            "WbQ3uQ7d3AgS",
            "bQ3uQ7d3",
            "Q3uQ7d3A",
            "3uQ7d3Ag",
            "uQ7d3AgS",
            "Q7d3",
            "7d3A",
            "d3Ag",
            "3AgS",
            "sUIhsvMV",
            "UIhsvMVc",
            "IhsvMVcG",
            "hsvM",
            "svMV",
            "vMVc",
            "MVcG",
            "K83Qmlh6gtXVsgJN",
            "83Qmlh6gtXVsgJN9",
            "3Qmlh6gtXVsgJN91",
            "Qmlh6gtXVsgJN91x",
            "mlh6gtXVsgJN",
            "lh6gtXVsgJN9",
            "h6gtXVsgJN91",
            "6gtXVsgJN91x",
            "gtXVsgJN",
            "tXVsgJN9",
            "XVsgJN91",
            "VsgJN91x",
            "sgJN",
            "gJN9",
            "JN91",
            "N91x",
            "qG50RmhhqnDRufSq",
            "G50RmhhqnDRufSqk",
            "50RmhhqnDRufSqkK",
            "0RmhhqnDRufSqkKj",
            "RmhhqnDRufSq",
            "mhhqnDRufSqk",
            "hhqnDRufSqkK",
            "hqnDRufSqkKj",
            "qnDRufSq",
            "nDRufSqk",
            "DRufSqkK",
            "RufSqkKj",
            "ufSq",
            "fSqk",
            "SqkK",
            "qkKj",
            "yBNhBOxc",
            "BNhBOxco",
            "NhBOxcof",
            "hBOx",
            "BOxc",
            "Oxco",
            "xcof",
            "kNhhKC2n",
            "NhhKC2n6",
            "hhKC2n6L",
            "hKC2",
            "KC2n",
            "C2n6",
            "2n6L",
            "unQhUhSG",
            "nQhUhSGi",
            "QhUhSGiG",
            "hUhS",
            "UhSG",
            "hSGi",
            "SGiG",
            "S1Ohraoy",
            "1OhraoyV",
            "OhraoyV6",
            "hrao",
            "raoy",
            "aoyV",
            "oyV6",
            "Aw9fCUfOLiRLKUT7",
            "w9fCUfOLiRLKUT7H",
            "9fCUfOLiRLKUT7Hg",
            "fCUfOLiRLKUT7HgC",
            "CUfOLiRLKUT7",
            "UfOLiRLKUT7H",
            "fOLiRLKUT7Hg",
            "OLiRLKUT7HgC",
            "LiRLKUT7",
            "iRLKUT7H",
            "RLKUT7Hg",
            "LKUT7HgC",
            "KUT7",
            "UT7H",
            "T7Hg",
            "7HgC",
            "WRA48bfoT7rXhMhs",
            "RA48bfoT7rXhMhs9",
            "A48bfoT7rXhMhs9C",
            "48bfoT7rXhMhs9Cc",
            "8bfoT7rXhMhs",
            "bfoT7rXhMhs9",
            "foT7rXhMhs9C",
            "oT7rXhMhs9Cc",
            "T7rXhMhs",
            "7rXhMhs9",
            "rXhMhs9C",
            "XhMhs9Cc",
            "hMhs",
            "Mhs9",
            "hs9C",
            "s9Cc",
            "y5PjCFfiA5UAgJgf",
            "5PjCFfiA5UAgJgff",
            "PjCFfiA5UAgJgffR",
            "jCFfiA5UAgJgffR7",
            "CFfiA5UAgJgf",
            "FfiA5UAgJgff",
            "fiA5UAgJgffR",
            "iA5UAgJgffR7",
            "A5UAgJgf",
            "5UAgJgff",
            "UAgJgffR",
            "AgJgffR7",
            "gJgf",
            "Jgff",
            "gffR",
            "ffR7",
            "BCDUvLftRQp4Z7dw",
            "CDUvLftRQp4Z7dwh",
            "DUvLftRQp4Z7dwhO",
            "UvLftRQp4Z7dwhOD",
            "vLftRQp4Z7dw",
            "LftRQp4Z7dwh",
            "ftRQp4Z7dwhO",
            "tRQp4Z7dwhOD",
            "RQp4Z7dw",
            "Qp4Z7dwh",
            "p4Z7dwhO",
            "4Z7dwhOD",
            "Z7dw",
            "7dwh",
            "dwhO",
            "whOD",
            "v0GXg0fd88pPxr0u",
            "0GXg0fd88pPxr0u6",
            "GXg0fd88pPxr0u6E",
            "Xg0fd88pPxr0u6Er",
            "g0fd88pPxr0u",
            "0fd88pPxr0u6",
            "fd88pPxr0u6E",
            "d88pPxr0u6Er",
            "88pPxr0u",
            "8pPxr0u6",
            "pPxr0u6E",
            "Pxr0u6Er",
            "xr0u",
            "r0u6",
            "0u6E",
            "u6Er",
            "03DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "3DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "CEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "EB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "B56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "6B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "42C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "2C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "22DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "2DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "E2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "21DA9906CD70AB73267EAB1A3947BFD894D19372",
            "1DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "A9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "9906CD70AB73267EAB1A3947BFD894D19372",
            "906CD70AB73267EAB1A3947BFD894D19372B",
            "06CD70AB73267EAB1A3947BFD894D19372BC",
            "6CD70AB73267EAB1A3947BFD894D19372BC7",
            "CD70AB73267EAB1A3947BFD894D19372",
            "D70AB73267EAB1A3947BFD894D19372B",
            "70AB73267EAB1A3947BFD894D19372BC",
            "0AB73267EAB1A3947BFD894D19372BC7",
            "AB73267EAB1A3947BFD894D19372",
            "B73267EAB1A3947BFD894D19372B",
            "73267EAB1A3947BFD894D19372BC",
            "3267EAB1A3947BFD894D19372BC7",
            "267EAB1A3947BFD894D19372",
            "67EAB1A3947BFD894D19372B",
            "7EAB1A3947BFD894D19372BC",
            "EAB1A3947BFD894D19372BC7",
            "AB1A3947BFD894D19372",
            "B1A3947BFD894D19372B",
            "1A3947BFD894D19372BC",
            "A3947BFD894D19372BC7",
            "3947BFD894D19372",
            "947BFD894D19372B",
            "47BFD894D19372BC",
            "7BFD894D19372BC7",
            "BFD894D19372",
            "FD894D19372B",
            "D894D19372BC",
            "894D19372BC7",
            "94D19372",
            "4D19372B",
            "D19372BC",
            "19372BC7",
            "9372",
            "372B",
            "72BC",
            "2BC7",
            "0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "48EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "8EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "F5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "0630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "30BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "0BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "DDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "DB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "B19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "9388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "88CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "8CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "B6378436E3C65D03DD66DA7C6EBFF563BD85",
            "6378436E3C65D03DD66DA7C6EBFF563BD857",
            "378436E3C65D03DD66DA7C6EBFF563BD857A",
            "78436E3C65D03DD66DA7C6EBFF563BD8",
            "8436E3C65D03DD66DA7C6EBFF563BD85",
            "436E3C65D03DD66DA7C6EBFF563BD857",
            "36E3C65D03DD66DA7C6EBFF563BD857A",
            "6E3C65D03DD66DA7C6EBFF563BD8",
            "E3C65D03DD66DA7C6EBFF563BD85",
            "3C65D03DD66DA7C6EBFF563BD857",
            "C65D03DD66DA7C6EBFF563BD857A",
            "65D03DD66DA7C6EBFF563BD8",
            "5D03DD66DA7C6EBFF563BD85",
            "D03DD66DA7C6EBFF563BD857",
            "03DD66DA7C6EBFF563BD857A",
            "3DD66DA7C6EBFF563BD8",
            "DD66DA7C6EBFF563BD85",
            "D66DA7C6EBFF563BD857",
            "66DA7C6EBFF563BD857A",
            "6DA7C6EBFF563BD8",
            "DA7C6EBFF563BD85",
            "A7C6EBFF563BD857",
            "7C6EBFF563BD857A",
            "C6EBFF563BD8",
            "6EBFF563BD85",
            "EBFF563BD857",
            "BFF563BD857A",
            "FF563BD8",
            "F563BD85",
            "563BD857",
            "63BD857A",
            "3BD8",
            "BD85",
            "D857",
            "857A",
            "128605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "28605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "8605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "05DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "5DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "D5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "C3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "7EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "B915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "15E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "5E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "DA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "A22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "2D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "F52C595C0CF7986D911ED2CA1C403FB7",
            "52C595C0CF7986D911ED2CA1C403FB7B",
            "2C595C0CF7986D911ED2CA1C403FB7B8",
            "C595C0CF7986D911ED2CA1C403FB7B83",
            "595C0CF7986D911ED2CA1C403FB7",
            "95C0CF7986D911ED2CA1C403FB7B",
            "5C0CF7986D911ED2CA1C403FB7B8",
            "C0CF7986D911ED2CA1C403FB7B83",
            "0CF7986D911ED2CA1C403FB7",
            "CF7986D911ED2CA1C403FB7B",
            "F7986D911ED2CA1C403FB7B8",
            "7986D911ED2CA1C403FB7B83",
            "986D911ED2CA1C403FB7",
            "86D911ED2CA1C403FB7B",
            "6D911ED2CA1C403FB7B8",
            "D911ED2CA1C403FB7B83",
            "911ED2CA1C403FB7",
            "11ED2CA1C403FB7B",
            "1ED2CA1C403FB7B8",
            "ED2CA1C403FB7B83",
            "D2CA1C403FB7",
            "2CA1C403FB7B",
            "CA1C403FB7B8",
            "A1C403FB7B83",
            "1C403FB7",
            "C403FB7B",
            "403FB7B8",
            "03FB7B83",
            "3FB7",
            "FB7B",
            "B7B8",
            "7B83",
            "4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "ED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "D3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "DC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "C52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "2D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "04075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "4075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "75F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "5F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "BF279EC4ACEDE079533B95E229A29809542EA324",
            "F279EC4ACEDE079533B95E229A29809542EA324A",
            "279EC4ACEDE079533B95E229A29809542EA324A7",
            "79EC4ACEDE079533B95E229A29809542EA324A7B",
            "9EC4ACEDE079533B95E229A29809542EA324",
            "EC4ACEDE079533B95E229A29809542EA324A",
            "C4ACEDE079533B95E229A29809542EA324A7",
            "4ACEDE079533B95E229A29809542EA324A7B",
            "ACEDE079533B95E229A29809542EA324",
            "CEDE079533B95E229A29809542EA324A",
            "EDE079533B95E229A29809542EA324A7",
            "DE079533B95E229A29809542EA324A7B",
            "E079533B95E229A29809542EA324",
            "079533B95E229A29809542EA324A",
            "79533B95E229A29809542EA324A7",
            "9533B95E229A29809542EA324A7B",
            "533B95E229A29809542EA324",
            "33B95E229A29809542EA324A",
            "3B95E229A29809542EA324A7",
            "B95E229A29809542EA324A7B",
            "95E229A29809542EA324",
            "5E229A29809542EA324A",
            "E229A29809542EA324A7",
            "229A29809542EA324A7B",
            "29A29809542EA324",
            "9A29809542EA324A",
            "A29809542EA324A7",
            "29809542EA324A7B",
            "9809542EA324",
            "809542EA324A",
            "09542EA324A7",
            "9542EA324A7B",
            "542EA324",
            "42EA324A",
            "2EA324A7",
            "EA324A7B",
            "A324",
            "324A",
            "24A7",
            "4A7B",
            "59058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "9058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "58FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "8FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "DDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "DE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "E6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "89BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "9BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "CA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "A6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "36FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "6FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "D2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "E2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "8B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "BB38A7BC80D8DD4C75CEFD7A5D247074",
            "B38A7BC80D8DD4C75CEFD7A5D247",
            "38A7BC80D8DD4C75CEFD7A5D2470",
            "8A7BC80D8DD4C75CEFD7A5D24707",
            "A7BC80D8DD4C75CEFD7A5D247074",
            "7BC80D8DD4C75CEFD7A5D247",
            "BC80D8DD4C75CEFD7A5D2470",
            "C80D8DD4C75CEFD7A5D24707",
            "80D8DD4C75CEFD7A5D247074",
            "0D8DD4C75CEFD7A5D247",
            "D8DD4C75CEFD7A5D2470",
            "8DD4C75CEFD7A5D24707",
            "DD4C75CEFD7A5D247074",
            "D4C75CEFD7A5D247",
            "4C75CEFD7A5D2470",
            "C75CEFD7A5D24707",
            "75CEFD7A5D247074",
            "5CEFD7A5D247",
            "CEFD7A5D2470",
            "EFD7A5D24707",
            "FD7A5D247074",
            "D7A5D247",
            "7A5D2470",
            "A5D24707",
            "5D247074",
            "D247",
            "2470",
            "4707",
            "7074",
            "62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "2E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "3B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "3D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "7FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "DD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "D780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "80E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "0E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "0D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "9A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "6E8EE503B197AC16AC3F1D2571C147FDD324",
            "E8EE503B197AC16AC3F1D2571C147FDD324C",
            "8EE503B197AC16AC3F1D2571C147FDD324C9",
            "EE503B197AC16AC3F1D2571C147FDD32",
            "E503B197AC16AC3F1D2571C147FDD324",
            "503B197AC16AC3F1D2571C147FDD324C",
            "03B197AC16AC3F1D2571C147FDD324C9",
            "3B197AC16AC3F1D2571C147FDD32",
            "B197AC16AC3F1D2571C147FDD324",
            "197AC16AC3F1D2571C147FDD324C",
            "97AC16AC3F1D2571C147FDD324C9",
            "7AC16AC3F1D2571C147FDD32",
            "AC16AC3F1D2571C147FDD324",
            "C16AC3F1D2571C147FDD324C",
            "16AC3F1D2571C147FDD324C9",
            "6AC3F1D2571C147FDD32",
            "AC3F1D2571C147FDD324",
            "C3F1D2571C147FDD324C",
            "3F1D2571C147FDD324C9",
            "F1D2571C147FDD32",
            "1D2571C147FDD324",
            "D2571C147FDD324C",
            "2571C147FDD324C9",
            "571C147FDD32",
            "71C147FDD324",
            "1C147FDD324C",
            "C147FDD324C9",
            "147FDD32",
            "47FDD324",
            "7FDD324C",
            "FDD324C9",
            "DD32",
            "D324",
            "324C",
            "24C9",
            "742EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "42EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "2EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "B14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "4EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "C82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "2FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "D7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "CE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "E8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "65C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "5C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "E7AABD3935C69B50E82F066C4890BD7C5D1F",
            "7AABD3935C69B50E82F066C4890BD7C5",
            "AABD3935C69B50E82F066C4890BD7C5D",
            "ABD3935C69B50E82F066C4890BD7C5D1",
            "BD3935C69B50E82F066C4890BD7C5D1F",
            "D3935C69B50E82F066C4890BD7C5",
            "3935C69B50E82F066C4890BD7C5D",
            "935C69B50E82F066C4890BD7C5D1",
            "35C69B50E82F066C4890BD7C5D1F",
            "5C69B50E82F066C4890BD7C5",
            "C69B50E82F066C4890BD7C5D",
            "69B50E82F066C4890BD7C5D1",
            "9B50E82F066C4890BD7C5D1F",
            "B50E82F066C4890BD7C5",
            "50E82F066C4890BD7C5D",
            "0E82F066C4890BD7C5D1",
            "E82F066C4890BD7C5D1F",
            "82F066C4890BD7C5",
            "2F066C4890BD7C5D",
            "F066C4890BD7C5D1",
            "066C4890BD7C5D1F",
            "66C4890BD7C5",
            "6C4890BD7C5D",
            "C4890BD7C5D1",
            "4890BD7C5D1F",
            "890BD7C5",
            "90BD7C5D",
            "0BD7C5D1",
            "BD7C5D1F",
            "D7C5",
            "7C5D",
            "C5D1",
            "5D1F",
            "7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "35673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "5673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "73D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "3D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "36D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "6D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "7A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "7DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "B03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "3EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "B3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "D71EA780F44372F5AEBECEBEDD696AAEB837",
            "71EA780F44372F5AEBECEBEDD696AAEB8378",
            "1EA780F44372F5AEBECEBEDD696AAEB8",
            "EA780F44372F5AEBECEBEDD696AAEB83",
            "A780F44372F5AEBECEBEDD696AAEB837",
            "780F44372F5AEBECEBEDD696AAEB8378",
            "80F44372F5AEBECEBEDD696AAEB8",
            "0F44372F5AEBECEBEDD696AAEB83",
            "F44372F5AEBECEBEDD696AAEB837",
            "44372F5AEBECEBEDD696AAEB8378",
            "4372F5AEBECEBEDD696AAEB8",
            "372F5AEBECEBEDD696AAEB83",
            "72F5AEBECEBEDD696AAEB837",
            "2F5AEBECEBEDD696AAEB8378",
            "F5AEBECEBEDD696AAEB8",
            "5AEBECEBEDD696AAEB83",
            "AEBECEBEDD696AAEB837",
            "EBECEBEDD696AAEB8378",
            "BECEBEDD696AAEB8",
            "ECEBEDD696AAEB83",
            "CEBEDD696AAEB837",
            "EBEDD696AAEB8378",
            "BEDD696AAEB8",
            "EDD696AAEB83",
            "DD696AAEB837",
            "D696AAEB8378",
            "696AAEB8",
            "96AAEB83",
            "6AAEB837",
            "AAEB8378",
            "AEB8",
            "EB83",
            "B837",
            "8378",
            "841F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "41F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "1F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "F48991C286754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "8991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "991C286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "91C286754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "1C286754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "86754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "6754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "54FBA5647CA30986070C8F457C22D30959D113010CC1",
            "4FBA5647CA30986070C8F457C22D30959D113010CC16",
            "FBA5647CA30986070C8F457C22D30959D113010CC164",
            "BA5647CA30986070C8F457C22D30959D113010CC164C",
            "A5647CA30986070C8F457C22D30959D113010CC1",
            "5647CA30986070C8F457C22D30959D113010CC16",
            "647CA30986070C8F457C22D30959D113010CC164",
            "47CA30986070C8F457C22D30959D113010CC164C",
            "7CA30986070C8F457C22D30959D113010CC1",
            "CA30986070C8F457C22D30959D113010CC16",
            "A30986070C8F457C22D30959D113010CC164",
            "30986070C8F457C22D30959D113010CC164C",
            "0986070C8F457C22D30959D113010CC1",
            "986070C8F457C22D30959D113010CC16",
            "86070C8F457C22D30959D113010CC164",
            "6070C8F457C22D30959D113010CC164C",
            "070C8F457C22D30959D113010CC1",
            "70C8F457C22D30959D113010CC16",
            "0C8F457C22D30959D113010CC164",
            "C8F457C22D30959D113010CC164C",
            "8F457C22D30959D113010CC1",
            "F457C22D30959D113010CC16",
            "457C22D30959D113010CC164",
            "57C22D30959D113010CC164C",
            "7C22D30959D113010CC1",
            "C22D30959D113010CC16",
            "22D30959D113010CC164",
            "2D30959D113010CC164C",
            "D30959D113010CC1",
            "30959D113010CC16",
            "0959D113010CC164",
            "959D113010CC164C",
            "59D113010CC1",
            "9D113010CC16",
            "D113010CC164",
            "113010CC164C",
            "13010CC1",
            "3010CC16",
            "010CC164",
            "10CC164C",
            "0CC1",
            "CC16",
            "C164",
            "164C",
            "97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "7E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "13E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "3E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "7DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "EC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "C76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "6B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "0D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "7644B35EA4322F00D594D80D2F1C1F3644F8",
            "644B35EA4322F00D594D80D2F1C1F3644F8A",
            "44B35EA4322F00D594D80D2F1C1F3644F8A4",
            "4B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "B35EA4322F00D594D80D2F1C1F3644F8",
            "35EA4322F00D594D80D2F1C1F3644F8A",
            "5EA4322F00D594D80D2F1C1F3644F8A4",
            "EA4322F00D594D80D2F1C1F3644F8A4A",
            "A4322F00D594D80D2F1C1F3644F8",
            "4322F00D594D80D2F1C1F3644F8A",
            "322F00D594D80D2F1C1F3644F8A4",
            "22F00D594D80D2F1C1F3644F8A4A",
            "2F00D594D80D2F1C1F3644F8",
            "F00D594D80D2F1C1F3644F8A",
            "00D594D80D2F1C1F3644F8A4",
            "0D594D80D2F1C1F3644F8A4A",
            "D594D80D2F1C1F3644F8",
            "594D80D2F1C1F3644F8A",
            "94D80D2F1C1F3644F8A4",
            "4D80D2F1C1F3644F8A4A",
            "D80D2F1C1F3644F8",
            "80D2F1C1F3644F8A",
            "0D2F1C1F3644F8A4",
            "D2F1C1F3644F8A4A",
            "2F1C1F3644F8",
            "F1C1F3644F8A",
            "1C1F3644F8A4",
            "C1F3644F8A4A",
            "1F3644F8",
            "F3644F8A",
            "3644F8A4",
            "644F8A4A",
            "44F8",
            "4F8A",
            "F8A4",
            "8A4A",
            "C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "56AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "6AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "FF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "F1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "1C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "A472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "72E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "2E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "84C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "4C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "8E3C8F875B9A24280435D42836A77B19F5A8",
            "E3C8F875B9A24280435D42836A77B19F5A8C",
            "3C8F875B9A24280435D42836A77B19F5A8C1",
            "C8F875B9A24280435D42836A77B19F5A8C18",
            "8F875B9A24280435D42836A77B19F5A8",
            "F875B9A24280435D42836A77B19F5A8C",
            "875B9A24280435D42836A77B19F5A8C1",
            "75B9A24280435D42836A77B19F5A8C18",
            "5B9A24280435D42836A77B19F5A8",
            "B9A24280435D42836A77B19F5A8C",
            "9A24280435D42836A77B19F5A8C1",
            "A24280435D42836A77B19F5A8C18",
            "24280435D42836A77B19F5A8",
            "4280435D42836A77B19F5A8C",
            "280435D42836A77B19F5A8C1",
            "80435D42836A77B19F5A8C18",
            "0435D42836A77B19F5A8",
            "435D42836A77B19F5A8C",
            "35D42836A77B19F5A8C1",
            "5D42836A77B19F5A8C18",
            "D42836A77B19F5A8",
            "42836A77B19F5A8C",
            "2836A77B19F5A8C1",
            "836A77B19F5A8C18",
            "36A77B19F5A8",
            "6A77B19F5A8C",
            "A77B19F5A8C1",
            "77B19F5A8C18",
            "7B19F5A8",
            "B19F5A8C",
            "19F5A8C1",
            "9F5A8C18",
            "F5A8",
            "5A8C",
            "A8C1",
            "8C18",
            "C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "1B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01",
            "B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "41CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01",
            "1CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "F756EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "756EB7551F7C661743802362728B785ADC22E860D269713DFB01",
            "56EB7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "6EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "B7551F7C661743802362728B785ADC22E860D269713DFB01",
            "7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "51F7C661743802362728B785ADC22E860D269713DFB0",
            "1F7C661743802362728B785ADC22E860D269713DFB01",
            "F7C661743802362728B785ADC22E860D269713DFB01A",
            "7C661743802362728B785ADC22E860D269713DFB01A6",
            "C661743802362728B785ADC22E860D269713DFB0",
            "661743802362728B785ADC22E860D269713DFB01",
            "61743802362728B785ADC22E860D269713DFB01A",
            "1743802362728B785ADC22E860D269713DFB01A6",
            "743802362728B785ADC22E860D269713DFB0",
            "43802362728B785ADC22E860D269713DFB01",
            "3802362728B785ADC22E860D269713DFB01A",
            "802362728B785ADC22E860D269713DFB01A6",
            "02362728B785ADC22E860D269713DFB0",
            "2362728B785ADC22E860D269713DFB01",
            "362728B785ADC22E860D269713DFB01A",
            "62728B785ADC22E860D269713DFB01A6",
            "2728B785ADC22E860D269713DFB0",
            "728B785ADC22E860D269713DFB01",
            "28B785ADC22E860D269713DFB01A",
            "8B785ADC22E860D269713DFB01A6",
            "B785ADC22E860D269713DFB0",
            "785ADC22E860D269713DFB01",
            "85ADC22E860D269713DFB01A",
            "5ADC22E860D269713DFB01A6",
            "ADC22E860D269713DFB0",
            "DC22E860D269713DFB01",
            "C22E860D269713DFB01A",
            "22E860D269713DFB01A6",
            "2E860D269713DFB0",
            "E860D269713DFB01",
            "860D269713DFB01A",
            "60D269713DFB01A6",
            "0D269713DFB0",
            "D269713DFB01",
            "269713DFB01A",
            "69713DFB01A6",
            "9713DFB0",
            "713DFB01",
            "13DFB01A",
            "3DFB01A6",
            "DFB0",
            "FB01",
            "B01A",
            "01A6",
            "D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "47C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "7C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "97788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "7788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "88CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "8CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "F0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "31CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "1CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "EB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "B06E3DF77A45FEF59F1E49633DC7159816D64759",
            "06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "6E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "E3DF77A45FEF59F1E49633DC7159816D6475",
            "3DF77A45FEF59F1E49633DC7159816D64759",
            "DF77A45FEF59F1E49633DC7159816D64759B",
            "F77A45FEF59F1E49633DC7159816D64759B5",
            "77A45FEF59F1E49633DC7159816D6475",
            "7A45FEF59F1E49633DC7159816D64759",
            "A45FEF59F1E49633DC7159816D64759B",
            "45FEF59F1E49633DC7159816D64759B5",
            "5FEF59F1E49633DC7159816D6475",
            "FEF59F1E49633DC7159816D64759",
            "EF59F1E49633DC7159816D64759B",
            "F59F1E49633DC7159816D64759B5",
            "59F1E49633DC7159816D6475",
            "9F1E49633DC7159816D64759",
            "F1E49633DC7159816D64759B",
            "1E49633DC7159816D64759B5",
            "E49633DC7159816D6475",
            "49633DC7159816D64759",
            "9633DC7159816D64759B",
            "633DC7159816D64759B5",
            "33DC7159816D6475",
            "3DC7159816D64759",
            "DC7159816D64759B",
            "C7159816D64759B5",
            "7159816D6475",
            "159816D64759",
            "59816D64759B",
            "9816D64759B5",
            "816D6475",
            "16D64759",
            "6D64759B",
            "D64759B5",
            "6475",
            "4759",
            "759B",
            "59B5",
            "F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "BE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "E78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "8BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "D8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "8559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "59BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "9BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "F3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "FCC9A9FA37D221E31780774A3787E26160A61F53",
            "CC9A9FA37D221E31780774A3787E26160A61F534",
            "C9A9FA37D221E31780774A3787E26160A61F5348",
            "9A9FA37D221E31780774A3787E26160A61F5",
            "A9FA37D221E31780774A3787E26160A61F53",
            "9FA37D221E31780774A3787E26160A61F534",
            "FA37D221E31780774A3787E26160A61F5348",
            "A37D221E31780774A3787E26160A61F5",
            "37D221E31780774A3787E26160A61F53",
            "7D221E31780774A3787E26160A61F534",
            "D221E31780774A3787E26160A61F5348",
            "221E31780774A3787E26160A61F5",
            "21E31780774A3787E26160A61F53",
            "1E31780774A3787E26160A61F534",
            "E31780774A3787E26160A61F5348",
            "31780774A3787E26160A61F5",
            "1780774A3787E26160A61F53",
            "780774A3787E26160A61F534",
            "80774A3787E26160A61F5348",
            "0774A3787E26160A61F5",
            "774A3787E26160A61F53",
            "74A3787E26160A61F534",
            "4A3787E26160A61F5348",
            "A3787E26160A61F5",
            "3787E26160A61F53",
            "787E26160A61F534",
            "87E26160A61F5348",
            "7E26160A61F5",
            "E26160A61F53",
            "26160A61F534",
            "6160A61F5348",
            "160A61F5",
            "60A61F53",
            "0A61F534",
            "A61F5348",
            "61F5",
            "1F53",
            "F534",
            "5348",
            "22eafa4717564f83b8fd543fa8bd19a6",
            "2eafa4717564f83b8fd543fa8bd1",
            "eafa4717564f83b8fd543fa8bd19",
            "afa4717564f83b8fd543fa8bd19a",
            "fa4717564f83b8fd543fa8bd19a6",
            "a4717564f83b8fd543fa8bd1",
            "4717564f83b8fd543fa8bd19",
            "717564f83b8fd543fa8bd19a",
            "17564f83b8fd543fa8bd19a6",
            "7564f83b8fd543fa8bd1",
            "564f83b8fd543fa8bd19",
            "64f83b8fd543fa8bd19a",
            "4f83b8fd543fa8bd19a6",
            "f83b8fd543fa8bd1",
            "83b8fd543fa8bd19",
            "3b8fd543fa8bd19a",
            "b8fd543fa8bd19a6",
            "8fd543fa8bd1",
            "fd543fa8bd19",
            "d543fa8bd19a",
            "543fa8bd19a6",
            "43fa8bd1",
            "3fa8bd19",
            "fa8bd19a",
            "a8bd19a6",
            "8bd1",
            "bd19",
            "d19a",
            "19a6",
            "61d9bc5401d34f5690dfcde994cb91f2",
            "1d9bc5401d34f5690dfcde994cb9",
            "d9bc5401d34f5690dfcde994cb91",
            "9bc5401d34f5690dfcde994cb91f",
            "bc5401d34f5690dfcde994cb91f2",
            "c5401d34f5690dfcde994cb9",
            "5401d34f5690dfcde994cb91",
            "401d34f5690dfcde994cb91f",
            "01d34f5690dfcde994cb91f2",
            "1d34f5690dfcde994cb9",
            "d34f5690dfcde994cb91",
            "34f5690dfcde994cb91f",
            "4f5690dfcde994cb91f2",
            "f5690dfcde994cb9",
            "5690dfcde994cb91",
            "690dfcde994cb91f",
            "90dfcde994cb91f2",
            "0dfcde994cb9",
            "dfcde994cb91",
            "fcde994cb91f",
            "cde994cb91f2",
            "de994cb9",
            "e994cb91",
            "994cb91f",
            "94cb91f2",
            "4cb9",
            "cb91",
            "b91f",
            "91f2",
            "3c5a944466c44077b7e1a6ac6f30b03f",
            "c5a944466c44077b7e1a6ac6f30b",
            "5a944466c44077b7e1a6ac6f30b0",
            "a944466c44077b7e1a6ac6f30b03",
            "944466c44077b7e1a6ac6f30b03f",
            "44466c44077b7e1a6ac6f30b",
            "4466c44077b7e1a6ac6f30b0",
            "466c44077b7e1a6ac6f30b03",
            "66c44077b7e1a6ac6f30b03f",
            "6c44077b7e1a6ac6f30b",
            "c44077b7e1a6ac6f30b0",
            "44077b7e1a6ac6f30b03",
            "4077b7e1a6ac6f30b03f",
            "077b7e1a6ac6f30b",
            "77b7e1a6ac6f30b0",
            "7b7e1a6ac6f30b03",
            "b7e1a6ac6f30b03f",
            "7e1a6ac6f30b",
            "e1a6ac6f30b0",
            "1a6ac6f30b03",
            "a6ac6f30b03f",
            "6ac6f30b",
            "ac6f30b0",
            "c6f30b03",
            "6f30b03f",
            "f30b",
            "30b0",
            "0b03",
            "b03f",
            "e50d96f218d84613ba5bd9a617b3f4f0",
            "50d96f218d84613ba5bd9a617b3f",
            "0d96f218d84613ba5bd9a617b3f4",
            "d96f218d84613ba5bd9a617b3f4f",
            "96f218d84613ba5bd9a617b3f4f0",
            "6f218d84613ba5bd9a617b3f",
            "f218d84613ba5bd9a617b3f4",
            "218d84613ba5bd9a617b3f4f",
            "18d84613ba5bd9a617b3f4f0",
            "8d84613ba5bd9a617b3f",
            "d84613ba5bd9a617b3f4",
            "84613ba5bd9a617b3f4f",
            "4613ba5bd9a617b3f4f0",
            "613ba5bd9a617b3f",
            "13ba5bd9a617b3f4",
            "3ba5bd9a617b3f4f",
            "ba5bd9a617b3f4f0",
            "a5bd9a617b3f",
            "5bd9a617b3f4",
            "bd9a617b3f4f",
            "d9a617b3f4f0",
            "9a617b3f",
            "a617b3f4",
            "617b3f4f",
            "17b3f4f0",
            "7b3f",
            "b3f4",
            "3f4f",
            "f4f0",
            "4ff35862067841adab04b1bfccbb1f34",
            "ff35862067841adab04b1bfccbb1",
            "f35862067841adab04b1bfccbb1f",
            "35862067841adab04b1bfccbb1f3",
            "5862067841adab04b1bfccbb1f34",
            "862067841adab04b1bfccbb1",
            "62067841adab04b1bfccbb1f",
            "2067841adab04b1bfccbb1f3",
            "067841adab04b1bfccbb1f34",
            "67841adab04b1bfccbb1",
            "7841adab04b1bfccbb1f",
            "841adab04b1bfccbb1f3",
            "41adab04b1bfccbb1f34",
            "1adab04b1bfccbb1",
            "adab04b1bfccbb1f",
            "dab04b1bfccbb1f3",
            "ab04b1bfccbb1f34",
            "b04b1bfccbb1",
            "04b1bfccbb1f",
            "4b1bfccbb1f3",
            "b1bfccbb1f34",
            "1bfccbb1",
            "bfccbb1f",
            "fccbb1f3",
            "ccbb1f34",
            "cbb1",
            "bb1f",
            "b1f3",
            "1f34",
            "68e4f24cfb8147c289ec646a0a7a0834",
            "8e4f24cfb8147c289ec646a0a7a0",
            "e4f24cfb8147c289ec646a0a7a08",
            "4f24cfb8147c289ec646a0a7a083",
            "f24cfb8147c289ec646a0a7a0834",
            "24cfb8147c289ec646a0a7a0",
            "4cfb8147c289ec646a0a7a08",
            "cfb8147c289ec646a0a7a083",
            "fb8147c289ec646a0a7a0834",
            "b8147c289ec646a0a7a0",
            "8147c289ec646a0a7a08",
            "147c289ec646a0a7a083",
            "47c289ec646a0a7a0834",
            "7c289ec646a0a7a0",
            "c289ec646a0a7a08",
            "289ec646a0a7a083",
            "89ec646a0a7a0834",
            "9ec646a0a7a0",
            "ec646a0a7a08",
            "c646a0a7a083",
            "646a0a7a0834",
            "46a0a7a0",
            "6a0a7a08",
            "a0a7a083",
            "0a7a0834",
            "a7a0",
            "7a08",
            "a083",
            "0834",
            "96c496e3c3a54fbb848ee060f8c4f355",
            "6c496e3c3a54fbb848ee060f8c4f",
            "c496e3c3a54fbb848ee060f8c4f3",
            "496e3c3a54fbb848ee060f8c4f35",
            "96e3c3a54fbb848ee060f8c4f355",
            "6e3c3a54fbb848ee060f8c4f",
            "e3c3a54fbb848ee060f8c4f3",
            "3c3a54fbb848ee060f8c4f35",
            "c3a54fbb848ee060f8c4f355",
            "3a54fbb848ee060f8c4f",
            "a54fbb848ee060f8c4f3",
            "54fbb848ee060f8c4f35",
            "4fbb848ee060f8c4f355",
            "fbb848ee060f8c4f",
            "bb848ee060f8c4f3",
            "b848ee060f8c4f35",
            "848ee060f8c4f355",
            "48ee060f8c4f",
            "8ee060f8c4f3",
            "ee060f8c4f35",
            "e060f8c4f355",
            "060f8c4f",
            "60f8c4f3",
            "0f8c4f35",
            "f8c4f355",
            "8c4f",
            "c4f3",
            "4f35",
            "f355",
            "4a614a8b163d4f0ea438914f5a28ce51",
            "a614a8b163d4f0ea438914f5a28c",
            "614a8b163d4f0ea438914f5a28ce",
            "14a8b163d4f0ea438914f5a28ce5",
            "4a8b163d4f0ea438914f5a28ce51",
            "a8b163d4f0ea438914f5a28c",
            "8b163d4f0ea438914f5a28ce",
            "b163d4f0ea438914f5a28ce5",
            "163d4f0ea438914f5a28ce51",
            "63d4f0ea438914f5a28c",
            "3d4f0ea438914f5a28ce",
            "d4f0ea438914f5a28ce5",
            "4f0ea438914f5a28ce51",
            "f0ea438914f5a28c",
            "0ea438914f5a28ce",
            "ea438914f5a28ce5",
            "a438914f5a28ce51",
            "438914f5a28c",
            "38914f5a28ce",
            "8914f5a28ce5",
            "914f5a28ce51",
            "14f5a28c",
            "4f5a28ce",
            "f5a28ce5",
            "5a28ce51",
            "a28c",
            "28ce",
            "8ce5",
            "ce51",
            "901a84b0d1e143deb562fd17ceebf571",
            "01a84b0d1e143deb562fd17ceebf",
            "1a84b0d1e143deb562fd17ceebf5",
            "a84b0d1e143deb562fd17ceebf57",
            "84b0d1e143deb562fd17ceebf571",
            "4b0d1e143deb562fd17ceebf",
            "b0d1e143deb562fd17ceebf5",
            "0d1e143deb562fd17ceebf57",
            "d1e143deb562fd17ceebf571",
            "1e143deb562fd17ceebf",
            "e143deb562fd17ceebf5",
            "143deb562fd17ceebf57",
            "43deb562fd17ceebf571",
            "3deb562fd17ceebf",
            "deb562fd17ceebf5",
            "eb562fd17ceebf57",
            "b562fd17ceebf571",
            "562fd17ceebf",
            "62fd17ceebf5",
            "2fd17ceebf57",
            "fd17ceebf571",
            "d17ceebf",
            "17ceebf5",
            "7ceebf57",
            "ceebf571",
            "eebf",
            "ebf5",
            "bf57",
            "f571",
            "6eb9e478e2194f1aa7429f8b122121f4",
            "eb9e478e2194f1aa7429f8b12212",
            "b9e478e2194f1aa7429f8b122121",
            "9e478e2194f1aa7429f8b122121f",
            "e478e2194f1aa7429f8b122121f4",
            "478e2194f1aa7429f8b12212",
            "78e2194f1aa7429f8b122121",
            "8e2194f1aa7429f8b122121f",
            "e2194f1aa7429f8b122121f4",
            "2194f1aa7429f8b12212",
            "194f1aa7429f8b122121",
            "94f1aa7429f8b122121f",
            "4f1aa7429f8b122121f4",
            "f1aa7429f8b12212",
            "1aa7429f8b122121",
            "aa7429f8b122121f",
            "a7429f8b122121f4",
            "7429f8b12212",
            "429f8b122121",
            "29f8b122121f",
            "9f8b122121f4",
            "f8b12212",
            "8b122121",
            "b122121f",
            "122121f4",
            "2212",
            "2121",
            "121f",
            "21f4",
            "a08cf5257c9540ffacf5c7f96fb6bf31",
            "08cf5257c9540ffacf5c7f96fb6b",
            "8cf5257c9540ffacf5c7f96fb6bf",
            "cf5257c9540ffacf5c7f96fb6bf3",
            "f5257c9540ffacf5c7f96fb6bf31",
            "5257c9540ffacf5c7f96fb6b",
            "257c9540ffacf5c7f96fb6bf",
            "57c9540ffacf5c7f96fb6bf3",
            "7c9540ffacf5c7f96fb6bf31",
            "c9540ffacf5c7f96fb6b",
            "9540ffacf5c7f96fb6bf",
            "540ffacf5c7f96fb6bf3",
            "40ffacf5c7f96fb6bf31",
            "0ffacf5c7f96fb6b",
            "ffacf5c7f96fb6bf",
            "facf5c7f96fb6bf3",
            "acf5c7f96fb6bf31",
            "cf5c7f96fb6b",
            "f5c7f96fb6bf",
            "5c7f96fb6bf3",
            "c7f96fb6bf31",
            "7f96fb6b",
            "f96fb6bf",
            "96fb6bf3",
            "6fb6bf31",
            "fb6b",
            "b6bf",
            "6bf3",
            "bf31",
            "fd438ea62820497088a0fcb4a7f1a581",
            "d438ea62820497088a0fcb4a7f1a",
            "438ea62820497088a0fcb4a7f1a5",
            "38ea62820497088a0fcb4a7f1a58",
            "8ea62820497088a0fcb4a7f1a581",
            "ea62820497088a0fcb4a7f1a",
            "a62820497088a0fcb4a7f1a5",
            "62820497088a0fcb4a7f1a58",
            "2820497088a0fcb4a7f1a581",
            "820497088a0fcb4a7f1a",
            "20497088a0fcb4a7f1a5",
            "0497088a0fcb4a7f1a58",
            "497088a0fcb4a7f1a581",
            "97088a0fcb4a7f1a",
            "7088a0fcb4a7f1a5",
            "088a0fcb4a7f1a58",
            "88a0fcb4a7f1a581",
            "8a0fcb4a7f1a",
            "a0fcb4a7f1a5",
            "0fcb4a7f1a58",
            "fcb4a7f1a581",
            "cb4a7f1a",
            "b4a7f1a5",
            "4a7f1a58",
            "a7f1a581",
            "7f1a",
            "f1a5",
            "1a58",
            "a581",
            "b6f22ed232a2441da1350ead2b5b7d97",
            "6f22ed232a2441da1350ead2b5b7",
            "f22ed232a2441da1350ead2b5b7d",
            "22ed232a2441da1350ead2b5b7d9",
            "2ed232a2441da1350ead2b5b7d97",
            "ed232a2441da1350ead2b5b7",
            "d232a2441da1350ead2b5b7d",
            "232a2441da1350ead2b5b7d9",
            "32a2441da1350ead2b5b7d97",
            "2a2441da1350ead2b5b7",
            "a2441da1350ead2b5b7d",
            "2441da1350ead2b5b7d9",
            "441da1350ead2b5b7d97",
            "41da1350ead2b5b7",
            "1da1350ead2b5b7d",
            "da1350ead2b5b7d9",
            "a1350ead2b5b7d97",
            "1350ead2b5b7",
            "350ead2b5b7d",
            "50ead2b5b7d9",
            "0ead2b5b7d97",
            "ead2b5b7",
            "ad2b5b7d",
            "d2b5b7d9",
            "2b5b7d97",
            "b5b7",
            "5b7d",
            "b7d9",
            "7d97",
            "93e2abdd886c49d3aa4ce224317dbf55",
            "3e2abdd886c49d3aa4ce224317db",
            "e2abdd886c49d3aa4ce224317dbf",
            "2abdd886c49d3aa4ce224317dbf5",
            "abdd886c49d3aa4ce224317dbf55",
            "bdd886c49d3aa4ce224317db",
            "dd886c49d3aa4ce224317dbf",
            "d886c49d3aa4ce224317dbf5",
            "886c49d3aa4ce224317dbf55",
            "86c49d3aa4ce224317db",
            "6c49d3aa4ce224317dbf",
            "c49d3aa4ce224317dbf5",
            "49d3aa4ce224317dbf55",
            "9d3aa4ce224317db",
            "d3aa4ce224317dbf",
            "3aa4ce224317dbf5",
            "aa4ce224317dbf55",
            "a4ce224317db",
            "4ce224317dbf",
            "ce224317dbf5",
            "e224317dbf55",
            "224317db",
            "24317dbf",
            "4317dbf5",
            "317dbf55",
            "17db",
            "7dbf",
            "dbf5",
            "bf55",
            "e30b53871c1043af98ae565556077eb7",
            "30b53871c1043af98ae565556077",
            "0b53871c1043af98ae565556077e",
            "b53871c1043af98ae565556077eb",
            "53871c1043af98ae565556077eb7",
            "3871c1043af98ae565556077",
            "871c1043af98ae565556077e",
            "71c1043af98ae565556077eb",
            "1c1043af98ae565556077eb7",
            "c1043af98ae565556077",
            "1043af98ae565556077e",
            "043af98ae565556077eb",
            "43af98ae565556077eb7",
            "3af98ae565556077",
            "af98ae565556077e",
            "f98ae565556077eb",
            "98ae565556077eb7",
            "8ae565556077",
            "ae565556077e",
            "e565556077eb",
            "565556077eb7",
            "65556077",
            "5556077e",
            "556077eb",
            "56077eb7",
            "6077",
            "077e",
            "77eb",
            "7eb7",
            "02de2f24483e4f9381a5b4c4ff288a4c",
            "2de2f24483e4f9381a5b4c4ff288",
            "de2f24483e4f9381a5b4c4ff288a",
            "e2f24483e4f9381a5b4c4ff288a4",
            "2f24483e4f9381a5b4c4ff288a4c",
            "f24483e4f9381a5b4c4ff288",
            "24483e4f9381a5b4c4ff288a",
            "4483e4f9381a5b4c4ff288a4",
            "483e4f9381a5b4c4ff288a4c",
            "83e4f9381a5b4c4ff288",
            "3e4f9381a5b4c4ff288a",
            "e4f9381a5b4c4ff288a4",
            "4f9381a5b4c4ff288a4c",
            "f9381a5b4c4ff288",
            "9381a5b4c4ff288a",
            "381a5b4c4ff288a4",
            "81a5b4c4ff288a4c",
            "1a5b4c4ff288",
            "a5b4c4ff288a",
            "5b4c4ff288a4",
            "b4c4ff288a4c",
            "4c4ff288",
            "c4ff288a",
            "4ff288a4",
            "ff288a4c",
            "f288",
            "288a",
            "88a4",
            "8a4c",
            "5589baeb081d49aaaed217379920801b",
            "589baeb081d49aaaed2173799208",
            "89baeb081d49aaaed21737992080",
            "9baeb081d49aaaed217379920801",
            "baeb081d49aaaed217379920801b",
            "aeb081d49aaaed2173799208",
            "eb081d49aaaed21737992080",
            "b081d49aaaed217379920801",
            "081d49aaaed217379920801b",
            "81d49aaaed2173799208",
            "1d49aaaed21737992080",
            "d49aaaed217379920801",
            "49aaaed217379920801b",
            "9aaaed2173799208",
            "aaaed21737992080",
            "aaed217379920801",
            "aed217379920801b",
            "ed2173799208",
            "d21737992080",
            "217379920801",
            "17379920801b",
            "73799208",
            "37992080",
            "79920801",
            "9920801b",
            "9208",
            "2080",
            "0801",
            "801b",
            "1d05a4eb01b941bf99f91100acaa2e4c",
            "d05a4eb01b941bf99f91100acaa2",
            "05a4eb01b941bf99f91100acaa2e",
            "5a4eb01b941bf99f91100acaa2e4",
            "a4eb01b941bf99f91100acaa2e4c",
            "4eb01b941bf99f91100acaa2",
            "eb01b941bf99f91100acaa2e",
            "b01b941bf99f91100acaa2e4",
            "01b941bf99f91100acaa2e4c",
            "1b941bf99f91100acaa2",
            "b941bf99f91100acaa2e",
            "941bf99f91100acaa2e4",
            "41bf99f91100acaa2e4c",
            "1bf99f91100acaa2",
            "bf99f91100acaa2e",
            "f99f91100acaa2e4",
            "99f91100acaa2e4c",
            "9f91100acaa2",
            "f91100acaa2e",
            "91100acaa2e4",
            "1100acaa2e4c",
            "100acaa2",
            "00acaa2e",
            "0acaa2e4",
            "acaa2e4c",
            "caa2",
            "aa2e",
            "a2e4",
            "2e4c",
            "d7d5e8a982a44cc59856a41cf2422189",
            "7d5e8a982a44cc59856a41cf2422",
            "d5e8a982a44cc59856a41cf24221",
            "5e8a982a44cc59856a41cf242218",
            "e8a982a44cc59856a41cf2422189",
            "8a982a44cc59856a41cf2422",
            "a982a44cc59856a41cf24221",
            "982a44cc59856a41cf242218",
            "82a44cc59856a41cf2422189",
            "2a44cc59856a41cf2422",
            "a44cc59856a41cf24221",
            "44cc59856a41cf242218",
            "4cc59856a41cf2422189",
            "cc59856a41cf2422",
            "c59856a41cf24221",
            "59856a41cf242218",
            "9856a41cf2422189",
            "856a41cf2422",
            "56a41cf24221",
            "6a41cf242218",
            "a41cf2422189",
            "41cf2422",
            "1cf24221",
            "cf242218",
            "f2422189",
            "2422",
            "4221",
            "2218",
            "2189",
            "a56e3e5bd8c84978a7ca398598673f64",
            "56e3e5bd8c84978a7ca398598673",
            "6e3e5bd8c84978a7ca398598673f",
            "e3e5bd8c84978a7ca398598673f6",
            "3e5bd8c84978a7ca398598673f64",
            "e5bd8c84978a7ca398598673",
            "5bd8c84978a7ca398598673f",
            "bd8c84978a7ca398598673f6",
            "d8c84978a7ca398598673f64",
            "8c84978a7ca398598673",
            "c84978a7ca398598673f",
            "84978a7ca398598673f6",
            "4978a7ca398598673f64",
            "978a7ca398598673",
            "78a7ca398598673f",
            "8a7ca398598673f6",
            "a7ca398598673f64",
            "7ca398598673",
            "ca398598673f",
            "a398598673f6",
            "398598673f64",
            "98598673",
            "8598673f",
            "598673f6",
            "98673f64",
            "8673",
            "673f",
            "73f6",
            "3f64",
            "9e19f153f45d46198b1c97ed081d980d",
            "e19f153f45d46198b1c97ed081d9",
            "19f153f45d46198b1c97ed081d98",
            "9f153f45d46198b1c97ed081d980",
            "f153f45d46198b1c97ed081d980d",
            "153f45d46198b1c97ed081d9",
            "53f45d46198b1c97ed081d98",
            "3f45d46198b1c97ed081d980",
            "f45d46198b1c97ed081d980d",
            "45d46198b1c97ed081d9",
            "5d46198b1c97ed081d98",
            "d46198b1c97ed081d980",
            "46198b1c97ed081d980d",
            "6198b1c97ed081d9",
            "198b1c97ed081d98",
            "98b1c97ed081d980",
            "8b1c97ed081d980d",
            "b1c97ed081d9",
            "1c97ed081d98",
            "c97ed081d980",
            "97ed081d980d",
            "7ed081d9",
            "ed081d98",
            "d081d980",
            "081d980d",
            "81d9",
            "1d98",
            "d980",
            "980d",
            "bd6c5065737c42c99bc694464bf154ae",
            "d6c5065737c42c99bc694464bf15",
            "6c5065737c42c99bc694464bf154",
            "c5065737c42c99bc694464bf154a",
            "5065737c42c99bc694464bf154ae",
            "065737c42c99bc694464bf15",
            "65737c42c99bc694464bf154",
            "5737c42c99bc694464bf154a",
            "737c42c99bc694464bf154ae",
            "37c42c99bc694464bf15",
            "7c42c99bc694464bf154",
            "c42c99bc694464bf154a",
            "42c99bc694464bf154ae",
            "2c99bc694464bf15",
            "c99bc694464bf154",
            "99bc694464bf154a",
            "9bc694464bf154ae",
            "bc694464bf15",
            "c694464bf154",
            "694464bf154a",
            "94464bf154ae",
            "4464bf15",
            "464bf154",
            "64bf154a",
            "4bf154ae",
            "bf15",
            "f154",
            "154a",
            "54ae",
            "e0734db648774bd89db6758c0cce08c7",
            "0734db648774bd89db6758c0cce0",
            "734db648774bd89db6758c0cce08",
            "34db648774bd89db6758c0cce08c",
            "4db648774bd89db6758c0cce08c7",
            "db648774bd89db6758c0cce0",
            "b648774bd89db6758c0cce08",
            "648774bd89db6758c0cce08c",
            "48774bd89db6758c0cce08c7",
            "8774bd89db6758c0cce0",
            "774bd89db6758c0cce08",
            "74bd89db6758c0cce08c",
            "4bd89db6758c0cce08c7",
            "bd89db6758c0cce0",
            "d89db6758c0cce08",
            "89db6758c0cce08c",
            "9db6758c0cce08c7",
            "db6758c0cce0",
            "b6758c0cce08",
            "6758c0cce08c",
            "758c0cce08c7",
            "58c0cce0",
            "8c0cce08",
            "c0cce08c",
            "0cce08c7",
            "cce0",
            "ce08",
            "e08c",
            "08c7",
            "6aef7c42e7964a5fab0b05b79f5a8a5c",
            "aef7c42e7964a5fab0b05b79f5a8",
            "ef7c42e7964a5fab0b05b79f5a8a",
            "f7c42e7964a5fab0b05b79f5a8a5",
            "7c42e7964a5fab0b05b79f5a8a5c",
            "c42e7964a5fab0b05b79f5a8",
            "42e7964a5fab0b05b79f5a8a",
            "2e7964a5fab0b05b79f5a8a5",
            "e7964a5fab0b05b79f5a8a5c",
            "7964a5fab0b05b79f5a8",
            "964a5fab0b05b79f5a8a",
            "64a5fab0b05b79f5a8a5",
            "4a5fab0b05b79f5a8a5c",
            "a5fab0b05b79f5a8",
            "5fab0b05b79f5a8a",
            "fab0b05b79f5a8a5",
            "ab0b05b79f5a8a5c",
            "b0b05b79f5a8",
            "0b05b79f5a8a",
            "b05b79f5a8a5",
            "05b79f5a8a5c",
            "5b79f5a8",
            "b79f5a8a",
            "79f5a8a5",
            "9f5a8a5c",
            "f5a8",
            "5a8a",
            "a8a5",
            "8a5c",
            "fc96d90fd49d415e848087ac55c4557f",
            "c96d90fd49d415e848087ac55c45",
            "96d90fd49d415e848087ac55c455",
            "6d90fd49d415e848087ac55c4557",
            "d90fd49d415e848087ac55c4557f",
            "90fd49d415e848087ac55c45",
            "0fd49d415e848087ac55c455",
            "fd49d415e848087ac55c4557",
            "d49d415e848087ac55c4557f",
            "49d415e848087ac55c45",
            "9d415e848087ac55c455",
            "d415e848087ac55c4557",
            "415e848087ac55c4557f",
            "15e848087ac55c45",
            "5e848087ac55c455",
            "e848087ac55c4557",
            "848087ac55c4557f",
            "48087ac55c45",
            "8087ac55c455",
            "087ac55c4557",
            "87ac55c4557f",
            "7ac55c45",
            "ac55c455",
            "c55c4557",
            "55c4557f",
            "5c45",
            "c455",
            "4557",
            "557f",
            "9bee1f78b8d148829ce9836e6aa0ec09",
            "bee1f78b8d148829ce9836e6aa0e",
            "ee1f78b8d148829ce9836e6aa0ec",
            "e1f78b8d148829ce9836e6aa0ec0",
            "1f78b8d148829ce9836e6aa0ec09",
            "f78b8d148829ce9836e6aa0e",
            "78b8d148829ce9836e6aa0ec",
            "8b8d148829ce9836e6aa0ec0",
            "b8d148829ce9836e6aa0ec09",
            "8d148829ce9836e6aa0e",
            "d148829ce9836e6aa0ec",
            "148829ce9836e6aa0ec0",
            "48829ce9836e6aa0ec09",
            "8829ce9836e6aa0e",
            "829ce9836e6aa0ec",
            "29ce9836e6aa0ec0",
            "9ce9836e6aa0ec09",
            "ce9836e6aa0e",
            "e9836e6aa0ec",
            "9836e6aa0ec0",
            "836e6aa0ec09",
            "36e6aa0e",
            "6e6aa0ec",
            "e6aa0ec0",
            "6aa0ec09",
            "aa0e",
            "a0ec",
            "0ec0",
            "ec09",
            "072bfb4db7c24767846180ed9891d74a",
            "72bfb4db7c24767846180ed9891d",
            "2bfb4db7c24767846180ed9891d7",
            "bfb4db7c24767846180ed9891d74",
            "fb4db7c24767846180ed9891d74a",
            "b4db7c24767846180ed9891d",
            "4db7c24767846180ed9891d7",
            "db7c24767846180ed9891d74",
            "b7c24767846180ed9891d74a",
            "7c24767846180ed9891d",
            "c24767846180ed9891d7",
            "24767846180ed9891d74",
            "4767846180ed9891d74a",
            "767846180ed9891d",
            "67846180ed9891d7",
            "7846180ed9891d74",
            "846180ed9891d74a",
            "46180ed9891d",
            "6180ed9891d7",
            "180ed9891d74",
            "80ed9891d74a",
            "0ed9891d",
            "ed9891d7",
            "d9891d74",
            "9891d74a",
            "891d",
            "91d7",
            "1d74",
            "d74a",
            "ad102987b2a34a21928edb663ee9cdc6",
            "d102987b2a34a21928edb663ee9c",
            "102987b2a34a21928edb663ee9cd",
            "02987b2a34a21928edb663ee9cdc",
            "2987b2a34a21928edb663ee9cdc6",
            "987b2a34a21928edb663ee9c",
            "87b2a34a21928edb663ee9cd",
            "7b2a34a21928edb663ee9cdc",
            "b2a34a21928edb663ee9cdc6",
            "2a34a21928edb663ee9c",
            "a34a21928edb663ee9cd",
            "34a21928edb663ee9cdc",
            "4a21928edb663ee9cdc6",
            "a21928edb663ee9c",
            "21928edb663ee9cd",
            "1928edb663ee9cdc",
            "928edb663ee9cdc6",
            "28edb663ee9c",
            "8edb663ee9cd",
            "edb663ee9cdc",
            "db663ee9cdc6",
            "b663ee9c",
            "663ee9cd",
            "63ee9cdc",
            "3ee9cdc6",
            "ee9c",
            "e9cd",
            "9cdc",
            "cdc6",
            "41436c7bab6e414e8e9fc07a40cf1cc3",
            "1436c7bab6e414e8e9fc07a40cf1",
            "436c7bab6e414e8e9fc07a40cf1c",
            "36c7bab6e414e8e9fc07a40cf1cc",
            "6c7bab6e414e8e9fc07a40cf1cc3",
            "c7bab6e414e8e9fc07a40cf1",
            "7bab6e414e8e9fc07a40cf1c",
            "bab6e414e8e9fc07a40cf1cc",
            "ab6e414e8e9fc07a40cf1cc3",
            "b6e414e8e9fc07a40cf1",
            "6e414e8e9fc07a40cf1c",
            "e414e8e9fc07a40cf1cc",
            "414e8e9fc07a40cf1cc3",
            "14e8e9fc07a40cf1",
            "4e8e9fc07a40cf1c",
            "e8e9fc07a40cf1cc",
            "8e9fc07a40cf1cc3",
            "e9fc07a40cf1",
            "9fc07a40cf1c",
            "fc07a40cf1cc",
            "c07a40cf1cc3",
            "07a40cf1",
            "7a40cf1c",
            "a40cf1cc",
            "40cf1cc3",
            "0cf1",
            "cf1c",
            "f1cc",
            "1cc3",
            "99917951f7534bbe81016c5d053fec11",
            "9917951f7534bbe81016c5d053fe",
            "917951f7534bbe81016c5d053fec",
            "17951f7534bbe81016c5d053fec1",
            "7951f7534bbe81016c5d053fec11",
            "951f7534bbe81016c5d053fe",
            "51f7534bbe81016c5d053fec",
            "1f7534bbe81016c5d053fec1",
            "f7534bbe81016c5d053fec11",
            "7534bbe81016c5d053fe",
            "534bbe81016c5d053fec",
            "34bbe81016c5d053fec1",
            "4bbe81016c5d053fec11",
            "bbe81016c5d053fe",
            "be81016c5d053fec",
            "e81016c5d053fec1",
            "81016c5d053fec11",
            "1016c5d053fe",
            "016c5d053fec",
            "16c5d053fec1",
            "6c5d053fec11",
            "c5d053fe",
            "5d053fec",
            "d053fec1",
            "053fec11",
            "53fe",
            "3fec",
            "fec1",
            "ec11",
            "5539c661ad0f4e7e99066094d4533489",
            "539c661ad0f4e7e99066094d4533",
            "39c661ad0f4e7e99066094d45334",
            "9c661ad0f4e7e99066094d453348",
            "c661ad0f4e7e99066094d4533489",
            "661ad0f4e7e99066094d4533",
            "61ad0f4e7e99066094d45334",
            "1ad0f4e7e99066094d453348",
            "ad0f4e7e99066094d4533489",
            "d0f4e7e99066094d4533",
            "0f4e7e99066094d45334",
            "f4e7e99066094d453348",
            "4e7e99066094d4533489",
            "e7e99066094d4533",
            "7e99066094d45334",
            "e99066094d453348",
            "99066094d4533489",
            "9066094d4533",
            "066094d45334",
            "66094d453348",
            "6094d4533489",
            "094d4533",
            "94d45334",
            "4d453348",
            "d4533489",
            "4533",
            "5334",
            "3348",
            "3489",
            "5358c8960e734a34a38df267da584b15",
            "358c8960e734a34a38df267da584",
            "58c8960e734a34a38df267da584b",
            "8c8960e734a34a38df267da584b1",
            "c8960e734a34a38df267da584b15",
            "8960e734a34a38df267da584",
            "960e734a34a38df267da584b",
            "60e734a34a38df267da584b1",
            "0e734a34a38df267da584b15",
            "e734a34a38df267da584",
            "734a34a38df267da584b",
            "34a34a38df267da584b1",
            "4a34a38df267da584b15",
            "a34a38df267da584",
            "34a38df267da584b",
            "4a38df267da584b1",
            "a38df267da584b15",
            "38df267da584",
            "8df267da584b",
            "df267da584b1",
            "f267da584b15",
            "267da584",
            "67da584b",
            "7da584b1",
            "da584b15",
            "a584",
            "584b",
            "84b1",
            "4b15",
            "76262de4fa2248c8a143c5df3d18b02c",
            "6262de4fa2248c8a143c5df3d18b",
            "262de4fa2248c8a143c5df3d18b0",
            "62de4fa2248c8a143c5df3d18b02",
            "2de4fa2248c8a143c5df3d18b02c",
            "de4fa2248c8a143c5df3d18b",
            "e4fa2248c8a143c5df3d18b0",
            "4fa2248c8a143c5df3d18b02",
            "fa2248c8a143c5df3d18b02c",
            "a2248c8a143c5df3d18b",
            "2248c8a143c5df3d18b0",
            "248c8a143c5df3d18b02",
            "48c8a143c5df3d18b02c",
            "8c8a143c5df3d18b",
            "c8a143c5df3d18b0",
            "8a143c5df3d18b02",
            "a143c5df3d18b02c",
            "143c5df3d18b",
            "43c5df3d18b0",
            "3c5df3d18b02",
            "c5df3d18b02c",
            "5df3d18b",
            "df3d18b0",
            "f3d18b02",
            "3d18b02c",
            "d18b",
            "18b0",
            "8b02",
            "b02c",
            "37ed1789cdf1452e91f3b74b6a25ab1d",
            "7ed1789cdf1452e91f3b74b6a25a",
            "ed1789cdf1452e91f3b74b6a25ab",
            "d1789cdf1452e91f3b74b6a25ab1",
            "1789cdf1452e91f3b74b6a25ab1d",
            "789cdf1452e91f3b74b6a25a",
            "89cdf1452e91f3b74b6a25ab",
            "9cdf1452e91f3b74b6a25ab1",
            "cdf1452e91f3b74b6a25ab1d",
            "df1452e91f3b74b6a25a",
            "f1452e91f3b74b6a25ab",
            "1452e91f3b74b6a25ab1",
            "452e91f3b74b6a25ab1d",
            "52e91f3b74b6a25a",
            "2e91f3b74b6a25ab",
            "e91f3b74b6a25ab1",
            "91f3b74b6a25ab1d",
            "1f3b74b6a25a",
            "f3b74b6a25ab",
            "3b74b6a25ab1",
            "b74b6a25ab1d",
            "74b6a25a",
            "4b6a25ab",
            "b6a25ab1",
            "6a25ab1d",
            "a25a",
            "25ab",
            "5ab1",
            "ab1d",
            "df61349e2fb145dab8f6fd4c3e6ed676",
            "f61349e2fb145dab8f6fd4c3e6ed",
            "61349e2fb145dab8f6fd4c3e6ed6",
            "1349e2fb145dab8f6fd4c3e6ed67",
            "349e2fb145dab8f6fd4c3e6ed676",
            "49e2fb145dab8f6fd4c3e6ed",
            "9e2fb145dab8f6fd4c3e6ed6",
            "e2fb145dab8f6fd4c3e6ed67",
            "2fb145dab8f6fd4c3e6ed676",
            "fb145dab8f6fd4c3e6ed",
            "b145dab8f6fd4c3e6ed6",
            "145dab8f6fd4c3e6ed67",
            "45dab8f6fd4c3e6ed676",
            "5dab8f6fd4c3e6ed",
            "dab8f6fd4c3e6ed6",
            "ab8f6fd4c3e6ed67",
            "b8f6fd4c3e6ed676",
            "8f6fd4c3e6ed",
            "f6fd4c3e6ed6",
            "6fd4c3e6ed67",
            "fd4c3e6ed676",
            "d4c3e6ed",
            "4c3e6ed6",
            "c3e6ed67",
            "3e6ed676",
            "e6ed",
            "6ed6",
            "ed67",
            "d676",
            "54dda453b94b4b8da0dd9680c199351e",
            "4dda453b94b4b8da0dd9680c1993",
            "dda453b94b4b8da0dd9680c19935",
            "da453b94b4b8da0dd9680c199351",
            "a453b94b4b8da0dd9680c199351e",
            "453b94b4b8da0dd9680c1993",
            "53b94b4b8da0dd9680c19935",
            "3b94b4b8da0dd9680c199351",
            "b94b4b8da0dd9680c199351e",
            "94b4b8da0dd9680c1993",
            "4b4b8da0dd9680c19935",
            "b4b8da0dd9680c199351",
            "4b8da0dd9680c199351e",
            "b8da0dd9680c1993",
            "8da0dd9680c19935",
            "da0dd9680c199351",
            "a0dd9680c199351e",
            "0dd9680c1993",
            "dd9680c19935",
            "d9680c199351",
            "9680c199351e",
            "680c1993",
            "80c19935",
            "0c199351",
            "c199351e",
            "1993",
            "9935",
            "9351",
            "351e",
            "86bce48724d64269bb2956c77d2c9ada",
            "6bce48724d64269bb2956c77d2c9",
            "bce48724d64269bb2956c77d2c9a",
            "ce48724d64269bb2956c77d2c9ad",
            "e48724d64269bb2956c77d2c9ada",
            "48724d64269bb2956c77d2c9",
            "8724d64269bb2956c77d2c9a",
            "724d64269bb2956c77d2c9ad",
            "24d64269bb2956c77d2c9ada",
            "4d64269bb2956c77d2c9",
            "d64269bb2956c77d2c9a",
            "64269bb2956c77d2c9ad",
            "4269bb2956c77d2c9ada",
            "269bb2956c77d2c9",
            "69bb2956c77d2c9a",
            "9bb2956c77d2c9ad",
            "bb2956c77d2c9ada",
            "b2956c77d2c9",
            "2956c77d2c9a",
            "956c77d2c9ad",
            "56c77d2c9ada",
            "6c77d2c9",
            "c77d2c9a",
            "77d2c9ad",
            "7d2c9ada",
            "d2c9",
            "2c9a",
            "c9ad",
            "9ada",
            "2a40c26cc43e4f488c79dd860f94ceca",
            "a40c26cc43e4f488c79dd860f94c",
            "40c26cc43e4f488c79dd860f94ce",
            "0c26cc43e4f488c79dd860f94cec",
            "c26cc43e4f488c79dd860f94ceca",
            "26cc43e4f488c79dd860f94c",
            "6cc43e4f488c79dd860f94ce",
            "cc43e4f488c79dd860f94cec",
            "c43e4f488c79dd860f94ceca",
            "43e4f488c79dd860f94c",
            "3e4f488c79dd860f94ce",
            "e4f488c79dd860f94cec",
            "4f488c79dd860f94ceca",
            "f488c79dd860f94c",
            "488c79dd860f94ce",
            "88c79dd860f94cec",
            "8c79dd860f94ceca",
            "c79dd860f94c",
            "79dd860f94ce",
            "9dd860f94cec",
            "dd860f94ceca",
            "d860f94c",
            "860f94ce",
            "60f94cec",
            "0f94ceca",
            "f94c",
            "94ce",
            "4cec",
            "ceca",
            "a60203533ed947458fcd418c6faee8a6",
            "60203533ed947458fcd418c6faee",
            "0203533ed947458fcd418c6faee8",
            "203533ed947458fcd418c6faee8a",
            "03533ed947458fcd418c6faee8a6",
            "3533ed947458fcd418c6faee",
            "533ed947458fcd418c6faee8",
            "33ed947458fcd418c6faee8a",
            "3ed947458fcd418c6faee8a6",
            "ed947458fcd418c6faee",
            "d947458fcd418c6faee8",
            "947458fcd418c6faee8a",
            "47458fcd418c6faee8a6",
            "7458fcd418c6faee",
            "458fcd418c6faee8",
            "58fcd418c6faee8a",
            "8fcd418c6faee8a6",
            "fcd418c6faee",
            "cd418c6faee8",
            "d418c6faee8a",
            "418c6faee8a6",
            "18c6faee",
            "8c6faee8",
            "c6faee8a",
            "6faee8a6",
            "faee",
            "aee8",
            "ee8a",
            "e8a6",
            "59e0f2643f9144f487a3ec082abe60cf",
            "9e0f2643f9144f487a3ec082abe6",
            "e0f2643f9144f487a3ec082abe60",
            "0f2643f9144f487a3ec082abe60c",
            "f2643f9144f487a3ec082abe60cf",
            "2643f9144f487a3ec082abe6",
            "643f9144f487a3ec082abe60",
            "43f9144f487a3ec082abe60c",
            "3f9144f487a3ec082abe60cf",
            "f9144f487a3ec082abe6",
            "9144f487a3ec082abe60",
            "144f487a3ec082abe60c",
            "44f487a3ec082abe60cf",
            "4f487a3ec082abe6",
            "f487a3ec082abe60",
            "487a3ec082abe60c",
            "87a3ec082abe60cf",
            "7a3ec082abe6",
            "a3ec082abe60",
            "3ec082abe60c",
            "ec082abe60cf",
            "c082abe6",
            "082abe60",
            "82abe60c",
            "2abe60cf",
            "abe6",
            "be60",
            "e60c",
            "60cf",
            "bc46424e3e2a414b87d3ded325ca4037",
            "c46424e3e2a414b87d3ded325ca4",
            "46424e3e2a414b87d3ded325ca40",
            "6424e3e2a414b87d3ded325ca403",
            "424e3e2a414b87d3ded325ca4037",
            "24e3e2a414b87d3ded325ca4",
            "4e3e2a414b87d3ded325ca40",
            "e3e2a414b87d3ded325ca403",
            "3e2a414b87d3ded325ca4037",
            "e2a414b87d3ded325ca4",
            "2a414b87d3ded325ca40",
            "a414b87d3ded325ca403",
            "414b87d3ded325ca4037",
            "14b87d3ded325ca4",
            "4b87d3ded325ca40",
            "b87d3ded325ca403",
            "87d3ded325ca4037",
            "7d3ded325ca4",
            "d3ded325ca40",
            "3ded325ca403",
            "ded325ca4037",
            "ed325ca4",
            "d325ca40",
            "325ca403",
            "25ca4037",
            "5ca4",
            "ca40",
            "a403",
            "4037",
            "348b346f247e4242a9955206ffe865e5",
            "48b346f247e4242a9955206ffe86",
            "8b346f247e4242a9955206ffe865",
            "b346f247e4242a9955206ffe865e",
            "346f247e4242a9955206ffe865e5",
            "46f247e4242a9955206ffe86",
            "6f247e4242a9955206ffe865",
            "f247e4242a9955206ffe865e",
            "247e4242a9955206ffe865e5",
            "47e4242a9955206ffe86",
            "7e4242a9955206ffe865",
            "e4242a9955206ffe865e",
            "4242a9955206ffe865e5",
            "242a9955206ffe86",
            "42a9955206ffe865",
            "2a9955206ffe865e",
            "a9955206ffe865e5",
            "9955206ffe86",
            "955206ffe865",
            "55206ffe865e",
            "5206ffe865e5",
            "206ffe86",
            "06ffe865",
            "6ffe865e",
            "ffe865e5",
            "fe86",
            "e865",
            "865e",
            "65e5",
            "e53253682c7a4a11b47ddf23c682759e",
            "53253682c7a4a11b47ddf23c6827",
            "3253682c7a4a11b47ddf23c68275",
            "253682c7a4a11b47ddf23c682759",
            "53682c7a4a11b47ddf23c682759e",
            "3682c7a4a11b47ddf23c6827",
            "682c7a4a11b47ddf23c68275",
            "82c7a4a11b47ddf23c682759",
            "2c7a4a11b47ddf23c682759e",
            "c7a4a11b47ddf23c6827",
            "7a4a11b47ddf23c68275",
            "a4a11b47ddf23c682759",
            "4a11b47ddf23c682759e",
            "a11b47ddf23c6827",
            "11b47ddf23c68275",
            "1b47ddf23c682759",
            "b47ddf23c682759e",
            "47ddf23c6827",
            "7ddf23c68275",
            "ddf23c682759",
            "df23c682759e",
            "f23c6827",
            "23c68275",
            "3c682759",
            "c682759e",
            "6827",
            "8275",
            "2759",
            "759e",
            "b67cb763f0104298a66947ad71ac7e95",
            "67cb763f0104298a66947ad71ac7",
            "7cb763f0104298a66947ad71ac7e",
            "cb763f0104298a66947ad71ac7e9",
            "b763f0104298a66947ad71ac7e95",
            "763f0104298a66947ad71ac7",
            "63f0104298a66947ad71ac7e",
            "3f0104298a66947ad71ac7e9",
            "f0104298a66947ad71ac7e95",
            "0104298a66947ad71ac7",
            "104298a66947ad71ac7e",
            "04298a66947ad71ac7e9",
            "4298a66947ad71ac7e95",
            "298a66947ad71ac7",
            "98a66947ad71ac7e",
            "8a66947ad71ac7e9",
            "a66947ad71ac7e95",
            "66947ad71ac7",
            "6947ad71ac7e",
            "947ad71ac7e9",
            "47ad71ac7e95",
            "7ad71ac7",
            "ad71ac7e",
            "d71ac7e9",
            "71ac7e95",
            "1ac7",
            "ac7e",
            "c7e9",
            "7e95",
            "2554099822f34631a849e9761bb1acd5",
            "554099822f34631a849e9761bb1a",
            "54099822f34631a849e9761bb1ac",
            "4099822f34631a849e9761bb1acd",
            "099822f34631a849e9761bb1acd5",
            "99822f34631a849e9761bb1a",
            "9822f34631a849e9761bb1ac",
            "822f34631a849e9761bb1acd",
            "22f34631a849e9761bb1acd5",
            "2f34631a849e9761bb1a",
            "f34631a849e9761bb1ac",
            "34631a849e9761bb1acd",
            "4631a849e9761bb1acd5",
            "631a849e9761bb1a",
            "31a849e9761bb1ac",
            "1a849e9761bb1acd",
            "a849e9761bb1acd5",
            "849e9761bb1a",
            "49e9761bb1ac",
            "9e9761bb1acd",
            "e9761bb1acd5",
            "9761bb1a",
            "761bb1ac",
            "61bb1acd",
            "1bb1acd5",
            "bb1a",
            "b1ac",
            "1acd",
            "acd5",
            "f2388ebc7a4f480f88350d91845094cb",
            "2388ebc7a4f480f88350d9184509",
            "388ebc7a4f480f88350d91845094",
            "88ebc7a4f480f88350d91845094c",
            "8ebc7a4f480f88350d91845094cb",
            "ebc7a4f480f88350d9184509",
            "bc7a4f480f88350d91845094",
            "c7a4f480f88350d91845094c",
            "7a4f480f88350d91845094cb",
            "a4f480f88350d9184509",
            "4f480f88350d91845094",
            "f480f88350d91845094c",
            "480f88350d91845094cb",
            "80f88350d9184509",
            "0f88350d91845094",
            "f88350d91845094c",
            "88350d91845094cb",
            "8350d9184509",
            "350d91845094",
            "50d91845094c",
            "0d91845094cb",
            "d9184509",
            "91845094",
            "1845094c",
            "845094cb",
            "4509",
            "5094",
            "094c",
            "94cb",
            "260d05322d1841a6a194d93139fa35ce",
            "60d05322d1841a6a194d93139fa3",
            "0d05322d1841a6a194d93139fa35",
            "d05322d1841a6a194d93139fa35c",
            "05322d1841a6a194d93139fa35ce",
            "5322d1841a6a194d93139fa3",
            "322d1841a6a194d93139fa35",
            "22d1841a6a194d93139fa35c",
            "2d1841a6a194d93139fa35ce",
            "d1841a6a194d93139fa3",
            "1841a6a194d93139fa35",
            "841a6a194d93139fa35c",
            "41a6a194d93139fa35ce",
            "1a6a194d93139fa3",
            "a6a194d93139fa35",
            "6a194d93139fa35c",
            "a194d93139fa35ce",
            "194d93139fa3",
            "94d93139fa35",
            "4d93139fa35c",
            "d93139fa35ce",
            "93139fa3",
            "3139fa35",
            "139fa35c",
            "39fa35ce",
            "9fa3",
            "fa35",
            "a35c",
            "35ce",
            "f10c8a0658784fe1b3493271f1ffbe90",
            "10c8a0658784fe1b3493271f1ffb",
            "0c8a0658784fe1b3493271f1ffbe",
            "c8a0658784fe1b3493271f1ffbe9",
            "8a0658784fe1b3493271f1ffbe90",
            "a0658784fe1b3493271f1ffb",
            "0658784fe1b3493271f1ffbe",
            "658784fe1b3493271f1ffbe9",
            "58784fe1b3493271f1ffbe90",
            "8784fe1b3493271f1ffb",
            "784fe1b3493271f1ffbe",
            "84fe1b3493271f1ffbe9",
            "4fe1b3493271f1ffbe90",
            "fe1b3493271f1ffb",
            "e1b3493271f1ffbe",
            "1b3493271f1ffbe9",
            "b3493271f1ffbe90",
            "3493271f1ffb",
            "493271f1ffbe",
            "93271f1ffbe9",
            "3271f1ffbe90",
            "271f1ffb",
            "71f1ffbe",
            "1f1ffbe9",
            "f1ffbe90",
            "1ffb",
            "ffbe",
            "fbe9",
            "be90",
            "84d4198945cf4b2297c4cb602118ff7f",
            "4d4198945cf4b2297c4cb602118f",
            "d4198945cf4b2297c4cb602118ff",
            "4198945cf4b2297c4cb602118ff7",
            "198945cf4b2297c4cb602118ff7f",
            "98945cf4b2297c4cb602118f",
            "8945cf4b2297c4cb602118ff",
            "945cf4b2297c4cb602118ff7",
            "45cf4b2297c4cb602118ff7f",
            "5cf4b2297c4cb602118f",
            "cf4b2297c4cb602118ff",
            "f4b2297c4cb602118ff7",
            "4b2297c4cb602118ff7f",
            "b2297c4cb602118f",
            "2297c4cb602118ff",
            "297c4cb602118ff7",
            "97c4cb602118ff7f",
            "7c4cb602118f",
            "c4cb602118ff",
            "4cb602118ff7",
            "cb602118ff7f",
            "b602118f",
            "602118ff",
            "02118ff7",
            "2118ff7f",
            "118f",
            "18ff",
            "8ff7",
            "ff7f",
            "a7bbe6fc6cd544e49dda0d4391772313",
            "7bbe6fc6cd544e49dda0d4391772",
            "bbe6fc6cd544e49dda0d43917723",
            "be6fc6cd544e49dda0d439177231",
            "e6fc6cd544e49dda0d4391772313",
            "6fc6cd544e49dda0d4391772",
            "fc6cd544e49dda0d43917723",
            "c6cd544e49dda0d439177231",
            "6cd544e49dda0d4391772313",
            "cd544e49dda0d4391772",
            "d544e49dda0d43917723",
            "544e49dda0d439177231",
            "44e49dda0d4391772313",
            "4e49dda0d4391772",
            "e49dda0d43917723",
            "49dda0d439177231",
            "9dda0d4391772313",
            "dda0d4391772",
            "da0d43917723",
            "a0d439177231",
            "0d4391772313",
            "d4391772",
            "43917723",
            "39177231",
            "91772313",
            "1772",
            "7723",
            "7231",
            "2313",
            "c93ab64aeb16472da89f1ccb114e96b2",
            "93ab64aeb16472da89f1ccb114e9",
            "3ab64aeb16472da89f1ccb114e96",
            "ab64aeb16472da89f1ccb114e96b",
            "b64aeb16472da89f1ccb114e96b2",
            "64aeb16472da89f1ccb114e9",
            "4aeb16472da89f1ccb114e96",
            "aeb16472da89f1ccb114e96b",
            "eb16472da89f1ccb114e96b2",
            "b16472da89f1ccb114e9",
            "16472da89f1ccb114e96",
            "6472da89f1ccb114e96b",
            "472da89f1ccb114e96b2",
            "72da89f1ccb114e9",
            "2da89f1ccb114e96",
            "da89f1ccb114e96b",
            "a89f1ccb114e96b2",
            "89f1ccb114e9",
            "9f1ccb114e96",
            "f1ccb114e96b",
            "1ccb114e96b2",
            "ccb114e9",
            "cb114e96",
            "b114e96b",
            "114e96b2",
            "14e9",
            "4e96",
            "e96b",
            "96b2",
            "9c5c5395f84a459e8804115137a9ba5e",
            "c5c5395f84a459e8804115137a9b",
            "5c5395f84a459e8804115137a9ba",
            "c5395f84a459e8804115137a9ba5",
            "5395f84a459e8804115137a9ba5e",
            "395f84a459e8804115137a9b",
            "95f84a459e8804115137a9ba",
            "5f84a459e8804115137a9ba5",
            "f84a459e8804115137a9ba5e",
            "84a459e8804115137a9b",
            "4a459e8804115137a9ba",
            "a459e8804115137a9ba5",
            "459e8804115137a9ba5e",
            "59e8804115137a9b",
            "9e8804115137a9ba",
            "e8804115137a9ba5",
            "8804115137a9ba5e",
            "804115137a9b",
            "04115137a9ba",
            "4115137a9ba5",
            "115137a9ba5e",
            "15137a9b",
            "5137a9ba",
            "137a9ba5",
            "37a9ba5e",
            "7a9b",
            "a9ba",
            "9ba5",
            "ba5e",
            "8b1e919bddc64c51abc011e9a7fd1682",
            "b1e919bddc64c51abc011e9a7fd1",
            "1e919bddc64c51abc011e9a7fd16",
            "e919bddc64c51abc011e9a7fd168",
            "919bddc64c51abc011e9a7fd1682",
            "19bddc64c51abc011e9a7fd1",
            "9bddc64c51abc011e9a7fd16",
            "bddc64c51abc011e9a7fd168",
            "ddc64c51abc011e9a7fd1682",
            "dc64c51abc011e9a7fd1",
            "c64c51abc011e9a7fd16",
            "64c51abc011e9a7fd168",
            "4c51abc011e9a7fd1682",
            "c51abc011e9a7fd1",
            "51abc011e9a7fd16",
            "1abc011e9a7fd168",
            "abc011e9a7fd1682",
            "bc011e9a7fd1",
            "c011e9a7fd16",
            "011e9a7fd168",
            "11e9a7fd1682",
            "1e9a7fd1",
            "e9a7fd16",
            "9a7fd168",
            "a7fd1682",
            "7fd1",
            "fd16",
            "d168",
            "1682",
            "0c4de8d8af714262b1a19f804407e32e",
            "c4de8d8af714262b1a19f804407e",
            "4de8d8af714262b1a19f804407e3",
            "de8d8af714262b1a19f804407e32",
            "e8d8af714262b1a19f804407e32e",
            "8d8af714262b1a19f804407e",
            "d8af714262b1a19f804407e3",
            "8af714262b1a19f804407e32",
            "af714262b1a19f804407e32e",
            "f714262b1a19f804407e",
            "714262b1a19f804407e3",
            "14262b1a19f804407e32",
            "4262b1a19f804407e32e",
            "262b1a19f804407e",
            "62b1a19f804407e3",
            "2b1a19f804407e32",
            "b1a19f804407e32e",
            "1a19f804407e",
            "a19f804407e3",
            "19f804407e32",
            "9f804407e32e",
            "f804407e",
            "804407e3",
            "04407e32",
            "4407e32e",
            "407e",
            "07e3",
            "7e32",
            "e32e",
            "21b9eec55517423db0eec64055879702",
            "1b9eec55517423db0eec64055879",
            "b9eec55517423db0eec640558797",
            "9eec55517423db0eec6405587970",
            "eec55517423db0eec64055879702",
            "ec55517423db0eec64055879",
            "c55517423db0eec640558797",
            "55517423db0eec6405587970",
            "5517423db0eec64055879702",
            "517423db0eec64055879",
            "17423db0eec640558797",
            "7423db0eec6405587970",
            "423db0eec64055879702",
            "23db0eec64055879",
            "3db0eec640558797",
            "db0eec6405587970",
            "b0eec64055879702",
            "0eec64055879",
            "eec640558797",
            "ec6405587970",
            "c64055879702",
            "64055879",
            "40558797",
            "05587970",
            "55879702",
            "5879",
            "8797",
            "7970",
            "9702",
            "0703956e92e24d799e36cb1bbf898ddc",
            "703956e92e24d799e36cb1bbf898",
            "03956e92e24d799e36cb1bbf898d",
            "3956e92e24d799e36cb1bbf898dd",
            "956e92e24d799e36cb1bbf898ddc",
            "56e92e24d799e36cb1bbf898",
            "6e92e24d799e36cb1bbf898d",
            "e92e24d799e36cb1bbf898dd",
            "92e24d799e36cb1bbf898ddc",
            "2e24d799e36cb1bbf898",
            "e24d799e36cb1bbf898d",
            "24d799e36cb1bbf898dd",
            "4d799e36cb1bbf898ddc",
            "d799e36cb1bbf898",
            "799e36cb1bbf898d",
            "99e36cb1bbf898dd",
            "9e36cb1bbf898ddc",
            "e36cb1bbf898",
            "36cb1bbf898d",
            "6cb1bbf898dd",
            "cb1bbf898ddc",
            "b1bbf898",
            "1bbf898d",
            "bbf898dd",
            "bf898ddc",
            "f898",
            "898d",
            "98dd",
            "8ddc",
            "b100b3aedbe24061ba9b1413dc641f58",
            "100b3aedbe24061ba9b1413dc641",
            "00b3aedbe24061ba9b1413dc641f",
            "0b3aedbe24061ba9b1413dc641f5",
            "b3aedbe24061ba9b1413dc641f58",
            "3aedbe24061ba9b1413dc641",
            "aedbe24061ba9b1413dc641f",
            "edbe24061ba9b1413dc641f5",
            "dbe24061ba9b1413dc641f58",
            "be24061ba9b1413dc641",
            "e24061ba9b1413dc641f",
            "24061ba9b1413dc641f5",
            "4061ba9b1413dc641f58",
            "061ba9b1413dc641",
            "61ba9b1413dc641f",
            "1ba9b1413dc641f5",
            "ba9b1413dc641f58",
            "a9b1413dc641",
            "9b1413dc641f",
            "b1413dc641f5",
            "1413dc641f58",
            "413dc641",
            "13dc641f",
            "3dc641f5",
            "dc641f58",
            "c641",
            "641f",
            "41f5",
            "1f58",
            "cc8cfff1b6e44e8583f824f322c8ef27",
            "c8cfff1b6e44e8583f824f322c8e",
            "8cfff1b6e44e8583f824f322c8ef",
            "cfff1b6e44e8583f824f322c8ef2",
            "fff1b6e44e8583f824f322c8ef27",
            "ff1b6e44e8583f824f322c8e",
            "f1b6e44e8583f824f322c8ef",
            "1b6e44e8583f824f322c8ef2",
            "b6e44e8583f824f322c8ef27",
            "6e44e8583f824f322c8e",
            "e44e8583f824f322c8ef",
            "44e8583f824f322c8ef2",
            "4e8583f824f322c8ef27",
            "e8583f824f322c8e",
            "8583f824f322c8ef",
            "583f824f322c8ef2",
            "83f824f322c8ef27",
            "3f824f322c8e",
            "f824f322c8ef",
            "824f322c8ef2",
            "24f322c8ef27",
            "4f322c8e",
            "f322c8ef",
            "322c8ef2",
            "22c8ef27",
            "2c8e",
            "c8ef",
            "8ef2",
            "ef27",
            "16fbc231e6324a0f95e337cd94956537",
            "6fbc231e6324a0f95e337cd94956",
            "fbc231e6324a0f95e337cd949565",
            "bc231e6324a0f95e337cd9495653",
            "c231e6324a0f95e337cd94956537",
            "231e6324a0f95e337cd94956",
            "31e6324a0f95e337cd949565",
            "1e6324a0f95e337cd9495653",
            "e6324a0f95e337cd94956537",
            "6324a0f95e337cd94956",
            "324a0f95e337cd949565",
            "24a0f95e337cd9495653",
            "4a0f95e337cd94956537",
            "a0f95e337cd94956",
            "0f95e337cd949565",
            "f95e337cd9495653",
            "95e337cd94956537",
            "5e337cd94956",
            "e337cd949565",
            "337cd9495653",
            "37cd94956537",
            "7cd94956",
            "cd949565",
            "d9495653",
            "94956537",
            "4956",
            "9565",
            "5653",
            "6537",
            "0bdfe8a4b5ee4823ba8f5fab173fe7ea",
            "bdfe8a4b5ee4823ba8f5fab173fe",
            "dfe8a4b5ee4823ba8f5fab173fe7",
            "fe8a4b5ee4823ba8f5fab173fe7e",
            "e8a4b5ee4823ba8f5fab173fe7ea",
            "8a4b5ee4823ba8f5fab173fe",
            "a4b5ee4823ba8f5fab173fe7",
            "4b5ee4823ba8f5fab173fe7e",
            "b5ee4823ba8f5fab173fe7ea",
            "5ee4823ba8f5fab173fe",
            "ee4823ba8f5fab173fe7",
            "e4823ba8f5fab173fe7e",
            "4823ba8f5fab173fe7ea",
            "823ba8f5fab173fe",
            "23ba8f5fab173fe7",
            "3ba8f5fab173fe7e",
            "ba8f5fab173fe7ea",
            "a8f5fab173fe",
            "8f5fab173fe7",
            "f5fab173fe7e",
            "5fab173fe7ea",
            "fab173fe",
            "ab173fe7",
            "b173fe7e",
            "173fe7ea",
            "73fe",
            "3fe7",
            "fe7e",
            "e7ea",
            "23302c9ec60546d88321a7fb1d16a3f4",
            "3302c9ec60546d88321a7fb1d16a",
            "302c9ec60546d88321a7fb1d16a3",
            "02c9ec60546d88321a7fb1d16a3f",
            "2c9ec60546d88321a7fb1d16a3f4",
            "c9ec60546d88321a7fb1d16a",
            "9ec60546d88321a7fb1d16a3",
            "ec60546d88321a7fb1d16a3f",
            "c60546d88321a7fb1d16a3f4",
            "60546d88321a7fb1d16a",
            "0546d88321a7fb1d16a3",
            "546d88321a7fb1d16a3f",
            "46d88321a7fb1d16a3f4",
            "6d88321a7fb1d16a",
            "d88321a7fb1d16a3",
            "88321a7fb1d16a3f",
            "8321a7fb1d16a3f4",
            "321a7fb1d16a",
            "21a7fb1d16a3",
            "1a7fb1d16a3f",
            "a7fb1d16a3f4",
            "7fb1d16a",
            "fb1d16a3",
            "b1d16a3f",
            "1d16a3f4",
            "d16a",
            "16a3",
            "6a3f",
            "a3f4",
            "6b3bca204be341f38b750153c4202232",
            "b3bca204be341f38b750153c4202",
            "3bca204be341f38b750153c42022",
            "bca204be341f38b750153c420223",
            "ca204be341f38b750153c4202232",
            "a204be341f38b750153c4202",
            "204be341f38b750153c42022",
            "04be341f38b750153c420223",
            "4be341f38b750153c4202232",
            "be341f38b750153c4202",
            "e341f38b750153c42022",
            "341f38b750153c420223",
            "41f38b750153c4202232",
            "1f38b750153c4202",
            "f38b750153c42022",
            "38b750153c420223",
            "8b750153c4202232",
            "b750153c4202",
            "750153c42022",
            "50153c420223",
            "0153c4202232",
            "153c4202",
            "53c42022",
            "3c420223",
            "c4202232",
            "4202",
            "2022",
            "0223",
            "2232",
            "05e0ee85c1c04918b6940ed1408a6fea",
            "5e0ee85c1c04918b6940ed1408a6",
            "e0ee85c1c04918b6940ed1408a6f",
            "0ee85c1c04918b6940ed1408a6fe",
            "ee85c1c04918b6940ed1408a6fea",
            "e85c1c04918b6940ed1408a6",
            "85c1c04918b6940ed1408a6f",
            "5c1c04918b6940ed1408a6fe",
            "c1c04918b6940ed1408a6fea",
            "1c04918b6940ed1408a6",
            "c04918b6940ed1408a6f",
            "04918b6940ed1408a6fe",
            "4918b6940ed1408a6fea",
            "918b6940ed1408a6",
            "18b6940ed1408a6f",
            "8b6940ed1408a6fe",
            "b6940ed1408a6fea",
            "6940ed1408a6",
            "940ed1408a6f",
            "40ed1408a6fe",
            "0ed1408a6fea",
            "ed1408a6",
            "d1408a6f",
            "1408a6fe",
            "408a6fea",
            "08a6",
            "8a6f",
            "a6fe",
            "6fea",
            "099b6c92f24e435c8eb7a89478bacfef",
            "99b6c92f24e435c8eb7a89478bac",
            "9b6c92f24e435c8eb7a89478bacf",
            "b6c92f24e435c8eb7a89478bacfe",
            "6c92f24e435c8eb7a89478bacfef",
            "c92f24e435c8eb7a89478bac",
            "92f24e435c8eb7a89478bacf",
            "2f24e435c8eb7a89478bacfe",
            "f24e435c8eb7a89478bacfef",
            "24e435c8eb7a89478bac",
            "4e435c8eb7a89478bacf",
            "e435c8eb7a89478bacfe",
            "435c8eb7a89478bacfef",
            "35c8eb7a89478bac",
            "5c8eb7a89478bacf",
            "c8eb7a89478bacfe",
            "8eb7a89478bacfef",
            "eb7a89478bac",
            "b7a89478bacf",
            "7a89478bacfe",
            "a89478bacfef",
            "89478bac",
            "9478bacf",
            "478bacfe",
            "78bacfef",
            "8bac",
            "bacf",
            "acfe",
            "cfef",
            "090d88bfc897461994e985d70ffcfde0",
            "90d88bfc897461994e985d70ffcf",
            "0d88bfc897461994e985d70ffcfd",
            "d88bfc897461994e985d70ffcfde",
            "88bfc897461994e985d70ffcfde0",
            "8bfc897461994e985d70ffcf",
            "bfc897461994e985d70ffcfd",
            "fc897461994e985d70ffcfde",
            "c897461994e985d70ffcfde0",
            "897461994e985d70ffcf",
            "97461994e985d70ffcfd",
            "7461994e985d70ffcfde",
            "461994e985d70ffcfde0",
            "61994e985d70ffcf",
            "1994e985d70ffcfd",
            "994e985d70ffcfde",
            "94e985d70ffcfde0",
            "4e985d70ffcf",
            "e985d70ffcfd",
            "985d70ffcfde",
            "85d70ffcfde0",
            "5d70ffcf",
            "d70ffcfd",
            "70ffcfde",
            "0ffcfde0",
            "ffcf",
            "fcfd",
            "cfde",
            "fde0",
            "537dc3ed79034ac59134387c9b881111",
            "37dc3ed79034ac59134387c9b881",
            "7dc3ed79034ac59134387c9b8811",
            "dc3ed79034ac59134387c9b88111",
            "c3ed79034ac59134387c9b881111",
            "3ed79034ac59134387c9b881",
            "ed79034ac59134387c9b8811",
            "d79034ac59134387c9b88111",
            "79034ac59134387c9b881111",
            "9034ac59134387c9b881",
            "034ac59134387c9b8811",
            "34ac59134387c9b88111",
            "4ac59134387c9b881111",
            "ac59134387c9b881",
            "c59134387c9b8811",
            "59134387c9b88111",
            "9134387c9b881111",
            "134387c9b881",
            "34387c9b8811",
            "4387c9b88111",
            "387c9b881111",
            "87c9b881",
            "7c9b8811",
            "c9b88111",
            "9b881111",
            "b881",
            "8811",
            "8111",
            "1111",
            "2b6568ccadc84e259d04a7c00d87fcae",
            "b6568ccadc84e259d04a7c00d87f",
            "6568ccadc84e259d04a7c00d87fc",
            "568ccadc84e259d04a7c00d87fca",
            "68ccadc84e259d04a7c00d87fcae",
            "8ccadc84e259d04a7c00d87f",
            "ccadc84e259d04a7c00d87fc",
            "cadc84e259d04a7c00d87fca",
            "adc84e259d04a7c00d87fcae",
            "dc84e259d04a7c00d87f",
            "c84e259d04a7c00d87fc",
            "84e259d04a7c00d87fca",
            "4e259d04a7c00d87fcae",
            "e259d04a7c00d87f",
            "259d04a7c00d87fc",
            "59d04a7c00d87fca",
            "9d04a7c00d87fcae",
            "d04a7c00d87f",
            "04a7c00d87fc",
            "4a7c00d87fca",
            "a7c00d87fcae",
            "7c00d87f",
            "c00d87fc",
            "00d87fca",
            "0d87fcae",
            "d87f",
            "87fc",
            "7fca",
            "fcae",
            "1eadf726b4764fd98a7c4ec89080a252",
            "eadf726b4764fd98a7c4ec89080a",
            "adf726b4764fd98a7c4ec89080a2",
            "df726b4764fd98a7c4ec89080a25",
            "f726b4764fd98a7c4ec89080a252",
            "726b4764fd98a7c4ec89080a",
            "26b4764fd98a7c4ec89080a2",
            "6b4764fd98a7c4ec89080a25",
            "b4764fd98a7c4ec89080a252",
            "4764fd98a7c4ec89080a",
            "764fd98a7c4ec89080a2",
            "64fd98a7c4ec89080a25",
            "4fd98a7c4ec89080a252",
            "fd98a7c4ec89080a",
            "d98a7c4ec89080a2",
            "98a7c4ec89080a25",
            "8a7c4ec89080a252",
            "a7c4ec89080a",
            "7c4ec89080a2",
            "c4ec89080a25",
            "4ec89080a252",
            "ec89080a",
            "c89080a2",
            "89080a25",
            "9080a252",
            "080a",
            "80a2",
            "0a25",
            "a252",
            "c3c3ae08b0dd411799d3d0f8cdaeb9d1",
            "3c3ae08b0dd411799d3d0f8cdaeb",
            "c3ae08b0dd411799d3d0f8cdaeb9",
            "3ae08b0dd411799d3d0f8cdaeb9d",
            "ae08b0dd411799d3d0f8cdaeb9d1",
            "e08b0dd411799d3d0f8cdaeb",
            "08b0dd411799d3d0f8cdaeb9",
            "8b0dd411799d3d0f8cdaeb9d",
            "b0dd411799d3d0f8cdaeb9d1",
            "0dd411799d3d0f8cdaeb",
            "dd411799d3d0f8cdaeb9",
            "d411799d3d0f8cdaeb9d",
            "411799d3d0f8cdaeb9d1",
            "11799d3d0f8cdaeb",
            "1799d3d0f8cdaeb9",
            "799d3d0f8cdaeb9d",
            "99d3d0f8cdaeb9d1",
            "9d3d0f8cdaeb",
            "d3d0f8cdaeb9",
            "3d0f8cdaeb9d",
            "d0f8cdaeb9d1",
            "0f8cdaeb",
            "f8cdaeb9",
            "8cdaeb9d",
            "cdaeb9d1",
            "daeb",
            "aeb9",
            "eb9d",
            "b9d1",
            "5167f2f3020c4e0fa8a7a656e771b6df",
            "167f2f3020c4e0fa8a7a656e771b",
            "67f2f3020c4e0fa8a7a656e771b6",
            "7f2f3020c4e0fa8a7a656e771b6d",
            "f2f3020c4e0fa8a7a656e771b6df",
            "2f3020c4e0fa8a7a656e771b",
            "f3020c4e0fa8a7a656e771b6",
            "3020c4e0fa8a7a656e771b6d",
            "020c4e0fa8a7a656e771b6df",
            "20c4e0fa8a7a656e771b",
            "0c4e0fa8a7a656e771b6",
            "c4e0fa8a7a656e771b6d",
            "4e0fa8a7a656e771b6df",
            "e0fa8a7a656e771b",
            "0fa8a7a656e771b6",
            "fa8a7a656e771b6d",
            "a8a7a656e771b6df",
            "8a7a656e771b",
            "a7a656e771b6",
            "7a656e771b6d",
            "a656e771b6df",
            "656e771b",
            "56e771b6",
            "6e771b6d",
            "e771b6df",
            "771b",
            "71b6",
            "1b6d",
            "b6df",
            "cce8e0cf85b04df38df95bf0befa5be3",
            "ce8e0cf85b04df38df95bf0befa5",
            "e8e0cf85b04df38df95bf0befa5b",
            "8e0cf85b04df38df95bf0befa5be",
            "e0cf85b04df38df95bf0befa5be3",
            "0cf85b04df38df95bf0befa5",
            "cf85b04df38df95bf0befa5b",
            "f85b04df38df95bf0befa5be",
            "85b04df38df95bf0befa5be3",
            "5b04df38df95bf0befa5",
            "b04df38df95bf0befa5b",
            "04df38df95bf0befa5be",
            "4df38df95bf0befa5be3",
            "df38df95bf0befa5",
            "f38df95bf0befa5b",
            "38df95bf0befa5be",
            "8df95bf0befa5be3",
            "df95bf0befa5",
            "f95bf0befa5b",
            "95bf0befa5be",
            "5bf0befa5be3",
            "bf0befa5",
            "f0befa5b",
            "0befa5be",
            "befa5be3",
            "efa5",
            "fa5b",
            "a5be",
            "5be3",
            "24d93d9841994e91b187681af280e75d",
            "4d93d9841994e91b187681af280e",
            "d93d9841994e91b187681af280e7",
            "93d9841994e91b187681af280e75",
            "3d9841994e91b187681af280e75d",
            "d9841994e91b187681af280e",
            "9841994e91b187681af280e7",
            "841994e91b187681af280e75",
            "41994e91b187681af280e75d",
            "1994e91b187681af280e",
            "994e91b187681af280e7",
            "94e91b187681af280e75",
            "4e91b187681af280e75d",
            "e91b187681af280e",
            "91b187681af280e7",
            "1b187681af280e75",
            "b187681af280e75d",
            "187681af280e",
            "87681af280e7",
            "7681af280e75",
            "681af280e75d",
            "81af280e",
            "1af280e7",
            "af280e75",
            "f280e75d",
            "280e",
            "80e7",
            "0e75",
            "e75d",
            "e386099634664e97bbbe0a993593a654",
            "386099634664e97bbbe0a993593a",
            "86099634664e97bbbe0a993593a6",
            "6099634664e97bbbe0a993593a65",
            "099634664e97bbbe0a993593a654",
            "99634664e97bbbe0a993593a",
            "9634664e97bbbe0a993593a6",
            "634664e97bbbe0a993593a65",
            "34664e97bbbe0a993593a654",
            "4664e97bbbe0a993593a",
            "664e97bbbe0a993593a6",
            "64e97bbbe0a993593a65",
            "4e97bbbe0a993593a654",
            "e97bbbe0a993593a",
            "97bbbe0a993593a6",
            "7bbbe0a993593a65",
            "bbbe0a993593a654",
            "bbe0a993593a",
            "be0a993593a6",
            "e0a993593a65",
            "0a993593a654",
            "a993593a",
            "993593a6",
            "93593a65",
            "3593a654",
            "593a",
            "93a6",
            "3a65",
            "a654",
            "d396ac4327504576ac4495334d894fd8",
            "396ac4327504576ac4495334d894",
            "96ac4327504576ac4495334d894f",
            "6ac4327504576ac4495334d894fd",
            "ac4327504576ac4495334d894fd8",
            "c4327504576ac4495334d894",
            "4327504576ac4495334d894f",
            "327504576ac4495334d894fd",
            "27504576ac4495334d894fd8",
            "7504576ac4495334d894",
            "504576ac4495334d894f",
            "04576ac4495334d894fd",
            "4576ac4495334d894fd8",
            "576ac4495334d894",
            "76ac4495334d894f",
            "6ac4495334d894fd",
            "ac4495334d894fd8",
            "c4495334d894",
            "4495334d894f",
            "495334d894fd",
            "95334d894fd8",
            "5334d894",
            "334d894f",
            "34d894fd",
            "4d894fd8",
            "d894",
            "894f",
            "94fd",
            "4fd8",
            "ab4742156ed3431e90df3d90c0b8d12e",
            "b4742156ed3431e90df3d90c0b8d",
            "4742156ed3431e90df3d90c0b8d1",
            "742156ed3431e90df3d90c0b8d12",
            "42156ed3431e90df3d90c0b8d12e",
            "2156ed3431e90df3d90c0b8d",
            "156ed3431e90df3d90c0b8d1",
            "56ed3431e90df3d90c0b8d12",
            "6ed3431e90df3d90c0b8d12e",
            "ed3431e90df3d90c0b8d",
            "d3431e90df3d90c0b8d1",
            "3431e90df3d90c0b8d12",
            "431e90df3d90c0b8d12e",
            "31e90df3d90c0b8d",
            "1e90df3d90c0b8d1",
            "e90df3d90c0b8d12",
            "90df3d90c0b8d12e",
            "0df3d90c0b8d",
            "df3d90c0b8d1",
            "f3d90c0b8d12",
            "3d90c0b8d12e",
            "d90c0b8d",
            "90c0b8d1",
            "0c0b8d12",
            "c0b8d12e",
            "0b8d",
            "b8d1",
            "8d12",
            "d12e",
            "c98a1b611d3d48d8a27df90e65f8c4cd",
            "98a1b611d3d48d8a27df90e65f8c",
            "8a1b611d3d48d8a27df90e65f8c4",
            "a1b611d3d48d8a27df90e65f8c4c",
            "1b611d3d48d8a27df90e65f8c4cd",
            "b611d3d48d8a27df90e65f8c",
            "611d3d48d8a27df90e65f8c4",
            "11d3d48d8a27df90e65f8c4c",
            "1d3d48d8a27df90e65f8c4cd",
            "d3d48d8a27df90e65f8c",
            "3d48d8a27df90e65f8c4",
            "d48d8a27df90e65f8c4c",
            "48d8a27df90e65f8c4cd",
            "8d8a27df90e65f8c",
            "d8a27df90e65f8c4",
            "8a27df90e65f8c4c",
            "a27df90e65f8c4cd",
            "27df90e65f8c",
            "7df90e65f8c4",
            "df90e65f8c4c",
            "f90e65f8c4cd",
            "90e65f8c",
            "0e65f8c4",
            "e65f8c4c",
            "65f8c4cd",
            "5f8c",
            "f8c4",
            "8c4c",
            "c4cd",
            "b48b124274464683b60fda75027ce738",
            "48b124274464683b60fda75027ce",
            "8b124274464683b60fda75027ce7",
            "b124274464683b60fda75027ce73",
            "124274464683b60fda75027ce738",
            "24274464683b60fda75027ce",
            "4274464683b60fda75027ce7",
            "274464683b60fda75027ce73",
            "74464683b60fda75027ce738",
            "4464683b60fda75027ce",
            "464683b60fda75027ce7",
            "64683b60fda75027ce73",
            "4683b60fda75027ce738",
            "683b60fda75027ce",
            "83b60fda75027ce7",
            "3b60fda75027ce73",
            "b60fda75027ce738",
            "60fda75027ce",
            "0fda75027ce7",
            "fda75027ce73",
            "da75027ce738",
            "a75027ce",
            "75027ce7",
            "5027ce73",
            "027ce738",
            "27ce",
            "7ce7",
            "ce73",
            "e738",
            "f490530347ef42d185a76a667f571c89",
            "490530347ef42d185a76a667f571",
            "90530347ef42d185a76a667f571c",
            "0530347ef42d185a76a667f571c8",
            "530347ef42d185a76a667f571c89",
            "30347ef42d185a76a667f571",
            "0347ef42d185a76a667f571c",
            "347ef42d185a76a667f571c8",
            "47ef42d185a76a667f571c89",
            "7ef42d185a76a667f571",
            "ef42d185a76a667f571c",
            "f42d185a76a667f571c8",
            "42d185a76a667f571c89",
            "2d185a76a667f571",
            "d185a76a667f571c",
            "185a76a667f571c8",
            "85a76a667f571c89",
            "5a76a667f571",
            "a76a667f571c",
            "76a667f571c8",
            "6a667f571c89",
            "a667f571",
            "667f571c",
            "67f571c8",
            "7f571c89",
            "571c",
            "71c8",
            "1c89",
            "b3952c5eaf90463aad06e57e66d22ad8",
            "3952c5eaf90463aad06e57e66d22",
            "952c5eaf90463aad06e57e66d22a",
            "52c5eaf90463aad06e57e66d22ad",
            "2c5eaf90463aad06e57e66d22ad8",
            "c5eaf90463aad06e57e66d22",
            "5eaf90463aad06e57e66d22a",
            "eaf90463aad06e57e66d22ad",
            "af90463aad06e57e66d22ad8",
            "f90463aad06e57e66d22",
            "90463aad06e57e66d22a",
            "0463aad06e57e66d22ad",
            "463aad06e57e66d22ad8",
            "63aad06e57e66d22",
            "3aad06e57e66d22a",
            "aad06e57e66d22ad",
            "ad06e57e66d22ad8",
            "d06e57e66d22",
            "06e57e66d22a",
            "6e57e66d22ad",
            "e57e66d22ad8",
            "57e66d22",
            "7e66d22a",
            "e66d22ad",
            "66d22ad8",
            "6d22",
            "d22a",
            "22ad",
            "2ad8",
            "7872215e9cc440f390d079c7867a1d5b",
            "872215e9cc440f390d079c7867a1",
            "72215e9cc440f390d079c7867a1d",
            "2215e9cc440f390d079c7867a1d5",
            "215e9cc440f390d079c7867a1d5b",
            "15e9cc440f390d079c7867a1",
            "5e9cc440f390d079c7867a1d",
            "e9cc440f390d079c7867a1d5",
            "9cc440f390d079c7867a1d5b",
            "cc440f390d079c7867a1",
            "c440f390d079c7867a1d",
            "440f390d079c7867a1d5",
            "40f390d079c7867a1d5b",
            "0f390d079c7867a1",
            "f390d079c7867a1d",
            "390d079c7867a1d5",
            "90d079c7867a1d5b",
            "0d079c7867a1",
            "d079c7867a1d",
            "079c7867a1d5",
            "79c7867a1d5b",
            "9c7867a1",
            "c7867a1d",
            "7867a1d5",
            "867a1d5b",
            "67a1",
            "7a1d",
            "a1d5",
            "1d5b",
            "89a266a2ebd140cbae6c02dd044e0400",
            "9a266a2ebd140cbae6c02dd044e0",
            "a266a2ebd140cbae6c02dd044e04",
            "266a2ebd140cbae6c02dd044e040",
            "66a2ebd140cbae6c02dd044e0400",
            "6a2ebd140cbae6c02dd044e0",
            "a2ebd140cbae6c02dd044e04",
            "2ebd140cbae6c02dd044e040",
            "ebd140cbae6c02dd044e0400",
            "bd140cbae6c02dd044e0",
            "d140cbae6c02dd044e04",
            "140cbae6c02dd044e040",
            "40cbae6c02dd044e0400",
            "0cbae6c02dd044e0",
            "cbae6c02dd044e04",
            "bae6c02dd044e040",
            "ae6c02dd044e0400",
            "e6c02dd044e0",
            "6c02dd044e04",
            "c02dd044e040",
            "02dd044e0400",
            "2dd044e0",
            "dd044e04",
            "d044e040",
            "044e0400",
            "44e0",
            "4e04",
            "e040",
            "0400",
            "4163e908fb484acebc656613fcc69fd3",
            "163e908fb484acebc656613fcc69",
            "63e908fb484acebc656613fcc69f",
            "3e908fb484acebc656613fcc69fd",
            "e908fb484acebc656613fcc69fd3",
            "908fb484acebc656613fcc69",
            "08fb484acebc656613fcc69f",
            "8fb484acebc656613fcc69fd",
            "fb484acebc656613fcc69fd3",
            "b484acebc656613fcc69",
            "484acebc656613fcc69f",
            "84acebc656613fcc69fd",
            "4acebc656613fcc69fd3",
            "acebc656613fcc69",
            "cebc656613fcc69f",
            "ebc656613fcc69fd",
            "bc656613fcc69fd3",
            "c656613fcc69",
            "656613fcc69f",
            "56613fcc69fd",
            "6613fcc69fd3",
            "613fcc69",
            "13fcc69f",
            "3fcc69fd",
            "fcc69fd3",
            "cc69",
            "c69f",
            "69fd",
            "9fd3",
            "64bc0d950f994adfac79a0cf7dcd0307",
            "4bc0d950f994adfac79a0cf7dcd0",
            "bc0d950f994adfac79a0cf7dcd03",
            "c0d950f994adfac79a0cf7dcd030",
            "0d950f994adfac79a0cf7dcd0307",
            "d950f994adfac79a0cf7dcd0",
            "950f994adfac79a0cf7dcd03",
            "50f994adfac79a0cf7dcd030",
            "0f994adfac79a0cf7dcd0307",
            "f994adfac79a0cf7dcd0",
            "994adfac79a0cf7dcd03",
            "94adfac79a0cf7dcd030",
            "4adfac79a0cf7dcd0307",
            "adfac79a0cf7dcd0",
            "dfac79a0cf7dcd03",
            "fac79a0cf7dcd030",
            "ac79a0cf7dcd0307",
            "c79a0cf7dcd0",
            "79a0cf7dcd03",
            "9a0cf7dcd030",
            "a0cf7dcd0307",
            "0cf7dcd0",
            "cf7dcd03",
            "f7dcd030",
            "7dcd0307",
            "dcd0",
            "cd03",
            "d030",
            "0307",
            "073f39878b9445e680251b5873d423a3",
            "73f39878b9445e680251b5873d42",
            "3f39878b9445e680251b5873d423",
            "f39878b9445e680251b5873d423a",
            "39878b9445e680251b5873d423a3",
            "9878b9445e680251b5873d42",
            "878b9445e680251b5873d423",
            "78b9445e680251b5873d423a",
            "8b9445e680251b5873d423a3",
            "b9445e680251b5873d42",
            "9445e680251b5873d423",
            "445e680251b5873d423a",
            "45e680251b5873d423a3",
            "5e680251b5873d42",
            "e680251b5873d423",
            "680251b5873d423a",
            "80251b5873d423a3",
            "0251b5873d42",
            "251b5873d423",
            "51b5873d423a",
            "1b5873d423a3",
            "b5873d42",
            "5873d423",
            "873d423a",
            "73d423a3",
            "3d42",
            "d423",
            "423a",
            "23a3",
            "9b77a2f3ca2c4c0bb444196b41a00a53",
            "b77a2f3ca2c4c0bb444196b41a00",
            "77a2f3ca2c4c0bb444196b41a00a",
            "7a2f3ca2c4c0bb444196b41a00a5",
            "a2f3ca2c4c0bb444196b41a00a53",
            "2f3ca2c4c0bb444196b41a00",
            "f3ca2c4c0bb444196b41a00a",
            "3ca2c4c0bb444196b41a00a5",
            "ca2c4c0bb444196b41a00a53",
            "a2c4c0bb444196b41a00",
            "2c4c0bb444196b41a00a",
            "c4c0bb444196b41a00a5",
            "4c0bb444196b41a00a53",
            "c0bb444196b41a00",
            "0bb444196b41a00a",
            "bb444196b41a00a5",
            "b444196b41a00a53",
            "444196b41a00",
            "44196b41a00a",
            "4196b41a00a5",
            "196b41a00a53",
            "96b41a00",
            "6b41a00a",
            "b41a00a5",
            "41a00a53",
            "1a00",
            "a00a",
            "00a5",
            "0a53",
            "8394028c75be407da3d985eee62ffdc1",
            "394028c75be407da3d985eee62ff",
            "94028c75be407da3d985eee62ffd",
            "4028c75be407da3d985eee62ffdc",
            "028c75be407da3d985eee62ffdc1",
            "28c75be407da3d985eee62ff",
            "8c75be407da3d985eee62ffd",
            "c75be407da3d985eee62ffdc",
            "75be407da3d985eee62ffdc1",
            "5be407da3d985eee62ff",
            "be407da3d985eee62ffd",
            "e407da3d985eee62ffdc",
            "407da3d985eee62ffdc1",
            "07da3d985eee62ff",
            "7da3d985eee62ffd",
            "da3d985eee62ffdc",
            "a3d985eee62ffdc1",
            "3d985eee62ff",
            "d985eee62ffd",
            "985eee62ffdc",
            "85eee62ffdc1",
            "5eee62ff",
            "eee62ffd",
            "ee62ffdc",
            "e62ffdc1",
            "62ff",
            "2ffd",
            "ffdc",
            "fdc1",
            "1d96bec8186b425a8cde007fccb865a4",
            "d96bec8186b425a8cde007fccb86",
            "96bec8186b425a8cde007fccb865",
            "6bec8186b425a8cde007fccb865a",
            "bec8186b425a8cde007fccb865a4",
            "ec8186b425a8cde007fccb86",
            "c8186b425a8cde007fccb865",
            "8186b425a8cde007fccb865a",
            "186b425a8cde007fccb865a4",
            "86b425a8cde007fccb86",
            "6b425a8cde007fccb865",
            "b425a8cde007fccb865a",
            "425a8cde007fccb865a4",
            "25a8cde007fccb86",
            "5a8cde007fccb865",
            "a8cde007fccb865a",
            "8cde007fccb865a4",
            "cde007fccb86",
            "de007fccb865",
            "e007fccb865a",
            "007fccb865a4",
            "07fccb86",
            "7fccb865",
            "fccb865a",
            "ccb865a4",
            "cb86",
            "b865",
            "865a",
            "65a4",
            "543225697b084a078a721cb481490088",
            "43225697b084a078a721cb481490",
            "3225697b084a078a721cb4814900",
            "225697b084a078a721cb48149008",
            "25697b084a078a721cb481490088",
            "5697b084a078a721cb481490",
            "697b084a078a721cb4814900",
            "97b084a078a721cb48149008",
            "7b084a078a721cb481490088",
            "b084a078a721cb481490",
            "084a078a721cb4814900",
            "84a078a721cb48149008",
            "4a078a721cb481490088",
            "a078a721cb481490",
            "078a721cb4814900",
            "78a721cb48149008",
            "8a721cb481490088",
            "a721cb481490",
            "721cb4814900",
            "21cb48149008",
            "1cb481490088",
            "cb481490",
            "b4814900",
            "48149008",
            "81490088",
            "1490",
            "4900",
            "9008",
            "0088",
            "7d9b0d8a7456498d83122816cf925b6c",
            "d9b0d8a7456498d83122816cf925",
            "9b0d8a7456498d83122816cf925b",
            "b0d8a7456498d83122816cf925b6",
            "0d8a7456498d83122816cf925b6c",
            "d8a7456498d83122816cf925",
            "8a7456498d83122816cf925b",
            "a7456498d83122816cf925b6",
            "7456498d83122816cf925b6c",
            "456498d83122816cf925",
            "56498d83122816cf925b",
            "6498d83122816cf925b6",
            "498d83122816cf925b6c",
            "98d83122816cf925",
            "8d83122816cf925b",
            "d83122816cf925b6",
            "83122816cf925b6c",
            "3122816cf925",
            "122816cf925b",
            "22816cf925b6",
            "2816cf925b6c",
            "816cf925",
            "16cf925b",
            "6cf925b6",
            "cf925b6c",
            "f925",
            "925b",
            "25b6",
            "5b6c",
            "f6b6684a3f3a49d49b9234e4f37f3bd1",
            "6b6684a3f3a49d49b9234e4f37f3",
            "b6684a3f3a49d49b9234e4f37f3b",
            "6684a3f3a49d49b9234e4f37f3bd",
            "684a3f3a49d49b9234e4f37f3bd1",
            "84a3f3a49d49b9234e4f37f3",
            "4a3f3a49d49b9234e4f37f3b",
            "a3f3a49d49b9234e4f37f3bd",
            "3f3a49d49b9234e4f37f3bd1",
            "f3a49d49b9234e4f37f3",
            "3a49d49b9234e4f37f3b",
            "a49d49b9234e4f37f3bd",
            "49d49b9234e4f37f3bd1",
            "9d49b9234e4f37f3",
            "d49b9234e4f37f3b",
            "49b9234e4f37f3bd",
            "9b9234e4f37f3bd1",
            "b9234e4f37f3",
            "9234e4f37f3b",
            "234e4f37f3bd",
            "34e4f37f3bd1",
            "4e4f37f3",
            "e4f37f3b",
            "4f37f3bd",
            "f37f3bd1",
            "37f3",
            "7f3b",
            "f3bd",
            "3bd1",
            "37077beea53c4f9785a43d0d0613adb5",
            "7077beea53c4f9785a43d0d0613a",
            "077beea53c4f9785a43d0d0613ad",
            "77beea53c4f9785a43d0d0613adb",
            "7beea53c4f9785a43d0d0613adb5",
            "beea53c4f9785a43d0d0613a",
            "eea53c4f9785a43d0d0613ad",
            "ea53c4f9785a43d0d0613adb",
            "a53c4f9785a43d0d0613adb5",
            "53c4f9785a43d0d0613a",
            "3c4f9785a43d0d0613ad",
            "c4f9785a43d0d0613adb",
            "4f9785a43d0d0613adb5",
            "f9785a43d0d0613a",
            "9785a43d0d0613ad",
            "785a43d0d0613adb",
            "85a43d0d0613adb5",
            "5a43d0d0613a",
            "a43d0d0613ad",
            "43d0d0613adb",
            "3d0d0613adb5",
            "d0d0613a",
            "0d0613ad",
            "d0613adb",
            "0613adb5",
            "613a",
            "13ad",
            "3adb",
            "adb5",
            "dc920ac92a34434ca33472533bb2c45a",
            "c920ac92a34434ca33472533bb2c",
            "920ac92a34434ca33472533bb2c4",
            "20ac92a34434ca33472533bb2c45",
            "0ac92a34434ca33472533bb2c45a",
            "ac92a34434ca33472533bb2c",
            "c92a34434ca33472533bb2c4",
            "92a34434ca33472533bb2c45",
            "2a34434ca33472533bb2c45a",
            "a34434ca33472533bb2c",
            "34434ca33472533bb2c4",
            "4434ca33472533bb2c45",
            "434ca33472533bb2c45a",
            "34ca33472533bb2c",
            "4ca33472533bb2c4",
            "ca33472533bb2c45",
            "a33472533bb2c45a",
            "33472533bb2c",
            "3472533bb2c4",
            "472533bb2c45",
            "72533bb2c45a",
            "2533bb2c",
            "533bb2c4",
            "33bb2c45",
            "3bb2c45a",
            "bb2c",
            "b2c4",
            "2c45",
            "c45a",
            "2a03807fb3404a00ad218e9cd6bb1173",
            "a03807fb3404a00ad218e9cd6bb1",
            "03807fb3404a00ad218e9cd6bb11",
            "3807fb3404a00ad218e9cd6bb117",
            "807fb3404a00ad218e9cd6bb1173",
            "07fb3404a00ad218e9cd6bb1",
            "7fb3404a00ad218e9cd6bb11",
            "fb3404a00ad218e9cd6bb117",
            "b3404a00ad218e9cd6bb1173",
            "3404a00ad218e9cd6bb1",
            "404a00ad218e9cd6bb11",
            "04a00ad218e9cd6bb117",
            "4a00ad218e9cd6bb1173",
            "a00ad218e9cd6bb1",
            "00ad218e9cd6bb11",
            "0ad218e9cd6bb117",
            "ad218e9cd6bb1173",
            "d218e9cd6bb1",
            "218e9cd6bb11",
            "18e9cd6bb117",
            "8e9cd6bb1173",
            "e9cd6bb1",
            "9cd6bb11",
            "cd6bb117",
            "d6bb1173",
            "6bb1",
            "bb11",
            "b117",
            "1173",
            "50b85bf61bef4152bb276fe221a04353",
            "0b85bf61bef4152bb276fe221a04",
            "b85bf61bef4152bb276fe221a043",
            "85bf61bef4152bb276fe221a0435",
            "5bf61bef4152bb276fe221a04353",
            "bf61bef4152bb276fe221a04",
            "f61bef4152bb276fe221a043",
            "61bef4152bb276fe221a0435",
            "1bef4152bb276fe221a04353",
            "bef4152bb276fe221a04",
            "ef4152bb276fe221a043",
            "f4152bb276fe221a0435",
            "4152bb276fe221a04353",
            "152bb276fe221a04",
            "52bb276fe221a043",
            "2bb276fe221a0435",
            "bb276fe221a04353",
            "b276fe221a04",
            "276fe221a043",
            "76fe221a0435",
            "6fe221a04353",
            "fe221a04",
            "e221a043",
            "221a0435",
            "21a04353",
            "1a04",
            "a043",
            "0435",
            "4353",
            "bcfb5d8e041243b6a80dca6dc1de1aef",
            "cfb5d8e041243b6a80dca6dc1de1",
            "fb5d8e041243b6a80dca6dc1de1a",
            "b5d8e041243b6a80dca6dc1de1ae",
            "5d8e041243b6a80dca6dc1de1aef",
            "d8e041243b6a80dca6dc1de1",
            "8e041243b6a80dca6dc1de1a",
            "e041243b6a80dca6dc1de1ae",
            "041243b6a80dca6dc1de1aef",
            "41243b6a80dca6dc1de1",
            "1243b6a80dca6dc1de1a",
            "243b6a80dca6dc1de1ae",
            "43b6a80dca6dc1de1aef",
            "3b6a80dca6dc1de1",
            "b6a80dca6dc1de1a",
            "6a80dca6dc1de1ae",
            "a80dca6dc1de1aef",
            "80dca6dc1de1",
            "0dca6dc1de1a",
            "dca6dc1de1ae",
            "ca6dc1de1aef",
            "a6dc1de1",
            "6dc1de1a",
            "dc1de1ae",
            "c1de1aef",
            "1de1",
            "de1a",
            "e1ae",
            "1aef",
            "03bdda1abd0d4f0b9529f23045710b71",
            "3bdda1abd0d4f0b9529f23045710",
            "bdda1abd0d4f0b9529f23045710b",
            "dda1abd0d4f0b9529f23045710b7",
            "da1abd0d4f0b9529f23045710b71",
            "a1abd0d4f0b9529f23045710",
            "1abd0d4f0b9529f23045710b",
            "abd0d4f0b9529f23045710b7",
            "bd0d4f0b9529f23045710b71",
            "d0d4f0b9529f23045710",
            "0d4f0b9529f23045710b",
            "d4f0b9529f23045710b7",
            "4f0b9529f23045710b71",
            "f0b9529f23045710",
            "0b9529f23045710b",
            "b9529f23045710b7",
            "9529f23045710b71",
            "529f23045710",
            "29f23045710b",
            "9f23045710b7",
            "f23045710b71",
            "23045710",
            "3045710b",
            "045710b7",
            "45710b71",
            "5710",
            "710b",
            "10b7",
            "0b71",
            "a8b24676f4a740a0b538d3b7e51e27f2",
            "8b24676f4a740a0b538d3b7e51e2",
            "b24676f4a740a0b538d3b7e51e27",
            "24676f4a740a0b538d3b7e51e27f",
            "4676f4a740a0b538d3b7e51e27f2",
            "676f4a740a0b538d3b7e51e2",
            "76f4a740a0b538d3b7e51e27",
            "6f4a740a0b538d3b7e51e27f",
            "f4a740a0b538d3b7e51e27f2",
            "4a740a0b538d3b7e51e2",
            "a740a0b538d3b7e51e27",
            "740a0b538d3b7e51e27f",
            "40a0b538d3b7e51e27f2",
            "0a0b538d3b7e51e2",
            "a0b538d3b7e51e27",
            "0b538d3b7e51e27f",
            "b538d3b7e51e27f2",
            "538d3b7e51e2",
            "38d3b7e51e27",
            "8d3b7e51e27f",
            "d3b7e51e27f2",
            "3b7e51e2",
            "b7e51e27",
            "7e51e27f",
            "e51e27f2",
            "51e2",
            "1e27",
            "e27f",
            "27f2",
            "2a5ff35f7d1540119bc819a4be1976f8",
            "a5ff35f7d1540119bc819a4be197",
            "5ff35f7d1540119bc819a4be1976",
            "ff35f7d1540119bc819a4be1976f",
            "f35f7d1540119bc819a4be1976f8",
            "35f7d1540119bc819a4be197",
            "5f7d1540119bc819a4be1976",
            "f7d1540119bc819a4be1976f",
            "7d1540119bc819a4be1976f8",
            "d1540119bc819a4be197",
            "1540119bc819a4be1976",
            "540119bc819a4be1976f",
            "40119bc819a4be1976f8",
            "0119bc819a4be197",
            "119bc819a4be1976",
            "19bc819a4be1976f",
            "9bc819a4be1976f8",
            "bc819a4be197",
            "c819a4be1976",
            "819a4be1976f",
            "19a4be1976f8",
            "9a4be197",
            "a4be1976",
            "4be1976f",
            "be1976f8",
            "e197",
            "1976",
            "976f",
            "76f8",
            "0b67444dd74b4ac8a27c124c8240277f",
            "b67444dd74b4ac8a27c124c82402",
            "67444dd74b4ac8a27c124c824027",
            "7444dd74b4ac8a27c124c8240277",
            "444dd74b4ac8a27c124c8240277f",
            "44dd74b4ac8a27c124c82402",
            "4dd74b4ac8a27c124c824027",
            "dd74b4ac8a27c124c8240277",
            "d74b4ac8a27c124c8240277f",
            "74b4ac8a27c124c82402",
            "4b4ac8a27c124c824027",
            "b4ac8a27c124c8240277",
            "4ac8a27c124c8240277f",
            "ac8a27c124c82402",
            "c8a27c124c824027",
            "8a27c124c8240277",
            "a27c124c8240277f",
            "27c124c82402",
            "7c124c824027",
            "c124c8240277",
            "124c8240277f",
            "24c82402",
            "4c824027",
            "c8240277",
            "8240277f",
            "2402",
            "4027",
            "0277",
            "277f",
            "df1d0724ab1943888cd9d60d6581c1ab",
            "f1d0724ab1943888cd9d60d6581c",
            "1d0724ab1943888cd9d60d6581c1",
            "d0724ab1943888cd9d60d6581c1a",
            "0724ab1943888cd9d60d6581c1ab",
            "724ab1943888cd9d60d6581c",
            "24ab1943888cd9d60d6581c1",
            "4ab1943888cd9d60d6581c1a",
            "ab1943888cd9d60d6581c1ab",
            "b1943888cd9d60d6581c",
            "1943888cd9d60d6581c1",
            "943888cd9d60d6581c1a",
            "43888cd9d60d6581c1ab",
            "3888cd9d60d6581c",
            "888cd9d60d6581c1",
            "88cd9d60d6581c1a",
            "8cd9d60d6581c1ab",
            "cd9d60d6581c",
            "d9d60d6581c1",
            "9d60d6581c1a",
            "d60d6581c1ab",
            "60d6581c",
            "0d6581c1",
            "d6581c1a",
            "6581c1ab",
            "581c",
            "81c1",
            "1c1a",
            "c1ab",
            "2d6fd91821e74bb780f96b5b33bb26fb",
            "d6fd91821e74bb780f96b5b33bb2",
            "6fd91821e74bb780f96b5b33bb26",
            "fd91821e74bb780f96b5b33bb26f",
            "d91821e74bb780f96b5b33bb26fb",
            "91821e74bb780f96b5b33bb2",
            "1821e74bb780f96b5b33bb26",
            "821e74bb780f96b5b33bb26f",
            "21e74bb780f96b5b33bb26fb",
            "1e74bb780f96b5b33bb2",
            "e74bb780f96b5b33bb26",
            "74bb780f96b5b33bb26f",
            "4bb780f96b5b33bb26fb",
            "bb780f96b5b33bb2",
            "b780f96b5b33bb26",
            "780f96b5b33bb26f",
            "80f96b5b33bb26fb",
            "0f96b5b33bb2",
            "f96b5b33bb26",
            "96b5b33bb26f",
            "6b5b33bb26fb",
            "b5b33bb2",
            "5b33bb26",
            "b33bb26f",
            "33bb26fb",
            "3bb2",
            "bb26",
            "b26f",
            "26fb",
            "07c03aad43a64d128e9a6913deb9de0e",
            "7c03aad43a64d128e9a6913deb9d",
            "c03aad43a64d128e9a6913deb9de",
            "03aad43a64d128e9a6913deb9de0",
            "3aad43a64d128e9a6913deb9de0e",
            "aad43a64d128e9a6913deb9d",
            "ad43a64d128e9a6913deb9de",
            "d43a64d128e9a6913deb9de0",
            "43a64d128e9a6913deb9de0e",
            "3a64d128e9a6913deb9d",
            "a64d128e9a6913deb9de",
            "64d128e9a6913deb9de0",
            "4d128e9a6913deb9de0e",
            "d128e9a6913deb9d",
            "128e9a6913deb9de",
            "28e9a6913deb9de0",
            "8e9a6913deb9de0e",
            "e9a6913deb9d",
            "9a6913deb9de",
            "a6913deb9de0",
            "6913deb9de0e",
            "913deb9d",
            "13deb9de",
            "3deb9de0",
            "deb9de0e",
            "b9de",
            "9de0",
            "de0e",
            "a8a5d1bec6754eb3afcba066aba16cda",
            "8a5d1bec6754eb3afcba066aba16",
            "a5d1bec6754eb3afcba066aba16c",
            "5d1bec6754eb3afcba066aba16cd",
            "d1bec6754eb3afcba066aba16cda",
            "1bec6754eb3afcba066aba16",
            "bec6754eb3afcba066aba16c",
            "ec6754eb3afcba066aba16cd",
            "c6754eb3afcba066aba16cda",
            "6754eb3afcba066aba16",
            "754eb3afcba066aba16c",
            "54eb3afcba066aba16cd",
            "4eb3afcba066aba16cda",
            "eb3afcba066aba16",
            "b3afcba066aba16c",
            "3afcba066aba16cd",
            "afcba066aba16cda",
            "fcba066aba16",
            "cba066aba16c",
            "ba066aba16cd",
            "a066aba16cda",
            "066aba16",
            "66aba16c",
            "6aba16cd",
            "aba16cda",
            "ba16",
            "a16c",
            "16cd",
            "6cda",
            "58d57f6bc0a44d858087a68eb81766d7",
            "8d57f6bc0a44d858087a68eb8176",
            "d57f6bc0a44d858087a68eb81766",
            "57f6bc0a44d858087a68eb81766d",
            "7f6bc0a44d858087a68eb81766d7",
            "f6bc0a44d858087a68eb8176",
            "6bc0a44d858087a68eb81766",
            "bc0a44d858087a68eb81766d",
            "c0a44d858087a68eb81766d7",
            "0a44d858087a68eb8176",
            "a44d858087a68eb81766",
            "44d858087a68eb81766d",
            "4d858087a68eb81766d7",
            "d858087a68eb8176",
            "858087a68eb81766",
            "58087a68eb81766d",
            "8087a68eb81766d7",
            "087a68eb8176",
            "87a68eb81766",
            "7a68eb81766d",
            "a68eb81766d7",
            "68eb8176",
            "8eb81766",
            "eb81766d",
            "b81766d7",
            "8176",
            "1766",
            "766d",
            "66d7",
            "ff38c5a6f63042468adb5dfd67d81732",
            "f38c5a6f63042468adb5dfd67d81",
            "38c5a6f63042468adb5dfd67d817",
            "8c5a6f63042468adb5dfd67d8173",
            "c5a6f63042468adb5dfd67d81732",
            "5a6f63042468adb5dfd67d81",
            "a6f63042468adb5dfd67d817",
            "6f63042468adb5dfd67d8173",
            "f63042468adb5dfd67d81732",
            "63042468adb5dfd67d81",
            "3042468adb5dfd67d817",
            "042468adb5dfd67d8173",
            "42468adb5dfd67d81732",
            "2468adb5dfd67d81",
            "468adb5dfd67d817",
            "68adb5dfd67d8173",
            "8adb5dfd67d81732",
            "adb5dfd67d81",
            "db5dfd67d817",
            "b5dfd67d8173",
            "5dfd67d81732",
            "dfd67d81",
            "fd67d817",
            "d67d8173",
            "67d81732",
            "7d81",
            "d817",
            "8173",
            "1732",
            "dded5a243bb54fed96bfc6bc474aa244",
            "ded5a243bb54fed96bfc6bc474aa",
            "ed5a243bb54fed96bfc6bc474aa2",
            "d5a243bb54fed96bfc6bc474aa24",
            "5a243bb54fed96bfc6bc474aa244",
            "a243bb54fed96bfc6bc474aa",
            "243bb54fed96bfc6bc474aa2",
            "43bb54fed96bfc6bc474aa24",
            "3bb54fed96bfc6bc474aa244",
            "bb54fed96bfc6bc474aa",
            "b54fed96bfc6bc474aa2",
            "54fed96bfc6bc474aa24",
            "4fed96bfc6bc474aa244",
            "fed96bfc6bc474aa",
            "ed96bfc6bc474aa2",
            "d96bfc6bc474aa24",
            "96bfc6bc474aa244",
            "6bfc6bc474aa",
            "bfc6bc474aa2",
            "fc6bc474aa24",
            "c6bc474aa244",
            "6bc474aa",
            "bc474aa2",
            "c474aa24",
            "474aa244",
            "74aa",
            "4aa2",
            "aa24",
            "a244",
            "b4d63e7d9e4b435aac056bcae361cf8a",
            "4d63e7d9e4b435aac056bcae361c",
            "d63e7d9e4b435aac056bcae361cf",
            "63e7d9e4b435aac056bcae361cf8",
            "3e7d9e4b435aac056bcae361cf8a",
            "e7d9e4b435aac056bcae361c",
            "7d9e4b435aac056bcae361cf",
            "d9e4b435aac056bcae361cf8",
            "9e4b435aac056bcae361cf8a",
            "e4b435aac056bcae361c",
            "4b435aac056bcae361cf",
            "b435aac056bcae361cf8",
            "435aac056bcae361cf8a",
            "35aac056bcae361c",
            "5aac056bcae361cf",
            "aac056bcae361cf8",
            "ac056bcae361cf8a",
            "c056bcae361c",
            "056bcae361cf",
            "56bcae361cf8",
            "6bcae361cf8a",
            "bcae361c",
            "cae361cf",
            "ae361cf8",
            "e361cf8a",
            "361c",
            "61cf",
            "1cf8",
            "cf8a",
            "4e6967a467d0492c8460b5b56ec82e35",
            "e6967a467d0492c8460b5b56ec82",
            "6967a467d0492c8460b5b56ec82e",
            "967a467d0492c8460b5b56ec82e3",
            "67a467d0492c8460b5b56ec82e35",
            "7a467d0492c8460b5b56ec82",
            "a467d0492c8460b5b56ec82e",
            "467d0492c8460b5b56ec82e3",
            "67d0492c8460b5b56ec82e35",
            "7d0492c8460b5b56ec82",
            "d0492c8460b5b56ec82e",
            "0492c8460b5b56ec82e3",
            "492c8460b5b56ec82e35",
            "92c8460b5b56ec82",
            "2c8460b5b56ec82e",
            "c8460b5b56ec82e3",
            "8460b5b56ec82e35",
            "460b5b56ec82",
            "60b5b56ec82e",
            "0b5b56ec82e3",
            "b5b56ec82e35",
            "5b56ec82",
            "b56ec82e",
            "56ec82e3",
            "6ec82e35",
            "ec82",
            "c82e",
            "82e3",
            "2e35",
            "5510e1b68fd64436ac14e0e45af4efab",
            "510e1b68fd64436ac14e0e45af4e",
            "10e1b68fd64436ac14e0e45af4ef",
            "0e1b68fd64436ac14e0e45af4efa",
            "e1b68fd64436ac14e0e45af4efab",
            "1b68fd64436ac14e0e45af4e",
            "b68fd64436ac14e0e45af4ef",
            "68fd64436ac14e0e45af4efa",
            "8fd64436ac14e0e45af4efab",
            "fd64436ac14e0e45af4e",
            "d64436ac14e0e45af4ef",
            "64436ac14e0e45af4efa",
            "4436ac14e0e45af4efab",
            "436ac14e0e45af4e",
            "36ac14e0e45af4ef",
            "6ac14e0e45af4efa",
            "ac14e0e45af4efab",
            "c14e0e45af4e",
            "14e0e45af4ef",
            "4e0e45af4efa",
            "e0e45af4efab",
            "0e45af4e",
            "e45af4ef",
            "45af4efa",
            "5af4efab",
            "af4e",
            "f4ef",
            "4efa",
            "efab",
            "74534355f0e94cdba9309ed01533095d",
            "4534355f0e94cdba9309ed015330",
            "534355f0e94cdba9309ed0153309",
            "34355f0e94cdba9309ed01533095",
            "4355f0e94cdba9309ed01533095d",
            "355f0e94cdba9309ed015330",
            "55f0e94cdba9309ed0153309",
            "5f0e94cdba9309ed01533095",
            "f0e94cdba9309ed01533095d",
            "0e94cdba9309ed015330",
            "e94cdba9309ed0153309",
            "94cdba9309ed01533095",
            "4cdba9309ed01533095d",
            "cdba9309ed015330",
            "dba9309ed0153309",
            "ba9309ed01533095",
            "a9309ed01533095d",
            "9309ed015330",
            "309ed0153309",
            "09ed01533095",
            "9ed01533095d",
            "ed015330",
            "d0153309",
            "01533095",
            "1533095d",
            "5330",
            "3309",
            "3095",
            "095d",
            "96ced60073ee4c2a9539624d536917a9",
            "6ced60073ee4c2a9539624d53691",
            "ced60073ee4c2a9539624d536917",
            "ed60073ee4c2a9539624d536917a",
            "d60073ee4c2a9539624d536917a9",
            "60073ee4c2a9539624d53691",
            "0073ee4c2a9539624d536917",
            "073ee4c2a9539624d536917a",
            "73ee4c2a9539624d536917a9",
            "3ee4c2a9539624d53691",
            "ee4c2a9539624d536917",
            "e4c2a9539624d536917a",
            "4c2a9539624d536917a9",
            "c2a9539624d53691",
            "2a9539624d536917",
            "a9539624d536917a",
            "9539624d536917a9",
            "539624d53691",
            "39624d536917",
            "9624d536917a",
            "624d536917a9",
            "24d53691",
            "4d536917",
            "d536917a",
            "536917a9",
            "3691",
            "6917",
            "917a",
            "17a9",
            "7168cb2bdb644ae0a076c3dddf999620",
            "168cb2bdb644ae0a076c3dddf999",
            "68cb2bdb644ae0a076c3dddf9996",
            "8cb2bdb644ae0a076c3dddf99962",
            "cb2bdb644ae0a076c3dddf999620",
            "b2bdb644ae0a076c3dddf999",
            "2bdb644ae0a076c3dddf9996",
            "bdb644ae0a076c3dddf99962",
            "db644ae0a076c3dddf999620",
            "b644ae0a076c3dddf999",
            "644ae0a076c3dddf9996",
            "44ae0a076c3dddf99962",
            "4ae0a076c3dddf999620",
            "ae0a076c3dddf999",
            "e0a076c3dddf9996",
            "0a076c3dddf99962",
            "a076c3dddf999620",
            "076c3dddf999",
            "76c3dddf9996",
            "6c3dddf99962",
            "c3dddf999620",
            "3dddf999",
            "dddf9996",
            "ddf99962",
            "df999620",
            "f999",
            "9996",
            "9962",
            "9620",
            "738bb41767ff4255a01b4fc82e79ba53",
            "38bb41767ff4255a01b4fc82e79b",
            "8bb41767ff4255a01b4fc82e79ba",
            "bb41767ff4255a01b4fc82e79ba5",
            "b41767ff4255a01b4fc82e79ba53",
            "41767ff4255a01b4fc82e79b",
            "1767ff4255a01b4fc82e79ba",
            "767ff4255a01b4fc82e79ba5",
            "67ff4255a01b4fc82e79ba53",
            "7ff4255a01b4fc82e79b",
            "ff4255a01b4fc82e79ba",
            "f4255a01b4fc82e79ba5",
            "4255a01b4fc82e79ba53",
            "255a01b4fc82e79b",
            "55a01b4fc82e79ba",
            "5a01b4fc82e79ba5",
            "a01b4fc82e79ba53",
            "01b4fc82e79b",
            "1b4fc82e79ba",
            "b4fc82e79ba5",
            "4fc82e79ba53",
            "fc82e79b",
            "c82e79ba",
            "82e79ba5",
            "2e79ba53",
            "e79b",
            "79ba",
            "ba53",
            "d4979c2f76ee48ee9958d9f46617db1a",
            "4979c2f76ee48ee9958d9f46617d",
            "979c2f76ee48ee9958d9f46617db",
            "79c2f76ee48ee9958d9f46617db1",
            "9c2f76ee48ee9958d9f46617db1a",
            "c2f76ee48ee9958d9f46617d",
            "2f76ee48ee9958d9f46617db",
            "f76ee48ee9958d9f46617db1",
            "76ee48ee9958d9f46617db1a",
            "6ee48ee9958d9f46617d",
            "ee48ee9958d9f46617db",
            "e48ee9958d9f46617db1",
            "48ee9958d9f46617db1a",
            "8ee9958d9f46617d",
            "ee9958d9f46617db",
            "e9958d9f46617db1",
            "9958d9f46617db1a",
            "958d9f46617d",
            "58d9f46617db",
            "8d9f46617db1",
            "d9f46617db1a",
            "9f46617d",
            "f46617db",
            "46617db1",
            "6617db1a",
            "617d",
            "7db1",
            "db1a",
            "e161d821e7c841cd801d289b5b42077d",
            "161d821e7c841cd801d289b5b420",
            "61d821e7c841cd801d289b5b4207",
            "1d821e7c841cd801d289b5b42077",
            "d821e7c841cd801d289b5b42077d",
            "821e7c841cd801d289b5b420",
            "21e7c841cd801d289b5b4207",
            "1e7c841cd801d289b5b42077",
            "e7c841cd801d289b5b42077d",
            "7c841cd801d289b5b420",
            "c841cd801d289b5b4207",
            "841cd801d289b5b42077",
            "41cd801d289b5b42077d",
            "1cd801d289b5b420",
            "cd801d289b5b4207",
            "d801d289b5b42077",
            "801d289b5b42077d",
            "01d289b5b420",
            "1d289b5b4207",
            "d289b5b42077",
            "289b5b42077d",
            "89b5b420",
            "9b5b4207",
            "b5b42077",
            "5b42077d",
            "b420",
            "4207",
            "2077",
            "077d",
            "64105168130e48268432a0ff140d0222",
            "4105168130e48268432a0ff140d0",
            "105168130e48268432a0ff140d02",
            "05168130e48268432a0ff140d022",
            "5168130e48268432a0ff140d0222",
            "168130e48268432a0ff140d0",
            "68130e48268432a0ff140d02",
            "8130e48268432a0ff140d022",
            "130e48268432a0ff140d0222",
            "30e48268432a0ff140d0",
            "0e48268432a0ff140d02",
            "e48268432a0ff140d022",
            "48268432a0ff140d0222",
            "8268432a0ff140d0",
            "268432a0ff140d02",
            "68432a0ff140d022",
            "8432a0ff140d0222",
            "432a0ff140d0",
            "32a0ff140d02",
            "2a0ff140d022",
            "a0ff140d0222",
            "0ff140d0",
            "ff140d02",
            "f140d022",
            "140d0222",
            "40d0",
            "0d02",
            "d022",
            "0222",
            "0e7dab93662a4859bdd9bed4abbe4b2e",
            "e7dab93662a4859bdd9bed4abbe4",
            "7dab93662a4859bdd9bed4abbe4b",
            "dab93662a4859bdd9bed4abbe4b2",
            "ab93662a4859bdd9bed4abbe4b2e",
            "b93662a4859bdd9bed4abbe4",
            "93662a4859bdd9bed4abbe4b",
            "3662a4859bdd9bed4abbe4b2",
            "662a4859bdd9bed4abbe4b2e",
            "62a4859bdd9bed4abbe4",
            "2a4859bdd9bed4abbe4b",
            "a4859bdd9bed4abbe4b2",
            "4859bdd9bed4abbe4b2e",
            "859bdd9bed4abbe4",
            "59bdd9bed4abbe4b",
            "9bdd9bed4abbe4b2",
            "bdd9bed4abbe4b2e",
            "dd9bed4abbe4",
            "d9bed4abbe4b",
            "9bed4abbe4b2",
            "bed4abbe4b2e",
            "ed4abbe4",
            "d4abbe4b",
            "4abbe4b2",
            "abbe4b2e",
            "bbe4",
            "be4b",
            "e4b2",
            "4b2e",
            "401ed9364ae24df3876c785c56839617",
            "01ed9364ae24df3876c785c56839",
            "1ed9364ae24df3876c785c568396",
            "ed9364ae24df3876c785c5683961",
            "d9364ae24df3876c785c56839617",
            "9364ae24df3876c785c56839",
            "364ae24df3876c785c568396",
            "64ae24df3876c785c5683961",
            "4ae24df3876c785c56839617",
            "ae24df3876c785c56839",
            "e24df3876c785c568396",
            "24df3876c785c5683961",
            "4df3876c785c56839617",
            "df3876c785c56839",
            "f3876c785c568396",
            "3876c785c5683961",
            "876c785c56839617",
            "76c785c56839",
            "6c785c568396",
            "c785c5683961",
            "785c56839617",
            "85c56839",
            "5c568396",
            "c5683961",
            "56839617",
            "6839",
            "8396",
            "3961",
            "9617",
            "540941d27d7841a683d84c5f658b672d",
            "40941d27d7841a683d84c5f658b6",
            "0941d27d7841a683d84c5f658b67",
            "941d27d7841a683d84c5f658b672",
            "41d27d7841a683d84c5f658b672d",
            "1d27d7841a683d84c5f658b6",
            "d27d7841a683d84c5f658b67",
            "27d7841a683d84c5f658b672",
            "7d7841a683d84c5f658b672d",
            "d7841a683d84c5f658b6",
            "7841a683d84c5f658b67",
            "841a683d84c5f658b672",
            "41a683d84c5f658b672d",
            "1a683d84c5f658b6",
            "a683d84c5f658b67",
            "683d84c5f658b672",
            "83d84c5f658b672d",
            "3d84c5f658b6",
            "d84c5f658b67",
            "84c5f658b672",
            "4c5f658b672d",
            "c5f658b6",
            "5f658b67",
            "f658b672",
            "658b672d",
            "58b6",
            "8b67",
            "b672",
            "672d",
            "DNmxNg5q878ibPLG",
            "NmxNg5q878ibPLGT",
            "mxNg5q878ibPLGTS",
            "xNg5q878ibPLGTSr",
            "Ng5q878ibPLG",
            "g5q878ibPLGT",
            "5q878ibPLGTS",
            "q878ibPLGTSr",
            "878ibPLG",
            "78ibPLGT",
            "8ibPLGTS",
            "ibPLGTSr",
            "bPLG",
            "PLGT",
            "LGTS",
            "GTSr",
            "g91b9c41d2ff549a58f4d9ee3b69c22c",
            "91b9c41d2ff549a58f4d9ee3b69c22c1",
            "1b9c41d2ff549a58f4d9ee3b69c2",
            "b9c41d2ff549a58f4d9ee3b69c22",
            "9c41d2ff549a58f4d9ee3b69c22c",
            "c41d2ff549a58f4d9ee3b69c22c1",
            "41d2ff549a58f4d9ee3b69c2",
            "1d2ff549a58f4d9ee3b69c22",
            "d2ff549a58f4d9ee3b69c22c",
            "2ff549a58f4d9ee3b69c22c1",
            "ff549a58f4d9ee3b69c2",
            "f549a58f4d9ee3b69c22",
            "549a58f4d9ee3b69c22c",
            "49a58f4d9ee3b69c22c1",
            "9a58f4d9ee3b69c2",
            "a58f4d9ee3b69c22",
            "58f4d9ee3b69c22c",
            "8f4d9ee3b69c22c1",
            "f4d9ee3b69c2",
            "4d9ee3b69c22",
            "d9ee3b69c22c",
            "9ee3b69c22c1",
            "ee3b69c2",
            "e3b69c22",
            "3b69c22c",
            "b69c22c1",
            "69c2",
            "9c22",
            "c22c",
            "22c1",
            "VpyhPa5k11UX6tMC",
            "pyhPa5k11UX6tMCY",
            "yhPa5k11UX6tMCYD",
            "hPa5k11UX6tMCYDW",
            "Pa5k11UX6tMC",
            "a5k11UX6tMCY",
            "5k11UX6tMCYD",
            "k11UX6tMCYDW",
            "11UX6tMC",
            "1UX6tMCY",
            "UX6tMCYD",
            "X6tMCYDW",
            "6tMC",
            "tMCY",
            "MCYD",
            "CYDW",
            "rFVptZ5YC9Y6LtC9",
            "FVptZ5YC9Y6LtC93",
            "VptZ5YC9Y6LtC93F",
            "ptZ5YC9Y6LtC93FG",
            "tZ5YC9Y6LtC9",
            "Z5YC9Y6LtC93",
            "5YC9Y6LtC93F",
            "YC9Y6LtC93FG",
            "C9Y6LtC9",
            "9Y6LtC93",
            "Y6LtC93F",
            "6LtC93FG",
            "LtC9",
            "tC93",
            "C93F",
            "93FG",
            "qZWKPRvt",
            "ZWKPRvtU",
            "WKPRvtUw",
            "KPRv",
            "PRvt",
            "RvtU",
            "vtUw",
            "xU5KTNhi",
            "U5KTNhi1",
            "5KTNhi10",
            "KTNh",
            "TNhi",
            "Nhi1",
            "hi10",
            "FcNKlC8C",
            "cNKlC8Ck",
            "NKlC8CkX",
            "KlC8",
            "lC8C",
            "C8Ck",
            "8CkX",
            "gsBKLw5R",
            "sBKLw5RI",
            "BKLw5RIn",
            "KLw5",
            "Lw5R",
            "w5RI",
            "5RIn",
            "XFsKftd6",
            "FsKftd6H",
            "sKftd6Hn",
            "Kftd",
            "ftd6",
            "td6H",
            "d6Hn",
            "Wj5KDxBu",
            "j5KDxBug",
            "5KDxBuga",
            "KDxB",
            "DxBu",
            "xBug",
            "Buga",
            "RLgKvXBR",
            "LgKvXBRF",
            "gKvXBRFX",
            "KvXB",
            "vXBR",
            "XBRF",
            "BRFX",
            "xxdKXWEV",
            "xdKXWEVI",
            "dKXWEVIW",
            "KXWE",
            "XWEV",
            "WEVI",
            "EVIW",
            "DtbK9Qe5",
            "tbK9Qe5v",
            "bK9Qe5vx",
            "K9Qe",
            "9Qe5",
            "Qe5v",
            "e5vx",
            "D09KkCH2",
            "09KkCH2F",
            "9KkCH2FJ",
            "KkCH",
            "kCH2",
            "CH2F",
            "H2FJ",
            "cPdK2Od0",
            "PdK2Od0V",
            "dK2Od0VI",
            "K2Od",
            "2Od0",
            "Od0V",
            "d0VI",
            "yKaKwbpY",
            "KaKwbpYc",
            "aKwbpYcV",
            "Kwbp",
            "wbpY",
            "bpYc",
            "pYcV",
            "RcsKyfhr",
            "csKyfhrR",
            "sKyfhrRO",
            "Kyfh",
            "yfhr",
            "fhrR",
            "hrRO",
            "vQhKJpW0",
            "QhKJpW07",
            "hKJpW07a",
            "KJpW",
            "JpW0",
            "pW07",
            "W07a",
            "xrrKSe2j",
            "rrKSe2jg",
            "rKSe2jgd",
            "KSe2",
            "Se2j",
            "e2jg",
            "2jgd",
            "m18KgOpA",
            "18KgOpAX",
            "8KgOpAX1",
            "KgOp",
            "gOpA",
            "OpAX",
            "pAX1",
            "PaddingM",
            "addingMo",
            "ddingMod",
            "dingMode",
            "ingM",
            "px4KaB8p",
            "x4KaB8pG",
            "4KaB8pGg",
            "KaB8",
            "aB8p",
            "B8pG",
            "8pGg",
            "w0lKA1Ow",
            "0lKA1Owu",
            "lKA1OwuY",
            "KA1O",
            "A1Ow",
            "1Owu",
            "OwuY",
            "eE0KoJKX",
            "E0KoJKXq",
            "0KoJKXqy",
            "KoJK",
            "oJKX",
            "JKXq",
            "KXqy",
            "QJMKbShm",
            "JMKbShmc",
            "MKbShmch",
            "KbSh",
            "bShm",
            "Shmc",
            "hmch",
            "M6SKitZI",
            "6SKitZIF",
            "SKitZIFF",
            "KitZ",
            "itZI",
            "tZIF",
            "ZIFF",
            "PL2Kd2ED",
            "L2Kd2EDs",
            "2Kd2EDs5",
            "Kd2E",
            "d2ED",
            "2EDs",
            "EDs5",
            "olvKMpST",
            "lvKMpST6",
            "vKMpST6L",
            "KMpS",
            "MpST",
            "pST6",
            "ST6L",
            "SS5KzU73",
            "S5KzU73o",
            "5KzU73oH",
            "KzU7",
            "zU73",
            "U73o",
            "73oH",
            "h3EUHD6s",
            "3EUHD6sn",
            "EUHD6snJ",
            "UHD6",
            "HD6s",
            "D6sn",
            "6snJ",
            "g43UEkj6",
            "43UEkj6W",
            "3UEkj6W6",
            "UEkj",
            "Ekj6",
            "kj6W",
            "j6W6",
            "evyU7ZuJ",
            "vyU7ZuJV",
            "yU7ZuJVm",
            "U7Zu",
            "7ZuJ",
            "ZuJV",
            "uJVm",
            "xRJUN4dO",
            "RJUN4dOi",
            "JUN4dOiH",
            "UN4d",
            "N4dO",
            "4dOi",
            "dOiH",
            "knoU6RZS",
            "noU6RZSg",
            "oU6RZSgm",
            "U6RZ",
            "6RZS",
            "RZSg",
            "ZSgm",
            "OOCUBtr2",
            "OCUBtr21",
            "CUBtr21p",
            "UBtr",
            "Btr2",
            "tr21",
            "r21p",
            "kuRUUgdf",
            "uRUUgdfI",
            "RUUgdfIM",
            "UUgd",
            "Ugdf",
            "gdfI",
            "dfIM",
            "CsJUTyPc",
            "sJUTyPcC",
            "JUTyPcCe",
            "UTyP",
            "TyPc",
            "yPcC",
            "PcCe",
            "XdUUPDjE",
            "dUUPDjEG",
            "UUPDjEGs",
            "UPDj",
            "PDjE",
            "DjEG",
            "jEGs",
            "gPZUlOnM",
            "PZUlOnMT",
            "ZUlOnMT4",
            "UlOn",
            "lOnM",
            "OnMT",
            "nMT4",
            "UAlULmsu",
            "AlULmsur",
            "lULmsurc",
            "ULms",
            "Lmsu",
            "msur",
            "surc",
            "FTeUfsej",
            "TeUfsejb",
            "eUfsejbQ",
            "Ufse",
            "fsej",
            "sejb",
            "ejbQ",
            "wR0UD89R",
            "R0UD89RC",
            "0UD89RCd",
            "UD89",
            "D89R",
            "89RC",
            "9RCd",
            "bjgUv2VQ",
            "jgUv2VQ7",
            "gUv2VQ7i",
            "Uv2V",
            "v2VQ",
            "2VQ7",
            "VQ7i",
            "CuoUXMDV",
            "uoUXMDV7",
            "oUXMDV7r",
            "UXMD",
            "XMDV",
            "MDV7",
            "DV7r",
            "DeOU9Hkx",
            "eOU9Hkxb",
            "OU9HkxbM",
            "U9Hk",
            "9Hkx",
            "Hkxb",
            "kxbM",
            "BoCUk6bq",
            "oCUk6bqB",
            "CUk6bqB9",
            "Uk6b",
            "k6bq",
            "6bqB",
            "bqB9",
            "zvNU26v8",
            "vNU26v89",
            "NU26v89R",
            "U26v",
            "26v8",
            "6v89",
            "v89R",
            "CLTUwaIx",
            "LTUwaIxn",
            "TUwaIxnQ",
            "UwaI",
            "waIx",
            "aIxn",
            "IxnQ",
            "eN4UyhCd",
            "N4UyhCdg",
            "4UyhCdgf",
            "UyhC",
            "yhCd",
            "hCdg",
            "Cdgf",
            "IypUJJjW",
            "ypUJJjWa",
            "pUJJjWaN",
            "UJJj",
            "JJjW",
            "JjWa",
            "jWaN",
            "KCmUScVx",
            "CmUScVxB",
            "mUScVxBh",
            "UScV",
            "ScVx",
            "cVxB",
            "VxBh",
            "pnJUgjOw",
            "nJUgjOwl",
            "JUgjOwlZ",
            "UgjO",
            "gjOw",
            "jOwl",
            "OwlZ",
            "K6FUaOTh",
            "6FUaOThw",
            "FUaOThwb",
            "UaOT",
            "aOTh",
            "OThw",
            "Thwb",
            "mRvUA5kZ",
            "RvUA5kZK",
            "vUA5kZKC",
            "UA5k",
            "A5kZ",
            "5kZK",
            "kZKC",
            "JxjUoUkK",
            "xjUoUkKg",
            "jUoUkKgF",
            "UoUk",
            "oUkK",
            "UkKg",
            "kKgF",
            "tILUbGYL",
            "ILUbGYLL",
            "LUbGYLLQ",
            "UbGY",
            "bGYL",
            "GYLL",
            "YLLQ",
            "SExUiIZv",
            "ExUiIZv4",
            "xUiIZv4q",
            "UiIZ",
            "iIZv",
            "IZv4",
            "Zv4q",
            "dZ9Udp2P",
            "Z9Udp2Ph",
            "9Udp2Ph8",
            "Udp2",
            "dp2P",
            "p2Ph",
            "2Ph8",
            "KIZUM1JF",
            "IZUM1JFs",
            "ZUM1JFsH",
            "UM1J",
            "M1JF",
            "1JFs",
            "JFsH",
            "hJvUzq3i",
            "JvUzq3ib",
            "vUzq3ibx",
            "Uzq3",
            "zq3i",
            "q3ib",
            "3ibx",
            "EHJrHKWf",
            "HJrHKWft",
            "JrHKWftl",
            "rHKW",
            "HKWf",
            "KWft",
            "Wftl",
            "obBrEfWn",
            "bBrEfWn0",
            "BrEfWn0J",
            "rEfW",
            "EfWn",
            "fWn0",
            "Wn0J",
            "n20r7QTe",
            "20r7QTex",
            "0r7QTexy",
            "r7QT",
            "7QTe",
            "QTex",
            "Texy",
            "Of7rNCiI",
            "f7rNCiIv",
            "7rNCiIvM",
            "rNCi",
            "NCiI",
            "CiIv",
            "iIvM",
            "Giir6unb",
            "iir6unb2",
            "ir6unb26",
            "r6un",
            "6unb",
            "unb2",
            "nb26",
            "yWWrBpEd",
            "WWrBpEdk",
            "WrBpEdkG",
            "rBpE",
            "BpEd",
            "pEdk",
            "EdkG",
            "A1HrUmdd",
            "1HrUmdd6",
            "HrUmdd6Q",
            "rUmd",
            "Umdd",
            "mdd6",
            "dd6Q",
            "JI4rTP5I",
            "I4rTP5IQ",
            "4rTP5IQ0",
            "rTP5",
            "TP5I",
            "P5IQ",
            "5IQ0",
            "GZdrPIha",
            "ZdrPIhaS",
            "drPIhaS3",
            "rPIh",
            "PIha",
            "IhaS",
            "haS3",
            "u4Jrl70r",
            "4Jrl70r6",
            "Jrl70r6u",
            "rl70",
            "l70r",
            "70r6",
            "0r6u",
            "nAtrLV7V",
            "AtrLV7Vv",
            "trLV7VvZ",
            "rLV7",
            "LV7V",
            "V7Vv",
            "7VvZ",
            "JjVrfWsd",
            "jVrfWsd2",
            "VrfWsd2D",
            "rfWs",
            "fWsd",
            "Wsd2",
            "sd2D",
            "uobrD8Kj",
            "obrD8KjE",
            "brD8KjEu",
            "rD8K",
            "D8Kj",
            "8KjE",
            "KjEu",
            "OrFrvpuB",
            "rFrvpuBE",
            "FrvpuBER",
            "rvpu",
            "vpuB",
            "puBE",
            "uBER",
            "TElrXkTC",
            "ElrXkTCa",
            "lrXkTCai",
            "rXkT",
            "XkTC",
            "kTCa",
            "TCai",
            "wdLr9ill",
            "dLr9illv",
            "Lr9illvs",
            "r9il",
            "9ill",
            "illv",
            "llvs",
            "NmmrkYrh",
            "mmrkYrh5",
            "mrkYrh5L",
            "rkYr",
            "kYrh",
            "Yrh5",
            "rh5L",
            "b2yr2b0Z",
            "2yr2b0Z8",
            "yr2b0Z8E",
            "r2b0",
            "2b0Z",
            "b0Z8",
            "0Z8E",
            "IUxrwHhO",
            "UxrwHhOA",
            "xrwHhOAo",
            "rwHh",
            "wHhO",
            "HhOA",
            "hOAo",
            "NoprydPx",
            "oprydPxB",
            "prydPxBq",
            "rydP",
            "ydPx",
            "dPxB",
            "PxBq",
            "kRbrJyOr",
            "RbrJyOrp",
            "brJyOrpZ",
            "rJyO",
            "JyOr",
            "yOrp",
            "OrpZ",
            "uDwrSyg0",
            "DwrSyg0D",
            "wrSyg0Dd",
            "rSyg",
            "Syg0",
            "yg0D",
            "g0Dd",
            "QMUrgmCw",
            "MUrgmCwX",
            "UrgmCwXd",
            "rgmC",
            "gmCw",
            "mCwX",
            "CwXd",
            "Cg1ra3IA",
            "g1ra3IAM",
            "1ra3IAMY",
            "ra3I",
            "a3IA",
            "3IAM",
            "IAMY",
            "xYZrA1Uw",
            "YZrA1Uw3",
            "ZrA1Uw32",
            "rA1U",
            "A1Uw",
            "1Uw3",
            "Uw32",
            "F9wro6CN",
            "9wro6CNG",
            "wro6CNG0",
            "ro6C",
            "o6CN",
            "6CNG",
            "CNG0",
            "MSgrbV6y",
            "SgrbV6ya",
            "grbV6yaE",
            "rbV6",
            "bV6y",
            "V6ya",
            "6yaE",
            "od0riK5t",
            "d0riK5tq",
            "0riK5tqi",
            "riK5",
            "iK5t",
            "K5tq",
            "5tqi",
            "h6srdQnA",
            "6srdQnAK",
            "srdQnAKC",
            "rdQn",
            "dQnA",
            "QnAK",
            "nAKC",
            "odXrMH1w",
            "dXrMH1wd",
            "XrMH1wdH",
            "rMH1",
            "MH1w",
            "H1wd",
            "1wdH",
            "AqRrzUbA",
            "qRrzUbAZ",
            "RrzUbAZI",
            "rzUb",
            "zUbA",
            "UbAZ",
            "bAZI",
            "Q3VTH1TE",
            "3VTH1TE6",
            "VTH1TE6K",
            "TH1T",
            "H1TE",
            "1TE6",
            "TE6K",
            "knOTEL4E",
            "nOTEL4Er",
            "OTEL4ErE",
            "TEL4",
            "EL4E",
            "L4Er",
            "4ErE",
            "GBTT7pvq",
            "BTT7pvq9",
            "TT7pvq9y",
            "T7pv",
            "7pvq",
            "pvq9",
            "vq9y",
            "L9hTNpje",
            "9hTNpje0",
            "hTNpje0R",
            "TNpj",
            "Npje",
            "pje0",
            "je0R",
            "ifyT6Tbl",
            "fyT6Tbl5",
            "yT6Tbl5Q",
            "T6Tb",
            "6Tbl",
            "Tbl5",
            "bl5Q",
            "tOfTB4qG",
            "OfTB4qGc",
            "fTB4qGcQ",
            "TB4q",
            "B4qG",
            "4qGc",
            "qGcQ",
            "SJjTU4Sr",
            "JjTU4SrD",
            "jTU4SrDe",
            "TU4S",
            "U4Sr",
            "4SrD",
            "SrDe",
            "CN4TTFri",
            "N4TTFriX",
            "4TTFriXY",
            "TTFr",
            "TFri",
            "FriX",
            "riXY",
            "La6TPBws",
            "a6TPBwsf",
            "6TPBwsft",
            "TPBw",
            "PBws",
            "Bwsf",
            "wsft",
            "CX7Tlfqy",
            "X7Tlfqye",
            "7Tlfqyes",
            "Tlfq",
            "lfqy",
            "fqye",
            "qyes",
            "SNoTL3PL",
            "NoTL3PLd",
            "oTL3PLdP",
            "TL3P",
            "L3PL",
            "3PLd",
            "PLdP",
            "xc9TfobJ",
            "c9TfobJr",
            "9TfobJr8",
            "Tfob",
            "fobJ",
            "obJr",
            "bJr8",
            "aQmTD3ss",
            "QmTD3ssU",
            "mTD3ssUQ",
            "TD3s",
            "D3ss",
            "3ssU",
            "ssUQ",
            "rS8TvVyv",
            "S8TvVyvk",
            "8TvVyvkX",
            "TvVy",
            "vVyv",
            "Vyvk",
            "yvkX",
            "X7uTXcTH",
            "7uTXcTHD",
            "uTXcTHDh",
            "TXcT",
            "XcTH",
            "cTHD",
            "THDh",
            "hBBT9uka",
            "BBT9ukaH",
            "BT9ukaHB",
            "T9uk",
            "9uka",
            "ukaH",
            "kaHB",
            "sDGTky5T",
            "DGTky5TQ",
            "GTky5TQh",
            "Tky5",
            "ky5T",
            "y5TQ",
            "5TQh",
            "xGRT2MGR",
            "GRT2MGRP",
            "RT2MGRPW",
            "T2MG",
            "2MGR",
            "MGRP",
            "GRPW",
            "R3rTwK11",
            "3rTwK117",
            "rTwK117h",
            "TwK1",
            "wK11",
            "K117",
            "117h",
            "LeUTyoqt",
            "eUTyoqtQ",
            "UTyoqtQm",
            "Tyoq",
            "yoqt",
            "oqtQ",
            "qtQm",
            "NMTTJV0Y",
            "MTTJV0Y0",
            "TTJV0Y0x",
            "TJV0",
            "JV0Y",
            "V0Y0",
            "0Y0x",
            "qRtTSSTK",
            "RtTSSTK8",
            "tTSSTK88",
            "TSST",
            "SSTK",
            "STK8",
            "TK88",
            "JVyTg9ic",
            "VyTg9icZ",
            "yTg9icZR",
            "Tg9i",
            "g9ic",
            "9icZ",
            "icZR",
            "WLaTau2P",
            "LaTau2P5",
            "aTau2P52",
            "Tau2",
            "au2P",
            "u2P5",
            "2P52",
            "ROFTALAV",
            "OFTALAVR",
            "FTALAVR0",
            "TALA",
            "ALAV",
            "LAVR",
            "AVR0",
            "CagToIC1",
            "agToIC1B",
            "gToIC1B7",
            "ToIC",
            "oIC1",
            "IC1B",
            "C1B7",
            "lcMTbCSR",
            "cMTbCSRk",
            "MTbCSRkd",
            "TbCS",
            "bCSR",
            "CSRk",
            "SRkd",
            "IZYTiIY3",
            "ZYTiIY3u",
            "YTiIY3uo",
            "TiIY",
            "iIY3",
            "IY3u",
            "Y3uo",
            "D0ZTdqaH",
            "0ZTdqaHt",
            "ZTdqaHt5",
            "Tdqa",
            "dqaH",
            "qaHt",
            "aHt5",
            "GKOTMEFc",
            "KOTMEFcV",
            "OTMEFcVW",
            "TMEF",
            "MEFc",
            "EFcV",
            "FcVW",
            "lODTz01o",
            "ODTz01oE",
            "DTz01oEg",
            "Tz01",
            "z01o",
            "01oE",
            "1oEg",
            "cOYeHy2q",
            "OYeHy2qU",
            "YeHy2qUi",
            "eHy2",
            "Hy2q",
            "y2qU",
            "2qUi",
            "V2YeE8BL",
            "2YeE8BLl",
            "YeE8BLls",
            "eE8B",
            "E8BL",
            "8BLl",
            "BLls",
            "Dppe7RNB",
            "ppe7RNBL",
            "pe7RNBLb",
            "e7RN",
            "7RNB",
            "RNBL",
            "NBLb",
            "hM1eNGGY",
            "M1eNGGYR",
            "1eNGGYRl",
            "eNGG",
            "NGGY",
            "GGYR",
            "GYRl",
            "OrSe6hIi",
            "rSe6hIiI",
            "Se6hIiIL",
            "e6hI",
            "6hIi",
            "hIiI",
            "IiIL",
            "QTYeBAQO",
            "TYeBAQOd",
            "YeBAQOd1",
            "eBAQ",
            "BAQO",
            "AQOd",
            "QOd1",
            "rNQeUXO3",
            "NQeUXO3Q",
            "QeUXO3Qn",
            "eUXO",
            "UXO3",
            "XO3Q",
            "O3Qn",
            "GHKeTUwH",
            "HKeTUwHE",
            "KeTUwHEh",
            "eTUw",
            "TUwH",
            "UwHE",
            "wHEh",
            "YPlePCt9",
            "PlePCt9J",
            "lePCt9JS",
            "ePCt",
            "PCt9",
            "Ct9J",
            "t9JS",
            "EqjeloKL",
            "qjeloKLG",
            "jeloKLGb",
            "eloK",
            "loKL",
            "oKLG",
            "KLGb",
            "vhGeLpn0",
            "hGeLpn0U",
            "GeLpn0UM",
            "eLpn",
            "Lpn0",
            "pn0U",
            "n0UM",
            "FHXefK6Z",
            "HXefK6Ze",
            "XefK6ZeB",
            "efK6",
            "fK6Z",
            "K6Ze",
            "6ZeB",
            "r6seDcy1",
            "6seDcy10",
            "seDcy10q",
            "eDcy",
            "Dcy1",
            "cy10",
            "y10q",
            "gZlevdHZ",
            "ZlevdHZy",
            "levdHZyA",
            "evdH",
            "vdHZ",
            "dHZy",
            "HZyA",
            "l4leXqKL",
            "4leXqKLZ",
            "leXqKLZ1",
            "eXqK",
            "XqKL",
            "qKLZ",
            "KLZ1",
            "D2xe9Yko",
            "2xe9Ykox",
            "xe9Ykoxq",
            "e9Yk",
            "9Yko",
            "Ykox",
            "koxq",
            "V6eek5g6",
            "6eek5g6J",
            "eek5g6J5",
            "ek5g",
            "k5g6",
            "5g6J",
            "g6J5",
            "r7Ie2ts7",
            "7Ie2ts7I",
            "Ie2ts7If",
            "e2ts",
            "2ts7",
            "ts7I",
            "s7If",
            "nsvewIf5",
            "svewIf5s",
            "vewIf5sG",
            "ewIf",
            "wIf5",
            "If5s",
            "f5sG",
            "gqseyjxF",
            "qseyjxFB",
            "seyjxFBO",
            "eyjx",
            "yjxF",
            "jxFB",
            "xFBO",
            "fgqeJFeF",
            "gqeJFeFf",
            "qeJFeFf7",
            "eJFe",
            "JFeF",
            "FeFf",
            "eFf7",
            "fameSKgb",
            "ameSKgbN",
            "meSKgbNH",
            "eSKg",
            "SKgb",
            "KgbN",
            "gbNH",
            "lb1eg47h",
            "b1eg47hd",
            "1eg47hdK",
            "eg47",
            "g47h",
            "47hd",
            "7hdK",
            "BeBeaowp",
            "eBeaowpm",
            "BeaowpmY",
            "eaow",
            "aowp",
            "owpm",
            "wpmY",
            "AJGeAqm3",
            "JGeAqm3e",
            "GeAqm3e4",
            "eAqm",
            "Aqm3",
            "qm3e",
            "m3e4",
            "cfXeoCcu",
            "fXeoCcuc",
            "XeoCcucn",
            "eoCc",
            "oCcu",
            "Ccuc",
            "cucn",
            "ARweb5AO",
            "Rweb5AOO",
            "web5AOOl",
            "eb5A",
            "b5AO",
            "5AOO",
            "AOOl",
            "e0BeiKqI",
            "0BeiKqIj",
            "BeiKqIjG",
            "eiKq",
            "iKqI",
            "KqIj",
            "qIjG",
            "shuedxlQ",
            "huedxlQk",
            "uedxlQkH",
            "edxl",
            "dxlQ",
            "xlQk",
            "lQkH",
            "FPGeMZ9G",
            "PGeMZ9Gm",
            "GeMZ9Gma",
            "eMZ9",
            "MZ9G",
            "Z9Gm",
            "9Gma",
            "m4Lezovd",
            "4Lezovdi",
            "LezovdiQ",
            "ezov",
            "zovd",
            "ovdi",
            "vdiQ",
            "DjKPHNSX",
            "jKPHNSXP",
            "KPHNSXPy",
            "PHNS",
            "HNSX",
            "NSXP",
            "SXPy",
            "LIfPE2fA",
            "IfPE2fA8",
            "fPE2fA84",
            "PE2f",
            "E2fA",
            "2fA8",
            "fA84",
            "DXqP7STU",
            "XqP7STUQ",
            "qP7STUQN",
            "P7ST",
            "7STU",
            "STUQ",
            "TUQN",
            "rqCPN6wJ",
            "qCPN6wJX",
            "CPN6wJXk",
            "PN6w",
            "N6wJ",
            "6wJX",
            "wJXk",
            "dDEP6es9",
            "DEP6es9k",
            "EP6es9kT",
            "P6es",
            "6es9",
            "es9k",
            "s9kT",
            "WuDPBgw2",
            "uDPBgw2j",
            "DPBgw2jC",
            "PBgw",
            "Bgw2",
            "gw2j",
            "w2jC",
            "TVWPU5vc",
            "VWPU5vcV",
            "WPU5vcV0",
            "PU5v",
            "U5vc",
            "5vcV",
            "vcV0",
            "gZ4PTijZ",
            "Z4PTijZK",
            "4PTijZKT",
            "PTij",
            "TijZ",
            "ijZK",
            "jZKT",
            "X3GPPSDH",
            "3GPPSDH0",
            "GPPSDH0M",
            "PPSD",
            "PSDH",
            "SDH0",
            "DH0M",
            "aQyPlp1k",
            "QyPlp1kM",
            "yPlp1kMr",
            "Plp1",
            "lp1k",
            "p1kM",
            "1kMr",
            "PpNPLVs8",
            "pNPLVs8e",
            "NPLVs8ew",
            "PLVs",
            "LVs8",
            "Vs8e",
            "s8ew",
            "BLiPf6BM",
            "LiPf6BM9",
            "iPf6BM9D",
            "Pf6B",
            "f6BM",
            "6BM9",
            "BM9D",
            "utsPD7vH",
            "tsPD7vHc",
            "sPD7vHcU",
            "PD7v",
            "D7vH",
            "7vHc",
            "vHcU",
            "sLPPv1UD",
            "LPPv1UDu",
            "PPv1UDuP",
            "Pv1U",
            "v1UD",
            "1UDu",
            "UDuP",
            "H7tPXrIw",
            "7tPXrIwr",
            "tPXrIwrF",
            "PXrI",
            "XrIw",
            "rIwr",
            "IwrF",
            "cssP9fQv",
            "ssP9fQvf",
            "sP9fQvfX",
            "P9fQ",
            "9fQv",
            "fQvf",
            "QvfX",
            "HmOPk1fk",
            "mOPk1fkU",
            "OPk1fkUp",
            "Pk1f",
            "k1fk",
            "1fkU",
            "fkUp",
            "BfMP2avV",
            "fMP2avVB",
            "MP2avVBg",
            "P2av",
            "2avV",
            "avVB",
            "vVBg",
            "xWtPwDuM",
            "WtPwDuMJ",
            "tPwDuMJ3",
            "PwDu",
            "wDuM",
            "DuMJ",
            "uMJ3",
            "KtcPykgw",
            "tcPykgw9",
            "cPykgw9A",
            "Pykg",
            "ykgw",
            "kgw9",
            "gw9A",
            "zc9PJxGB",
            "c9PJxGBB",
            "9PJxGBBN",
            "PJxG",
            "JxGB",
            "xGBB",
            "GBBN",
            "IIWPSs1k",
            "IWPSs1kU",
            "WPSs1kUA",
            "PSs1",
            "Ss1k",
            "s1kU",
            "1kUA",
            "XPHPgHX0",
            "PHPgHX0y",
            "HPgHX0yP",
            "PgHX",
            "gHX0",
            "HX0y",
            "X0yP",
            "ugaPapTK",
            "gaPapTKl",
            "aPapTKls",
            "PapT",
            "apTK",
            "pTKl",
            "TKls",
            "FnGPAxYG",
            "nGPAxYGM",
            "GPAxYGMm",
            "PAxY",
            "AxYG",
            "xYGM",
            "YGMm",
            "esRPoaHB",
            "sRPoaHBj",
            "RPoaHBj2",
            "PoaH",
            "oaHB",
            "aHBj",
            "HBj2",
            "XqWPbjHb",
            "qWPbjHbn",
            "WPbjHbnx",
            "PbjH",
            "bjHb",
            "jHbn",
            "Hbnx",
            "uSBPiGwO",
            "SBPiGwOx",
            "BPiGwOxi",
            "PiGw",
            "iGwO",
            "GwOx",
            "wOxi",
            "glaPdQrx",
            "laPdQrxK",
            "aPdQrxKy",
            "PdQr",
            "dQrx",
            "QrxK",
            "rxKy",
            "WuRPM0O3",
            "uRPM0O3C",
            "RPM0O3Cr",
            "PM0O",
            "M0O3",
            "0O3C",
            "O3Cr",
            "gxoPzJu0",
            "xoPzJu0I",
            "oPzJu0II",
            "PzJu",
            "zJu0",
            "Ju0I",
            "u0II",
            "C2iGHWQC",
            "2iGHWQCl",
            "iGHWQClH",
            "GHWQ",
            "HWQC",
            "WQCl",
            "QClH",
            "sX6GE42B",
            "X6GE42Bn",
            "6GE42BnR",
            "GE42",
            "E42B",
            "42Bn",
            "2BnR",
            "bMPG7FmK",
            "MPG7FmKN",
            "PG7FmKNv",
            "G7Fm",
            "7FmK",
            "FmKN",
            "mKNv",
            "vdrGNq7N",
            "drGNq7NZ",
            "rGNq7NZk",
            "GNq7",
            "Nq7N",
            "q7NZ",
            "7NZk",
            "bu1G6rYN",
            "u1G6rYN7",
            "1G6rYN7e",
            "G6rY",
            "6rYN",
            "rYN7",
            "YN7e",
            "nOGGBXB2",
            "OGGBXB2i",
            "GGBXB2i8",
            "GBXB",
            "BXB2",
            "XB2i",
            "B2i8",
            "g26GUjEZ",
            "26GUjEZ7",
            "6GUjEZ7a",
            "GUjE",
            "UjEZ",
            "jEZ7",
            "EZ7a",
            "DltGTYbq",
            "ltGTYbqN",
            "tGTYbqNj",
            "GTYb",
            "TYbq",
            "YbqN",
            "bqNj",
            "CEPGPG8T",
            "EPGPG8T8",
            "PGPG8T8D",
            "GPG8",
            "PG8T",
            "G8T8",
            "8T8D",
            "wj0Gl5i1",
            "j0Gl5i1R",
            "0Gl5i1RV",
            "Gl5i",
            "l5i1",
            "5i1R",
            "i1RV",
            "oJxGL56Q",
            "JxGL56Qu",
            "xGL56QuI",
            "GL56",
            "L56Q",
            "56Qu",
            "6QuI",
            "NOwGfc7V",
            "OwGfc7V6",
            "wGfc7V6w",
            "Gfc7",
            "fc7V",
            "c7V6",
            "7V6w",
            "c6vGDr1M",
            "6vGDr1MK",
            "vGDr1MKd",
            "GDr1",
            "Dr1M",
            "r1MK",
            "1MKd",
            "w5tGvDwf",
            "5tGvDwfy",
            "tGvDwfyh",
            "GvDw",
            "vDwf",
            "Dwfy",
            "wfyh",
            "upCGXF1U",
            "pCGXF1Ue",
            "CGXF1UeZ",
            "GXF1",
            "XF1U",
            "F1Ue",
            "1UeZ",
            "kBBG9rZ2",
            "BBG9rZ25",
            "BG9rZ25P",
            "G9rZ",
            "9rZ2",
            "rZ25",
            "Z25P",
            "tN0GkM27",
            "N0GkM27m",
            "0GkM27mD",
            "GkM2",
            "kM27",
            "M27m",
            "27mD",
            "guFG20co",
            "uFG20cox",
            "FG20coxS",
            "G20c",
            "20co",
            "0cox",
            "coxS",
            "U4QGwQlA",
            "4QGwQlA1",
            "QGwQlA1F",
            "GwQl",
            "wQlA",
            "QlA1",
            "lA1F",
            "eVtGyr5G",
            "VtGyr5GL",
            "tGyr5GLq",
            "Gyr5",
            "yr5G",
            "r5GL",
            "5GLq",
            "CTOGJIX3",
            "TOGJIX3Y",
            "OGJIX3Yh",
            "GJIX",
            "JIX3",
            "IX3Y",
            "X3Yh",
            "wYmGSpp6",
            "YmGSpp6x",
            "mGSpp6xn",
            "GSpp",
            "Spp6",
            "pp6x",
            "p6xn",
            "dAgGgTND",
            "AgGgTNDt",
            "gGgTNDtK",
            "GgTN",
            "gTND",
            "TNDt",
            "NDtK",
            "yt3GaqRx",
            "t3GaqRxA",
            "3GaqRxAE",
            "GaqR",
            "aqRx",
            "qRxA",
            "RxAE",
            "nuuGAK4X",
            "uuGAK4X5",
            "uGAK4X5M",
            "GAK4",
            "AK4X",
            "K4X5",
            "4X5M",
            "m7NGoZHE",
            "7NGoZHEm",
            "NGoZHEmj",
            "GoZH",
            "oZHE",
            "ZHEm",
            "HEmj",
            "LliGbGp8",
            "liGbGp8u",
            "iGbGp8uu",
            "GbGp",
            "bGp8",
            "Gp8u",
            "p8uu",
            "EM7GimN7",
            "M7GimN7M",
            "7GimN7MA",
            "GimN",
            "imN7",
            "mN7M",
            "N7MA",
            "QE7GdoSP",
            "E7GdoSP5",
            "7GdoSP56",
            "GdoS",
            "doSP",
            "oSP5",
            "SP56",
            "sTaGMbqc",
            "TaGMbqc7",
            "aGMbqc78",
            "GMbq",
            "Mbqc",
            "bqc7",
            "qc78",
            "GZEGzpNg",
            "ZEGzpNgC",
            "EGzpNgCf",
            "GzpN",
            "zpNg",
            "pNgC",
            "NgCf",
            "P4FlHEnD",
            "4FlHEnDO",
            "FlHEnDOB",
            "lHEn",
            "HEnD",
            "EnDO",
            "nDOB",
            "wawlEbJk",
            "awlEbJkL",
            "wlEbJkLI",
            "lEbJ",
            "EbJk",
            "bJkL",
            "JkLI",
            "zLdl7UgR",
            "Ldl7UgRg",
            "dl7UgRgB",
            "l7Ug",
            "7UgR",
            "UgRg",
            "gRgB",
            "xHklN7Ok",
            "HklN7Okg",
            "klN7Okga",
            "lN7O",
            "N7Ok",
            "7Okg",
            "Okga",
            "e5tl69g5",
            "5tl69g5D",
            "tl69g5Df",
            "l69g",
            "69g5",
            "9g5D",
            "g5Df",
            "qkglB9OM",
            "kglB9OMN",
            "glB9OMNf",
            "lB9O",
            "B9OM",
            "9OMN",
            "OMNf",
            "mTAlUUiQ",
            "TAlUUiQU",
            "AlUUiQU1",
            "lUUi",
            "UUiQ",
            "UiQU",
            "iQU1",
            "sY7lTbDc",
            "Y7lTbDcE",
            "7lTbDcEx",
            "lTbD",
            "TbDc",
            "bDcE",
            "DcEx",
            "IWSlP3d4",
            "WSlP3d4T",
            "SlP3d4Tb",
            "lP3d",
            "P3d4",
            "3d4T",
            "d4Tb",
            "OmSllseA",
            "mSllseAy",
            "SllseAyJ",
            "llse",
            "lseA",
            "seAy",
            "eAyJ",
            "mxmlLVwI",
            "xmlLVwI5",
            "mlLVwI5W",
            "lLVw",
            "LVwI",
            "VwI5",
            "wI5W",
            "pcclfrls",
            "cclfrlsk",
            "clfrlskY",
            "lfrl",
            "frls",
            "rlsk",
            "lskY",
            "hPOlDWVl",
            "POlDWVlu",
            "OlDWVluo",
            "lDWV",
            "DWVl",
            "WVlu",
            "Vluo",
            "qFmlv01F",
            "Fmlv01FD",
            "mlv01FDv",
            "lv01",
            "v01F",
            "01FD",
            "1FDv",
            "Kk8lXLO3",
            "k8lXLO32",
            "8lXLO329",
            "lXLO",
            "XLO3",
            "LO32",
            "O329",
            "gfnl95sp",
            "fnl95spN",
            "nl95spN8",
            "l95s",
            "95sp",
            "5spN",
            "spN8",
            "sAplkCA3",
            "AplkCA3S",
            "plkCA3SC",
            "lkCA",
            "kCA3",
            "CA3S",
            "A3SC",
            "jgAl2o0Y",
            "gAl2o0Y6",
            "Al2o0Y6T",
            "l2o0",
            "2o0Y",
            "o0Y6",
            "0Y6T",
            "InflwpE2",
            "nflwpE2p",
            "flwpE2p6",
            "lwpE",
            "wpE2",
            "pE2p",
            "E2p6",
            "t86lydKF",
            "86lydKFc",
            "6lydKFcc",
            "lydK",
            "ydKF",
            "dKFc",
            "KFcc",
            "mdolJfvY",
            "dolJfvYs",
            "olJfvYsK",
            "lJfv",
            "JfvY",
            "fvYs",
            "vYsK",
            "o7flSXKK",
            "7flSXKKy",
            "flSXKKy8",
            "lSXK",
            "SXKK",
            "XKKy",
            "KKy8",
            "sF9lgEvV",
            "F9lgEvVg",
            "9lgEvVgc",
            "lgEv",
            "gEvV",
            "EvVg",
            "vVgc",
            "QevlaMuK",
            "evlaMuKO",
            "vlaMuKOt",
            "laMu",
            "aMuK",
            "MuKO",
            "uKOt",
            "mhZlAkKA",
            "hZlAkKA5",
            "ZlAkKA5D",
            "lAkK",
            "AkKA",
            "kKA5",
            "KA5D",
            "abhloxhG",
            "bhloxhG4",
            "hloxhG4E",
            "loxh",
            "oxhG",
            "xhG4",
            "hG4E",
            "EBXlbtPV",
            "BXlbtPVt",
            "XlbtPVtM",
            "lbtP",
            "btPV",
            "tPVt",
            "PVtM",
            "vSdliTSK",
            "SdliTSKU",
            "dliTSKUi",
            "liTS",
            "iTSK",
            "TSKU",
            "SKUi",
            "Cs2ldNkQ",
            "s2ldNkQO",
            "2ldNkQOO",
            "ldNk",
            "dNkQ",
            "NkQO",
            "kQOO",
            "cgBlMrsW",
            "gBlMrsWY",
            "BlMrsWYe",
            "lMrs",
            "MrsW",
            "rsWY",
            "sWYe",
            "J3clzcCX",
            "3clzcCXY",
            "clzcCXYW",
            "lzcC",
            "zcCX",
            "cCXY",
            "CXYW",
            "vmuIH7Ot",
            "muIH7Otq",
            "uIH7Otqw",
            "IH7O",
            "H7Ot",
            "7Otq",
            "Otqw",
            "cjQIEj9b",
            "jQIEj9b3",
            "QIEj9b3v",
            "IEj9",
            "Ej9b",
            "j9b3",
            "9b3v",
            "MsJI78MJ",
            "sJI78MJL",
            "JI78MJLn",
            "I78M",
            "78MJ",
            "8MJL",
            "MJLn",
            "eJOIN3jO",
            "JOIN3jOp",
            "OIN3jOp1",
            "IN3j",
            "N3jO",
            "3jOp",
            "jOp1",
            "fWqI6Fts",
            "WqI6FtsE",
            "qI6FtsE3",
            "I6Ft",
            "6Fts",
            "FtsE",
            "tsE3",
            "lo1IBiwH",
            "o1IBiwHL",
            "1IBiwHL8",
            "IBiw",
            "BiwH",
            "iwHL",
            "wHL8",
            "TW2IU7w1",
            "W2IU7w1C",
            "2IU7w1Ci",
            "IU7w",
            "U7w1",
            "7w1C",
            "w1Ci",
            "KeIIT2Cx",
            "eIIT2CxO",
            "IIT2CxOy",
            "IT2C",
            "T2Cx",
            "2CxO",
            "CxOy",
            "DOhIPpGl",
            "OhIPpGl7",
            "hIPpGl7M",
            "IPpG",
            "PpGl",
            "pGl7",
            "Gl7M",
            "sm7IlS9o",
            "m7IlS9o6",
            "7IlS9o6g",
            "IlS9",
            "lS9o",
            "S9o6",
            "9o6g",
            "wo8ILspW",
            "o8ILspWJ",
            "8ILspWJU",
            "ILsp",
            "LspW",
            "spWJ",
            "pWJU",
            "Or6IfuZF",
            "r6IfuZFs",
            "6IfuZFs6",
            "IfuZ",
            "fuZF",
            "uZFs",
            "ZFs6",
            "CVEIDvyO",
            "VEIDvyOR",
            "EIDvyOR6",
            "IDvy",
            "DvyO",
            "vyOR",
            "yOR6",
            "KVcIv0ly",
            "VcIv0lyl",
            "cIv0lylr",
            "Iv0l",
            "v0ly",
            "0lyl",
            "lylr",
            "IRvIXAyS",
            "RvIXAySu",
            "vIXAySuy",
            "IXAy",
            "XAyS",
            "AySu",
            "ySuy",
            "YiwI9xFc",
            "iwI9xFcM",
            "wI9xFcMV",
            "I9xF",
            "9xFc",
            "xFcM",
            "FcMV",
            "rIQIkYJP",
            "IQIkYJPW",
            "QIkYJPWJ",
            "IkYJ",
            "kYJP",
            "YJPW",
            "JPWJ",
            "lwlI2WNy",
            "wlI2WNy8",
            "lI2WNy80",
            "I2WN",
            "2WNy",
            "WNy8",
            "Ny80",
            "mArIwGXC",
            "ArIwGXCE",
            "rIwGXCEm",
            "IwGX",
            "wGXC",
            "GXCE",
            "XCEm",
            "DYpIybNy",
            "YpIybNyH",
            "pIybNyHG",
            "IybN",
            "ybNy",
            "bNyH",
            "NyHG",
            "yZRIJoHC",
            "ZRIJoHCR",
            "RIJoHCRZ",
            "IJoH",
            "JoHC",
            "oHCR",
            "HCRZ",
            "O8NISWXk",
            "8NISWXkN",
            "NISWXkNt",
            "ISWX",
            "SWXk",
            "WXkN",
            "XkNt",
            "DOfIgguY",
            "OfIgguYl",
            "fIgguYln",
            "Iggu",
            "gguY",
            "guYl",
            "uYln",
            "cT7IaUlo",
            "T7IaUloe",
            "7IaUloeh",
            "IaUl",
            "aUlo",
            "Uloe",
            "loeh",
            "zhVIA6mj",
            "hVIA6mjX",
            "VIA6mjX1",
            "IA6m",
            "A6mj",
            "6mjX",
            "mjX1",
            "bpOIor3B",
            "pOIor3Bc",
            "OIor3Bcp",
            "Ior3",
            "or3B",
            "r3Bc",
            "3Bcp",
            "qsoIbaZ9",
            "soIbaZ9K",
            "oIbaZ9KL",
            "IbaZ",
            "baZ9",
            "aZ9K",
            "Z9KL",
            "DQUIiq4l",
            "QUIiq4lY",
            "UIiq4lYl",
            "Iiq4",
            "iq4l",
            "q4lY",
            "4lYl",
            "RCaIdf7F",
            "CaIdf7Fa",
            "aIdf7Fak",
            "Idf7",
            "df7F",
            "f7Fa",
            "7Fak",
            "iVjIM6TV",
            "VjIM6TVP",
            "jIM6TVPg",
            "IM6T",
            "M6TV",
            "6TVP",
            "TVPg",
            "RPvIzEfy",
            "PvIzEfyc",
            "vIzEfycd",
            "IzEf",
            "zEfy",
            "Efyc",
            "fycd",
            "QU9LHQnh",
            "U9LHQnhW",
            "9LHQnhWc",
            "LHQn",
            "HQnh",
            "QnhW",
            "nhWc",
            "Crea",
            "reat",
            "eate",
            "Padd",
            "addi",
            "ddin",
            "Load",
            "GetObjec",
            "etObject",
            "tObj",
            "ResolveT",
            "esolveTy",
            "solveTyp",
            "olveType",
            "lveT",
            "veTy",
            "ManifestModu",
            "anifestModul",
            "nifestModule",
            "ifestMod",
            "festModu",
            "estModul",
            "stModule",
            "tMod",
            "ResolveField",
            "esolveFi",
            "solveFie",
            "olveFiel",
            "lveField",
            "veFi",
            "eFie",
            "ResolveMembe",
            "esolveMember",
            "solveMem",
            "olveMemb",
            "lveMembe",
            "veMember",
            "eMem",
            "Memb",
            "embe",
            "mber",
            "GetMethodFromHan",
            "etMethodFromHand",
            "tMethodFromHandl",
            "MethodFromHandle",
            "ethodFromHan",
            "thodFromHand",
            "hodFromHandl",
            "odFromHandle",
            "dFromHan",
            "GetFieldFromHand",
            "etFieldFromHandl",
            "tFieldFromHandle",
            "FieldFromHan",
            "ieldFromHand",
            "eldFromHandl",
            "ldFromHandle",
            "IsBy",
            "sByR",
            "ByRe",
            "yRef",
            "GetElementTy",
            "etElementTyp",
            "tElementType",
            "ElementT",
            "lementTy",
            "ementTyp",
            "mentType",
            "entT",
            "ntTy",
            "eadB",
            "ReadInt6",
            "eadInt64",
            "ReadSing",
            "eadSingl",
            "adSingle",
            "dSin",
            "ReadDoub",
            "eadDoubl",
            "adDouble",
            "dDou",
            "GetUnderlyingTyp",
            "etUnderlyingType",
            "tUnderlyingT",
            "UnderlyingTy",
            "nderlyingTyp",
            "derlyingType",
            "erlyingT",
            "rlyingTy",
            "lyingTyp",
            "yingType",
            "IsEn",
            "sEnu",
            "ToObject",
            "oObj",
            "Explicit",
            "xpli",
            "plic",
            "lici",
            "icit",
            "ToUInt64",
            "oUIn",
            "ToUInt32",
            "FreeHGlo",
            "reeHGlob",
            "eeHGloba",
            "eHGlobal",
            "HGlo",
            "Glob",
            "loba",
            "obal",
            "InnerExcepti",
            "nnerExceptio",
            "nerException",
            "erExcept",
            "rExcepti",
            "FullName",
            "ullN",
            "llNa",
            "lNam",
            "IsAssignableFrom",
            "sAssignableF",
            "AssignableFr",
            "ssignableFro",
            "signableFrom",
            "ignableF",
            "gnableFr",
            "nableFro",
            "ableFrom",
            "bleF",
            "leFr",
            "eFro",
            "From",
            "AllocHGlobal",
            "llocHGlo",
            "locHGlob",
            "ocHGloba",
            "cHGlobal",
            "ResolveStrin",
            "esolveString",
            "solveStr",
            "olveStri",
            "lveStrin",
            "veString",
            "GetFunctionPoint",
            "etFunctionPointe",
            "tFunctionPointer",
            "BaseType",
            "aseT",
            "seTy",
            "tMethods",
            "hods",
            "GetBaseDefinitio",
            "etBaseDefinition",
            "tBaseDefinit",
            "BaseDefiniti",
            "aseDefinitio",
            "seDefinition",
            "eDefinit",
            "Definiti",
            "efinitio",
            "finition",
            "init",
            "niti",
            "IsNa",
            "sNaN",
            "IsInfini",
            "sInfinit",
            "Infinity",
            "nfin",
            "fini",
            "nity",
            "IsVirtua",
            "sVirtual",
            "Virt",
            "irtu",
            "rtua",
            "tual",
            "FormatterService",
            "ormatterServices",
            "rmatterServi",
            "matterServic",
            "atterService",
            "tterServices",
            "terServi",
            "Serializatio",
            "erialization",
            "rializat",
            "ializati",
            "GetUninitializedObje",
            "etUninitializedObjec",
            "tUninitializedObject",
            "UninitializedObj",
            "ninitializedObje",
            "initializedObjec",
            "nitializedObject",
            "itializedObj",
            "tializedObje",
            "ializedObjec",
            "alizedObject",
            "lizedObj",
            "izedObje",
            "zedObjec",
            "edObject",
            "dObj",
            "IsCl",
            "sCla",
            "Clas",
            "IsInterf",
            "sInterfa",
            "Interfac",
            "nterface",
            "terf",
            "erfa",
            "rfac",
            "face",
            "DeclareLocal",
            "eclareLo",
            "clareLoc",
            "lareLoca",
            "areLocal",
            "reLo",
            "eLoc",
            "Loca",
            "ocal",
            "EmitCall",
            "mitC",
            "itCa",
            "tCal",
            "LocalVariableInf",
            "ocalVariableInfo",
            "calVariableI",
            "alVariableIn",
            "lVariableInf",
            "VariableInfo",
            "ariableI",
            "riableIn",
            "iableInf",
            "ableInfo",
            "bleI",
            "leIn",
            "LocalTyp",
            "ocalType",
            "calT",
            "alTy",
            "lTyp",
            "ChangeTy",
            "hangeTyp",
            "angeType",
            "ngeT",
            "geTy",
            "CompareT",
            "ompareTo",
            "mpar",
            "pare",
            "areT",
            "reTo",
            "MakeGenericT",
            "akeGenericTy",
            "keGenericTyp",
            "eGenericType",
            "GenericT",
            "enericTy",
            "nericTyp",
            "ericType",
            "ricT",
            "icTy",
            "cTyp",
            "Appe",
            "ppen",
            "pend",
            "AppendFormat",
            "ppendFor",
            "pendForm",
            "endForma",
            "ndFormat",
            "dFor",
            "Form",
            "orma",
            "rmat",
            "CompilerGeneratedAttribu",
            "ompilerGeneratedAttribut",
            "mpilerGeneratedAttribute",
            "pilerGeneratedAttrib",
            "ilerGeneratedAttribu",
            "lerGeneratedAttribut",
            "erGeneratedAttribute",
            "rGeneratedAttrib",
            "GeneratedAttribu",
            "eneratedAttribut",
            "neratedAttribute",
            "eratedAttrib",
            "ratedAttribu",
            "atedAttribut",
            "tedAttribute",
            "AttributeUsageAttrib",
            "ttributeUsageAttribu",
            "tributeUsageAttribut",
            "ributeUsageAttribute",
            "ibuteUsageAttrib",
            "buteUsageAttribu",
            "uteUsageAttribut",
            "teUsageAttribute",
            "eUsageAttrib",
            "UsageAttribu",
            "sageAttribut",
            "ageAttribute",
            "geAttrib",
            "AttributeTargets",
            "ttributeTarg",
            "tributeTarge",
            "ributeTarget",
            "ibuteTargets",
            "buteTarg",
            "uteTarge",
            "teTarget",
            "eTargets",
            "Targ",
            "gets",
            "GeneratedCodeAttribu",
            "eneratedCodeAttribut",
            "neratedCodeAttribute",
            "eratedCodeAttrib",
            "ratedCodeAttribu",
            "atedCodeAttribut",
            "tedCodeAttribute",
            "edCodeAttrib",
            "dCodeAttribu",
            "CodeAttribut",
            "odeAttribute",
            "deAttrib",
            "odeD",
            "deDo",
            "eDom",
            "Compiler",
            "ompi",
            "mpil",
            "pile",
            "iler",
            "DebuggerNonUserCodeAttribute",
            "ebuggerNonUserCodeAttrib",
            "buggerNonUserCodeAttribu",
            "uggerNonUserCodeAttribut",
            "ggerNonUserCodeAttribute",
            "gerNonUserCodeAttrib",
            "erNonUserCodeAttribu",
            "rNonUserCodeAttribut",
            "NonUserCodeAttribute",
            "onUserCodeAttrib",
            "nUserCodeAttribu",
            "UserCodeAttribut",
            "serCodeAttribute",
            "erCodeAttrib",
            "rCodeAttribu",
            "EditorBrowsableAttribute",
            "ditorBrowsableAttrib",
            "itorBrowsableAttribu",
            "torBrowsableAttribut",
            "orBrowsableAttribute",
            "rBrowsableAttrib",
            "BrowsableAttribu",
            "rowsableAttribut",
            "owsableAttribute",
            "wsableAttrib",
            "sableAttribu",
            "ComponentMod",
            "omponentMode",
            "mponentModel",
            "ponentMo",
            "onentMod",
            "nentMode",
            "entModel",
            "ntMo",
            "odel",
            "EditorBrowsableState",
            "ditorBrowsableSt",
            "itorBrowsableSta",
            "torBrowsableStat",
            "orBrowsableState",
            "rBrowsableSt",
            "BrowsableSta",
            "rowsableStat",
            "owsableState",
            "wsableSt",
            "sableSta",
            "ableStat",
            "bleState",
            "leSt",
            "eSta",
            "tate",
            "UnmanagedFunctionPointerAttribut",
            "nmanagedFunctionPointerAttribute",
            "managedFunctionPointerAttrib",
            "anagedFunctionPointerAttribu",
            "nagedFunctionPointerAttribut",
            "agedFunctionPointerAttribute",
            "gedFunctionPointerAttrib",
            "edFunctionPointerAttribu",
            "dFunctionPointerAttribut",
            "FunctionPointerAttribute",
            "unctionPointerAttrib",
            "nctionPointerAttribu",
            "ctionPointerAttribut",
            "tionPointerAttribute",
            "ionPointerAttrib",
            "onPointerAttribu",
            "nPointerAttribut",
            "PointerAttribute",
            "ointerAttrib",
            "interAttribu",
            "nterAttribut",
            "terAttribute",
            "erAttrib",
            "rAttribu",
            "CallingConventio",
            "allingConvention",
            "llingConvent",
            "lingConventi",
            "ingConventio",
            "ngConvention",
            "gConvent",
            "Conventi",
            "onventio",
            "nvention",
            "vent",
            "enti",
            "ntio",
            "harS",
            "arSe",
            "rSet",
            "FlagsAttribu",
            "lagsAttribut",
            "agsAttribute",
            "gsAttrib",
            "VyybV3Hbk9BA0Kxy",
            "yybV3Hbk9BA0KxyM",
            "ybV3Hbk9BA0KxyMx",
            "bV3Hbk9BA0Kx",
            "V3Hbk9BA0Kxy",
            "3Hbk9BA0KxyM",
            "Hbk9BA0KxyMx",
            "bk9BA0Kx",
            "k9BA0Kxy",
            "9BA0KxyM",
            "BA0KxyMx",
            "A0Kx",
            "0Kxy",
            "KxyM",
            "xyMx",
            "0Vo8aGnLWYBq6AMF",
            "Vo8aGnLWYBq6AMFY",
            "o8aGnLWYBq6AMFYc",
            "8aGnLWYBq6AM",
            "aGnLWYBq6AMF",
            "GnLWYBq6AMFY",
            "nLWYBq6AMFYc",
            "LWYBq6AM",
            "WYBq6AMF",
            "YBq6AMFY",
            "Bq6AMFYc",
            "q6AM",
            "6AMF",
            "AMFY",
            "MFYc",
            "resource",
            "ekJCbABmLGs77U1b",
            "kJCbABmLGs77U1b9",
            "JCbABmLGs77U1b9R",
            "CbABmLGs77U1",
            "bABmLGs77U1b",
            "ABmLGs77U1b9",
            "BmLGs77U1b9R",
            "mLGs77U1",
            "LGs77U1b",
            "Gs77U1b9",
            "s77U1b9R",
            "77U1",
            "7U1b",
            "U1b9",
            "1b9R",
            "L8RUNjK99qgMXaV3",
            "8RUNjK99qgMXaV3U",
            "RUNjK99qgMXaV3Uo",
            "UNjK99qgMXaV",
            "NjK99qgMXaV3",
            "jK99qgMXaV3U",
            "K99qgMXaV3Uo",
            "99qgMXaV",
            "9qgMXaV3",
            "qgMXaV3U",
            "gMXaV3Uo",
            "MXaV",
            "XaV3",
            "aV3U",
            "V3Uo",
            "iTJg9l6IfQ2Tc5gk",
            "TJg9l6IfQ2Tc5gkY",
            "Jg9l6IfQ2Tc5gkYe",
            "g9l6IfQ2Tc5g",
            "9l6IfQ2Tc5gk",
            "l6IfQ2Tc5gkY",
            "6IfQ2Tc5gkYe",
            "IfQ2Tc5g",
            "fQ2Tc5gk",
            "Q2Tc5gkY",
            "2Tc5gkYe",
            "Tc5g",
            "c5gk",
            "5gkY",
            "gkYe",
            "4fA0eIhH69ZoXcl0",
            "fA0eIhH69ZoXcl0b",
            "A0eIhH69ZoXcl0by",
            "0eIhH69ZoXcl",
            "eIhH69ZoXcl0",
            "IhH69ZoXcl0b",
            "hH69ZoXcl0by",
            "H69ZoXcl",
            "69ZoXcl0",
            "9ZoXcl0b",
            "ZoXcl0by",
            "oXcl",
            "Xcl0",
            "cl0b",
            "l0by",
            "WrapNonExceptionThro",
            "rapNonExceptionThrow",
            "apNonExceptionThrows",
            "pNonExceptionThr",
            "NonExceptionThro",
            "onExceptionThrow",
            "nExceptionThrows",
            "ExceptionThr",
            "xceptionThro",
            "ceptionThrow",
            "eptionThrows",
            "ptionThr",
            "tionThro",
            "ionThrow",
            "onThrows",
            "nThr",
            "Thro",
            "hrow",
            "rows",
            "12016879",
            "2016",
            "0168",
            "1687",
            "6879",
            "2943",
            "468a",
            "b5e7",
            "eabdd91d8ee2",
            "abdd91d8",
            "bdd91d8e",
            "dd91d8ee",
            "d91d8ee2",
            "91d8",
            "1d8e",
            "d8ee",
            "8ee2",
            "NETFramework",
            "ETFramew",
            "TFramewo",
            "Framewor",
            "ramework",
            "amew",
            "mewo",
            "ewor",
            "work",
            "Version=",
            "ion=",
            "FrameworkDisplayName",
            "rameworkDisplayN",
            "ameworkDisplayNa",
            "meworkDisplayNam",
            "eworkDisplayName",
            "workDisplayN",
            "orkDisplayNa",
            "rkDisplayNam",
            "kDisplayName",
            "DisplayN",
            "isplayNa",
            "splayNam",
            "playName",
            "layN",
            "ayNa",
            "AllowMultipl",
            "llowMultiple",
            "lowMulti",
            "owMultip",
            "wMultipl",
            "Multiple",
            "ulti",
            "ltip",
            "tipl",
            "Inherite",
            "nherited",
            "heri",
            "erit",
            "ited",
            "3Sys",
            "Tool",
            "ools",
            "StronglyTypedResourceBuilder",
            "tronglyTypedResourceBuil",
            "ronglyTypedResourceBuild",
            "onglyTypedResourceBuilde",
            "nglyTypedResourceBuilder",
            "glyTypedResourceBuil",
            "lyTypedResourceBuild",
            "yTypedResourceBuilde",
            "TypedResourceBuilder",
            "ypedResourceBuil",
            "pedResourceBuild",
            "edResourceBuilde",
            "dResourceBuilder",
            "ResourceBuil",
            "esourceBuild",
            "sourceBuilde",
            "ourceBuilder",
            "urceBuil",
            "rceBuild",
            "ceBuilde",
            "eBuilder",
            "Culture=",
            "ure=",
            "neut",
            "eutr",
            "utra",
            "tral",
            "licKeyToken=",
            "eyToken=",
            "ken=",
            "b77a5c561934e089",
            "77a5c561934e",
            "7a5c561934e0",
            "a5c561934e08",
            "5c561934e089",
            "c561934e",
            "561934e0",
            "61934e08",
            "1934e089",
            "934e",
            "34e0",
            "4e08",
            "e089",
            "SUsSyste",
            "UsSystem",
            "sSys",
            "lSys",
            "ResourceRead",
            "esourceReade",
            "sourceReader",
            "ourceRea",
            "urceRead",
            "rceReade",
            "ceReader",
            "eRea",
            "RuntimeResourceS",
            "untimeResourceSe",
            "ntimeResourceSet",
            "timeResource",
            "imeResourceS",
            "meResourceSe",
            "eResourceSet",
            "esourceS",
            "sourceSe",
            "ourceSet",
            "rceS",
            "ceSe",
            "eSet",
            "PADP",
            "ADPA",
            "DPAD",
            "yr8x",
            "r8xt",
            "cGIZ",
            "Ymt7",
            "yhzU",
            "Ke7y",
            "9kQu",
            "JslM",
            "slMp",
            "3rsY",
            "PADPADPm",
            "ADPm",
            "1gpX",
            "SURc",
            "ifsC2kyW",
            "fsC2",
            "sC2k",
            "C2ky",
            "2kyW",
            "xZ9b",
            "upI2",
            "V3dA",
            "jZ0D",
            "Osa0",
            "sa0B",
            "6JXK",
            "PoDv",
            "oDvG",
            "A83d",
            "Hqey",
            "7Ai0",
            "Ai0k",
            "c1y5",
            "wQ26",
            "y0oP",
            "kE35",
            "E356",
            "nhA5",
            "m4nZ",
            "3AGO",
            "pNf5",
            "g8vu",
            "IaCT",
            "s3Yq",
            "nlzV",
            "tdaB",
            "JWkj",
            "Wkj7",
            "WElQ",
            "ZTTC",
            "d2Ef",
            "wb8Z",
            "KSmn",
            "e1tS",
            "hceo",
            "LIb5",
            "MrLn",
            "rLnz",
            "vmTQ",
            "mTQm",
            "2XgN",
            "XgNf",
            "Gk4a",
            "eGd8",
            "PQne",
            "QneN",
            "Y0ra",
            "hXou",
            "ssan",
            "Qu0T",
            "5bdK",
            "0BXR",
            "oND0",
            "quNV",
            "r70h",
            "70h3",
            "vr1u",
            "5q83",
            "91TR",
            "1TRM",
            "TRMj",
            "Nt9E",
            "r6PV",
            "R9ss",
            "8t6S",
            "KCwY",
            "itMu",
            "uWYk",
            "gPJU",
            "PJUw",
            "JUwf",
            "f1Ny",
            "oa3O",
            "Py9i",
            "PjGI",
            "XXBs",
            "XBsj",
            "RuXE",
            "uXE=",
            "ygbK",
            "ccll",
            "u5Sm",
            "wXpO",
            "XpOQ",
            "TFgy",
            "0do0",
            "6MZY",
            "MvvZ",
            "6L3Q",
            "ehOb",
            "hObR",
            "cfHt",
            "jqtX",
            "ipQE",
            "ApSU",
            "pSUL",
            "Ki49",
            "i49N",
            "YPuD",
            "qHAO",
            "INev",
            "eCcu",
            "UyhE",
            "MMrU",
            "TXlw",
            "eMEx",
            "mCEG",
            "LOYC",
            "LhNE",
            "hNEj",
            "rNzk",
            "NzkX",
            "E2UL",
            "2ULw",
            "Pzv0",
            "yE4k",
            "mW2y",
            "SfP9",
            "GBEr",
            "BEr3",
            "mDXy",
            "TIjZ",
            "D0ta",
            "YtMl",
            "z0OL",
            "cIDX",
            "i4rO",
            "4rOL",
            "sZ8F",
            "Z8F2",
            "vpho",
            "k4wU",
            "4rAE",
            "rAEC",
            "VpN5",
            "APNh",
            "PNhI",
            "NhIr",
            "8ngl",
            "mBBX",
            "2uS0",
            "uS0a",
            "9Vc0",
            "Vc0u",
            "adfn",
            "A5RI",
            "bqqt",
            "UX0j",
            "fO1r",
            "O1rP",
            "OgIp",
            "KjIF",
            "7HOw",
            "jK9w",
            "S2PY",
            "Ba7c",
            "erCK",
            "rCKC",
            "ay3c",
            "mGqb",
            "9LAL",
            "LALA",
            "dqej",
            "zZZU",
            "HVQ4",
            "NnJF",
            "i7L7",
            "QsV2",
            "Elll",
            "0fpR",
            "bhbl",
            "Epca",
            "TxOe",
            "nwwi",
            "0Ifm",
            "Ifmf",
            "KRh7",
            "aHKi",
            "k76y",
            "k9Ss",
            "9SsB",
            "x0Lb",
            "Omiq",
            "VnqR",
            "RnXB",
            "I2Hg",
            "4pBN",
            "8Qfa",
            "465G",
            "hNEr",
            "I1hl",
            "aYHj",
            "s63D",
            "z97p",
            "7KLW",
            "KLWg",
            "LWgJ",
            "UH0k",
            "H0kp",
            "0kpJ",
            "BYv4",
            "DQ5R",
            "A9Fs",
            "24Kp",
            "31Hq",
            "k7Y4",
            "7Y4y",
            "uBHM",
            "BHMM",
            "wUMX",
            "xsKJ",
            "hjAR",
            "ScOq",
            "C3AK",
            "3AK=",
            "M1qA",
            "LR1D",
            "R1DO",
            "1Igs",
            "5oyg",
            "oyg7",
            "1nHm",
            "XUPz",
            "UPz1",
            "Pz1K",
            "WY4O",
            "Y4ON",
            "hPXi",
            "rTzk",
            "MILD",
            "KEh9",
            "Eh9O",
            "h9O=",
            "ahxa",
            "LlNs",
            "2mWI",
            "mWIc",
            "29tk",
            "Ry6H",
            "4hME",
            "TDCr",
            "DCrL",
            "MCp9",
            "TRDh",
            "WuEj",
            "UCHH",
            "PP08",
            "LhdS",
            "yvPy",
            "vPyd",
            "VTK5",
            "EdFg",
            "cAbg",
            "y2Kn",
            "2Kn7",
            "Kn7v",
            "7oxW",
            "mwz1",
            "8B0=",
            "tzCi",
            "tSwi",
            "fxjF",
            "YsV=",
            "SEdN",
            "SseS",
            "QXJe",
            "A4NX",
            "ZNFH",
            "Zr25",
            "wFT6",
            "5Rxc",
            "5WfC",
            "R8H3",
            "mWI1",
            "A8my",
            "B1LU",
            "4C5s",
            "NFKS",
            "aqhk",
            "bIpE",
            "IpEi",
            "pEiH",
            "YRrA",
            "mo6K",
            "o6KX",
            "Lqzr",
            "ZVP9",
            "VP9=",
            "fFvI",
            "FvIO",
            "Pnwj",
            "nwjA",
            "V6fq",
            "HuJc",
            "uJc5",
            "DEKL",
            "v0CY",
            "disD",
            "ehRv",
            "Q61m",
            "APi=",
            "eYt=",
            "iThJ",
            "Rcd8",
            "QSnz",
            "LCeE",
            "b1AF",
            "z6cq",
            "cKmT",
            "dskD",
            "GDoo",
            "nZz4",
            "RbH5",
            "I6mh",
            "bdac",
            "4Zez",
            "RwLF",
            "Frfw",
            "8WKh",
            "WKhz",
            "kyJs",
            "Qlx4",
            "lx4H",
            "bytZ",
            "VgI2",
            "3OVi",
            "zW1C",
            "qy7=",
            "kpNP",
            "BI8U",
            "wsz9",
            "7zby",
            "aeur",
            "H9Wm",
            "bjbT",
            "jbTO",
            "bTOk",
            "fgGw",
            "P5GY",
            "nu4g",
            "Dv6u",
            "mQvi",
            "9iSF",
            "anuq",
            "u0zg",
            "iaBW",
            "TO1n",
            "pNfW",
            "x5Ka",
            "5KaA",
            "cZBv",
            "o3iR",
            "Zxen",
            "wby8",
            "by8c",
            "y8cl",
            "Mj0x",
            "VxiE",
            "HSnx",
            "ShvR",
            "fLvK",
            "tcL1",
            "BOuj",
            "vG6u",
            "G6uc",
            "RIMV",
            "IMVP",
            "9dMl",
            "1p8k",
            "OYfD",
            "YfDf",
            "fDfI",
            "FaGk",
            "aGkP",
            "K0gO",
            "Wv2e",
            "mnUt",
            "ucDx",
            "LwDd",
            "wDdQ",
            "boGD",
            "oGDV",
            "6DRj",
            "Wcna",
            "sAKw",
            "ghp3",
            "cQw2",
            "Qw2c",
            "1X6=",
            "u79K",
            "YpDP",
            "QVNV",
            "5I3a",
            "XW2J",
            "W2J1",
            "jHeA",
            "EjdP",
            "2rA3",
            "yHu=",
            "82OG",
            "1R2b",
            "IqCp",
            "quJx",
            "LsH4",
            "LLqI",
            "Kbe5",
            "EIdF",
            "Qejg",
            "eqYD",
            "KLZI",
            "2wJS",
            "mhK1",
            "Q9yu",
            "9yug",
            "UZxE",
            "EN6V",
            "N6VN",
            "ko7D",
            "D78C",
            "78Ct",
            "Z1Vo",
            "1VoM",
            "iUCH",
            "WKjI",
            "12L0",
            "VAs4",
            "x3I2",
            "v5jB",
            "5jBC",
            "hEWB",
            "kxMY",
            "pkmV",
            "BMxE",
            "MxE8",
            "xE89",
            "kK48",
            "K48=",
            "UdmP",
            "quMT",
            "tVj7",
            "qlw3",
            "dRK9",
            "W8ZQ",
            "DBus",
            "Ommj",
            "M1sC",
            "Lg6H",
            "yzKY",
            "9OTQ",
            "7S2b",
            "OQ1p",
            "KZyF",
            "yC7P",
            "C7PL",
            "AnVV",
            "DpXe",
            "fkRk",
            "aH6k",
            "H6k1",
            "6k1F",
            "DiYj",
            "upum",
            "fDjz",
            "Djzo",
            "JaeF",
            "2wxa",
            "Cy9b",
            "B4Wd",
            "qPMU",
            "YK5F",
            "ooWN",
            "2Pfx",
            "6h08",
            "6c9D",
            "LZwm",
            "Nwlg",
            "wlgr",
            "5v3V",
            "vgIa",
            "i6Lj",
            "Ubl3",
            "bl3w",
            "Paaq",
            "MOQR",
            "OQRZ",
            "QRZx",
            "sr3P",
            "pVNT",
            "vlnI",
            "8UJM",
            "IU5F",
            "wgAR",
            "nLRU",
            "LRUT",
            "RUTR",
            "9lWy",
            "yQQU",
            "BaFN",
            "452e",
            "kuoh",
            "WDyY",
            "Rbbv",
            "xi5G",
            "C6si",
            "3CqW",
            "CqWm",
            "qWmU",
            "IoS2",
            "hkWC",
            "ReN5",
            "FfXW",
            "2nT0",
            "FnBZ",
            "4OhC",
            "OhCJ",
            "Ge7t",
            "e7t2",
            "uEF=",
            "OrWn",
            "rWnA",
            "GwHZ",
            "kn3O",
            "n3Om",
            "qWuo",
            "Ga4P",
            "plLp",
            "U4tF",
            "gFrL",
            "gip5",
            "ip55",
            "Ib8b",
            "b8bL",
            "sCbh",
            "Cbha",
            "W9PM",
            "9PMk",
            "CFdq",
            "46Em",
            "leT8",
            "eT8L",
            "T8LY",
            "8LYS",
            "qAOT",
            "AOTU",
            "OTUh",
            "hLTv",
            "LTvX",
            "GBu9",
            "EzKU",
            "n7po",
            "k1Go",
            "1Goa",
            "HCb5",
            "81q7",
            "VLzv",
            "fXbt",
            "XbtR",
            "v0Cj",
            "CNR3",
            "NR3P",
            "W6cG",
            "6t6Z",
            "t6ZC",
            "E5o9",
            "5o94",
            "pJiE",
            "JiE4",
            "iE4p",
            "h6pt",
            "qbHO",
            "n21l",
            "gSPy",
            "XRoX",
            "iW0m",
            "W0mP",
            "YqxA",
            "yNAU",
            "BRA3",
            "RA3W",
            "qTOt",
            "XBeD",
            "cKWH",
            "aN3V",
            "N3Vi",
            "3Vig",
            "zdwY",
            "JdtD",
            "dtDJ",
            "tDJF",
            "jN1n",
            "N1nw",
            "in7u",
            "Qwpi",
            "5YT6",
            "Wnjm",
            "njmF",
            "P7eH",
            "R6Jd",
            "Yevl",
            "jFZC",
            "FZCv",
            "ZCva",
            "KejL",
            "1G5O",
            "G5Or",
            "5Or3",
            "cMRv",
            "Q8Qy",
            "8QyT",
            "yX0p",
            "WPsS",
            "lB3O",
            "B3Ol",
            "XuGd",
            "gBcc",
            "Bcc2",
            "Eo3J",
            "aZKR",
            "ydeE",
            "1i3h",
            "rBbb",
            "Bbb8",
            "bb8l",
            "b8la",
            "a57X",
            "iF2i",
            "1Rsd",
            "G9HX",
            "9HXk",
            "Civg",
            "ujAi",
            "r86S",
            "86Sr",
            "INe=",
            "WTAr",
            "TArw",
            "Jpcn",
            "2XYr",
            "rAj5",
            "8Aw=",
            "qVwR",
            "htOM",
            "JHEN",
            "HEN0",
            "6u9B",
            "VADC",
            "PEbI",
            "9cQ1",
            "hoqV",
            "5LwQ",
            "w2Le",
            "EIfY",
            "IfYo",
            "mUzl",
            "Uzlk",
            "ljXS",
            "DSLu",
            "0IGR",
            "6fU4",
            "fU4W",
            "Fcq5",
            "3UKk",
            "i0AX",
            "Patd",
            "atdR",
            "tdRz",
            "i4SA",
            "6BSg",
            "QYBh",
            "j29N",
            "pT1d",
            "wjwO",
            "jwO9",
            "wO9H",
            "DvDW",
            "sd4a",
            "z5uL",
            "0Zrm",
            "5bZ0",
            "bZ0i",
            "22Xs",
            "Ddz6",
            "ZLeB",
            "tzMm",
            "rjE2",
            "EXG7",
            "cAyH",
            "mAHc",
            "h4n8",
            "PHjG",
            "ZUap",
            "UapZ",
            "rN35",
            "Bwu2",
            "cJaU",
            "tXxy",
            "3qSq",
            "y3jh",
            "Pa8g",
            "Bsob",
            "L5iC",
            "5iC0",
            "pFTU",
            "7YG0",
            "YG0h",
            "G0h5",
            "0h5A",
            "RIq2",
            "TY74",
            "Y743",
            "7431",
            "l78L",
            "sGrk",
            "11ST",
            "NzW2",
            "bwqP",
            "cgKu",
            "rlrV",
            "jkWL",
            "lqdV",
            "WRhW",
            "nh66",
            "XHoq",
            "cm0W",
            "fdII",
            "dIIa",
            "IIa3",
            "acor",
            "Ufuz",
            "fuzu",
            "k9a7",
            "uVA5",
            "VA5X",
            "rx81",
            "FeaK",
            "eaKZ",
            "xCj5",
            "Cj5U",
            "wdCZ",
            "W8rn",
            "8rnh",
            "joPW",
            "Nwyz",
            "Wzmt",
            "zmti",
            "kQQB",
            "QQB=",
            "zssM",
            "ssMG",
            "QYsV",
            "kuxH",
            "GPwK",
            "RQ6o",
            "RyOU",
            "i3jX",
            "nM1P",
            "IhES",
            "L8PZ",
            "8Y7J",
            "QVXI",
            "j5GI",
            "6lh8",
            "lh8O",
            "Um7V",
            "m7VV",
            "uKqB",
            "iZtU",
            "Eif=",
            "2rkK",
            "rkKY",
            "Tbb7",
            "bb7j",
            "NxPL",
            "bhwyQoQL",
            "hwyQ",
            "wyQo",
            "yQoQ",
            "QoQL",
            "GyAa",
            "wqch",
            "Nuww",
            "uwwG",
            "wwGp",
            "lOv5",
            "BYJW",
            "SYOy",
            "Z5tp",
            "J2v0",
            "j0QW",
            "734Z",
            "XZ9H",
            "Z9Hs",
            "9Hsu",
            "gBLw",
            "pzdi",
            "nrEv",
            "DDPX",
            "ndzz",
            "Fu1i",
            "PTe0",
            "U3gA",
            "vkq4",
            "z3TD",
            "5yqk",
            "yqks",
            "qksf",
            "5FOs",
            "FOsJ",
            "DFw2",
            "NUNs",
            "UNsO",
            "1Gco",
            "R5UZ",
            "8ggJ",
            "mAYA",
            "BhjS",
            "negt",
            "clOl",
            "AQAk",
            "l7oL",
            "VSa0",
            "Sa0Y",
            "Sr29",
            "d2U7",
            "9WrD",
            "rOxX",
            "6JKs",
            "JKsu",
            "STZ=",
            "wuxP",
            "uxPD",
            "phn7",
            "P8dk",
            "jKiL",
            "G36H",
            "Y2HO",
            "2HOH",
            "M6OV",
            "XRtp",
            "4Uje",
            "xqX6",
            "vCxc",
            "H9MW",
            "Lrlh",
            "xtmu",
            "tmuy",
            "8ZwC",
            "MXFJ",
            "XFJJ",
            "UqO0",
            "pTSh",
            "TShz",
            "Qjbw",
            "LaK0",
            "0Rzf",
            "Rzf8",
            "ZKbw",
            "Eohj",
            "ohjo",
            "zbtN",
            "BK2P",
            "OSep",
            "c7QC",
            "Iv9t",
            "5Ksu",
            "Ksuu",
            "KZ5m",
            "gfe4",
            "XmnJ",
            "bfr2",
            "MmJN",
            "mJNC",
            "MXIq",
            "3n2o",
            "sgdB",
            "tStD",
            "JTHF",
            "0eYK",
            "tJL8",
            "ByHo",
            "2kSW",
            "uruA",
            "puLE",
            "iFc9",
            "epbB",
            "pbBn",
            "vupb",
            "upb8",
            "KDBi",
            "DBik",
            "Biki",
            "rrXC",
            "NI3g",
            "SH7F",
            "DyOg",
            "2lcS",
            "G4Em",
            "likh",
            "cOP=",
            "C8NE",
            "mTif",
            "KqLV",
            "kwpu",
            "V73r",
            "73rA",
            "nD7w",
            "D7w0",
            "dDwh",
            "oty3",
            "6DkW",
            "1K1m",
            "HxnJ",
            "V1Jb",
            "xMhl",
            "ZDC6",
            "DC6J",
            "On08",
            "WZXx",
            "ZXx0",
            "cIM9",
            "NGCQ",
            "0E2L",
            "E2LH",
            "2LH7",
            "abLj",
            "IL2a",
            "j5Gd",
            "m1d6",
            "1d6g",
            "rXXt",
            "XXtc",
            "fRSe",
            "JO6E",
            "tRI2",
            "RI2b",
            "xzvn",
            "wdmW",
            "i5Sq",
            "o4an",
            "4AS7",
            "vI4b",
            "b2XN",
            "fV9R",
            "2ff3",
            "dgIK",
            "SqF4",
            "Rfhn",
            "CorExeMa",
            "orExeMai",
            "rExeMain",
            "ExeM",
            "xeMa",
            "eMai",
            "Main",
            "msco",
            "core",
            "oree",
            "version=",
            "encoding",
            "ncoding=",
            "ing=",
            "standalo",
            "tandalon",
            "andalone",
            "ndalone=",
            "dalo",
            "alon",
            "lone",
            "one=",
            "assembly",
            "xmln",
            "mlns",
            "lns=",
            "sche",
            "chem",
            "hema",
            "emas",
            "microsof",
            "manifestVersion=",
            "anifestVersi",
            "nifestVersio",
            "ifestVersion",
            "festVersion=",
            "estVersi",
            "stVersio",
            "tVersion",
            "assemblyIdentity",
            "ssemblyIdent",
            "semblyIdenti",
            "emblyIdentit",
            "mblyIdentity",
            "blyIdent",
            "lyIdenti",
            "yIdentit",
            "Identity",
            "dent",
            "ntit",
            "tity",
            "name",
            "ame=",
            "MyApplicatio",
            "yApplication",
            "Applicat",
            "pplicati",
            "plicatio",
            "lication",
            "icat",
            "trustInf",
            "rustInfo",
            "ustI",
            "stIn",
            "tInf",
            "security",
            "requestedPrivile",
            "equestedPrivileg",
            "questedPrivilege",
            "uestedPrivileges",
            "estedPrivile",
            "stedPrivileg",
            "tedPrivilege",
            "edPrivileges",
            "dPrivile",
            "Privileg",
            "rivilege",
            "ivileges",
            "vile",
            "ileg",
            "lege",
            "eges",
            "requestedExecutionLe",
            "equestedExecutionLev",
            "questedExecutionLeve",
            "uestedExecutionLevel",
            "estedExecutionLe",
            "stedExecutionLev",
            "tedExecutionLeve",
            "edExecutionLevel",
            "dExecutionLe",
            "ExecutionLev",
            "xecutionLeve",
            "ecutionLevel",
            "cutionLe",
            "utionLev",
            "tionLeve",
            "ionLevel",
            "onLe",
            "nLev",
            "Leve",
            "evel",
            "leve",
            "vel=",
            "asInvoke",
            "sInvoker",
            "oker",
            "uiAccess",
            "iAccess=",
            "ess=",
            "fals",
            "alse"
          ],
          "addresses": {
            "f": 255488,
            "fff": 604505
          }
        },
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsNET_EXE",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsPacked",
          "meta": {
            "description": "Entropy Check"
          },
          "strings": [],
          "addresses": {}
        },
        {
          "name": "Microsoft_Visual_Studio_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 602798
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 602798
          }
        },
        {
          "name": "Microsoft_Visual_C_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 602798
          }
        },
        {
          "name": "Microsoft_Visual_Studio_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 602798
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 602798
          }
        },
        {
          "name": "NET_executable_",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 602798
          }
        },
        {
          "name": "NET_executable",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 602798
          }
        }
      ],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T101D49E7776934E21C2890373C5DB4E4693B8A682B6E7F70E7145239614063EFEE0B267",
      "sha3_384": "9a8ab78d274714fbc118982c6a530b9596a9416a85ee0b1d6b8fd8f2a870ed481c009f1a74b10fc7a618eea8f221c8eb",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x000950ae",
        "ep_bytes": "ff250020400000000000000000000000",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x0009ea8a",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {
          "mscoree": {
            "dll": "mscoree.dll",
            "imports": [
              {
                "address": "0x402000",
                "name": "_CorExeMain"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x00095060",
            "size": "0x0000004b"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00096000",
            "size": "0x00000560"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00098000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00002000",
            "size": "0x00000008"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000200",
            "virtual_address": "0x00002000",
            "virtual_size": "0x000930b4",
            "size_of_data": "0x00093200",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "7.19"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00093400",
            "virtual_address": "0x00096000",
            "virtual_size": "0x00000560",
            "size_of_data": "0x00000600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "3.92"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00093a00",
            "virtual_address": "0x00098000",
            "virtual_size": "0x0000000c",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.10"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_VERSION",
            "offset": "0x000960a0",
            "size": "0x000002d4",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "3.17"
          },
          {
            "name": "RT_MANIFEST",
            "offset": "0x00096374",
            "size": "0x000001ea",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.00"
          }
        ],
        "versioninfo": [
          {
            "name": "Translation",
            "value": "0x0000 0x04b0"
          },
          {
            "name": "Comments",
            "value": ""
          },
          {
            "name": "CompanyName",
            "value": ""
          },
          {
            "name": "FileDescription",
            "value": ""
          },
          {
            "name": "FileVersion",
            "value": "1.0.0.0"
          },
          {
            "name": "InternalName",
            "value": "Efyfqp.exe"
          },
          {
            "name": "LegalCopyright",
            "value": ""
          },
          {
            "name": "LegalTrademarks",
            "value": ""
          },
          {
            "name": "OriginalFilename",
            "value": "Efyfqp.exe"
          },
          {
            "name": "ProductName",
            "value": ""
          },
          {
            "name": "ProductVersion",
            "value": "1.0.0.0"
          },
          {
            "name": "Assembly Version",
            "value": "1.0.0.0"
          }
        ],
        "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
        "timestamp": "2052-03-03 01:23:11",
        "icon": null,
        "icon_hash": null,
        "icon_fuzzy": null,
        "icon_dhash": null,
        "imported_dll_count": 1
      },
      "data": null,
      "strings": [
        "mxyOjyU1eVaBCOKrsEc",
        "vSdliTSKUi",
        "O_\"Ab",
        "QQbv9Tf1oQWJwyPnwh8",
        "<\"28n,",
        "NF2*zM",
        "O5YJGXKOrMUjJNfi7UN",
        "gZlevdHZyA",
        "jfRlcSJNU",
        "8lc{1",
        "R^R][eq",
        "get_Location",
        "/H@MJ",
        "T0oXjDDARMKNwOLf5O",
        "m_e50d96f218d84613ba5bd9a617b3f4f0",
        "DeclareLocal",
        "#Strings",
        "wTP<x",
        "k1}lJ,U",
        "\\R8H3",
        "rHvhfZTjpD",
        "{#nH/",
        "i_0[L",
        "uqxhmmb8H3",
        "azO?i",
        "nD7w0",
        "eoLs3W8gkm",
        "SZk77awEaC",
        "kQQB=8",
        "m_dc920ac92a34434ca33472533bb2c45a",
        "^=/d8A",
        "lnpjfBHHitTcIbxkN7U",
        "K83Qmlh6gtXVsgJN91x",
        "rFRnruRitXWSO9BHQA1",
        "bRw6k0oNXo",
        "tk\\=c",
        "mr4(G",
        "dAgGgTNDtK",
        "t9ahuiBh1J",
        "fxXswTVar3",
        "Callvirt",
        "GEJkIQlhvkOsLULkyM1",
        "?gS(r",
        "XQoQ4NT3ih7kjOXsZWp",
        "OfL(n",
        "vG6uc",
        "V6eek5g6J5",
        "6\\bC'",
        "BGLhYJO1b0",
        "EN6VN",
        "?1\"~\"",
        "[quMT",
        "gLqAwmUqVtdQPLONg11",
        ":vO!p",
        "T'hy\"",
        "AssemblyTitleAttribute",
        "BRA3W",
        "dErCUhlOnPf5DaX2MhQ",
        "DLfg5xGCda1seJdhNxd",
        "HymhvB9Mu7",
        "_ouA$",
        "Dn4KyefZE1WYxQHobvT",
        "X''=z",
        "R6Jd\\",
        "KG4H67arIH",
        "3W&r+",
        "UIntPtr",
        "N|4J$",
        "OBw|]",
        "8\\3>w}",
        "($6!>",
        "72O%G",
        "j2IhntLStUmqMX05eHp",
        "T9OHYMnaySYkJY05nTu",
        "a?TWS",
        "jU<z8",
        "TJP64ilIkG",
        "($\\%R",
        "vz\\yv",
        "5?@r:",
        "zvNU26v89R",
        "jg7Gl1rm3VxOHZX3D4y",
        "E\"%mM",
        "mUzlk&",
        "ehObR",
        "BRgEOiGcwI",
        "D2xe9Ykoxq",
        "=RuXE=\\",
        "iadBYjR0io",
        "7aj$Q",
        "dZ$qdv",
        "m_073f39878b9445e680251b5873d423a3",
        "VTvh44VkNE",
        "CreateDelegate",
        "olvKMpST6L",
        "<O)'QH ",
        "J0=Zn",
        "hYMKsIKc9TVB7OhCBmh",
        "v0GXg0fd88pPxr0u6Er",
        "e0BeiKqIjG",
        "sTvnpWek2nfmDwFdfK",
        "DPPeoMTVmgG4WbymXT1",
        "m_099b6c92f24e435c8eb7a89478bacfef",
        "6fU4W",
        "E8.au",
        "m_5539c661ad0f4e7e99066094d4533489",
        "Vg*frA",
        "sX6GE42BnR",
        "m_537dc3ed79034ac59134387c9b881111",
        "w6_T;*f4_",
        "get_LocalType",
        "EXG7,",
        "XqWPbjHbnx",
        "#]*A5",
        "k#>+Rh",
        "GBTT7pvq9y",
        "XjXo,",
        "B1SEmhH1X9",
        "srf2836LgQlWsOltOhD",
        "</assembly>",
        "FQ7pjNGmuGi3bJO5lDc",
        "Ldc_I4_1",
        "    <security>",
        "C#q1C",
        "Ra8zcVqHc",
        "($(#N",
        "lpName",
        "rNJ;4",
        "V73rA",
        "uqJTLbPnTk59Mk3Y3cO",
        "F9J(8",
        "px4KaB8pGg",
        "Z\\<K/",
        ">.xs^",
        "x}8v0",
        "2ah!>",
        "CrQ4JYn1DGJce8A2HOx",
        "QDev67L2YLdXVO5oKHX",
        "Y#qd5",
        "Mw,Nk",
        "`c];rx",
        "Reverse",
        "Assembly Version",
        "ResourceManager",
        "VbQBVFV0ep",
        "tvwltuLR9IuBHEKRLk7",
        "^u~|+`",
        "epbBn?",
        "J1u68pPW662xJcBNHxc",
        "LUPhqJEmhw",
        "Hashtable",
        "xvAQZ9K5ArSQPRjfSCC",
        "m_bd6c5065737c42c99bc694464bf154ae",
        "w21fV5LNgjFfcjOLH5X",
        "enFThnLfcve3i3iN7mZ",
        "yBn;j",
        "dwSize",
        "Tw7hcUoa7j",
        "get_Value",
        "m_540941d27d7841a683d84c5f658b672d",
        "MrLnz",
        "Ojq/0",
        "iINn56lFFgdWRQoJqSk",
        "JjVrfWsd2D",
        "BfMP2avVBg",
        "S1AH8NJWTY",
        "BiEuqO2WEUSBGMo",
        "FlagsAttribute",
        "#L}>|)*}}",
        "O32pEpUetR7rZqcTSuh",
        "get_Omitpg",
        "cHawEkK0OATIEU27soM",
        "bJelTmGFPRNlLmnEm92",
        "u4ry4fg3xj71WiHqe8",
        "KCFlcDdR6L",
        "'7J['",
        "uEAdobonp",
        "Ora}]",
        "16~S#",
        "z4JhzgW1Wd",
        "m18KgOpAX1",
        "0>O^ek0",
        "qcdTIIZ5PkcfxwSSghB",
        "i4cl1iPcJOewiCBXEmb",
        "=puLE",
        "m_76262de4fa2248c8a143c5df3d18b02c",
        "t*$Uc",
        "wWBHw78RpX",
        "GetType",
        "MLs45FZSTd2TiolYQe0",
        "D$%bQ^f",
        "KvAE5FBi7A",
        "djdBreD2nB",
        "2a2%R",
        "#3rsY",
        "Hi8dEi6RnPKsS0aaOc1",
        "le`R`",
        "dUrZP3wk7E",
        "fVVHe7v0FW",
        "{U2:>",
        "M53iVSRGDot6Bf2vwPp",
        "'2'.J['",
        "E5IsSaV6IQ",
        "YPlePCt9JS",
        "^W@DpXe",
        "22Xs(",
        "b:73w",
        "+-<`)",
        "DNmxNg5q878ibPLGTSr",
        "pP=A(",
        "'\"'/JL",
        "W}(Ma",
        "WZXx0",
        "YxD7LmiwFh",
        "IuSCx5LKPmw8UyqWatm",
        "afV7DbkibE",
        "YdBELiOTBx",
        "UuxKndGpUBFnrfYiT1H",
        "__StaticArrayInitTypeSize=24",
        "ni6_;",
        "Array",
        "?_bs1",
        "IntPtr",
        "nativeSizeOfCode",
        "'#J['",
        "W{^WY",
        "anatkoRSCX9syrsbhkB",
        "vqx3TflsRqkvooLSpGA",
        "zt`Wk",
        "QjaXJUTQD3K88Qy7PMk",
        "`.rsrc",
        "IsAssignableFrom",
        "xZ9b\\",
        " /Pkt",
        "NG(O+W",
        "koNpHqhHLE9NHTRIugd",
        "LocalBuilder",
        "LhdS&",
        "bgb85G6Jhf589wybmlZ",
        "\\>QZ h",
        "ii2YcUrRE5CcZXDVaSy",
        "StringFileInfo",
        "+2T=0H",
        "flAllocationType",
        "CLTUwaIxnQ",
        "EBXlbtPVtM",
        "kytXZjrqtCSYiYSJKJL",
        "wY=F~vF",
        "bJ3sjvLGYtJ2swQwob1",
        "HEp#k",
        "Exists",
        "GPDKfAe4CqRX7ZmkRi6",
        "f_P_r",
        "DDZnIGmGCs",
        "#Blob",
        "WhS4AhRpa4R0v7cJV6G",
        "Alloc",
        "rBXskrqsXq",
        "TaioR7TrmL5kx47wTI6",
        "oDfhe0G82DZFEbPJh6l",
        "SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "taS(F",
        "32.dll",
        "R6vHgpxKxw",
        "uBHMM@",
        "KZ5m{2",
        "lpNumberOfBytesWritten",
        "LegalTrademarks",
        "5;fJ6",
        "iGGB4SVBVT",
        "AIGeKAUYJMbwf7i1nb2",
        "BZF6nr8Yxv",
        "G<)1h",
        "bgh}IlV",
        "sTaGMbqc78",
        "gyMas2L12R17UtFQfsJ",
        "n9q3DSP0BPr7BAvqdnm",
        "licE3V4OMe",
        "Q.AZ5",
        "wawlEbJkLI",
        "MObfuAExT",
        "System.IO.Compression",
        "x87OP8RgSwaEOmlSOxK",
        "T}!<M",
        "PhrsCNf7UU5DC3Q6cy0",
        "m_fc96d90fd49d415e848087ac55c4557f",
        "System",
        "'_`3Mm",
        "Enumerator",
        ".;J.3J.+J.#J.",
        "NI3g\\",
        "m_072bfb4db7c24767846180ed9891d74a",
        "esRPoaHBj2",
        "F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
        "ReadDouble",
        "v,e2k",
        "bytZ.",
        "Bd06QiJeo7",
        "#}_>[\"",
        "hM1eNGGYRl",
        "sYDKpernMCMqfDpRTwE",
        "2a2\"H",
        "}~^.Ql!",
        "TryGetValue",
        "D2XTY9P1yycrVNidrMG",
        "System.IO",
        "'T's<",
        "m_c98a1b611d3d48d8a27df90e65f8c4cd",
        "@j,\"[N\\7",
        "v\"wgAR",
        "EIfYo",
        "=zbtN",
        "gi,S8@h/",
        "clNhp3XcJE",
        "StackFrame",
        "VqeHACljLH",
        "yBwoGGfJSKtgSNXwDIi",
        "BrM6eKbgbx",
        "C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
        "FCH/z8",
        "Ldc_I4_8",
        "aj\\,,J",
        "7zo}r",
        "5uk q",
        "jr.>o",
        "x}'c\\S",
        "yQ6Y3Mf3NEDaVijVdc7",
        "Ly7BoqAOkf",
        "m_b3952c5eaf90463aad06e57e66d22ad8",
        "%rN35",
        "2XgNf",
        "H:`lo",
        "UiRWkuT1WRoO6qvPCeb",
        "Mx1nLpOOyX",
        "xxdKXWEVIW",
        "LrXB1GI0QWLv9kLgH7Y",
        "8,]cOH",
        "FEwHLwORsI",
        "Qi${p",
        "ROFTALAVR0",
        "CNR3P",
        "=h& 1]",
        "zW{g~v",
        "P\\pxH",
        "ahxa.BPb",
        "lB3Ol",
        "kFhsUiInpNdcDrobBfi",
        "Concat",
        "GX8ZZZW9Ou",
        "OHWs1cIrF8VORxxd92c",
        "rIQIkYJPWJ",
        "YqxA^",
        "qAOTUh",
        "3_oa3O",
        "System.Runtime.Remoting",
        "@.reloc",
        "@u'/Q",
        "rhsnPNJKuP",
        "NoprydPxBq",
        "System.ComponentModel",
        "nA0Zl5nxqK",
        "LE0EUmU0Io8ro13fS4v",
        "GZdrPIhaS3",
        ";{PAs",
        "Q(~L9|",
        ";+r~v",
        "aVfBstI61o",
        "n0VnKI71Hj1Hfvpe72r",
        "d@|{iq",
        "UHROQNM8nJMyt7WhVU",
        "bDENPfPVxHreHxZdo0E",
        ".zTJ.Z",
        "sm7IlS9o6g",
        "=lq'Vt",
        "[)}jU@",
        "z|RXK",
        "!:sGx",
        "m_22eafa4717564f83b8fd543fa8bd19a6",
        "Cs2ldNkQOO",
        "P]6X@M",
        ",7z}f",
        "F\"Ki49N",
        "GetManifestResourceStream",
        "iJjG0UUQmwxMnpP7kmf",
        "ct5nWAijpG",
        "~B&?|B",
        "VaWSoBeyS",
        "yI7EaD7ci6",
        ">w>(z",
        "H7tPXrIwrF",
        "Ghwgc4LW7yD5E7lnkhj",
        "nxIdXJI5hrcSKZ39ODq",
        "wj0Gl5i1RV",
        "b8vZbufSroJXELW4RY7",
        "*[N=08",
        "x#;PU",
        "ESH427noWTPxXXDqfGF",
        "eZXK6pL6FSAUKMnJiOQ",
        "mLyZL9lD8I",
        "l`m'sz",
        "Pa8g-",
        "yioMiiTeHwXQ0Ym4Z7S",
        "bILQBvECiUe2MRnXdvC",
        "P2umuYGt6ReeNetbX8i",
        "\\X+av",
        "5FOsJ",
        "A`OLY",
        "u?G$ ",
        "GetValue",
        "x3m>p",
        "~Bwu2",
        "zF2hvyP8GkVDdZG9kvj",
        "Dictionary`2",
        "Crf22ZEG1SWCYGxb5hg",
        "K6FUaOThwb",
        "iUCH]",
        "W`]6i@",
        "XJ@_+t",
        "BCDUvLftRQp4Z7dwhOD",
        "pnJUgjOwlZ",
        "UjrBLSDjZb",
        "lf9Pa2TGtHLERbypKdk",
        "'9Aq;",
        "!d_2o",
        "yBNhBOxcof",
        "EmptyTypes",
        "\\mBBX",
        "g</M9^'",
        "MemoryStream",
        "]qbHO",
        "wxdKhURl9m6q2oNlwDT",
        "<mTif",
        "FnGPAxYGMm",
        "E2KEkM7PJI",
        "If0wWFTWq0OOBYHqU1O",
        "a <z'",
        "Ldc_I4_S",
        "Ldsflda",
        "Ufuzu}",
        "I&WiM",
        "sZeO0iRT9upBM1q67RS",
        "d@'[#[",
        "YDZZjH0tut",
        "ocL` Dy",
        "J:\\IjM",
        "^:Nio",
        "m_e30b53871c1043af98ae565556077eb7",
        "fgqeJFeFf7",
        "erCKC",
        "($ !>",
        "BindingFlags",
        "CuoUXMDV7r",
        "!)Kn<",
        "  <assemblyIdentity version=\"1.0.0.0\" name=\"MyApplication.app\"/>",
        "kd@Eh'",
        "e9wsOQsG6r",
        "k|#Kx",
        "\\;czo",
        "t86lydKFcc",
        "'zwl%!",
        "lerZreo2uB",
        "T2\\8y",
        "      </requestedPrivileges>",
        "iEaZH5v9AX",
        "B}0#-",
        "Invoke",
        "-8U\"0",
        "$n4].P",
        "EM7GimN7MA",
        "yANnyhmG1exx1k1",
        "(#\"`^",
        "get_AllowOnlyFipsAlgorithms",
        "CharSet",
        "o9QbZ6lCGHIYeQI66Sf",
        "Q7dQ7d",
        "m_dded5a243bb54fed96bfc6bc474aa244",
        "pg!aZ;",
        "grjFKrRUpMTbGmDKCQM",
        "MakeByRefType",
        "9f<Yl[*f",
        "\\;)[+<t",
        "gq1EgOyXl2",
        "m08R8ifGeSPJJ2Vn5Lc",
        "C8GwpUKninAGEBNSL8V",
        "ASiHQYZ2gf",
        "T5RBv2ai19",
        "JLos1Dhorl",
        "m_ff38c5a6f63042468adb5dfd67d81732",
        "gEHrfEJaJ",
        "O4UBp22ybk",
        "ComputeHash",
        "0E2LH7",
        "mN/)1",
        "09O<`",
        "HXXkwC97v36mypeVYM",
        "{iP$*",
        "2a, +",
        "cHaZUFMjtx",
        "cPdK2Od0VI",
        "ymlgoaTKIRoiTar9WQ9",
        "u#ZLeB",
        "bfi-%",
        "U72H2JkfIP",
        "km4DQ5LVCSDvKgHw19h",
        ">mGqb/8",
        "7KLWgJ^u",
        "ReadBytes",
        "RLgKvXBRFX",
        "BeBeaowpmY",
        "pirkC5R2jl50EedKOnQ",
        "SS5KzU73oH",
        "p{E/{ac",
        "Int64",
        "riMsjsJASg",
        "Cg1ra3IAMY",
        "Microsoft.CodeAnalysis",
        "L5crm3IeNcRWUAXjKdy",
        "QG3SIDL72Z0LWjLswBe",
        "OfJPyYGGrEo3YWI763P",
        "D78Ct",
        "odXrMH1wdH",
        "GE8ZtClSpD",
        "JQDh1ZSgiw",
        "w0lKA1OwuY",
        "xCOBDubOPV",
        "($+\"H",
        "pb6Fry1gR",
        "$12016879-2943-468a-b5e7-eabdd91d8ee2",
        "nrEv>",
        "8WKhz",
        "D6iEcs6wqH",
        "Ke7y^",
        ")K_a>h",
        "\"ix,]",
        "J7AsuoIM2x",
        "zssMG",
        "/91TRMj",
        "U~YpD[C",
        "X([m{",
        "KKQmlLRwrFICLfdCMK2",
        "nc1sCSnvTC",
        "Vh5syBVEZf",
        "`{M-9W",
        "UV7af7r4xrZcCISZQcN",
        "List`1",
        "Ldobj",
        "gML6gjTQTC",
        "(1#!U",
        "-0IGR",
        "YZxE2QwFuG",
        "m_84d4198945cf4b2297c4cb602118ff7f",
        "M1IBmvpeLt",
        "GP4KXDUp154wYrFCtcJ",
        "Append",
        "d2Ef:U%",
        "TXE[B",
        "Yl-J;m_",
        "kw,X_",
        "](Kl;a",
        "idXdi7GOMKmnSq6MRZn",
        "wPuEp6SG26",
        "VLzv:x",
        "Ge7t2",
        "8-coN",
        "a@8Tg@~J",
        "xB0SDlIVE8M2TYqcsLX",
        "aA0HUYSuRT",
        "&n,3}XE\\",
        "IsNaN",
        "jSQHtyjMPQ",
        "P4FlHEnDOB",
        "qve6YiFZru",
        "7a^>x",
        "m_89a266a2ebd140cbae6c02dd044e0400",
        "Qv2Xx5rpEZgu0621hfp",
        "Ldc_I4_3",
        "uDwrSyg0Dd",
        "#Y=ghp3",
        "Assembly",
        "wDh&b",
        "'?d['5",
        "$=56N",
        "bdac{$",
        "nC3h0gFnc2",
        "==Upn\\",
        "GaKtxXIqMOGG7EiDT2i",
        "KkdPwXPukYfv2TcDLP3",
        "pg5BBDVWTr",
        "d}Q1H",
        "]l:`;",
        "[\"~f2l>",
        "MoveNext",
        "X0I]<",
        "L6TLLrLmbFjyDparSvM",
        "8_2|+",
        "dgIK,",
        "NUNsO",
        "lx0BPJp2On",
        "GetHashCode",
        "K3N7El22Fk",
        "tJYnUqlZju",
        "TVWPU5vcV0",
        "HrUWhteWbl0NpT7jnRJ",
        ",yU[T",
        "($Q$N",
        "f9DRwnZouqJtBI4o3P3",
        "vupb8",
        "m_2a03807fb3404a00ad218e9cd6bb1173",
        "tNADkJG4oxgDiHCIN35",
        "GftkiPRkXI4pTxK7RhO",
        "r\"D<%",
        "rb_ul",
        "S@GhR",
        "nwjHzAiqBL",
        "^tXxy",
        "s&WPsS",
        "set_Mode",
        "fKl6q01cNL",
        "j@\\L#",
        "lqN2G0KExuMfavIZHCA",
        "m7NGoZHEmj",
        "wgqN7OLem4FLQAnhJU8",
        "Uh^@\"L",
        "6{_G:p",
        "WuDPBgw2jC",
        "EsyClrLwFvPXZ9RcZgC",
        "PPooX7eh6TNC2EmFUP2",
        "P[P9s+",
        "s8PEqMWuIp",
        "$<,\"R",
        "7Ai0k",
        "AhyhHEUFryR0ueeHfCw",
        "Ldind_Ref",
        "KDBiki",
        "<uAq-",
        "H,tdaB",
        "System.Security.Cryptography",
        "m_99917951f7534bbe81016c5d053fec11",
        "A7{#!",
        "'.J['",
        "GetName",
        "ysCBgulQLVV3QIyevRs",
        "iTJg9l6IfQ2Tc5gkYe.4fA0eIhH69ZoXcl0by",
        "hf/1nHm",
        ",x]#@",
        "sF9lgEvVgc",
        "\\}>>J^N",
        "cCOtsJX1l",
        "zLdl7UgRgB",
        "kE356",
        "x_gcr",
        "DtbK9Qe5vx",
        "3Ng&:",
        "2a[$N",
        "MakeGenericType",
        ">jK9w",
        "ih;M!c",
        "<>9__12_0",
        "WY4ON",
        "get_ParameterType",
        "BMxE89",
        "c7jEJDfueeGxILg6cHG",
        "U7F8A4rYqJ2ZQdh1NMl",
        "fn0QUuURGMUER1peMoI",
        "JdtDJF\"",
        "YI37l5uBR4",
        "DaCfjQnpytIxMfeQonv",
        "hQI&Q",
        "B1RsZufXixBEOhsfgvL",
        "e%\"{x",
        "CipherMode",
        "System.Reflection",
        "m_c3c3ae08b0dd411799d3d0f8cdaeb9d1",
        "Uc_J%:",
        "slwhbguM8j",
        "paramters",
        "ox12UJUZM3aWAF2tFW7",
        "KedTgyFC3",
        "<}>7F",
        "J'rDZ",
        "T7MhRDMcvi",
        "NyGrs0RYV89gQQZ0x9D",
        "Z:tYy&9",
        "Au,OE,",
        "LR1DO",
        "YnRBqZa3he",
        "_MI1.",
        "dmDnN8YWjS",
        "Q4m4WxwqHJLsZ0ZV1p",
        ":$sgdB",
        "xrrKSe2jgd",
        "J&E5o94,",
        "$Lqzr*",
        "]!1DE",
        "c9oUswf8SMtC3unmyAM",
        ",R7Q@",
        "o]yn]",
        "m_05e0ee85c1c04918b6940ed1408a6fea",
        "2at$N",
        "A1wRc4LBZ9ynMaRvHC4",
        "ekJCbABmLGs77U1b9R.L8RUNjK99qgMXaV3Uo",
        "_+,\"G",
        "MSgrbV6yaE",
        "8f_PVb*",
        "j9f1IGGYUVFCg4S9GSp",
        "DynamicMethod",
        "RP6scyejX1ere9FRY8R",
        "EeKPRjl1pYCAALtqNll",
        "V*fFvIO",
        ";7}#v",
        "typemdt",
        "I)xt$",
        ":')t~a",
        "bWM7bsLCP7",
        "tMWn59TXkN",
        "49+Cl+",
        "'b:b.",
        "WTArw",
        "Attribute",
        "Tg8aMofgCCGdyI8pNlK",
        "m4ovJkZyiaePCH9Samm",
        "ffS)T",
        "lL'_Mz",
        "ComVisibleAttribute",
        "EditorBrowsableState",
        "/_'`\\",
        "InitializeArray",
        "cKWH*",
        "OOCUBtr21p",
        "'8d['",
        "OfE1sLUj2HEEDN6KYll",
        "e0llrHRLD8SAj5dlaN6",
        "Y9V3X8qiTW",
        "[9#,$",
        "sScvjfLuJw12gB6qPcj",
        "  </trustInfo>",
        "r6seDcy10q",
        "GetTypeFromHandle",
        "Version",
        "ValueType",
        "th17fCEJ0X",
        "DUqHSrIZhB",
        "sDGTky5TQh",
        "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>",
        "PXZV8kecy9bmaFd3ywu",
        "hJrTdRKUCJfQy5ih3wd",
        "MsnSRlR0keyCJpfgus1",
        "s*>WEb",
        "EANnJx5j0h",
        "qs379u1oS7",
        "JI4rTP5IQ0",
        "D09KkCH2FJ",
        "MD5CryptoServiceProvider",
        "H3QhMGjsan",
        "mArIwGXCEm",
        "CC?RwLF",
        "DebuggableAttribute",
        "EditorBrowsableAttribute",
        "lETua8KVGFTFNnuiEw4",
        "__StaticArrayInitTypeSize=12",
        "zaJLmWfVI73pdmBSrtP",
        "b7ZHI2euo13rvdM2kvn",
        "MulticastDelegate",
        "Monitor",
        "A,CgK",
        "g26GUjEZ7a",
        "#|<3D$4Gh",
        "U3gA+",
        "wm5qBthe7PWiyp6QwXj",
        "qGt063r5GJBrTW4faq6",
        "GetGenericArguments",
        "&6@Hs[j",
        "m_bc46424e3e2a414b87d3ded325ca4037",
        "Euex6WUnqFCfZEDVkRp",
        "2ft w",
        "--(\\e~q",
        "XDbBE6I08m",
        "set_Position",
        "La6TPBwsft",
        "S5CS3I6iRaAlKeCbfkZ",
        "\\{q/E,",
        "VVK7IMB5JY",
        "nJssqXHRXp",
        "Upln4Zf2uWmJ2tgBYGA",
        "Od!gf",
        "Tf-MiP",
        "If{pS",
        "TY7431+f",
        "R:2ff3",
        "Osa0B*",
        "#F[7H",
        "(^Y0ra",
        "V\\0u-",
        "{f(/x",
        "PFYBuqfIsR",
        "L4L6Ck62Zh",
        "Xt]1OO",
        "4H#@AfA",
        "FlushFinalBlock",
        "2fl-Z",
        "xU5KTNhi10",
        "rDTgcQnXdoapjb3orKB",
        "cgBlMrsWYe",
        "tMXBbPjCts",
        "qVwR]",
        "?_ds5",
        "wVSHaqPFXWFq3notQ9F",
        "jN1nw",
        "oA2Fk1eFYgwisMxb4Pi",
        ".ZDC6J",
        "xQRBGtrfvf",
        "('8n0",
        "@FaGkP L",
        "AX1MdQZclsPF6DlecJ9",
        "MOQRZx",
        "m_5510e1b68fd64436ac14e0e45af4efab",
        "cPqEG7IsYReEGbm4AHL",
        "jWj6NkcuGN",
        "D8cnT3ltIB3GCJ9DmGV",
        "vQhKJpW07a",
        "Y<cfq",
        "lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet",
        "Int32",
        "VTXBeTND2P",
        "_CorExeMain",
        "fO1rP",
        "S1OhraoyV6",
        "RPvIzEfycd",
        "splZUgP4vy8SEQ4Wxb",
        "YoEAByBzxC0wcOeTM5A",
        "heWZVe2ETX",
        "Htdzey.g.resources",
        "-6h08#",
        "#1fM\"B",
        "HEb6RbPRSUGn76dfTuw",
        "GeneratedCodeAttribute",
        "pUd6Du5msl",
        "eyu8ygfwydFLBRBGXbt",
        "Py86vwY8GI",
        "Object",
        "get_IsStatic",
        "t?89;]",
        "vn0jxqy33",
        "7XSpTyut5BQOT7ANvD",
        "M0AU4uUWNxhN671dmjH",
        "ResolveMember",
        "cZj$9",
        "doT)@",
        "a+zg%3",
        ".)-o/",
        "[(D!D",
        "XngvpjlRNdh7QtUBINZ",
        "2aU#N",
        "vVGPKJ7HJILhLkXU7lr",
        "zTCSeZKrw5PThQ9kuxF",
        "rS8TvVyvkX",
        "PatdRz",
        "b1J;C",
        "($l#N",
        "xGRT2MGRPW",
        "unQhUhSGiG",
        "uCq%/",
        "ILGenerator",
        "}/tl>@!`",
        "[KjIF",
        "yAG W",
        "BZunCuLTO55KqLQPc8v",
        "tctyWiRzQVUZN2pYnX7",
        "Cxxy82TIyVYRnK7jGeL",
        "2aq .",
        "Nt9E{",
        "\"x5KaA",
        "m_f10c8a0658784fe1b3493271f1ffbe90",
        "m_50b85bf61bef4152bb276fe221a04353",
        "}X)Ty",
        "sY7lTbDcEx",
        ";TO1n",
        "R3x*Pih",
        "Q3V7nGW3Fp",
        "]0'7GQ",
        "<PrivateImplementationDetails>{987D5E06-59D6-4C51-9ADF-C3C0AE4FC498}",
        "m_41436c7bab6e414e8e9fc07a40cf1cc3",
        "E[n=p",
        "Protect",
        "kp0pmofeErPQbEGMeIu",
        "-ufL$",
        "XNr'MM",
        "InvalidOperationException",
        "Nj>mU",
        "6u\\\"Y^ ",
        "6JKsu",
        "SU1gC5Tp0jnRwUXnV2V",
        "2aw#N",
        "QBEhjhneCg",
        "L*VsF",
        "VgI2.O",
        "m_02de2f24483e4f9381a5b4c4ff288a4c",
        "GXVZMTfbeF",
        "set_Item",
        "result",
        "glaPdQrxKy",
        "U4tF{",
        "cOYeHy2qUi",
        "Hv#/CFdq",
        "GetMethod",
        "i7GZRmlBmN",
        "G\\KLz",
        "L4Y7c5dJRb",
        "qTIZ4MyksM",
        "4T`a%",
        ".k~-sn~",
        "RnNZwTywDV",
        "-hd$C",
        "kernel ",
        "eJOIN3jOp1",
        ".%P ~'n",
        "@SqF4",
        "GHKeTUwHEh",
        "<Module>{b8bddd2a-a952-4523-8049-3c5b3829d6dc}",
        "Ldarg_1",
        "cT7IaUloeh",
        "p1C ]u;2rkKY",
        "3<;w/_(T'S\"",
        "i%Cm,",
        "ArgumentException",
        "m1d6g",
        "tOfTB4qGcQ",
        ",FfXW",
        "DbJM2EGrhNfPjSpxjqd",
        "RuntimeFieldHandle",
        "ChangeType",
        "\"tzMm*v5}",
        "MethodInfo",
        "Ldsfld",
        "Ldc_I4_2",
        "GetUninitializedObject",
        "PVV4LRGKkvJ9P1cApvr",
        "841F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
        "!l`B7",
        "=3-!8Aw=L'",
        "&zLU(",
        "m_37077beea53c4f9785a43d0d0613adb5",
        "OmSllseAyJ",
        "abhloxhG4E",
        "iVjIM6TVPg",
        "sqN7NaZ6AvxHnT9qCBr",
        "m_8b1e919bddc64c51abc011e9a7fd1682",
        "_vFy|",
        "boGDV",
        "IEnumerable`1",
        "i_!L;",
        "?&o1d",
        "CG8qinEt9LQI1QtKt",
        "'2d['",
        "Phvd14fT3x6nDuvbSyi",
        "VMTmrElmIvEjhC5FuTB",
        "abYAC8fI7T7gBvo2b9Y",
        "e^+kh.",
        "d.]f^+",
        "op_Equality",
        "4lH@}",
        "ca4IjWrCbTOwqvLoQRy",
        "cS96BjCIZ6",
        "'*d['",
        "y0fHrL9SOV",
        "y;FlW/",
        "&2Pfx",
        "xc9TfobJr8",
        "Ldflda",
        "flProtect",
        "}mQvi",
        "__StaticArrayInitTypeSize=32",
        "GH9gG7PGLKFQPpInTTL",
        "System.Text",
        "DeOU9HkxbM",
        "P4{)*",
        "R9ss-",
        "Q9h:\\",
        "      <requestedPrivileges xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        "hXssQo5Vw6",
        "j/zC=",
        "Qa3EFsRxnc",
        "x3s6Eqs8uY",
        "WDtdbmRI7UkcjQja7ax",
        "RhsJSoI1EVdnAeAScnx",
        "ayMHD9QEgo",
        "lnpvpoeKwkyLN3t5Wox",
        "#|c\\0",
        "l<=fM7",
        "Ak%Pb",
        "R&ES/",
        "}Ew>G",
        "Ht5sJUqeNm",
        "Ubl3w",
        "SJjTU4SrDe",
        "get_Position",
        "x[+;,",
        ".o 9]%u",
        "g47BWrCWLV",
        "cCP^K",
        "4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
        "callback",
        "9LALA",
        "Or6IfuZFs6",
        "xNRQwKUtFnYYN8ds6Rv",
        "hPOlDWVluo",
        "ihA6wVTQD1",
        "WuRPM0O3Cr",
        "qDaefPetNZYvvwgVpCP",
        "m_64bc0d950f994adfac79a0cf7dcd0307",
        "jHMZUB7PSB8BFaPtMWe",
        "GbW68qRytHwLwsOhW60",
        "<Module>",
        "GZEGzpNgCf",
        "j3cHN6JMun",
        "QY86bPQ0cv",
        "TFxEzOYU99",
        "Nwlgr",
        "Cw`?p",
        "du9curL8hdgUrEbGZUr",
        "MsJI78MJLn",
        "WLaTau2P52",
        "Ldc_I4_4",
        "V>,%mLC#_v",
        "W,w|'",
        "FEJOEGeIrT9K7pfuK57",
        "SKJNgtKIXnVETvnXa68",
        "^}o#Y",
        "LoiZ9D2pZk",
        "v8x+[",
        "uT:,Z",
        "phkZCOMtHg",
        "7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
        "gZ4PTijZKT",
        "CX7Tlfqyes",
        "IWSlP3d4Tb",
        "@^B4P",
        "bMPG7FmKNv",
        "Handle",
        "]X|Ul",
        "GetMethods",
        "gxoPzJu0II",
        "ksp6SUFXkx",
        "SNoTL3PLdP",
        "v4.0.30319",
        ".{>[\\",
        "m_7168cb2bdb644ae0a076c3dddf999620",
        "ag<M<F",
        "set_Culture",
        "kNhhKC2n6L",
        "m_8394028c75be407da3d985eee62ffdc1",
        "mRvUA5kZKC",
        "wdLr9illvs",
        "get_BaseType",
        "w)3V>t\\",
        "get_Assembly",
        "Hn;^E",
        "usD7NY16cp",
        "m39UMWfp4sd384et0SF",
        "7#Akm\\",
        "Cv5RkZUrIhrNK9QIPrw",
        "`9iSF",
        "`R<* p",
        "ftZYkqex9qHgslRKkUB",
        "sgZ\\I",
        "RMC7gT9JDL",
        "vdrGNq7NZk",
        "dv|yc",
        "qFmlv01FDv",
        "sJEs9xmIwE",
        "zefdOA7k6NVlTE0XMr4",
        "M@9!R",
        "mX\"^d",
        "YsV=8",
        "5bZ0i",
        "<X:og",
        "IDw74Xy5Pe",
        "Be[-H",
        "f%*9W",
        "KeIIT2CxOy",
        "9K,oo",
        "WcoHMZvxIU",
        "<]_\"8",
        "4*YRrA_",
        "=WW+{",
        "__StaticArrayInitTypeSize=256",
        "j5?Tu",
        "XZ9Hsu\"{",
        "q;0[g",
        "OrSe6hIiIL",
        "rNzkX",
        "@eAU*",
        "MWc!dS",
        "bInheritHandle",
        "M*/(q",
        "bIfEDVRvLp",
        "t8x7usIGdRAoo5mQpmp",
        "get_DeclaringType",
        "XDLoffr8R4EK7XwJJpn",
        "_hW+y",
        "UlOfakPKb29XMN2qBnN",
        "uDLh3unYbe",
        "RQ6o >",
        "GaVZDTARiX",
        "XPHPgHX0yP",
        "WRA48bfoT7rXhMhs9Cc",
        "|[dU0",
        "`i4rOL",
        "Comparison`1",
        "Unbox_Any",
        "7i{ 3\"",
        "wtZZbHtifZ",
        "wvCt1semMHYMxJdfrq2",
        "tY}GTZ,",
        "59058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
        "WrapNonExceptionThrows",
        "IZYTiIY3uo",
        "bJyANdL4JXOj8CDZ4vq",
        "tL<Yr",
        "NullReferenceException",
        "LLIO3xfkL54xFuh0pVg",
        "NOSvdaP6M",
        "ResolveType",
        "f%jO9",
        "target",
        "%a+Hr",
        "hBBT9ukaHB",
        "fWHKHCBMk8RmiVZU7K3",
        "'=J['",
        "QT?'J",
        "Ni'K3:",
        "CsWkun6A9Is4RyqD9vJ",
        "LPvUcef4WnCZklKmyAY",
        "CompanyName",
        "AssemblyProductAttribute",
        "ReadUInt32",
        "edDYLYZdyGOpcxZ21y1",
        "'=-{<",
        "B4Wd:R",
        "wJL)ne",
        "|AQ>y",
        "Write ",
        "k9SsB",
        "{Zhu} ",
        "'Q)C\\",
        "CreateInstance",
        "SZN\\{+!",
        "w:U\\p",
        "?_cs1",
        "F9wro6CNG0",
        "et%w(l",
        "J+uQd",
        "yvPyd",
        "Jb3e19n0IDVhGdJFPrM",
        "aANZIXAJ3V",
        "FileShare",
        "c^vlnI",
        "        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"/>",
        "qFBhwiUIpY2WrSKd1o7",
        "m8DE78A63BFBEA70",
        "aNrno9BxSZ9C94I99VC",
        "OpCodes",
        "RcsKyfhrRO",
        "shuedxlQkH",
        "mhZlAkKA5D",
        "\\#Twj",
        "byv7AMsX9u",
        "1~|3ZF",
        "MILD # Qd",
        "CVEIDvyOR6",
        "LtWHvWZdeP",
        "yeSSUMRC2gLxa8gJ7Vs",
        "Fb<MY",
        "W8rnh",
        "^z~Mj0x",
        "kgTH7kXOjo",
        "flags",
        "Z,x_C",
        "A4HaU4Kut45feEMPExx",
        "get_Module",
        "z:_v['",
        "GetElementType",
        "i0XQl9UoSkFPZs8HTp",
        "3Yc.Z",
        "lj7eyIKt3ZTs1VmjDww",
        "Omitpg",
        "Single",
        "KaJ|>",
        "NotImplementedException",
        "gZm6WvfsFF5a2BuXFDR",
        "W$:}2",
        "TYMBMAK68Q9Tq6wWS7y",
        "rpDt8NRApEWJxLBWuLX",
        "2a> -",
        "D5&>F",
        "Im8E0cL5BO",
        "zMVsAseQ9X",
        "xG2h9dJcHa",
        "aoqbZJfnq7ir5nPJAwW",
        "n-UF\\",
        "{,PA<",
        "ResolveString",
        "Gd=zG",
        "@F\\vu",
        "&N/i|",
        "value__",
        "FGU6ZQRuZe",
        ";.CJC",
        "Unbox",
        "Kju633fVaA",
        "f>uiA-",
        "rOjCZorAEL2T0AfbFR",
        "6ih#3",
        "n5NrBXTcyrXpLmNoDlP",
        "Vd82gml0O47Dy4IsvoH",
        "}hB6!",
        "AfwAnfTshDlpXhODVEb",
        "u|k9F",
        "i*QB>(/",
        "gPJUwf",
        ");9Y~",
        "AttributeUsageAttribute",
        "Nm}<I",
        "j\\4Y#",
        "B!=,O",
        "!Bm+_",
        "x%mw,m<Q^)",
        "QnNhV435K3",
        "Htdzey",
        "!\"9sy",
        "hp4DYyh7viWR6qKnohl",
        "m_901a84b0d1e143deb562fd17ceebf571",
        "h3EUHD6snJ",
        "W9PMk",
        "yEKEIT9iwd",
        "^%m,\\",
        "6:`A@",
        "_6N vY",
        "hgMHd2o4ca",
        "/=46o",
        "X&XcM",
        "rvOOPCRFTAD8gsFqFOa",
        "wS^,[4",
        "GetProcAddress",
        "CreateDecryptor",
        "ImrC1SRMY0YOHZ9naWw",
        "CEPGPG8T8D",
        "EmbeddedAttribute",
        "'9d['",
        "XwTspJKEdZ",
        "s5iCBZeZv7JBKB3ZW9y",
        "m_59e0f2643f9144f487a3ec082abe60cf",
        "kernel32",
        ".nhA5",
        "L\"gu#",
        "6t6ZC",
        "i1v2PZm0J",
        "nwFBfCVmok",
        "]quNV",
        "geImdmhnnVeAf1JOWiO",
        "nIa[n",
        "/G.@|",
        "%\"sx%",
        "qgVXSPLhIl5ci7ZHZAB",
        "rufZBX3sPp",
        "m_0703956e92e24d799e36cb1bbf898ddc",
        "Jk-3P",
        "eKTKftR1erKf0Ocm7yJ",
        "@a57X\\",
        "  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v2\">",
        "m_0c4de8d8af714262b1a19f804407e32e",
        "C5S-v|",
        "ajZZkZ3NSZ",
        "EfhnhGaBQq",
        "3UKk}9",
        "YC$ex",
        "qTOt/!",
        "Gr0s0jcpV9",
        "Y0pHusBnt0",
        "rFVptZ5YC9Y6LtC93FG",
        "WLKHoQEM3N",
        "Marshal",
        "81k\\s",
        "W9.)Vb",
        "FormatterServices",
        "sZ8F2",
        "dxNXlPTqkgOYCTVwn2o",
        "Dppe7RNBLb",
        "]C:.&>",
        "@!YaS",
        "#3n2o",
        "AqRrzUbAZI",
        "MXMN61lpbcTboB84aa5",
        "DVYlSkenBubjFM0x0R2",
        "qkglB9OMNf",
        "unsUCmPYWk9J44dNuch",
        "Ldarg_2",
        "__StaticArrayInitTypeSize=30",
        "G/K>1DF",
        "RQUuV0PhR65FVLDNOHp",
        "e5tl69g5Df",
        "bHJ|X",
        "di(I&(",
        "OriginalFilename",
        "m_0b67444dd74b4ac8a27c124c8240277f",
        "<Module>{1F4B02DF-696E-486A-8B35-F56CCA1C23C6}",
        "f4u7BoF1Db",
        "FvkZzI2gUJ",
        "w<\"r1",
        "jdYAy3IjjXrJE8SlxTY",
        "1A[$\"*R;",
        "2z{B~H",
        "N8qgDAPCkMR6kecLFQX",
        "nb3nyl2puH",
        "Ldc_I4_7",
        "c6vGDr1MKd",
        "z97p+t",
        "{e)Z9",
        "?>@>A",
        "y?jv0@",
        "UZxE]",
        "FieldInfo",
        "FileMode",
        "m_03bdda1abd0d4f0b9529f23045710b71",
        "I9YGd0UupLOvr6Pa4gA",
        "o+<ICJ",
        "L`?) m",
        "DbpBI6NxEp",
        "ap[%Q",
        "*|gyD.N\\t",
        "XN5BNJT4IGjydrv3T9n",
        "Wj5KDxBuga",
        "+Jvl}",
        "D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
        "ObjectHandle",
        "V?!R$",
        "fZWrWaKqtwaBqdVF0b4",
        "Stream",
        "m_a08cf5257c9540ffacf5c7f96fb6bf31",
        "get_HasValue",
        "qG50RmhhqnDRufSqkKj",
        "Nullable",
        ":N:tD",
        "+i0AX",
        "'='3J['",
        "Encoding",
        "0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
        "I,1#)",
        "o7flSXKKy8",
        "m_74534355f0e94cdba9309ed01533095d",
        "^KLZI",
        "xtmuy",
        "MhDBNAuxeb",
        "Mt1Veh78BubfcaBLG1Y",
        "X7uTXcTHDh",
        "bIpEiH",
        ",9?Hc",
        "<ZTTC",
        "HxyYwdy1J",
        "BrtpQQanV",
        "UZ[s>",
        "ooWN!",
        "pP*w!4U",
        "evyU7ZuJVm",
        "y5PjCFfiA5UAgJgffR7",
        "\\TgN*",
        "YLm76ERvQR",
        "A>DXq",
        "Exception",
        "AXjK2DPeCtjdlGyd44C",
        ">Z<RM",
        "ySxIiOfFdrQJxGkdyGk",
        "eTuEXb5iy9",
        "P`Sdy",
        "'k4\"u",
        "$8>9i",
        "kye^r",
        "_]MVV",
        "System.Runtime.Versioning",
        "!This program cannot be run in DOS mode.",
        "TransformBlock",
        "U?y2Kn7v#C",
        "G0PLweZFUarMcHkd2Ij",
        "(${!>",
        ">'k8+s",
        "'aeur",
        "{{T_.",
        "_?tBF",
        "System.Reflection.Emit",
        "%``{i05",
        "LliGbGp8uu",
        "nyJosAerrOmKAqOIpxU",
        "f^XF,",
        "JuiOVhRKbrpT5boaJx2",
        "Stind_Ref",
        "CompareTo",
        "#?z?M",
        "JVPoERU3E474DndoDDV",
        "&3't/",
        "jFZCva",
        "{cm0W",
        "cssP9fQvfX",
        "GetProperty",
        "tyXBRPk22r",
        "SRTESUHnMlWtoUBmlCn.lnpjfBHHitTcIbxkN7U+CrQ4JYn1DGJce8A2HOx+NCMGydn9EkFcY1lRG7A`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]",
        "VkDEJGwi0O",
        "%dqt/kf",
        "ToString",
        "qgn){",
        "Ldarg_S",
        "m_86bce48724d64269bb2956c77d2c9ada",
        "UInt32",
        "Cb['=",
        "\"\\\"Zee",
        "3`HkN{",
        "qZWKPRvtUw",
        "N%9&,",
        "Kd_}=",
        "PaddingMode",
        "ResourceA",
        "GetBaseDefinition",
        "`cAbg",
        "]>wF`",
        "TnyXn6LPMbe3JXo01P9",
        "vdR6mpgjMP",
        "Int16",
        "KpfnyiRtrsFp8WC0FXA",
        "g5CxwOIRP8Ijn7K4xC7",
        "ra1Z2SSq3u",
        "Kk8lXLO329",
        "VSa0Y",
        "TSwuArZxMcJgGs7nO94",
        "=o`Oec",
        "UH0kpJ",
        "Um7VV",
        "\\S<BF\"",
        "m_16fbc231e6324a0f95e337cd94956537",
        "M5jXTAGZ1CKe4rPOhZ6",
        "yZRIJoHCRZ",
        "OrFrvpuBER",
        "te3hTD4B7F",
        "b2yr2b0Z8E",
        "]JWkj7",
        ");nu4g",
        "ResolveField",
        "System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "DCG7RyqXEF",
        "DOhIPpGl7M",
        "I8chQAHsa4",
        "oB/sS",
        "lTVB6VghP8",
        "9/la ",
        "VarFileInfo",
        "OO+?F",
        "KSArKIG3UhgndsSlqRC",
        "N8V6O1X4yx",
        "m_d7d5e8a982a44cc59856a41cf2422189",
        "F#KCwY",
        "sabcst",
        "sAplkCA3SC",
        "NdkEIQrrFMdB5jH183Q",
        "InflwpE2p6",
        "i-c&i",
        "P f&c",
        "Giir6unb26",
        "KDh>~",
        "LoadLibrary",
        "M6SKitZIFF",
        "<lQ<]{L",
        "Ms1hkNwyvm",
        "4wG-4",
        "(1G5Or3",
        "6~G.RK",
        "|NuwwGp",
        "set_IV",
        "sIwALYGul5cr8lUycv2",
        "g5862uKrZU",
        "\"$E>/}",
        "HuJc5|",
        "LQ}eK",
        "tFWHKlMJC2",
        "o4unxurZc2gToNadJSp",
        "TTTHTNb0Qc",
        "AKmwfje5nOjm9Tc5AlY",
        "B8EIqjGIQdIdklFWgWm",
        "od0riK5tqi",
        "FileDescription",
        "BY)LM",
        "lfIBXkFaTA",
        "@*L\\pE0",
        "ugaPapTKls",
        "get_Name",
        "vp97XCnjgR",
        "YBBhxGLlpEnafpQkSTU",
        "RAq0UolWatajXeQCgxx",
        "bowB0X2fZ8",
        "Bp\"6X",
        "yK06gIKxRqHBFoeErjs",
        "XYBnwsrukPqdYQ3Kso6",
        "`[6lJ/_Zs'",
        ".cctor",
        "dtZVs5ct0qm2aZmw5X",
        "IsbCYAGjWjB0hqJhXDM",
        "get_ManifestModule",
        "X3GPPSDH0M",
        "hME$WV",
        "n3'/q",
        "2uS0a",
        "RhQHJAlsHJ",
        "3R\"Ez",
        "@D:*U",
        "get_MetadataToken",
        "Acg5EHnkSubsx4ilADa",
        "pO'h;",
        "Efyfqp.Properties.Resources.resources",
        "J\"hqo",
        "p{fy#",
        "BO8\\6U",
        "'@I\\Oa5",
        "Zu;*5",
        "GetILGenerator",
        "GKOTMEFcVW",
        "QTsnRpOcjM",
        "nfFAF8ZGYCpLmKaAggM",
        "EHJrHKWftl",
        "flNewProtect",
        "sjqhZjJjU0",
        "?ljXS",
        "QTYeBAQOd1",
        "AssemblyDescriptionAttribute",
        "g%#?Q",
        "+3x<gs[",
        "uNMnnK2Mlt",
        "H]SkP",
        "IENXlST0s5B0UrfCHYU",
        "nativeEntry",
        "rs-u3",
        "Kyc7luP4MleWGXSUebt",
        "stuCEPhCA",
        "leYBgoeqMB",
        "nsvewIf5sG",
        "VaY@-",
        "\".Q|3",
        ".NETFramework,Version=v4.0",
        "oe#+L",
        "B9#e]",
        "Gj8VpfIW09A9aX7h4VI",
        "AnVV-",
        "AssemblyCopyrightAttribute",
        "tuxhZQpTUPCAnstw77QT4",
        "EfW,L",
        "!;Bgc",
        "hFPEQ07XSj",
        "set_Key",
        "P7nER3EMBI",
        "get_MethodHandle",
        "EqjeloKLGb",
        "DOfIgguYln",
        "&xt:|",
        "|P4`_",
        "YwRHxgSn6O",
        "bIQOJ9r0bVEdbDZ17Fg",
        "m_2554099822f34631a849e9761bb1acd5",
        "XFCZAARaOx",
        "'$J['",
        "TUvWurRJB28x4ZfS27A",
        "wpQEiiYlqT",
        "TargetInvocationException",
        "Ldarg_0",
        ")CsG@8",
        "SZNZW5LIdc",
        "J3clzcCXYW",
        "WdnHhygSfN",
        "oJOHP2wcRw",
        "WElQ/",
        "op_Inequality",
        "FhN@RnXB",
        "8 .hw",
        "5Y]|X2",
        "2a{%U",
        "hx^OM",
        "Auk7ritvh5",
        "FreeHGlobal",
        "zc9PJxGBBN",
        "'|!_y",
        "oHcJNARoFTZEF2KBdHo",
        "zfIWo4nuC0pOPpQHcdU",
        "g91b9c41d2ff549a58f4d9ee3b69c22c1",
        "CGJ,i}Ja",
        "]*%$b6",
        "3$H}[",
        "UWm:c",
        "GN9QpVTFScoA66S7L9U",
        "cinM6yUs7DXpxV2uwyl",
        "[S-}P:",
        "JHEN0",
        "OpCode",
        "\\b$2AG",
        "LwDdQ",
        "fbq\"_*",
        "QnkZewauUA",
        "IIA&8T?",
        "Close ",
        "2aK%R",
        "fDjzo]",
        "<:lD}",
        "UnmanagedFunctionPointerAttribute",
        "t#Y%~",
        "get_Size",
        ";\\RD xI",
        "'7d['",
        "cCG7wYqfqk",
        "Aw9fCUfOLiRLKUT7HgC",
        "B5vQMnPjZfcLE4HQM8V",
        "mxmlLVwI5W",
        "obBrEfWn0J",
        "ApSUL",
        "2ag\"H",
        "mR}MS",
        "cH)H#%",
        "no@Tu",
        "JxjUoUkKgF",
        "eq57rCeGLZISo9e9pPd",
        "zlI<&8*",
        "O&b&BgA",
        "/Dcu,N",
        "AllocHGlobal",
        "Clear",
        "=Y*x(",
        "41l<J",
        "MaEExkZNQc",
        "utsPD7vHcU",
        ":M6OV",
        "^N0%A",
        "EmitCall",
        "FcNKlC8CkX",
        "ReadInt32",
        "CompilationRelaxationsAttribute",
        "?sr3P",
        "vhqn7ygbUg",
        "HMrEfTTD1e",
        "asj72wZeEA",
        "9>^DLF",
        "gJ0A6Se8034Ok5lKd6w",
        "yAaWHAPs5945x8KpjIO",
        "N4GijkrF7fZCtH9QtSi",
        "gXcnTPfYjj",
        "lo1IBiwHL8",
        "ToBase64String",
        "kXc7DLIQKMlO07BR7Jw",
        "L20T6L6IcLaXIrANR3F",
        "AssemblyCompanyAttribute",
        "NUGstKq96L",
        "r86Sr:",
        "lfP6tUgvXg",
        "GetDelegateForFunctionPointer",
        "/m^?d",
        "Yf9fvaRnbKHZkv3J7C0",
        "/lvM;",
        "]+C<s",
        "vmgZirA7Yw",
        "jjtomNIZ57cv4IuVidb",
        "wuRNBUfKU2",
        "m_6eb9e478e2194f1aa7429f8b122121f4",
        "Tbb7j",
        "U#dDwh",
        "LDlZvh9qGQ",
        "sY#=WeJ",
        "JPRBkZ3Xiq",
        "Oil5WELv2NkrlEnYWol",
        "iJaSADTmjoNPme1yI63",
        "| =%W",
        "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">",
        "get_IsInterface",
        "Udm5NzuzB5OUMpAe1",
        "loIVacIC5ap44CAMaSA",
        ")>DQ5R<`2",
        "qhflmHKNKhLXQsnMMMV",
        ".G\"e8",
        "Q0ywkXK70Gc3cl8X68X",
        " N!\"q",
        ",EQc}h",
        "-d&.>",
        ".NET Framework 4",
        "tRI2b",
        "ErZ/i",
        "AssemblyFileVersionAttribute",
        "bfFCfXKBIs1QCilSt37",
        "ConstructorInfo",
        "x%tpp",
        "r7Ie2ts7If",
        "IUvfMWl8lDbtFWrFxpG",
        "?Y0Y,U",
        "m_24d93d9841994e91b187681af280e75d",
        "KIZUM1JFsH",
        "Ldloc_S",
        "V[_-g?",
        "geFyeTPOxoA61re6QaR",
        "E^sAKw",
        "ZI<]M",
        "0Rzf8",
        "get_EntryPoint",
        "($l .",
        "#jD\\D",
        "TargetFrameworkAttribute",
        "m_9b77a2f3ca2c4c0bb444196b41a00a53",
        "gudHFgNWAS",
        "wcA69wyjtp",
        "m_a8a5d1bec6754eb3afcba066aba16cda",
        "GetEnumerator",
        "s0j50xL9rMfdMgtoDS3",
        "kn3Om",
        "RuntimeHelpers",
        "xCj5U",
        "Wzmti",
        "NMOMPMQMRMSMTMUMVMWMXM",
        "g4ORuTeOEcrqgbwmJ8f",
        "i2]g:.",
        "rBbb8la",
        "cQIyjqrOy0LwdNNximd",
        "BinaryReader",
        "PQneN&",
        "nZz4 ",
        "2 yX0p\"4",
        "EuY66BxL5n",
        "DQ2hiqeFgI",
        "m_f490530347ef42d185a76a667f571c89",
        "M#cZBv",
        "iuuvmeLDJVN4Sa8fXIT",
        "neoWA0K3k6wIGyMdXfa",
        "m_bcfb5d8e041243b6a80dca6dc1de1aef",
        "V*aw[",
        "EYZVM3K4Ltpo7YmHYmg",
        "QsV2#",
        "$m+Qk{i",
        "m_a60203533ed947458fcd418c6faee8a6",
        "gBcc2+g",
        "XBRkn5RRtBrxOhp6HQB",
        " Oz,y",
        "KU-bIR",
        "t 5Q:zR",
        "H62;:",
        "m_ab4742156ed3431e90df3d90c0b8d12e",
        "(h$g%U",
        "lcMTbCSRkd",
        "AGx73NKHt2bss6LfASM",
        "AJGeAqm3e4",
        "CompilerGeneratedAttribute",
        "System.Resources",
        "RijndaelManaged",
        "PQch5BK6bF",
        "9kk<\"",
        "28]k-",
        "PropertyInfo",
        "jCJ3M2PtN61gdiVFPMn",
        "|lC9,",
        "A`O_JA",
        "B;Ux&",
        "System.Collections.Generic",
        "i\\'!xzB",
        "SymmetricAlgorithm",
        "Xiq52tbU0K",
        "8)!N9",
        "OUGxxQrhibuv2px9Xn9",
        "p\\mAYA",
        "03DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
        "TDCrL",
        "ArithmeticException",
        "IIWPSs1kUA",
        "mwa7VWeEMW",
        "3)-op&G<",
        "kRbrJyOrpZ",
        "Y|Nq]",
        "P1vbF7fhcIGmMK0ujGg",
        "1H(l+,",
        "64~uYB",
        "lpflOldProtect",
        "n0qdBOIhGIuEqvpUrZC",
        "ToInt64",
        "S)XHoq",
        "CLICrcPQpuoOCxjDCLy",
        "TElrXkTCai",
        "RSACryptoServiceProvider",
        "n5P60kE8pO",
        "($A\"H",
        "QevlaMuKOt",
        "faGmLsTYcS0iQ5eJZii",
        "}0VF]}K",
        "Bx'>aW",
        "xRJUN4dOiH",
        "m_7d9b0d8a7456498d83122816cf925b6c",
        "CwrnicIa9T",
        "uSBPiGwOxi",
        "KVcIv0lylr",
        "yHu=2",
        "M^Iq!|",
        "oawGFYrem2HVnZPnUr9",
        "tt66jR72oJ",
        "M_U/.{",
        "^L0g,",
        "x)6Z{",
        "LhNEj",
        "M,#*cIDX",
        "JmFCPwPpD7IXqabb1yN",
        "HmyY5OlxVgfsu2kS2CL",
        "VByZhnuMnS",
        "Ag<|9{6",
        "<jm$.lj",
        " XmnJ",
        "GetString",
        "pdjHZAAwrH",
        "XUPz1K",
        "m_f2388ebc7a4f480f88350d91845094cb",
        "\\Str.",
        "3 H_d",
        "SyP<e",
        "guFG20coxS",
        "FHT6p2X8uq",
        "|W)M-0",
        "wE$aM",
        "lCx+L",
        "sLPPv1UDuP",
        "SP06PQSfAZ",
        "Ldloc",
        "l4leXqKLZ1",
        "|c7QC~",
        "m_58d57f6bc0a44d858087a68eb81766d7",
        "&`mn/",
        "DU2BJK3orI",
        "')Jw?A",
        "j!lmA&\\,",
        "yQwEDGl3FBkoNK7YxVV",
        "Q*(n ",
        "2a3#N",
        "IaVBMLUGU3u26AYmpG8",
        "PoDvG%",
        "DnSsNGFbsF",
        "mSf/u",
        "bKQ6GvoSYH",
        "8B0=<",
        "hEWB\\B",
        "mFLHbjlKYn",
        "DkVZN0Y5Hv",
        "mMCszqJ5tC",
        "m_a7bbe6fc6cd544e49dda0d4391772313",
        "KCmUScVxBh",
        "wYmGSpp6xn",
        "<<quJx`",
        "X`>9`",
        "Uivddewbijc",
        "k87bpRRNCEDLpvU4pOT",
        "MhTNhe2e58",
        "R7oU3AeC4iPfwq1nnLr",
        "7~M@G|",
        "file:///",
        "($3$N",
        "T[9c2",
        "\"f N'2",
        "<Uy=2Q",
        "nH>$\\",
        "omOQJrKemiAP7Z2xyMT",
        "|/B/L^",
        "!INe=d",
        "5Ksuu'",
        "w`xT,",
        "^Cv}\"jUy",
        "Y4rZ7NJCyW",
        "hp\\&dbd",
        "w2Le\\o",
        "MUoWTRKCaqM1BJ334qD",
        "lwlI2WNy80",
        "4C>/P",
        "sA_I0",
        "K98BgbRfXjXuTgsoJyQ",
        "P`(Gs!",
        "+8}dP,",
        "5+:e^",
        "jetMm3IuCme2GmBPiXS",
        "hModule",
        "2a>$N",
        "E2sVHZrcUHugAlwAxSj",
        "tkEP9AlZBnRnCBiRaPv",
        "System.Core",
        "m_b48b124274464683b60fda75027ce738",
        "d['8&",
        "H=|`y|",
        "5~}>[",
        "-\\\\?q",
        "u>+]{",
        "f:vJl",
        "0Jz '",
        "Eo3J[",
        "0Ifmf)f:P",
        "BSDBlxe8cU",
        "mAJGWwK8TArvLw8P4qN",
        "-O9|g",
        "# u{v",
        "'9'7J['*&",
        "\"mP;W(m",
        "N&=#hil",
        "eIeBtnyaQU",
        "MTKhFJDdj4",
        "mo6KX",
        ">OQ1p%",
        "){!Fp",
        "'<d['2&",
        "PnwjA",
        "YXQ7aQDY0r",
        "pV^S[",
        "E}2Z,p",
        "/Q9yug",
        ",0do0",
        "BDL78LG0of0B29htwRd",
        "nlhBMRfyBAHEwlTwV6s",
        "STPEKkIYbBrs8sKw0ws",
        "OverflowException",
        "qxk4p1aRp",
        "lODTz01oEg",
        "z+n`3",
        "742EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
        "XXBsj",
        "d`he8",
        "mNFneJqGSM",
        "AC3Hj7QdXb",
        "S.CfB}(Ze",
        "l7oL+",
        "aQmTD3ssUQ",
        "'-d['",
        "-B|Qzz>Q[MN,G",
        "InternalName",
        "d,\"93",
        "amqH33Tnrd",
        "m_2b6568ccadc84e259d04a7c00d87fcae",
        "[7/((",
        "OFDNmpIIJoZAJTvWdRl",
        "xsG/1DF",
        "get_IsClass",
        "m_fd438ea62820497088a0fcb4a7f1a581",
        "DltGTYbqNj",
        "oRqAkK7ypJcSrOOSrXq",
        "yt3GaqRxAE",
        "%KT:y",
        "BMj5uUm6e7",
        "gqH6hyhEC5",
        "GetParameters",
        "*tWH\"",
        "vI&5]",
        "`NnJF/2",
        "8VzxrAHah1WNhcqU0zm8",
        "BoCUk6bqB9",
        ":^?KwT",
        "/(Op!",
        ".Q zML]",
        "7Gx[3",
        "!XW2J1|",
        "o3iR^",
        ";pE.i",
        "-JO6E",
        "eE0XOJHVq436cEbmG3S",
        "SuGi1JRPyecpelLFILJ",
        "QMUrgmCwXd",
        "vH'*b",
        "TPu0LOI8S2oC0LlgUfd",
        "zhVIA6mjX1",
        "~P5GY",
        "kBBG9rZ25P",
        "d1m*`",
        "W;SC8",
        "GRwleQfHRSYMHjXEWs7",
        "dwD5BFlVSbcEVTZJmYb",
        "tPqB2CUZtI",
        "Jq^G}",
        "<>9__71_0",
        "WJ88isUhykuSdAqrKQM",
        "IAsyncResult",
        "lbUHysDLtM",
        "FwrX5yPtqhsabjCgRnP",
        "iW0mP[",
        "kbW68RARgr",
        "X{yXe",
        "WlHe7CeVLyK2Z25REb2",
        "tF1]t",
        "grz^&",
        "EM`ul",
        "object",
        "3]R[<",
        "QwA_!>",
        "DebuggingModes",
        "VyybV3Hbk9BA0KxyMx.0Vo8aGnLWYBq6AMFYc",
        "CreateEncryptor",
        "OHJLigBRe",
        ")hjAR",
        "OLL>\\J",
        "'0d['",
        "m_4ff35862067841adab04b1bfccbb1f34",
        "'9J['",
        "__StaticArrayInitTypeSize=18",
        "0\\dSi",
        "IDisposable",
        "m_e386099634664e97bbbe0a993593a654",
        "F:$V[",
        "GT/c*k",
        "StringBuilder",
        "tN0GkM27mD",
        "lVx1hTRHxIewqobb3GJ",
        ">C{\\6Ho",
        "_KEh9O=",
        "EaGAeoesYA61v43dKoY",
        "(N4; ",
        "ICesYN0ibX",
        "GetPublicKeyToken",
        "mdolJfvYsK",
        "QU9LHQnhWc",
        "RuntimeCompatibilityAttribute",
        "AEjd30Kj4CsNeWXvGOU",
        "VnqR\\",
        "GZc6HkOrbL",
        "IaCT o",
        "GINs83idwj",
        "NmmrkYrh5L",
        "nLRUTR",
        "cQhhxhKABq",
        "eCg6VLWHTB",
        "d2wIUbBCeWqr2Nlb5Kj",
        "Ldc_I4_0",
        "ku~, ^",
        "FileAccess",
        "TMt\\4",
        "get_Current",
        "wVfqVNEyRMnxw8G9kM4",
        "get_Culture",
        "\"?&K#",
        "LocalVariableInfo",
        "xh8cGIIFxILlC8ZLXgE",
        "]REb':",
        "R&.C`~",
        "PADPADPm",
        "hmWhN8R9gAtgqyLGJuX",
        "BtiBwAxn3L",
        "nbJ5186MtH3CYq0E07W",
        "tILUbGYLLQ",
        "gip55&",
        "beDwP3lKXmAFqmYwSMk",
        "QxQkYJeQZahyQBjaIvS",
        "uXmBySeIvF",
        "St!GUE",
        " Oh:v3[d9",
        "xHklN7Okga",
        "($B%R",
        "3|%kx",
        "*BSJB",
        "iuEEPwl5teTI37uFq9f",
        "DIuyfJRr0SJmN9lSsg0",
        "4vAjnxhZLLQynjFLi",
        "'#d['",
        "__StaticArrayInitTypeSize=22",
        "__StaticArrayInitTypeSize=34",
        "<`<\\U",
        "PbT7LWlucWjBsHBRcgg",
        "aH6k1F",
        "QTKhS2t6rA",
        "Glj&H)y",
        "x5v4fA6xpPhpJ8vXmpS",
        "AyT5WCnQZ0uUPe6CspV",
        "<_L*_",
        "Efyfqp.exe",
        "m_a8b24676f4a740a0b538d3b7e51e27f2",
        "|l+'hceo",
        "2aN!>",
        "get_FullName",
        "z2y!bB",
        "R.b&Y",
        "wE]ta",
        "CFUiBYhPp",
        "HMV*t",
        "d['*&",
        "($]!>",
        "62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
        "jLxnB7Tj4qGrU6wXegR",
        "l-)F+",
        "?N?A_",
        "T9'*WO",
        "R3rTwK117h",
        "l=;bwqP",
        "5a!WN",
        "d8t9gOLUQmJjnhk5h6F",
        "BitConverter",
        "hProcess",
        "dgh,,=",
        "m4OymgIp6ttwtu4beZa",
        ".@VxiE",
        "L1sarQ6c4x9u6QhDS59",
        "IlphE0RdBsfEaejtbN5",
        "j!vJa%",
        "m_23302c9ec60546d88321a7fb1d16a3f4",
        "mu/BpW",
        "WWPsMcPPeh",
        "/ppa~",
        ")0BXR#S ",
        "Nullable`1",
        "a}'^c",
        "LU/|vW",
        "cWpHaXn810",
        "'+'?JL",
        "m_2d6fd91821e74bb780f96b5b33bb26fb",
        "rqCPN6wJXk",
        "VE*iz",
        "Eif=_",
        "D#DyOg",
        "lpAddress",
        "LuLZUIuxdUHc2aJ3gr",
        "ops6KpLds2",
        "m_54dda453b94b4b8da0dd9680c199351e",
        "gsBKLw5RIn",
        "`$!uy:w&",
        "Jbec75Prpe3Eo9UgxSd",
        "aYfE7JGnaqa8C6xE6C9",
        "p40nKo8NC6",
        "Qx637W6ah8UZQlaYELv",
        "[\"yi]Bc0",
        "$>ZNFH",
        "\\;}hwh",
        "likh*",
        "T6tMbZfYnCORrPnmvKM",
        "^pR`Z",
        "LIfPE2fA84",
        "Empty",
        "v0lkGsrW6YIFE0BbLGy",
        "Enter",
        "'?d['",
        "GetBytes",
        "mTYLjCZOmYjchmLtAmE",
        "U@px+",
        "bu60Qkl4Ya3sLo7FKeY",
        "m_1d96bec8186b425a8cde007fccb865a4",
        "pjjWgofru8HbBCo4ulZ",
        ":4rAEC",
        "}d d)F",
        "PGv*O",
        "7^hpQ",
        "__StaticArrayInitTypeSize=64",
        "DSw'R",
        "mTPU8deqrh4oeEXWP5q",
        "*bp\\f",
        "#GUID",
        "bjbTOk",
        "@xWh{",
        ",U'2|",
        "xF!o ",
        "ThoE9v6oqu",
        "m_1eadf726b4764fd98a7c4ec89080a252",
        "w+96a",
        "TDQRQvfBqqGmbpaHqWQ",
        "!x0Lb",
        "get_TypeHandle",
        "a%(KO-",
        "LegalCopyright",
        "aQm7owUqeP",
        "FB{bL",
        "ae4H5bupex",
        "m_b4d63e7d9e4b435aac056bcae361cf8a",
        "SByte",
        "RV1ruxlj87A58hy4W1p",
        "`(Z1VoM",
        "CompressionMode",
        "U;Rk`",
        "get_IsValueType",
        "m_93e2abdd886c49d3aa4ce224317dbf55",
        "Q8QyT",
        "NMTTJV0Y0x",
        "Ldc_I4_M1",
        "Newobj",
        "FileVersion",
        "cfXeoCcucn",
        ")}G':",
        "f;`ji",
        "LVXAsVt2Q",
        "__StaticArrayInitTypeSize=40",
        "jUqHWer1gE",
        "RuntimeMethodHandle",
        "vhGeLpn0UM",
        "n3!*g",
        "System.Runtime.Serialization",
        "=R+Ta",
        "N4xEtEjM3I",
        "FeaKZ",
        "xJXEMLKWNieklTtVreD",
        "Ldelem_Ref",
        "S56PIgr1MjKFkcRXdfT",
        "=_4wN",
        "KcTBZtUP5P",
        "Open ",
        "N337h3njPh",
        "UBAhgc9f77",
        "5)y3jh",
        "BjRnEgf49u",
        "DJ\\Hl",
        "GetFields",
        "#vCxc",
        "Process ",
        "Xl5mwNmfl",
        "ztd~X",
        "':d['",
        "`W#5}'\\",
        "xWtPwDuMJ3",
        "TW2IU7w1Ci",
        "4pBN:",
        "($*%R",
        "',d['",
        "Vh\\S*",
        "Z:NwC",
        "m_4a614a8b163d4f0ea438914f5a28ce51",
        "\\.J8w",
        "w4S,8",
        "gm0KLlfAjjF630L2b82",
        "Rfhn M",
        "qx4TvRLroRiXFfNsGWe",
        "lWa3HO70qA",
        "*\\RIMVP",
        "M$8,s`",
        "F4xHcRwoaQ",
        ">\"y&<MG",
        "SetValue",
        "%qn`C<Q",
        "refYt5U8I3WJrRHawOw",
        "SFObT7BdNQx3OBmwrfj",
        "w+`+AI6",
        "m_7872215e9cc440f390d079c7867a1d5b",
        "-Fu1i",
        "wEOnBBf5wl",
        "_jT-W",
        "2aZ .",
        "YK5F@q",
        "System.Runtime.CompilerServices",
        "ToUInt64",
        "buffer",
        "D0ZTdqaHt5",
        "BLiPf6BM9D",
        "I8,aB",
        "Wr/`7",
        ")KejL",
        ">zZZU",
        "3b\\{\"",
        "yeShaO43Nb",
        "$N  C",
        "get_FieldType",
        "nuuGAK4X5M",
        "FH;ju",
        "FPGeMZ9Gma",
        "System.Globalization",
        "VDlyUjRWJVtYu98aSP4",
        "7qA|J",
        "yf=}]",
        "UAP4vtZaVfLr8cXyuGU",
        "kK48=",
        "000004b0",
        "~K,f1W",
        "I7YhDMQrHp",
        "W>5J|",
        "XFp\\[?>[b",
        "MsQG8DP5LBX0PaaSxvQ",
        "ToUInt32",
        "G9HXk@",
        "x4.<%",
        "GcI',",
        "FxEZiWeY0pr796hvnmi",
        "X1BpsBPmJJn7vO3PBsc",
        "tnAn34G0AN",
        "($_\"H",
        "Hhybt",
        "KCmIX67URdY8wTxHcRk",
        "z9{fj",
        "m_4e6967a467d0492c8460b5b56ec82e35",
        "q810l36us",
        "qj}jU",
        " 6<QyH",
        "lo9ZK5nsrH",
        "m_37ed1789cdf1452e91f3b74b6a25ab1d",
        "?C$pZ",
        "GTE[3",
        "''@a^",
        "m4LezovdiQ",
        "HBFpu2Gq03TxRIS4bxt",
        "J[':&",
        "get_BaseStream",
        "cqsBUcltjJ",
        "Unwrap",
        "DjKPHNSXPy",
        "pTShz",
        "knoU6RZSgm",
        ")Q71QDAQPQQPYQPaQPiQPqQPyQP",
        "fH~0yH",
        "M-x={7",
        "2aw\"H",
        "AOeQetU5paa7atWrL1J",
        "kIUGVuP3UTjKmsElshE",
        ":c7N|",
        "IjVnv013ev",
        "k7Y4y+$",
        "M7JsoiRsXv6SGMtTXCd",
        "R4*WuEj",
        ",N2#$\\",
        " .^!D",
        "WodSNrrtAbUWlXv4fJy",
        ")$15*",
        "Mf)^g",
        "M;Q}7YA",
        "fdIIa3",
        "s5%Os",
        "+UW,6",
        "3^#pR",
        "vvMZlMGRfHGUoMwLqgd",
        "k-v%J",
        "YiwI9xFcMV",
        "eEYiepZEYQFERSI9cNe",
        "[8t6S",
        "'onk,",
        "PL2Kd2EDs5",
        "WyFsCTLJ5QqUnPiIYfI",
        "get_ResourceManager",
        "/=bnf",
        "tG07OUxhEl",
        "AesCryptoServiceProvider",
        "gfnl95spN8",
        "<bM T",
        "gqseyjxFBO",
        "get_IsByRef",
        "get_IsVirtual",
        "n3ysxsmH7M",
        "jgAl2o0Y6T",
        "KxqEwUvgsI",
        "wsz9*{_",
        "AllowMultiple",
        "C2iGHWQClH",
        "AZLBTSq3Vl",
        "SvqBH78aJq",
        "kuRUUgdfIM",
        "K0x}F",
        "ewmu3dPI0Z9MPFd8lsn",
        "S,%<m",
        "Ug#wf",
        " q_#/",
        "uE;G]n",
        "Delegate",
        "hJvUzq3ibx",
        "Fw1a1wIrn",
        "w~~90",
        "\\d\\v]",
        "%I:?x",
        "ER`]U",
        "'5d['",
        "vs[P&eqYD",
        "heNJpU6uwphP8kwISlf",
        "'3d['",
        "L+Ws>b",
        "FromBase64String",
        "get_Unicode",
        "uOXHqyhIaS",
        "wQRsdbQPV0",
        "H4B64Afcp0XZA5SWGvn",
        "hl\"Q3",
        "mSSB53fPwo",
        "LO4JCjfUTOcfy6YJKXX",
        "ProductName",
        "B4'3o",
        "U4QGwQlA1F",
        "Virtual ",
        "JVyTg9icZR",
        ":A,$^",
        "4_.CBO",
        "upCGXF1UeZ",
        "c&S`R",
        "idWBjJDCF2",
        "my+0fpR:",
        "R2prmkROheqS2uM99YC",
        "';d['",
        "aCX]WD",
        "YkgmEkTOSM6lHn7wlhh",
        "PJ4HiQKuhW",
        "hqcEA8ltn2",
        ":KH5$",
        "k<).uN",
        "1.0.0.0",
        "Find ",
        "Ldloca_S",
        "m_f6b6684a3f3a49d49b9234e4f37f3bd1",
        "ToArray",
        "6:WnjmF",
        "APi=(y",
        "wH$~H",
        "AssemblyTrademarkAttribute",
        "ICryptoTransform",
        "C3AK=r",
        "+\"Qb#iThJ-",
        "Ck@y @*{g?",
        "?f\\='",
        "\\W+L=",
        "8 =ye?",
        "oL&s'",
        ")9+cV",
        "M1sC@}&",
        "U*d3?'",
        "o4an&Vl",
        "AsyncCallback",
        "yr8xt",
        "~}Ubf",
        "gC^n~",
        "YxEBnOxUtY",
        "GetFunctionPointer",
        "DOHsbuiQLT",
        "hU1HREL8fC",
        "m_e161d821e7c841cd801d289b5b42077d",
        "f6`a5",
        "&>;PO?",
        "ao}$zX",
        "ak7@B",
        "bFEOiGWlx",
        "m_543225697b084a078a721cb481490088",
        "\"^~b#U",
        "ARweb5AOOl",
        "APNhIr",
        "FrameworkDisplayName",
        "=`'AR",
        "uobrD8KjEu",
        "q6jB1p1xdK",
        "AM`k!M",
        "3tFTgck0hSHq8EgaWTBvVI",
        "m_df1d0724ab1943888cd9d60d6581c1ab",
        "Inherited",
        "MekYHmfL0ucHoWo58Ns",
        "w8QP5wKQRuXLC69apo5",
        "+Bq~Q",
        "!B'}.",
        "Bs3BQwG1EQ",
        "W>*C1M",
        "s_]-M/",
        "2mWIc",
        "wA'r70h3",
        "mi7VRtlYALtt23nvaw3",
        "get_Length",
        "wvUfIFEu29WgjAMb7Eb",
        "INaBag4EjB",
        "ePVsLTtaIp",
        "y([?*",
        "u4Jrl70r6u",
        "IUxrwHhOAo",
        "Comments",
        "QVdshlTCgluF8YV2Iks",
        "GLhQduRj1hfPl829fQk",
        "kIiH1IDCpe",
        "vmuIH7Otqw",
        "3System.Resources.Tools.StronglyTypedResourceBuilder",
        "17.0.0.0",
        "w5tGvDwfyh",
        "hLTvX",
        "H=6Xn",
        "LADLQYReYsFOfSIW9fb",
        "Location",
        "mN1EYt05pb",
        "fH0bPqiqZ",
        "z_K%K",
        "QE7GdoSP56",
        "m_3c5a944466c44077b7e1a6ac6f30b03f",
        "=!TMl",
        "RemoveAt",
        "KCGHlhtQFi",
        "m_b6f22ed232a2441da1350ead2b5b7d97",
        "{@tSwi",
        "2aL\"H",
        "gtOrT97pB7YK24CQDXF",
        "9Vc0u",
        "l'QME",
        "WWEZ82AZFO",
        "bhwyQoQL",
        "m_e53253682c7a4a11b47ddf23c682759e",
        "mV5sgs6fOJQtReSuV6I",
        "XLt-K",
        "Lb$=v",
        "HNWxt9e1nrXkd73hFLb",
        "m_cc8cfff1b6e44e8583f824f322c8ef27",
        "R)`+[",
        "vor6WVylsr",
        "H0JEVJlGodu0emACvyW",
        "Of7rNCiIvM",
        "m_68e4f24cfb8147c289ec646a0a7a0834",
        "fypgVBThttn1bCNFqJd",
        "0v+*1",
        "5oyg7",
        "{8A|L",
        "UInt64",
        "]n>WX",
        "m_d396ac4327504576ac4495334d894fd8",
        "m_348b346f247e4242a9955206ffe865e5",
        "b~;^0",
        "u_%wN",
        "-MXIq",
        "h~Eyk",
        "A_m-OX",
        "FF60YneeLnPm01pwPlX",
        "NotSupportedException",
        "EndInvoke",
        "Vj+nl",
        "GL3MMPfNg6Z4IX4Aban",
        "GetFieldFromHandle",
        "Ldc_I4_6",
        "cXp9cRGeZP9Vhq5FFkZ",
        "eCCquBx9xKIlDNsOcK",
        "M4NnsRQqmh",
        "Porkb",
        "iNCh2OilSm",
        "ALvHsFHmlO",
        "MCYdB9RVO7JM1IMcCPc",
        "fN|Wcna",
        "%c'Ei",
        "RnoySOfl0uahvQxy988",
        "='d.2",
        "#Zr25",
        "YaI:H",
        "wby8cl",
        "B$uH7",
        "osO70miFS3",
        "get_FieldHandle",
        ". <O/",
        "cp/zO",
        "CsJUTyPcCe",
        "IsInfinity",
        "i,xr\"j:",
        "CryptoStream",
        "Ly^-:[",
        "ml}AU&g",
        "XF@:e",
        "get_ReturnType",
        "n20r7QTexy",
        "L9hTNpje0R",
        "op_Explicit",
        "+j0QW",
        "YfLs2e7Jcm",
        "mbqZTFZTS3",
        "knOTEL4ErE",
        "bmM6T56ud9",
        "set_UseMachineKeyStore",
        "Ldc_I4",
        "97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
        "xYZrA1Uw32",
        "OwdNTvIxTfNWQ0X1QMa",
        "kXpEMRiviV",
        "Close",
        "pcclfrlskY",
        "bYgJ0a5jH",
        "T&_ks",
        ";[a3=",
        "RefSafetyRulesAttribute",
        "snntaJPxmwMkW8lvC2e",
        "gA}jo",
        "UOsYX6nqjBtcgwV3oIb",
        "p s>t[DC",
        "7a&6E",
        "u*{E5",
        "2a'!>",
        "UXgEdxr6Jl",
        "jX9scqBAfQ",
        "RAECwXKsB5PKXan6HHG",
        "$#th_v",
        "{*E:F",
        "v8^}i",
        "nOGGBXB2i8",
        "2a>!>",
        "W[%A%",
        "Q3VTH1TE6K",
        "+!+w#",
        "H^s8W",
        " k1Goa",
        "}V:K;;9K",
        "!(<D+h",
        ",C,2aH",
        "3?/X{",
        "&e$K^",
        ".ctor",
        "])$(q",
        "aHz`N'<",
        "pSVgTnG1gcQV8MWtc8V",
        "BjJUDAlq2JGIDsvc72g",
        "lev_m",
        "Bi5mGYlr07gqnsiE53i",
        "APTGwrQuf",
        "V2YeE8BLls",
        ">G\\ojN",
        "D19VvtfPW7AhNYOqV2k",
        "set_Padding",
        "d9qAAwGxM3GTCU8lf2X",
        "wo8ILspWJU",
        "])s]Mo$",
        "HashAlgorithm",
        "YUVyRYfqWhxeFGosDPl",
        "g43UEkj6W6",
        "sgvsLfKpUSFAHYp6q8Z",
        "AssemblyName",
        "VBC61esXNp",
        "m_6b3bca204be341f38b750153c4202232",
        "Cf<[_",
        "CuFB35NGPq",
        "oa07YFxQ8V",
        "LNPBhmgr1m",
        "SURc%S",
        "UNDBKvWkyn",
        "wR0UD89RCd",
        "ToInt32",
        "2@7<w2",
        "Replace",
        "xk}^VH",
        "ra]dx0",
        "tggHYhTg7s",
        "nIMZ0PNc0D",
        "tDKL4enANllmAtMd0VX",
        "'*J['",
        "sCbha",
        "_$dF^",
        "pJiE4p",
        "m_9c5c5395f84a459e8804115137a9ba5e",
        "R2ql6MfWLd0sQ8QWKNs",
        "U5+B.P",
        "ifyT6Tbl5Q",
        "bpOIor3Bcp",
        "fXbtR%",
        "\\IhES",
        "Ldnull",
        "AssemblyConfigurationAttribute",
        "7YG0h5A",
        "!T5v&V",
        "UrehJHGDDd",
        "SExUiIZv4q",
        "7}F1I",
        "Efyfqp.Properties.Resources",
        "}{_+D",
        "\\/bsD",
        "D7\\hX=",
        "Activator",
        ";/\\JX2!n",
        ">[@61",
        "6 G1G",
        "4OhCJ",
        "Ib8bL",
        "\"GyAa",
        "ov0tIjnOV1ClMWQ4Bl4",
        "a43An57s4QboQnkDlGU",
        "HNRi13I4pEK8xLZJeGP",
        "O6 |Ze",
        "k0-i?f=",
        "lpType",
        "$r+z<",
        "HNp67RpZLA",
        "qW(6B$",
        "eb1ZmpRK4W",
        "rNQeUXO3Qn",
        "r3$zo*",
        "sUIhsvMVcG",
        "yWWrBpEdkG",
        "tw2+4",
        "CcQiZEGhKA0KusZN3oi",
        "HAG7mg48T1",
        "SRTESUHnMlWtoUBmlCn",
        "Vr2g8sRQO29gutCxapB",
        "f`?zD",
        "_)MQ^",
        "AVubQcGskkT78yRfscQ",
        "Process",
        "=ED>v",
        "m~5y&",
        "m_96c496e3c3a54fbb848ee060f8c4f355",
        "B*_5v",
        "get_InnerException",
        ")ifsC2kyW_C",
        "d8V:_",
        "Ehs6p1nwKvc2VUcNBI0",
        "m_5589baeb081d49aaaed217379920801b",
        "yXi1UpUxlQChMtTnBpN",
        "mhK1:",
        "CUKBcwvyKi",
        "w+}KL",
        "LD*DI",
        "lb1eg47hdK",
        "/{}-0",
        "eA(|V",
        "XdUUPDjEGs",
        "P0YsgYUm6k73rZ2gkOp",
        "KsRkatKmW4f39LXKCr4",
        "I)2/'",
        "5S(eQ",
        "J`FOk",
        "PPvnHZNLvB",
        "AvEDTJFhPfGhcysv",
        "<g+.2",
        "h`\"0|",
        "j,<)HN",
        "q4eR9bZppH8OXQ5mmyJ",
        ":[@5!",
        "G438qkrVcUO7yndhnWy",
        "t7@X#",
        "djulbdGcbroIlHx8oQ6",
        "}~/=j",
        "\"b1AF",
        "x*{)$y",
        "Cljdkwhzks",
        "XephoqhdFO",
        "G`Uod",
        "mbiEj4eqrO",
        "g-(AcR",
        "bQDhCp9J3N",
        "dwProcessId",
        "CryptoStreamMode",
        "$:7e9",
        ";>:$J",
        "oJxGL56QuI",
        "nfgl7KnFiyOHldD5pVk",
        "L~bRI",
        "w0N\\Q",
        "LNwnl0wTGA",
        "=6lh8O",
        "m_21b9eec55517423db0eec64055879702",
        "UdmP_",
        "SwOhpFrxEgCFQvyaVxN",
        "Write",
        "V8mIk0KF0B35LNuSY1K",
        "lpBaseAddress",
        " )C5@|d",
        "f @+O]rY",
        "Hw8qiGGQU58JxMnuSTj",
        "TmwnGV6HMm",
        "CdvAc0f9Bs7xio6NYm4",
        "wpfYGDlIeTMVrcQeEQX",
        "EIrnZN0mHB",
        "PpNPLVs8ew",
        "eZ7HfWmjwO",
        "TripleDES",
        "p+[4C",
        "`S}ky",
        "MethodBase",
        "Tailcall",
        "~>~amN",
        "mIFd86fEgt2W73h2BCV",
        "hObnmDtXbI",
        "A6WHpW5lsW",
        "rEY7iYUCJkiqFAhTiEU",
        "FHXefK6ZeB",
        ">D'}]<",
        "2(+gO-5(T",
        "O1q2liP6LGPIEYifLAe`1",
        "+<}dK",
        "CagToIC1B7",
        "EY S4M.",
        "vmTQm",
        "leT8LYS",
        "UInt16",
        "CdZpBvUKmPxZsqJrraj",
        "r96fPGTRePHnhtjhbMw",
        "uKC\\T)t2/",
        "String",
        "Create",
        "t|KQj",
        "HEy5wMGuJY",
        "classthis",
        ")!wjwO9H",
        "{11ST",
        "OGhZY2CYb5",
        "uVA5X",
        "ts1IdQ75ae4NyEyiite",
        "Be}2@q",
        "wiFyHgwrh",
        "zj6}64v",
        "GuidAttribute",
        "pI>w0",
        "upum ",
        "@`x\\;",
        "m_5358c8960e734a34a38df267da584b15",
        "Ng5m6WeR8nOr2KqrsDI",
        "Q$`j7",
        "qJI7GnC10n",
        "IiBEvZKmGD",
        "sydFPef0ZCZNIcmhJVf",
        "R!XO9",
        "C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
        "a~KQ$",
        "l71HkhvEGF",
        "m_401ed9364ae24df3876c785c56839617",
        "bO9(vXP",
        "VS_VERSION_INFO",
        "($P .",
        "4Zez$",
        "FileStream",
        "b6>an",
        "OngmyOItRKm97bXZHgZ",
        "UPrBiy1cOZ",
        "m_d4979c2f76ee48ee9958d9f46617db1a",
        ">,ik:",
        "ResolveMethod",
        "PmgkF37Z800GqTmab72",
        "yqZ3kdLAi",
        "it,=U",
        "3CqWmU",
        "ijkEoThw7F",
        "qr4BF91BiI",
        "CN4TTFriXY",
        "cQw2c",
        "X7T7u5bRhC",
        "Ldarg_3",
        "u6cYu0Rb0XOr5tkG74G",
        "Ux67KNybrS",
        "'('*J['",
        "Efyfqp.Properties",
        "ReadSingle",
        "0t<DSLu",
        "qWuo|",
        "Y)gxz'",
        "fvwhuEfaVNKY1dkLYCu",
        "IypUJJjWaN",
        "q>1i3h",
        "wsaE1IbsqY",
        "iul7F0IEkG",
        "@@\\DC6",
        "y8MCqVT8qUUEH6TLb2t",
        "tjPn6KrMBE",
        "kv7Z3FA0m4",
        "&Z[/O",
        "Wd^zdwY",
        "m_64105168130e48268432a0ff140d0222",
        "CultureInfo",
        "m_0e7dab93662a4859bdd9bed4abbe4b2e",
        "L5iC0",
        "YagRTL7Jna4qy3bWErY",
        "get_IsEnum",
        "aYHj#u",
        "IAJnrSjXXP",
        "xGIXpoe0PPQj01VUK83",
        "AppendFormat",
        "m_260d05322d1841a6a194d93139fa35ce",
        "IXsCIgGWaVa0OLyDQ7A",
        ";I|g]",
        "Y2HOH",
        "nO5W8RPZyyXMMyApc4y",
        "fWqI6FtsE3",
        "ZVP9=*",
        "Qlx4H",
        "VSy2nCrj3cmCJ131FiF",
        "o'TMR",
        "__StaticArrayInitTypeSize=16",
        "VgEQt3R8AxmmssoW9lA",
        "9FW/\"s",
        "eN4UyhCdgf",
        "[BYJW",
        "BFvNDsrQwbUCIUjVCO4",
        ".text",
        "Castclass",
        "=kc-J",
        "\"MXFJJ",
        "2a&$N",
        "pct2HeTuuji49o5Exko",
        " ~~0y",
        "W~|eGd8*",
        "RZTI4UOpm",
        "(PP08\\",
        "jQYWXQKYAPerw4WfdCs",
        "dZ9Udp2Ph8",
        "}uK.W",
        ".\\3Gs",
        "qb9UbhlnMajOf4naEms",
        "`1N8+",
        "mTAlUUiQU1",
        "=M?;C",
        "k0ghA5dXha",
        "DwheO273r7o3I1Drmny",
        "Stloc",
        "/=M|^",
        "zCj3NhIcSpm63hKKGHP",
        "YoNhwU3wpo",
        "SZoht2amg7",
        "m_2a40c26cc43e4f488c79dd860f94ceca",
        "j[y{]",
        "dqej-",
        "U^Y7M",
        "z2G8uZKG117QRUpGhTC",
        "LoynDEMwDo",
        "g_@9/",
        "($m$N",
        ",-v?>b5",
        "yC3H4NwwIj",
        "bymMwAfK5E6akKNQLRT",
        "sHNnVFfrgq",
        "`k+\"&l=&:!",
        "SNbHB5n5hx",
        "}L*9Kf",
        "DJLEibRuXugTK14pFFN",
        "+~NGCQ",
        "Ur5OdQRqPDlO3G6deHZ",
        "tJL8|",
        "ParameterInfo",
        "Vp:ynp",
        "($F#N",
        "'#E*01M",
        "YfvXSQ6FAg8ViQL9M29`1",
        "2f'%yk",
        "'6d['",
        "XFsKftd6Hn",
        "olaA1xUVZAC5WHf2a1g",
        "m_2a5ff35f7d1540119bc819a4be1976f8",
        "![VMp",
        "pjSE86wvvN",
        "c,B0~",
        "RB(eP",
        "m_6aef7c42e7964a5fab0b05b79f5a8a5c",
        "GJ97qXw25C",
        "+5U\\^+",
        "kkO1N0ZQrNkfq0Qvngq",
        "Sg>?i",
        "XQpm33KhUJadrxqZSIm",
        "Eohjo.e5",
        "E9Pso3Upyl",
        "#&PDH",
        "AGJngIyrbt",
        "M]y;o>D",
        "./5yqksf",
        "IRvIXAySuy",
        "(r xy",
        "m_ad102987b2a34a21928edb663ee9cdc6",
        "'kxMY",
        "3-u\\^",
        "OwO?Zt",
        "rAmSjYrI5jfBVhyYvR1",
        "m_61d9bc5401d34f5690dfcde994cb91f2",
        "6iS&@h",
        "cjQIEj9b3v",
        ",qy7=",
        "mqnyYHrG4oPf70DgbFZ",
        "URaq3Nr3LpFTL3if2mP",
        "m_738bb41767ff4255a01b4fc82e79ba53",
        ":+)PwR",
        "mED3msLIoCOXmqNHjyV",
        " DEKL",
        "kTfHCFJWYa",
        "ToObject",
        "UwkItgGV0VG6GHV3YmW",
        "X<\\A9Fs",
        "HmOPk1fkUp",
        "aaLtLCK1KPASf3CMEXv",
        "QObh8ANBtU",
        "e27eL3TnVhQTcYvwdI3",
        "k]^ZO)-C",
        "LGhZs1a9FW",
        "aQyPlp1kMr",
        "gPZUlOnMT4",
        "+KZyF",
        "aq2[|",
        "{~hNEr",
        "KtcPykgw9A",
        "pq6E4dNibH",
        "hEX6UxUADL",
        "ReadInt64",
        "xVvsaQXwHc",
        "Q`W&&$",
        "|\\m`53",
        "m_5167f2f3020c4e0fa8a7a656e771b6df",
        "IF865HO2C9",
        "GetMethodFromHandle",
        "5P$;ZoS'",
        ">oay)xW",
        "4|K?SC",
        "1X6='E",
        "DYpIybNyHG",
        "6rK,h",
        "veHBSOQQSU",
        "*A%Jpcn",
        "JslMp,",
        "cxBRXyIOWoB8S8j0bKC",
        "Vn4PLCKKlgZ3yAnV01U",
        "i69EbM53Og",
        "5`2!&",
        "lUl'<",
        ").*=8",
        "nL7D4glc6yKQOfVjqmI",
        "MmJNC?+",
        "neRr2IU43cQl3tIvw32",
        "CJ4HEjQV77",
        "EPcRDIG5jwsv4KSuX7X",
        "m_cce8e0cf85b04df38df95bf0befa5be3",
        "f{K0gO",
        "GBEr3",
        "m_9e19f153f45d46198b1c97ed081d980d",
        "m_b100b3aedbe24061ba9b1413dc641f58",
        "!Fcq5!E-",
        "ProductVersion",
        "    </security>",
        "phFESeB4L3",
        "sb8sgtcIuI",
        "lDQ6XUdUqd",
        "InvalidCastException",
        "A1HrUmdd6Q",
        "eVtGyr5GLq",
        "m_e0734db648774bd89db6758c0cce08c7",
        "O8NISWXkNt",
        "SortedList",
        "Be7'r",
        "jMB6sDUqea",
        "A;=_x",
        "ZUapZ",
        "F|wXpOQ",
        "m_0bdfe8a4b5ee4823ba8f5fab173fe7ea",
        "GZ@+j-",
        "ggghL4UO435ugSPhLMx",
        "m_96ced60073ee4c2a9539624d536917a9",
        "{5o{P",
        "yIanYXFt9g",
        "?'IM ",
        "UqO0`R",
        "Q|A1H",
        "@>M,N8<",
        "g\"]W=",
        "P2|Wd",
        "Raf7W2D3hB",
        "CallingConvention",
        "G3mnSLIkus",
        "WIjj7aqHV2iiX19koS",
        "j:=RyOU]",
        "siCDZoI3RQ7xrHgj0nZ",
        "ReadByte",
        "UAlULmsurc",
        "9/US?",
        "get_Count",
        "A@!nq<",
        "Hc{.0",
        "Convert",
        "N34n4fCneO",
        "m_c93ab64aeb16472da89f1ccb114e96b2",
        "rvd7TY9IfL",
        "vX^UU",
        "PEKuIAZgrySKtMEn5G6",
        "vyeAVIIKBRitfYnFmgd",
        "bu1G6rYN7e",
        "LeUTyoqtQm",
        "lNd5sJleolUwKn7bnw3",
        "Iq[w|>|",
        "m_090d88bfc897461994e985d70ffcfde0",
        "RuntimeTypeHandle",
        "@'[LWA",
        "Q^I:V",
        "System.Security.Cryptography.AesCryptoServiceProvider",
        "cAcB74eGtY",
        "DI~3Y",
        "E2ULw",
        "t@\\12",
        "Double",
        "DXqP7STUQN",
        "DebuggerNonUserCodeAttribute",
        "|I`r;",
        "'=d['",
        ")^d21",
        "SdiMiHLLOak1HqlLTtt",
        "m_9bee1f78b8d148829ce9836e6aa0ec09",
        ">{HxnJ",
        "c}QXJe",
        "MV,q_J",
        "rXXtc",
        "GetObject",
        "n&AR(E",
        "\\]`~?D",
        "yVd~v",
        "k6dH0Cgvnf",
        "NaDHe8RaFfe1PqDCSQk",
        "KnO4xW6yxlPT8AbtoAJ",
        "2a~ /",
        "m_4163e908fb484acebc656613fcc69fd3",
        "OrWnA",
        "BeginInvoke",
        "XmOZJhvtB0",
        "%31()\"",
        "mscoree.dll",
        "jn8oA1Tx84gsY8YIYsr",
        "m_07c03aad43a64d128e9a6913deb9de0e",
        "IQjHORJY1k",
        "UH(yC7PL",
        "Module",
        "IFormatProvider",
        "SqrpvNep4jtdgMYlixY",
        "r9upeGL5Tgy331CTClf",
        "zJFZ1PvO9v",
        "SlK)$",
        "Q+PTe0",
        "Boolean",
        "sNnYPeRxaRBL8h2stdp",
        "($r%R",
        "get_Item",
        "QvDZqlfG52",
        "NR,%*ic",
        "bjgUv2VQ7i",
        "1&~Vi",
        "GetValueOrDefault",
        "kl5;f$",
        "~-a]T",
        "z6cq)",
        "cvBncy6oEJ",
        "System.CodeDom.Compiler",
        "\"\"K\"[h6pt]",
        "@29tk",
        ">hS&':",
        "m_a56e3e5bd8c84978a7ca398598673f64",
        "cm^X.",
        "rrCn8HJ5Ox",
        "y2k93xnjUjuUCBxYtnq",
        "CTOGJIX3Yh",
        "EZmZXI2aSN",
        "hII3SMnbqMu9tUfGLB8",
        "@v5jBC",
        "QJMKbShmch",
        "qxMLGBUcJuYFUOYoeMo",
        "AddRange",
        "My^cJ",
        "joPW\"",
        "BgTr2I7SqG3SuYLiiru",
        "6|&2p!",
        "xwo04vR3s5BGjVT9oHe",
        "dwDesiredAccess",
        "x02p2kRciWX33ZUcPSG",
        "dDEP6es9kT",
        "%1;*_@",
        "rIy #",
        "sDikMOWKE",
        "c.wKX",
        "N<Y-^",
        "pFDhdFQG2f",
        "t\\UwS}",
        "nWq@C",
        "+]xu-B$6g-",
        "I B,_",
        "Equals",
        "esLhyDoWNv",
        "L3M6rc0PcQ",
        "zBX`f",
        "/h{OB",
        "CP2HmQ3MH6",
        "_iX_;",
        "Memory",
        "System.Diagnostics",
        "WbV1PATmN",
        "ssLT1kTZbHlweTgQUoY",
        "get_CodeBase",
        "dnSjoeLsUv7PHNPWDZY",
        "MemberInfo",
        "Dispose",
        "\\hn3[",
        "N&()p",
        "NOwGfc7V6w",
        "IB4H9OS8e0",
        "kMU6oBdYns",
        "GetReferencedAssemblies",
        "ByHo|",
        "9|j#4",
        "%6\\#Sui",
        "PADPADP",
        "aN2CxCElA79vSjFL3ET",
        "Ldc_I4_5",
        "L8PZ)",
        "h0bUwqLXt3dCfBCsVFy",
        "h2Y.'v",
        "kP3KFAe3iBWHUJ44KTN",
        "[b2XN",
        "dwahOq06JD",
        "S6dsFUvgQT",
        "pP{!I",
        "8ZwC|",
        "dTWHXgNNWQ",
        "<Q[CP",
        "mscorlib",
        "XyUFl4T5r0OsPTuqU91",
        "Nugnaeqeq",
        "EGTlr4f6cbuXAPUXc8s",
        "fameSKgbNH",
        "m_1d05a4eb01b941bf99f91100acaa2e4c",
        "OYfDfI",
        "zh+fR",
        "h6srdQnAKC",
        "qRtTSSTK88",
        "Al\\Q#",
        ",D_O[A",
        "NCMGydn9EkFcY1lRG7A`1",
        "EdSpWlKRhBJMWAXPeuC",
        "V5D5djrsaThPDZj8Tau",
        "Y>C<,",
        "S<r?U",
        "RISZfVfpm9",
        "PeQZu0uMYb",
        "aN3Vig:",
        "2ac%R",
        "System.Collections",
        "Lg6H:b",
        "734Z+",
        "z-aTF",
        "yKaKwbpYcV",
        "hCm7eHqoiE",
        "rmUY2vTtK6S8GOD7Eku",
        "&TZ`&",
        "ccAyUVKZOeYYLG2lnDX",
        "|-sU.PS",
        "Stelem_Ref",
        "AttributeTargets",
        ".cZ.[J.SJ.KJ.s",
        "zv=wV7",
        "DQUIiq4lYl",
        "wuxPD",
        "m_b67cb763f0104298a66947ad71ac7e95",
        "qsoIbaZ9KL",
        "System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "nAtrLV7VvZ",
        "`XaZ dO7",
        "[=^^o$1",
        "Q7$Q7",
        ">>5pc",
        "128605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
        "s4p6lFH45E",
        ".=dVK",
        "aoIZn8Fyjy",
        "CryptoConfig",
        "HIZsI9SZ52",
        "EL[Ay",
        "sOaxBdrKbf0RWYM2ssw",
        "BrkJ4r57MWGuhsWsFt",
        "FnliVyhWbQ3uQ7d3AgS",
        "BDond8Imd8OgN3KyZWh",
        "5&5J\"(|ga",
        ")x=e|",
        ";zm/-",
        "Ce M$",
        "eE0KoJKXqy",
        "System.Threading",
        "W=E}r",
        "KqxnfEMdST",
        "RCaIdf7Fak",
        "YwYhton2JWdYfiYUkpb",
        "#5d4^y",
        "lgYB8MHOo2",
        "Htdzey.exe",
        "GZipStream",
        "GK@zB",
        "VpyhPa5k11UX6tMCYDW",
        "\"#^(Lmc",
        "FTeUfsejbQ",
        "UR/+5y",
        ".=.6@2",
        "rkksivkdJg",
        "3_itMu",
        "m_df61349e2fb145dab8f6fd4c3e6ed676",
        "Sizeof",
        "s3iMX6PqEdpucpo3kju",
        "`S$d>",
        "w)]Jh4",
        "dbF7vHQDkw",
        "lm%P ",
        "System.Runtime.InteropServices",
        "JI6hXc6SZU",
        "YAd, ",
        "T`*Xe",
        "Gl6--u",
        "gR;uX",
        "T4;>glk[",
        "aO83AL6Fau",
        "fkRk%) ",
        "GetUnderlyingType",
        "Translation",
        "')d['"
      ],
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "procdump": [
    {
      "name": "bb8336c1e35099bae6648caef872f56c2261d269f3100b712da0764872bc3c24",
      "path": "/opt/CAPEv2/storage/analyses/9/procdump/bb8336c1e35099bae6648caef872f56c2261d269f3100b712da0764872bc3c24",
      "guest_paths": "1;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?",
      "size": 603648,
      "crc32": "9C7185B1",
      "md5": "8558b8c384a3b79c82433f1e7dfb1c88",
      "sha1": "aceec2cd76f76e13ce58298104a93e9263947504",
      "sha256": "bb8336c1e35099bae6648caef872f56c2261d269f3100b712da0764872bc3c24",
      "sha512": "974452a419b58623aebb0c0ba80e50377bead2bc13a8c6e32453df32d610eedf5aca4c7ebc133269f7621584caa6529278ecb2f93835b92e4c8caeb4622a601e",
      "rh_hash": null,
      "ssdeep": "12288:q0PRNYLhJdkEefw+AAf3BEODSPGepldpbGhp:DNe/kThfRFDSPrpld5G/",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [
        {
          "name": "COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24",
          "meta": {
            "description": "Detects indicators of .NET Reactors managed obfuscation. Reactor is a commercial obfuscation solution, pirated versions are often abused by threat actors.",
            "author": "Jonathan Peters",
            "id": "8dc07bbd-cbeb-5214-a27a-555a0d396197",
            "date": "2024-01-09",
            "modified": "2024-01-12",
            "reference": "https://www.eziriz.com/dotnet_reactor.htm",
            "source_url": "https://github.com/cod3nym/detection-rules//blob/86a04c4594cb48895192aad4af164f21f568c136/yara/dotnet/obf_net_reactor.yar#L18-L34",
            "license_url": "https://github.com/cod3nym/detection-rules//blob/86a04c4594cb48895192aad4af164f21f568c136/LICENSE.md",
            "hash": "be842a9de19cfbf42ea5a94e3143d58390a1abd1e72ebfec5deeb8107dddf038",
            "logic_hash": "40a03eb487e2c02a032c4bfb51580dbb764e0a49ceee5ae92c54a5ee3ede9696",
            "score": 65,
            "quality": 80,
            "tags": "FILE"
          },
          "strings": [
            "<PrivateImplementationDetails>{987D5E06-59D6-4C51-9ADF-C3C0AE4FC498}",
            "<Module>{1F4B02DF-696E-486A-8B35-F56CCA1C23C6}",
            "<Module>{b8bddd2a-a952-4523-8049-3c5b3829d6dc}"
          ],
          "addresses": {
            "": 256539
          }
        },
        {
          "name": "possible_includes_base64_packed_functions",
          "meta": {
            "impact": 5,
            "hide": true,
            "desc": "Detects possible includes and packed functions"
          },
          "strings": [
            "btoA",
            "This",
            "prog",
            "rogr",
            "ogra",
            "gram",
            "cann",
            "anno",
            "nnot",
            "mode",
            "text",
            "rsrc",
            "relo",
            "eloc",
            "vlmX",
            "XjXo",
            "vlsH",
            "neis",
            "eksL",
            "elsH",
            "BSJB",
            "3031",
            "0319",
            "Stri",
            "trin",
            "ring",
            "ings",
            "GUID",
            "Blob",
            "Htdz",
            "tdze",
            "dzey",
            "CompilationRelaxationsAttrib",
            "ompilationRelaxationsAttribu",
            "mpilationRelaxationsAttribut",
            "pilationRelaxationsAttribute",
            "ilationRelaxationsAttrib",
            "lationRelaxationsAttribu",
            "ationRelaxationsAttribut",
            "tionRelaxationsAttribute",
            "ionRelaxationsAttrib",
            "onRelaxationsAttribu",
            "nRelaxationsAttribut",
            "RelaxationsAttribute",
            "elaxationsAttrib",
            "laxationsAttribu",
            "axationsAttribut",
            "xationsAttribute",
            "ationsAttrib",
            "tionsAttribu",
            "ionsAttribut",
            "onsAttribute",
            "nsAttrib",
            "sAttribu",
            "Attribut",
            "ttribute",
            "trib",
            "ribu",
            "ibut",
            "bute",
            "Syst",
            "yste",
            "stem",
            "Runt",
            "unti",
            "ntim",
            "time",
            "CompilerServices",
            "ompilerServi",
            "mpilerServic",
            "pilerService",
            "ilerServices",
            "lerServi",
            "erServic",
            "rService",
            "Services",
            "ervi",
            "rvic",
            "vice",
            "ices",
            "mscorlib",
            "scor",
            "corl",
            "orli",
            "rlib",
            "ctor",
            "Void",
            "Int3",
            "nt32",
            "Bool",
            "oole",
            "olea",
            "lean",
            "RuntimeCompatibilityAttribut",
            "untimeCompatibilityAttribute",
            "ntimeCompatibilityAttrib",
            "timeCompatibilityAttribu",
            "imeCompatibilityAttribut",
            "meCompatibilityAttribute",
            "eCompatibilityAttrib",
            "CompatibilityAttribu",
            "ompatibilityAttribut",
            "mpatibilityAttribute",
            "patibilityAttrib",
            "atibilityAttribu",
            "tibilityAttribut",
            "ibilityAttribute",
            "bilityAttrib",
            "ilityAttribu",
            "lityAttribut",
            "ityAttribute",
            "tyAttrib",
            "yAttribu",
            "DebuggableAttrib",
            "ebuggableAttribu",
            "buggableAttribut",
            "uggableAttribute",
            "ggableAttrib",
            "gableAttribu",
            "ableAttribut",
            "bleAttribute",
            "leAttrib",
            "eAttribu",
            "Diagnost",
            "iagnosti",
            "agnostic",
            "gnostics",
            "nost",
            "osti",
            "stic",
            "tics",
            "DebuggingMod",
            "ebuggingMode",
            "buggingModes",
            "uggingMo",
            "ggingMod",
            "gingMode",
            "ingModes",
            "ngMo",
            "gMod",
            "Mode",
            "odes",
            "AssemblyTitleAttribu",
            "ssemblyTitleAttribut",
            "semblyTitleAttribute",
            "emblyTitleAttrib",
            "mblyTitleAttribu",
            "blyTitleAttribut",
            "lyTitleAttribute",
            "yTitleAttrib",
            "TitleAttribu",
            "itleAttribut",
            "tleAttribute",
            "Reflecti",
            "eflectio",
            "flection",
            "lect",
            "ecti",
            "ctio",
            "tion",
            "AssemblyDescriptionAttribute",
            "ssemblyDescriptionAttrib",
            "semblyDescriptionAttribu",
            "emblyDescriptionAttribut",
            "mblyDescriptionAttribute",
            "blyDescriptionAttrib",
            "lyDescriptionAttribu",
            "yDescriptionAttribut",
            "DescriptionAttribute",
            "escriptionAttrib",
            "scriptionAttribu",
            "criptionAttribut",
            "riptionAttribute",
            "iptionAttrib",
            "ptionAttribu",
            "tionAttribut",
            "ionAttribute",
            "onAttrib",
            "nAttribu",
            "AssemblyConfigurationAttribu",
            "ssemblyConfigurationAttribut",
            "semblyConfigurationAttribute",
            "emblyConfigurationAttrib",
            "mblyConfigurationAttribu",
            "blyConfigurationAttribut",
            "lyConfigurationAttribute",
            "yConfigurationAttrib",
            "ConfigurationAttribu",
            "onfigurationAttribut",
            "nfigurationAttribute",
            "figurationAttrib",
            "igurationAttribu",
            "gurationAttribut",
            "urationAttribute",
            "rationAttrib",
            "ationAttribu",
            "AssemblyCompanyAttribute",
            "ssemblyCompanyAttrib",
            "semblyCompanyAttribu",
            "emblyCompanyAttribut",
            "mblyCompanyAttribute",
            "blyCompanyAttrib",
            "lyCompanyAttribu",
            "yCompanyAttribut",
            "CompanyAttribute",
            "ompanyAttrib",
            "mpanyAttribu",
            "panyAttribut",
            "anyAttribute",
            "nyAttrib",
            "AssemblyProductAttribute",
            "ssemblyProductAttrib",
            "semblyProductAttribu",
            "emblyProductAttribut",
            "mblyProductAttribute",
            "blyProductAttrib",
            "lyProductAttribu",
            "yProductAttribut",
            "ProductAttribute",
            "roductAttrib",
            "oductAttribu",
            "ductAttribut",
            "uctAttribute",
            "ctAttrib",
            "tAttribu",
            "AssemblyCopyrightAttribu",
            "ssemblyCopyrightAttribut",
            "semblyCopyrightAttribute",
            "emblyCopyrightAttrib",
            "mblyCopyrightAttribu",
            "blyCopyrightAttribut",
            "lyCopyrightAttribute",
            "yCopyrightAttrib",
            "CopyrightAttribu",
            "opyrightAttribut",
            "pyrightAttribute",
            "yrightAttrib",
            "rightAttribu",
            "ightAttribut",
            "ghtAttribute",
            "htAttrib",
            "AssemblyTrademarkAttribu",
            "ssemblyTrademarkAttribut",
            "semblyTrademarkAttribute",
            "emblyTrademarkAttrib",
            "mblyTrademarkAttribu",
            "blyTrademarkAttribut",
            "lyTrademarkAttribute",
            "yTrademarkAttrib",
            "TrademarkAttribu",
            "rademarkAttribut",
            "ademarkAttribute",
            "demarkAttrib",
            "emarkAttribu",
            "markAttribut",
            "arkAttribute",
            "rkAttrib",
            "kAttribu",
            "ComVisibleAttrib",
            "omVisibleAttribu",
            "mVisibleAttribut",
            "VisibleAttribute",
            "isibleAttrib",
            "sibleAttribu",
            "ibleAttribut",
            "InteropServi",
            "nteropServic",
            "teropService",
            "eropServices",
            "ropServi",
            "opServic",
            "pService",
            "GuidAttribut",
            "uidAttribute",
            "idAttrib",
            "dAttribu",
            "AssemblyFileVersionAttribute",
            "ssemblyFileVersionAttrib",
            "semblyFileVersionAttribu",
            "emblyFileVersionAttribut",
            "mblyFileVersionAttribute",
            "blyFileVersionAttrib",
            "lyFileVersionAttribu",
            "yFileVersionAttribut",
            "FileVersionAttribute",
            "ileVersionAttrib",
            "leVersionAttribu",
            "eVersionAttribut",
            "VersionAttribute",
            "ersionAttrib",
            "rsionAttribu",
            "sionAttribut",
            "TargetFrameworkAttribute",
            "argetFrameworkAttrib",
            "rgetFrameworkAttribu",
            "getFrameworkAttribut",
            "etFrameworkAttribute",
            "tFrameworkAttrib",
            "FrameworkAttribu",
            "rameworkAttribut",
            "ameworkAttribute",
            "meworkAttrib",
            "eworkAttribu",
            "workAttribut",
            "orkAttribute",
            "Versioni",
            "ersionin",
            "rsioning",
            "sion",
            "ioni",
            "onin",
            "ning",
            "Modu",
            "odul",
            "dule",
            "EmbeddedAttribut",
            "mbeddedAttribute",
            "beddedAttrib",
            "eddedAttribu",
            "ddedAttribut",
            "dedAttribute",
            "edAttrib",
            "Microsof",
            "icrosoft",
            "cros",
            "roso",
            "osof",
            "soft",
            "CodeAnalysis",
            "odeAnaly",
            "deAnalys",
            "eAnalysi",
            "Analysis",
            "naly",
            "alys",
            "lysi",
            "ysis",
            "RefSafetyRulesAttrib",
            "efSafetyRulesAttribu",
            "fSafetyRulesAttribut",
            "SafetyRulesAttribute",
            "afetyRulesAttrib",
            "fetyRulesAttribu",
            "etyRulesAttribut",
            "tyRulesAttribute",
            "yRulesAttrib",
            "RulesAttribu",
            "ulesAttribut",
            "lesAttribute",
            "esAttrib",
            "i0XQl9UoSkFPZs8H",
            "0XQl9UoSkFPZs8HT",
            "XQl9UoSkFPZs8HTp",
            "Ql9UoSkFPZs8",
            "l9UoSkFPZs8H",
            "9UoSkFPZs8HT",
            "UoSkFPZs8HTp",
            "oSkFPZs8",
            "SkFPZs8H",
            "kFPZs8HT",
            "FPZs8HTp",
            "PZs8",
            "Zs8H",
            "s8HT",
            "8HTp",
            "rOjCZorAEL2T0Afb",
            "OjCZorAEL2T0AfbF",
            "jCZorAEL2T0AfbFR",
            "CZorAEL2T0Af",
            "ZorAEL2T0Afb",
            "orAEL2T0AfbF",
            "rAEL2T0AfbFR",
            "AEL2T0Af",
            "EL2T0Afb",
            "L2T0AfbF",
            "2T0AfbFR",
            "T0Af",
            "0Afb",
            "AfbF",
            "fbFR",
            "Obje",
            "bjec",
            "ject",
            "sTvnpWek2nfmDwFd",
            "TvnpWek2nfmDwFdf",
            "vnpWek2nfmDwFdfK",
            "npWek2nfmDwF",
            "pWek2nfmDwFd",
            "Wek2nfmDwFdf",
            "ek2nfmDwFdfK",
            "k2nfmDwF",
            "2nfmDwFd",
            "nfmDwFdf",
            "fmDwFdfK",
            "mDwF",
            "DwFd",
            "wFdf",
            "FdfK",
            "splZUgP4vy8SEQ4W",
            "plZUgP4vy8SEQ4Wx",
            "lZUgP4vy8SEQ4Wxb",
            "ZUgP4vy8SEQ4",
            "UgP4vy8SEQ4W",
            "gP4vy8SEQ4Wx",
            "P4vy8SEQ4Wxb",
            "4vy8SEQ4",
            "vy8SEQ4W",
            "y8SEQ4Wx",
            "8SEQ4Wxb",
            "SEQ4",
            "EQ4W",
            "Q4Wx",
            "4Wxb",
            "BrkJ4r57MWGuhsWs",
            "rkJ4r57MWGuhsWsF",
            "kJ4r57MWGuhsWsFt",
            "J4r57MWGuhsW",
            "4r57MWGuhsWs",
            "r57MWGuhsWsF",
            "57MWGuhsWsFt",
            "7MWGuhsW",
            "MWGuhsWs",
            "WGuhsWsF",
            "GuhsWsFt",
            "uhsW",
            "hsWs",
            "sWsF",
            "WsFt",
            "T0oXjDDARMKNwOLf",
            "0oXjDDARMKNwOLf5",
            "oXjDDARMKNwOLf5O",
            "XjDDARMKNwOL",
            "jDDARMKNwOLf",
            "DDARMKNwOLf5",
            "DARMKNwOLf5O",
            "ARMKNwOL",
            "RMKNwOLf",
            "MKNwOLf5",
            "KNwOLf5O",
            "NwOL",
            "wOLf",
            "OLf5",
            "Lf5O",
            "HXXkwC97v36mypeV",
            "XXkwC97v36mypeVY",
            "XkwC97v36mypeVYM",
            "kwC97v36mype",
            "wC97v36mypeV",
            "C97v36mypeVY",
            "97v36mypeVYM",
            "7v36mype",
            "v36mypeV",
            "36mypeVY",
            "6mypeVYM",
            "mype",
            "ypeV",
            "peVY",
            "eVYM",
            "WIjj7aqHV2iiX19k",
            "Ijj7aqHV2iiX19ko",
            "jj7aqHV2iiX19koS",
            "j7aqHV2iiX19",
            "7aqHV2iiX19k",
            "aqHV2iiX19ko",
            "qHV2iiX19koS",
            "HV2iiX19",
            "V2iiX19k",
            "2iiX19ko",
            "iiX19koS",
            "iX19",
            "X19k",
            "19ko",
            "9koS",
            "LuLZUIuxdUHc2aJ3",
            "uLZUIuxdUHc2aJ3g",
            "LZUIuxdUHc2aJ3gr",
            "ZUIuxdUHc2aJ",
            "UIuxdUHc2aJ3",
            "IuxdUHc2aJ3g",
            "uxdUHc2aJ3gr",
            "xdUHc2aJ",
            "dUHc2aJ3",
            "UHc2aJ3g",
            "Hc2aJ3gr",
            "c2aJ",
            "2aJ3",
            "aJ3g",
            "J3gr",
            "Q4m4WxwqHJLsZ0ZV",
            "4m4WxwqHJLsZ0ZV1",
            "m4WxwqHJLsZ0ZV1p",
            "4WxwqHJLsZ0Z",
            "WxwqHJLsZ0ZV",
            "xwqHJLsZ0ZV1",
            "wqHJLsZ0ZV1p",
            "qHJLsZ0Z",
            "HJLsZ0ZV",
            "JLsZ0ZV1",
            "LsZ0ZV1p",
            "sZ0Z",
            "Z0ZV",
            "0ZV1",
            "ZV1p",
            "dtZVs5ct0qm2aZmw",
            "tZVs5ct0qm2aZmw5",
            "ZVs5ct0qm2aZmw5X",
            "Vs5ct0qm2aZm",
            "s5ct0qm2aZmw",
            "5ct0qm2aZmw5",
            "ct0qm2aZmw5X",
            "t0qm2aZm",
            "0qm2aZmw",
            "qm2aZmw5",
            "m2aZmw5X",
            "2aZm",
            "aZmw",
            "Zmw5",
            "mw5X",
            "u4ry4fg3xj71WiHq",
            "4ry4fg3xj71WiHqe",
            "ry4fg3xj71WiHqe8",
            "y4fg3xj71WiH",
            "4fg3xj71WiHq",
            "fg3xj71WiHqe",
            "g3xj71WiHqe8",
            "3xj71WiH",
            "xj71WiHq",
            "j71WiHqe",
            "71WiHqe8",
            "1WiH",
            "WiHq",
            "iHqe",
            "Hqe8",
            "Nugnaeqe",
            "ugnaeqeq",
            "gnae",
            "naeq",
            "aeqe",
            "eqeq",
            "Efyf",
            "fyfq",
            "yfqp",
            "Properti",
            "ropertie",
            "operties",
            "pert",
            "erti",
            "rtie",
            "ties",
            "1F4B02DF",
            "F4B0",
            "4B02",
            "B02D",
            "02DF",
            "696E",
            "486A",
            "8B35",
            "F56CCA1C23C6",
            "56CCA1C2",
            "6CCA1C23",
            "CCA1C23C",
            "CA1C23C6",
            "A1C2",
            "1C23",
            "C23C",
            "23C6",
            "UHROQNM8nJMyt7Wh",
            "HROQNM8nJMyt7WhV",
            "ROQNM8nJMyt7WhVU",
            "OQNM8nJMyt7W",
            "QNM8nJMyt7Wh",
            "NM8nJMyt7WhV",
            "M8nJMyt7WhVU",
            "8nJMyt7W",
            "nJMyt7Wh",
            "JMyt7WhV",
            "Myt7WhVU",
            "yt7W",
            "t7Wh",
            "7WhV",
            "WhVU",
            "eCCquBx9xKIlDNsO",
            "CCquBx9xKIlDNsOc",
            "CquBx9xKIlDNsOcK",
            "quBx9xKIlDNs",
            "uBx9xKIlDNsO",
            "Bx9xKIlDNsOc",
            "x9xKIlDNsOcK",
            "9xKIlDNs",
            "xKIlDNsO",
            "KIlDNsOc",
            "IlDNsOcK",
            "lDNs",
            "DNsO",
            "NsOc",
            "sOcK",
            "eE0XOJHVq436cEbm",
            "E0XOJHVq436cEbmG",
            "0XOJHVq436cEbmG3",
            "XOJHVq436cEbmG3S",
            "OJHVq436cEbm",
            "JHVq436cEbmG",
            "HVq436cEbmG3",
            "Vq436cEbmG3S",
            "q436cEbm",
            "436cEbmG",
            "36cEbmG3",
            "6cEbmG3S",
            "cEbm",
            "EbmG",
            "bmG3",
            "mG3S",
            "MulticastDelegat",
            "ulticastDelegate",
            "lticastDeleg",
            "ticastDelega",
            "icastDelegat",
            "castDelegate",
            "astDeleg",
            "stDelega",
            "tDelegat",
            "Delegate",
            "eleg",
            "lega",
            "egat",
            "gate",
            "lnpjfBHHitTcIbxk",
            "npjfBHHitTcIbxkN",
            "pjfBHHitTcIbxkN7",
            "jfBHHitTcIbxkN7U",
            "fBHHitTcIbxk",
            "BHHitTcIbxkN",
            "HHitTcIbxkN7",
            "HitTcIbxkN7U",
            "itTcIbxk",
            "tTcIbxkN",
            "TcIbxkN7",
            "cIbxkN7U",
            "Ibxk",
            "bxkN",
            "xkN7",
            "kN7U",
            "SRTESUHnMlWtoUBm",
            "RTESUHnMlWtoUBml",
            "TESUHnMlWtoUBmlC",
            "ESUHnMlWtoUBmlCn",
            "SUHnMlWtoUBm",
            "UHnMlWtoUBml",
            "HnMlWtoUBmlC",
            "nMlWtoUBmlCn",
            "MlWtoUBm",
            "lWtoUBml",
            "WtoUBmlC",
            "toUBmlCn",
            "oUBm",
            "UBml",
            "BmlC",
            "mlCn",
            "rDTgcQnXdoapjb3o",
            "DTgcQnXdoapjb3or",
            "TgcQnXdoapjb3orK",
            "gcQnXdoapjb3orKB",
            "cQnXdoapjb3o",
            "QnXdoapjb3or",
            "nXdoapjb3orK",
            "Xdoapjb3orKB",
            "doapjb3o",
            "oapjb3or",
            "apjb3orK",
            "pjb3orKB",
            "jb3o",
            "b3or",
            "3orK",
            "orKB",
            "CrQ4JYn1DGJce8A2",
            "rQ4JYn1DGJce8A2H",
            "Q4JYn1DGJce8A2HO",
            "4JYn1DGJce8A2HOx",
            "JYn1DGJce8A2",
            "Yn1DGJce8A2H",
            "n1DGJce8A2HO",
            "1DGJce8A2HOx",
            "DGJce8A2",
            "GJce8A2H",
            "Jce8A2HO",
            "ce8A2HOx",
            "e8A2",
            "8A2H",
            "A2HO",
            "2HOx",
            "NCMGydn9EkFcY1lR",
            "CMGydn9EkFcY1lRG",
            "MGydn9EkFcY1lRG7",
            "Gydn9EkFcY1lRG7A",
            "ydn9EkFcY1lR",
            "dn9EkFcY1lRG",
            "n9EkFcY1lRG7",
            "9EkFcY1lRG7A",
            "EkFcY1lR",
            "kFcY1lRG",
            "FcY1lRG7",
            "cY1lRG7A",
            "Y1lR",
            "1lRG",
            "lRG7",
            "RG7A",
            "Acg5EHnkSubsx4il",
            "cg5EHnkSubsx4ilA",
            "g5EHnkSubsx4ilAD",
            "5EHnkSubsx4ilADa",
            "EHnkSubsx4il",
            "HnkSubsx4ilA",
            "nkSubsx4ilAD",
            "kSubsx4ilADa",
            "Subsx4il",
            "ubsx4ilA",
            "bsx4ilAD",
            "sx4ilADa",
            "x4il",
            "4ilA",
            "ilAD",
            "lADa",
            "YwYhton2JWdYfiYU",
            "wYhton2JWdYfiYUk",
            "Yhton2JWdYfiYUkp",
            "hton2JWdYfiYUkpb",
            "ton2JWdYfiYU",
            "on2JWdYfiYUk",
            "n2JWdYfiYUkp",
            "2JWdYfiYUkpb",
            "JWdYfiYU",
            "WdYfiYUk",
            "dYfiYUkp",
            "YfiYUkpb",
            "fiYU",
            "iYUk",
            "YUkp",
            "Ukpb",
            "zfIWo4nuC0pOPpQH",
            "fIWo4nuC0pOPpQHc",
            "IWo4nuC0pOPpQHcd",
            "Wo4nuC0pOPpQHcdU",
            "o4nuC0pOPpQH",
            "4nuC0pOPpQHc",
            "nuC0pOPpQHcd",
            "uC0pOPpQHcdU",
            "C0pOPpQH",
            "0pOPpQHc",
            "pOPpQHcd",
            "OPpQHcdU",
            "PpQH",
            "pQHc",
            "QHcd",
            "HcdU",
            "Ehs6p1nwKvc2VUcN",
            "hs6p1nwKvc2VUcNB",
            "s6p1nwKvc2VUcNBI",
            "6p1nwKvc2VUcNBI0",
            "p1nwKvc2VUcN",
            "1nwKvc2VUcNB",
            "nwKvc2VUcNBI",
            "wKvc2VUcNBI0",
            "Kvc2VUcN",
            "vc2VUcNB",
            "c2VUcNBI",
            "2VUcNBI0",
            "VUcN",
            "UcNB",
            "cNBI",
            "NBI0",
            "ValueTyp",
            "alueType",
            "lueT",
            "ueTy",
            "eTyp",
            "Type",
            "DaCfjQnpytIxMfeQ",
            "aCfjQnpytIxMfeQo",
            "CfjQnpytIxMfeQon",
            "fjQnpytIxMfeQonv",
            "jQnpytIxMfeQ",
            "QnpytIxMfeQo",
            "npytIxMfeQon",
            "pytIxMfeQonv",
            "ytIxMfeQ",
            "tIxMfeQo",
            "IxMfeQon",
            "xMfeQonv",
            "MfeQ",
            "feQo",
            "eQon",
            "Qonv",
            "nfgl7KnFiyOHldD5",
            "fgl7KnFiyOHldD5p",
            "gl7KnFiyOHldD5pV",
            "l7KnFiyOHldD5pVk",
            "7KnFiyOHldD5",
            "KnFiyOHldD5p",
            "nFiyOHldD5pV",
            "FiyOHldD5pVk",
            "iyOHldD5",
            "yOHldD5p",
            "OHldD5pV",
            "HldD5pVk",
            "ldD5",
            "dD5p",
            "D5pV",
            "5pVk",
            "T9OHYMnaySYkJY05",
            "9OHYMnaySYkJY05n",
            "OHYMnaySYkJY05nT",
            "HYMnaySYkJY05nTu",
            "YMnaySYkJY05",
            "MnaySYkJY05n",
            "naySYkJY05nT",
            "aySYkJY05nTu",
            "ySYkJY05",
            "SYkJY05n",
            "YkJY05nT",
            "kJY05nTu",
            "JY05",
            "Y05n",
            "05nT",
            "5nTu",
            "Jb3e19n0IDVhGdJF",
            "b3e19n0IDVhGdJFP",
            "3e19n0IDVhGdJFPr",
            "e19n0IDVhGdJFPrM",
            "19n0IDVhGdJF",
            "9n0IDVhGdJFP",
            "n0IDVhGdJFPr",
            "0IDVhGdJFPrM",
            "IDVhGdJF",
            "DVhGdJFP",
            "VhGdJFPr",
            "hGdJFPrM",
            "GdJF",
            "dJFP",
            "JFPr",
            "FPrM",
            "tDKL4enANllmAtMd",
            "DKL4enANllmAtMd0",
            "KL4enANllmAtMd0V",
            "L4enANllmAtMd0VX",
            "4enANllmAtMd",
            "enANllmAtMd0",
            "nANllmAtMd0V",
            "ANllmAtMd0VX",
            "NllmAtMd",
            "llmAtMd0",
            "lmAtMd0V",
            "mAtMd0VX",
            "AtMd",
            "tMd0",
            "Md0V",
            "d0VX",
            "ov0tIjnOV1ClMWQ4",
            "v0tIjnOV1ClMWQ4B",
            "0tIjnOV1ClMWQ4Bl",
            "tIjnOV1ClMWQ4Bl4",
            "IjnOV1ClMWQ4",
            "jnOV1ClMWQ4B",
            "nOV1ClMWQ4Bl",
            "OV1ClMWQ4Bl4",
            "V1ClMWQ4",
            "1ClMWQ4B",
            "ClMWQ4Bl",
            "lMWQ4Bl4",
            "MWQ4",
            "WQ4B",
            "Q4Bl",
            "4Bl4",
            "ESH427noWTPxXXDq",
            "SH427noWTPxXXDqf",
            "H427noWTPxXXDqfG",
            "427noWTPxXXDqfGF",
            "27noWTPxXXDq",
            "7noWTPxXXDqf",
            "noWTPxXXDqfG",
            "oWTPxXXDqfGF",
            "WTPxXXDq",
            "TPxXXDqf",
            "PxXXDqfG",
            "xXXDqfGF",
            "XXDq",
            "XDqf",
            "DqfG",
            "qfGF",
            "y2k93xnjUjuUCBxY",
            "2k93xnjUjuUCBxYt",
            "k93xnjUjuUCBxYtn",
            "93xnjUjuUCBxYtnq",
            "3xnjUjuUCBxY",
            "xnjUjuUCBxYt",
            "njUjuUCBxYtn",
            "jUjuUCBxYtnq",
            "UjuUCBxY",
            "juUCBxYt",
            "uUCBxYtn",
            "UCBxYtnq",
            "CBxY",
            "BxYt",
            "xYtn",
            "Ytnq",
            "Enum",
            "hII3SMnbqMu9tUfG",
            "II3SMnbqMu9tUfGL",
            "I3SMnbqMu9tUfGLB",
            "3SMnbqMu9tUfGLB8",
            "SMnbqMu9tUfG",
            "MnbqMu9tUfGL",
            "nbqMu9tUfGLB",
            "bqMu9tUfGLB8",
            "qMu9tUfG",
            "Mu9tUfGL",
            "u9tUfGLB",
            "9tUfGLB8",
            "tUfG",
            "UfGL",
            "fGLB",
            "GLB8",
            "AyT5WCnQZ0uUPe6C",
            "yT5WCnQZ0uUPe6Cs",
            "T5WCnQZ0uUPe6Csp",
            "5WCnQZ0uUPe6CspV",
            "WCnQZ0uUPe6C",
            "CnQZ0uUPe6Cs",
            "nQZ0uUPe6Csp",
            "QZ0uUPe6CspV",
            "Z0uUPe6C",
            "0uUPe6Cs",
            "uUPe6Csp",
            "UPe6CspV",
            "Pe6C",
            "e6Cs",
            "6Csp",
            "CspV",
            "Crf22ZEG1SWCYGxb",
            "rf22ZEG1SWCYGxb5",
            "f22ZEG1SWCYGxb5h",
            "22ZEG1SWCYGxb5hg",
            "2ZEG1SWCYGxb",
            "ZEG1SWCYGxb5",
            "EG1SWCYGxb5h",
            "G1SWCYGxb5hg",
            "1SWCYGxb",
            "SWCYGxb5",
            "WCYGxb5h",
            "CYGxb5hg",
            "YGxb",
            "Gxb5",
            "xb5h",
            "b5hg",
            "aN2CxCElA79vSjFL",
            "N2CxCElA79vSjFL3",
            "2CxCElA79vSjFL3E",
            "CxCElA79vSjFL3ET",
            "xCElA79vSjFL",
            "CElA79vSjFL3",
            "ElA79vSjFL3E",
            "lA79vSjFL3ET",
            "A79vSjFL",
            "79vSjFL3",
            "9vSjFL3E",
            "vSjFL3ET",
            "SjFL",
            "jFL3",
            "FL3E",
            "L3ET",
            "bILQBvECiUe2MRnX",
            "ILQBvECiUe2MRnXd",
            "LQBvECiUe2MRnXdv",
            "QBvECiUe2MRnXdvC",
            "BvECiUe2MRnX",
            "vECiUe2MRnXd",
            "ECiUe2MRnXdv",
            "CiUe2MRnXdvC",
            "iUe2MRnX",
            "Ue2MRnXd",
            "e2MRnXdv",
            "2MRnXdvC",
            "MRnX",
            "RnXd",
            "nXdv",
            "XdvC",
            "eEYiepZEYQFERSI9",
            "EYiepZEYQFERSI9c",
            "YiepZEYQFERSI9cN",
            "iepZEYQFERSI9cNe",
            "epZEYQFERSI9",
            "pZEYQFERSI9c",
            "ZEYQFERSI9cN",
            "EYQFERSI9cNe",
            "YQFERSI9",
            "QFERSI9c",
            "FERSI9cN",
            "ERSI9cNe",
            "RSI9",
            "SI9c",
            "I9cN",
            "9cNe",
            "sqN7NaZ6AvxHnT9q",
            "qN7NaZ6AvxHnT9qC",
            "N7NaZ6AvxHnT9qCB",
            "7NaZ6AvxHnT9qCBr",
            "NaZ6AvxHnT9q",
            "aZ6AvxHnT9qC",
            "Z6AvxHnT9qCB",
            "6AvxHnT9qCBr",
            "AvxHnT9q",
            "vxHnT9qC",
            "xHnT9qCB",
            "HnT9qCBr",
            "nT9q",
            "T9qC",
            "9qCB",
            "qCBr",
            "nfFAF8ZGYCpLmKaA",
            "fFAF8ZGYCpLmKaAg",
            "FAF8ZGYCpLmKaAgg",
            "AF8ZGYCpLmKaAggM",
            "F8ZGYCpLmKaA",
            "8ZGYCpLmKaAg",
            "ZGYCpLmKaAgg",
            "GYCpLmKaAggM",
            "YCpLmKaA",
            "CpLmKaAg",
            "pLmKaAgg",
            "LmKaAggM",
            "mKaA",
            "KaAg",
            "aAgg",
            "AggM",
            "qcdTIIZ5PkcfxwSS",
            "cdTIIZ5PkcfxwSSg",
            "dTIIZ5PkcfxwSSgh",
            "TIIZ5PkcfxwSSghB",
            "IIZ5PkcfxwSS",
            "IZ5PkcfxwSSg",
            "Z5PkcfxwSSgh",
            "5PkcfxwSSghB",
            "PkcfxwSS",
            "kcfxwSSg",
            "cfxwSSgh",
            "fxwSSghB",
            "xwSS",
            "wSSg",
            "SSgh",
            "SghB",
            "m4ovJkZyiaePCH9S",
            "4ovJkZyiaePCH9Sa",
            "ovJkZyiaePCH9Sam",
            "vJkZyiaePCH9Samm",
            "JkZyiaePCH9S",
            "kZyiaePCH9Sa",
            "ZyiaePCH9Sam",
            "yiaePCH9Samm",
            "iaePCH9S",
            "aePCH9Sa",
            "ePCH9Sam",
            "PCH9Samm",
            "CH9S",
            "H9Sa",
            "9Sam",
            "Samm",
            "q4eR9bZppH8OXQ5m",
            "4eR9bZppH8OXQ5mm",
            "eR9bZppH8OXQ5mmy",
            "R9bZppH8OXQ5mmyJ",
            "9bZppH8OXQ5m",
            "bZppH8OXQ5mm",
            "ZppH8OXQ5mmy",
            "ppH8OXQ5mmyJ",
            "pH8OXQ5m",
            "H8OXQ5mm",
            "8OXQ5mmy",
            "OXQ5mmyJ",
            "XQ5m",
            "Q5mm",
            "5mmy",
            "mmyJ",
            "MLs45FZSTd2TiolY",
            "Ls45FZSTd2TiolYQ",
            "s45FZSTd2TiolYQe",
            "45FZSTd2TiolYQe0",
            "5FZSTd2TiolY",
            "FZSTd2TiolYQ",
            "ZSTd2TiolYQe",
            "STd2TiolYQe0",
            "Td2TiolY",
            "d2TiolYQ",
            "2TiolYQe",
            "TiolYQe0",
            "iolY",
            "olYQ",
            "lYQe",
            "YQe0",
            "AX1MdQZclsPF6Dle",
            "X1MdQZclsPF6Dlec",
            "1MdQZclsPF6DlecJ",
            "MdQZclsPF6DlecJ9",
            "dQZclsPF6Dle",
            "QZclsPF6Dlec",
            "ZclsPF6DlecJ",
            "clsPF6DlecJ9",
            "lsPF6Dle",
            "sPF6Dlec",
            "PF6DlecJ",
            "F6DlecJ9",
            "6Dle",
            "Dlec",
            "lecJ",
            "ecJ9",
            "PEKuIAZgrySKtMEn",
            "EKuIAZgrySKtMEn5",
            "KuIAZgrySKtMEn5G",
            "uIAZgrySKtMEn5G6",
            "IAZgrySKtMEn",
            "AZgrySKtMEn5",
            "ZgrySKtMEn5G",
            "grySKtMEn5G6",
            "rySKtMEn",
            "ySKtMEn5",
            "SKtMEn5G",
            "KtMEn5G6",
            "tMEn",
            "MEn5",
            "En5G",
            "n5G6",
            "Exceptio",
            "xception",
            "cept",
            "epti",
            "ptio",
            "G0PLweZFUarMcHkd",
            "0PLweZFUarMcHkd2",
            "PLweZFUarMcHkd2I",
            "LweZFUarMcHkd2Ij",
            "weZFUarMcHkd",
            "eZFUarMcHkd2",
            "ZFUarMcHkd2I",
            "FUarMcHkd2Ij",
            "UarMcHkd",
            "arMcHkd2",
            "rMcHkd2I",
            "McHkd2Ij",
            "cHkd",
            "Hkd2",
            "kd2I",
            "d2Ij",
            "UAP4vtZaVfLr8cXy",
            "AP4vtZaVfLr8cXyu",
            "P4vtZaVfLr8cXyuG",
            "4vtZaVfLr8cXyuGU",
            "vtZaVfLr8cXy",
            "tZaVfLr8cXyu",
            "ZaVfLr8cXyuG",
            "aVfLr8cXyuGU",
            "VfLr8cXy",
            "fLr8cXyu",
            "Lr8cXyuG",
            "r8cXyuGU",
            "8cXy",
            "cXyu",
            "XyuG",
            "yuGU",
            "mTYLjCZOmYjchmLt",
            "TYLjCZOmYjchmLtA",
            "YLjCZOmYjchmLtAm",
            "LjCZOmYjchmLtAmE",
            "jCZOmYjchmLt",
            "CZOmYjchmLtA",
            "ZOmYjchmLtAm",
            "OmYjchmLtAmE",
            "mYjchmLt",
            "YjchmLtA",
            "jchmLtAm",
            "chmLtAmE",
            "hmLt",
            "mLtA",
            "LtAm",
            "tAmE",
            "f9DRwnZouqJtBI4o",
            "9DRwnZouqJtBI4o3",
            "DRwnZouqJtBI4o3P",
            "RwnZouqJtBI4o3P3",
            "wnZouqJtBI4o",
            "nZouqJtBI4o3",
            "ZouqJtBI4o3P",
            "ouqJtBI4o3P3",
            "uqJtBI4o",
            "qJtBI4o3",
            "JtBI4o3P",
            "tBI4o3P3",
            "BI4o",
            "I4o3",
            "4o3P",
            "o3P3",
            "kkO1N0ZQrNkfq0Qv",
            "kO1N0ZQrNkfq0Qvn",
            "O1N0ZQrNkfq0Qvng",
            "1N0ZQrNkfq0Qvngq",
            "N0ZQrNkfq0Qv",
            "0ZQrNkfq0Qvn",
            "ZQrNkfq0Qvng",
            "QrNkfq0Qvngq",
            "rNkfq0Qv",
            "Nkfq0Qvn",
            "kfq0Qvng",
            "fq0Qvngq",
            "q0Qv",
            "0Qvn",
            "Qvng",
            "vngq",
            "edDYLYZdyGOpcxZ2",
            "dDYLYZdyGOpcxZ21",
            "DYLYZdyGOpcxZ21y",
            "YLYZdyGOpcxZ21y1",
            "LYZdyGOpcxZ2",
            "YZdyGOpcxZ21",
            "ZdyGOpcxZ21y",
            "dyGOpcxZ21y1",
            "yGOpcxZ2",
            "GOpcxZ21",
            "OpcxZ21y",
            "pcxZ21y1",
            "cxZ2",
            "xZ21",
            "Z21y",
            "21y1",
            "TSwuArZxMcJgGs7n",
            "SwuArZxMcJgGs7nO",
            "wuArZxMcJgGs7nO9",
            "uArZxMcJgGs7nO94",
            "ArZxMcJgGs7n",
            "rZxMcJgGs7nO",
            "ZxMcJgGs7nO9",
            "xMcJgGs7nO94",
            "McJgGs7n",
            "cJgGs7nO",
            "JgGs7nO9",
            "gGs7nO94",
            "Gs7n",
            "s7nO",
            "7nO9",
            "nO94",
            "vVGPKJ7HJILhLkXU",
            "VGPKJ7HJILhLkXU7",
            "GPKJ7HJILhLkXU7l",
            "PKJ7HJILhLkXU7lr",
            "KJ7HJILhLkXU",
            "J7HJILhLkXU7",
            "7HJILhLkXU7l",
            "HJILhLkXU7lr",
            "JILhLkXU",
            "ILhLkXU7",
            "LhLkXU7l",
            "hLkXU7lr",
            "LkXU",
            "kXU7",
            "XU7l",
            "U7lr",
            "PmgkF37Z800GqTma",
            "mgkF37Z800GqTmab",
            "gkF37Z800GqTmab7",
            "kF37Z800GqTmab72",
            "F37Z800GqTma",
            "37Z800GqTmab",
            "7Z800GqTmab7",
            "Z800GqTmab72",
            "800GqTma",
            "00GqTmab",
            "0GqTmab7",
            "GqTmab72",
            "qTma",
            "Tmab",
            "mab7",
            "ab72",
            "a43An57s4QboQnkD",
            "43An57s4QboQnkDl",
            "3An57s4QboQnkDlG",
            "An57s4QboQnkDlGU",
            "n57s4QboQnkD",
            "57s4QboQnkDl",
            "7s4QboQnkDlG",
            "s4QboQnkDlGU",
            "4QboQnkD",
            "QboQnkDl",
            "boQnkDlG",
            "oQnkDlGU",
            "QnkD",
            "nkDl",
            "kDlG",
            "DlGU",
            "KCmIX67URdY8wTxH",
            "CmIX67URdY8wTxHc",
            "mIX67URdY8wTxHcR",
            "IX67URdY8wTxHcRk",
            "X67URdY8wTxH",
            "67URdY8wTxHc",
            "7URdY8wTxHcR",
            "URdY8wTxHcRk",
            "RdY8wTxH",
            "dY8wTxHc",
            "Y8wTxHcR",
            "8wTxHcRk",
            "wTxH",
            "TxHc",
            "xHcR",
            "HcRk",
            "jHMZUB7PSB8BFaPt",
            "HMZUB7PSB8BFaPtM",
            "MZUB7PSB8BFaPtMW",
            "ZUB7PSB8BFaPtMWe",
            "UB7PSB8BFaPt",
            "B7PSB8BFaPtM",
            "7PSB8BFaPtMW",
            "PSB8BFaPtMWe",
            "SB8BFaPt",
            "B8BFaPtM",
            "8BFaPtMW",
            "BFaPtMWe",
            "FaPt",
            "aPtM",
            "PtMW",
            "tMWe",
            "ts1IdQ75ae4NyEyi",
            "s1IdQ75ae4NyEyii",
            "1IdQ75ae4NyEyiit",
            "IdQ75ae4NyEyiite",
            "dQ75ae4NyEyi",
            "Q75ae4NyEyii",
            "75ae4NyEyiit",
            "5ae4NyEyiite",
            "ae4NyEyi",
            "e4NyEyii",
            "4NyEyiit",
            "NyEyiite",
            "yEyi",
            "Eyii",
            "yiit",
            "iite",
            "n0VnKI71Hj1Hfvpe",
            "0VnKI71Hj1Hfvpe7",
            "VnKI71Hj1Hfvpe72",
            "nKI71Hj1Hfvpe72r",
            "KI71Hj1Hfvpe",
            "I71Hj1Hfvpe7",
            "71Hj1Hfvpe72",
            "1Hj1Hfvpe72r",
            "Hj1Hfvpe",
            "j1Hfvpe7",
            "1Hfvpe72",
            "Hfvpe72r",
            "fvpe",
            "vpe7",
            "pe72",
            "e72r",
            "zefdOA7k6NVlTE0X",
            "efdOA7k6NVlTE0XM",
            "fdOA7k6NVlTE0XMr",
            "dOA7k6NVlTE0XMr4",
            "OA7k6NVlTE0X",
            "A7k6NVlTE0XM",
            "7k6NVlTE0XMr",
            "k6NVlTE0XMr4",
            "6NVlTE0X",
            "NVlTE0XM",
            "VlTE0XMr",
            "lTE0XMr4",
            "TE0X",
            "E0XM",
            "0XMr",
            "XMr4",
            "DwheO273r7o3I1Dr",
            "wheO273r7o3I1Drm",
            "heO273r7o3I1Drmn",
            "eO273r7o3I1Drmny",
            "O273r7o3I1Dr",
            "273r7o3I1Drm",
            "73r7o3I1Drmn",
            "3r7o3I1Drmny",
            "r7o3I1Dr",
            "7o3I1Drm",
            "o3I1Drmn",
            "3I1Drmny",
            "I1Dr",
            "1Drm",
            "Drmn",
            "rmny",
            "oRqAkK7ypJcSrOOS",
            "RqAkK7ypJcSrOOSr",
            "qAkK7ypJcSrOOSrX",
            "AkK7ypJcSrOOSrXq",
            "kK7ypJcSrOOS",
            "K7ypJcSrOOSr",
            "7ypJcSrOOSrX",
            "ypJcSrOOSrXq",
            "pJcSrOOS",
            "JcSrOOSr",
            "cSrOOSrX",
            "SrOOSrXq",
            "rOOS",
            "OOSr",
            "OSrX",
            "SrXq",
            "gtOrT97pB7YK24CQ",
            "tOrT97pB7YK24CQD",
            "OrT97pB7YK24CQDX",
            "rT97pB7YK24CQDXF",
            "T97pB7YK24CQ",
            "97pB7YK24CQD",
            "7pB7YK24CQDX",
            "pB7YK24CQDXF",
            "B7YK24CQ",
            "7YK24CQD",
            "YK24CQDX",
            "K24CQDXF",
            "24CQ",
            "4CQD",
            "CQDX",
            "QDXF",
            "YagRTL7Jna4qy3bW",
            "agRTL7Jna4qy3bWE",
            "gRTL7Jna4qy3bWEr",
            "RTL7Jna4qy3bWErY",
            "TL7Jna4qy3bW",
            "L7Jna4qy3bWE",
            "7Jna4qy3bWEr",
            "Jna4qy3bWErY",
            "na4qy3bW",
            "a4qy3bWE",
            "4qy3bWEr",
            "qy3bWErY",
            "y3bW",
            "3bWE",
            "bWEr",
            "WErY",
            "Mt1Veh78BubfcaBL",
            "t1Veh78BubfcaBLG",
            "1Veh78BubfcaBLG1",
            "Veh78BubfcaBLG1Y",
            "eh78BubfcaBL",
            "h78BubfcaBLG",
            "78BubfcaBLG1",
            "8BubfcaBLG1Y",
            "BubfcaBL",
            "ubfcaBLG",
            "bfcaBLG1",
            "fcaBLG1Y",
            "caBL",
            "aBLG",
            "BLG1",
            "LG1Y",
            "BgTr2I7SqG3SuYLi",
            "gTr2I7SqG3SuYLii",
            "Tr2I7SqG3SuYLiir",
            "r2I7SqG3SuYLiiru",
            "2I7SqG3SuYLi",
            "I7SqG3SuYLii",
            "7SqG3SuYLiir",
            "SqG3SuYLiiru",
            "qG3SuYLi",
            "G3SuYLii",
            "3SuYLiir",
            "SuYLiiru",
            "uYLi",
            "YLii",
            "Liir",
            "iiru",
            "L20T6L6IcLaXIrAN",
            "20T6L6IcLaXIrANR",
            "0T6L6IcLaXIrANR3",
            "T6L6IcLaXIrANR3F",
            "6L6IcLaXIrAN",
            "L6IcLaXIrANR",
            "6IcLaXIrANR3",
            "IcLaXIrANR3F",
            "cLaXIrAN",
            "LaXIrANR",
            "aXIrANR3",
            "XIrANR3F",
            "IrAN",
            "rANR",
            "ANR3",
            "NR3F",
            "FwrX5yPtqhsabjCg",
            "wrX5yPtqhsabjCgR",
            "rX5yPtqhsabjCgRn",
            "X5yPtqhsabjCgRnP",
            "5yPtqhsabjCg",
            "yPtqhsabjCgR",
            "PtqhsabjCgRn",
            "tqhsabjCgRnP",
            "qhsabjCg",
            "hsabjCgR",
            "sabjCgRn",
            "abjCgRnP",
            "bjCg",
            "jCgR",
            "CgRn",
            "gRnP",
            "srf2836LgQlWsOlt",
            "rf2836LgQlWsOltO",
            "f2836LgQlWsOltOh",
            "2836LgQlWsOltOhD",
            "836LgQlWsOlt",
            "36LgQlWsOltO",
            "6LgQlWsOltOh",
            "LgQlWsOltOhD",
            "gQlWsOlt",
            "QlWsOltO",
            "lWsOltOh",
            "WsOltOhD",
            "sOlt",
            "OltO",
            "ltOh",
            "tOhD",
            "Hi8dEi6RnPKsS0aa",
            "i8dEi6RnPKsS0aaO",
            "8dEi6RnPKsS0aaOc",
            "dEi6RnPKsS0aaOc1",
            "Ei6RnPKsS0aa",
            "i6RnPKsS0aaO",
            "6RnPKsS0aaOc",
            "RnPKsS0aaOc1",
            "nPKsS0aa",
            "PKsS0aaO",
            "KsS0aaOc",
            "sS0aaOc1",
            "S0aa",
            "0aaO",
            "aaOc",
            "aOc1",
            "mV5sgs6fOJQtReSu",
            "V5sgs6fOJQtReSuV",
            "5sgs6fOJQtReSuV6",
            "sgs6fOJQtReSuV6I",
            "gs6fOJQtReSu",
            "s6fOJQtReSuV",
            "6fOJQtReSuV6",
            "fOJQtReSuV6I",
            "OJQtReSu",
            "JQtReSuV",
            "QtReSuV6",
            "tReSuV6I",
            "ReSu",
            "eSuV",
            "SuV6",
            "uV6I",
            "heNJpU6uwphP8kwI",
            "eNJpU6uwphP8kwIS",
            "NJpU6uwphP8kwISl",
            "JpU6uwphP8kwISlf",
            "pU6uwphP8kwI",
            "U6uwphP8kwIS",
            "6uwphP8kwISl",
            "uwphP8kwISlf",
            "wphP8kwI",
            "phP8kwIS",
            "hP8kwISl",
            "P8kwISlf",
            "8kwI",
            "kwIS",
            "wISl",
            "ISlf",
            "KnO4xW6yxlPT8Abt",
            "nO4xW6yxlPT8Abto",
            "O4xW6yxlPT8AbtoA",
            "4xW6yxlPT8AbtoAJ",
            "xW6yxlPT8Abt",
            "W6yxlPT8Abto",
            "6yxlPT8AbtoA",
            "yxlPT8AbtoAJ",
            "xlPT8Abt",
            "lPT8Abto",
            "PT8AbtoA",
            "T8AbtoAJ",
            "8Abt",
            "Abto",
            "toAJ",
            "bgb85G6Jhf589wyb",
            "gb85G6Jhf589wybm",
            "b85G6Jhf589wybml",
            "85G6Jhf589wybmlZ",
            "5G6Jhf589wyb",
            "G6Jhf589wybm",
            "6Jhf589wybml",
            "Jhf589wybmlZ",
            "hf589wyb",
            "f589wybm",
            "589wybml",
            "89wybmlZ",
            "9wyb",
            "wybm",
            "ybml",
            "bmlZ",
            "L1sarQ6c4x9u6QhD",
            "1sarQ6c4x9u6QhDS",
            "sarQ6c4x9u6QhDS5",
            "arQ6c4x9u6QhDS59",
            "rQ6c4x9u6QhD",
            "Q6c4x9u6QhDS",
            "6c4x9u6QhDS5",
            "c4x9u6QhDS59",
            "4x9u6QhD",
            "x9u6QhDS",
            "9u6QhDS5",
            "u6QhDS59",
            "6QhD",
            "QhDS",
            "hDS5",
            "DS59",
            "YfvXSQ6FAg8ViQL9",
            "fvXSQ6FAg8ViQL9M",
            "vXSQ6FAg8ViQL9M2",
            "XSQ6FAg8ViQL9M29",
            "SQ6FAg8ViQL9",
            "Q6FAg8ViQL9M",
            "6FAg8ViQL9M2",
            "FAg8ViQL9M29",
            "Ag8ViQL9",
            "g8ViQL9M",
            "8ViQL9M2",
            "ViQL9M29",
            "iQL9",
            "QL9M",
            "L9M2",
            "9M29",
            "CsWkun6A9Is4RyqD",
            "sWkun6A9Is4RyqD9",
            "Wkun6A9Is4RyqD9v",
            "kun6A9Is4RyqD9vJ",
            "un6A9Is4RyqD",
            "n6A9Is4RyqD9",
            "6A9Is4RyqD9v",
            "A9Is4RyqD9vJ",
            "9Is4RyqD",
            "Is4RyqD9",
            "s4RyqD9v",
            "4RyqD9vJ",
            "RyqD",
            "yqD9",
            "qD9v",
            "D9vJ",
            "S5CS3I6iRaAlKeCb",
            "5CS3I6iRaAlKeCbf",
            "CS3I6iRaAlKeCbfk",
            "S3I6iRaAlKeCbfkZ",
            "3I6iRaAlKeCb",
            "I6iRaAlKeCbf",
            "6iRaAlKeCbfk",
            "iRaAlKeCbfkZ",
            "RaAlKeCb",
            "aAlKeCbf",
            "AlKeCbfk",
            "lKeCbfkZ",
            "KeCb",
            "eCbf",
            "Cbfk",
            "bfkZ",
            "wm5qBthe7PWiyp6Q",
            "m5qBthe7PWiyp6Qw",
            "5qBthe7PWiyp6QwX",
            "qBthe7PWiyp6QwXj",
            "Bthe7PWiyp6Q",
            "the7PWiyp6Qw",
            "he7PWiyp6QwX",
            "e7PWiyp6QwXj",
            "7PWiyp6Q",
            "PWiyp6Qw",
            "Wiyp6QwX",
            "iyp6QwXj",
            "yp6Q",
            "p6Qw",
            "6QwX",
            "QwXj",
            "O1q2liP6LGPIEYif",
            "1q2liP6LGPIEYifL",
            "q2liP6LGPIEYifLA",
            "2liP6LGPIEYifLAe",
            "liP6LGPIEYif",
            "iP6LGPIEYifL",
            "P6LGPIEYifLA",
            "6LGPIEYifLAe",
            "LGPIEYif",
            "GPIEYifL",
            "PIEYifLA",
            "IEYifLAe",
            "EYif",
            "YifL",
            "ifLA",
            "fLAe",
            "PrivateImplementationDetails",
            "rivateImplementationDeta",
            "ivateImplementationDetai",
            "vateImplementationDetail",
            "ateImplementationDetails",
            "teImplementationDeta",
            "eImplementationDetai",
            "ImplementationDetail",
            "mplementationDetails",
            "plementationDeta",
            "lementationDetai",
            "ementationDetail",
            "mentationDetails",
            "entationDeta",
            "ntationDetai",
            "tationDetail",
            "ationDetails",
            "tionDeta",
            "ionDetai",
            "onDetail",
            "nDetails",
            "Deta",
            "etai",
            "tail",
            "ails",
            "987D5E06",
            "87D5",
            "7D5E",
            "D5E0",
            "5E06",
            "59D6",
            "4C51",
            "9ADF",
            "C3C0AE4FC498",
            "3C0AE4FC",
            "C0AE4FC4",
            "0AE4FC49",
            "AE4FC498",
            "E4FC",
            "4FC4",
            "FC49",
            "C498",
            "StaticArrayInitTypeSize=",
            "taticArrayInitTypeSi",
            "aticArrayInitTypeSiz",
            "ticArrayInitTypeSize",
            "icArrayInitTypeSize=",
            "cArrayInitTypeSi",
            "ArrayInitTypeSiz",
            "rrayInitTypeSize",
            "rayInitTypeSize=",
            "ayInitTypeSi",
            "yInitTypeSiz",
            "InitTypeSize",
            "nitTypeSize=",
            "itTypeSi",
            "tTypeSiz",
            "TypeSize",
            "ypeSize=",
            "peSi",
            "eSiz",
            "Size",
            "ize=",
            "b8bddd2a",
            "8bdd",
            "bddd",
            "ddd2",
            "dd2a",
            "a952",
            "4523",
            "8049",
            "3c5b3829d6dc",
            "c5b3829d",
            "5b3829d6",
            "b3829d6d",
            "3829d6dc",
            "829d",
            "29d6",
            "9d6d",
            "d6dc",
            "omOQJrKemiAP7Z2x",
            "mOQJrKemiAP7Z2xy",
            "OQJrKemiAP7Z2xyM",
            "QJrKemiAP7Z2xyMT",
            "JrKemiAP7Z2x",
            "rKemiAP7Z2xy",
            "KemiAP7Z2xyM",
            "emiAP7Z2xyMT",
            "miAP7Z2x",
            "iAP7Z2xy",
            "AP7Z2xyM",
            "P7Z2xyMT",
            "7Z2x",
            "Z2xy",
            "2xyM",
            "xyMT",
            "z2G8uZKG117QRUpG",
            "2G8uZKG117QRUpGh",
            "G8uZKG117QRUpGhT",
            "8uZKG117QRUpGhTC",
            "uZKG117QRUpG",
            "ZKG117QRUpGh",
            "KG117QRUpGhT",
            "G117QRUpGhTC",
            "117QRUpG",
            "17QRUpGh",
            "7QRUpGhT",
            "QRUpGhTC",
            "RUpG",
            "UpGh",
            "pGhT",
            "GhTC",
            "SKJNgtKIXnVETvnX",
            "KJNgtKIXnVETvnXa",
            "JNgtKIXnVETvnXa6",
            "NgtKIXnVETvnXa68",
            "gtKIXnVETvnX",
            "tKIXnVETvnXa",
            "KIXnVETvnXa6",
            "IXnVETvnXa68",
            "XnVETvnX",
            "nVETvnXa",
            "VETvnXa6",
            "ETvnXa68",
            "TvnX",
            "vnXa",
            "nXa6",
            "Xa68",
            "EdSpWlKRhBJMWAXP",
            "dSpWlKRhBJMWAXPe",
            "SpWlKRhBJMWAXPeu",
            "pWlKRhBJMWAXPeuC",
            "WlKRhBJMWAXP",
            "lKRhBJMWAXPe",
            "KRhBJMWAXPeu",
            "RhBJMWAXPeuC",
            "hBJMWAXP",
            "BJMWAXPe",
            "JMWAXPeu",
            "MWAXPeuC",
            "WAXP",
            "AXPe",
            "XPeu",
            "PeuC",
            "xvAQZ9K5ArSQPRjf",
            "vAQZ9K5ArSQPRjfS",
            "AQZ9K5ArSQPRjfSC",
            "QZ9K5ArSQPRjfSCC",
            "Z9K5ArSQPRjf",
            "9K5ArSQPRjfS",
            "K5ArSQPRjfSC",
            "5ArSQPRjfSCC",
            "ArSQPRjf",
            "rSQPRjfS",
            "SQPRjfSC",
            "QPRjfSCC",
            "PRjf",
            "RjfS",
            "jfSC",
            "fSCC",
            "KsRkatKmW4f39LXK",
            "sRkatKmW4f39LXKC",
            "RkatKmW4f39LXKCr",
            "katKmW4f39LXKCr4",
            "atKmW4f39LXK",
            "tKmW4f39LXKC",
            "KmW4f39LXKCr",
            "mW4f39LXKCr4",
            "W4f39LXK",
            "4f39LXKC",
            "f39LXKCr",
            "39LXKCr4",
            "9LXK",
            "LXKC",
            "XKCr",
            "KCr4",
            "EYZVM3K4Ltpo7YmH",
            "YZVM3K4Ltpo7YmHY",
            "ZVM3K4Ltpo7YmHYm",
            "VM3K4Ltpo7YmHYmg",
            "M3K4Ltpo7YmH",
            "3K4Ltpo7YmHY",
            "K4Ltpo7YmHYm",
            "4Ltpo7YmHYmg",
            "Ltpo7YmH",
            "tpo7YmHY",
            "po7YmHYm",
            "o7YmHYmg",
            "7YmH",
            "YmHY",
            "mHYm",
            "HYmg",
            "aaLtLCK1KPASf3CM",
            "aLtLCK1KPASf3CME",
            "LtLCK1KPASf3CMEX",
            "tLCK1KPASf3CMEXv",
            "LCK1KPASf3CM",
            "CK1KPASf3CME",
            "K1KPASf3CMEX",
            "1KPASf3CMEXv",
            "KPASf3CM",
            "PASf3CME",
            "ASf3CMEX",
            "Sf3CMEXv",
            "f3CM",
            "3CME",
            "CMEX",
            "MEXv",
            "fZWrWaKqtwaBqdVF",
            "ZWrWaKqtwaBqdVF0",
            "WrWaKqtwaBqdVF0b",
            "rWaKqtwaBqdVF0b4",
            "WaKqtwaBqdVF",
            "aKqtwaBqdVF0",
            "KqtwaBqdVF0b",
            "qtwaBqdVF0b4",
            "twaBqdVF",
            "waBqdVF0",
            "aBqdVF0b",
            "BqdVF0b4",
            "qdVF",
            "dVF0",
            "VF0b",
            "F0b4",
            "jQYWXQKYAPerw4Wf",
            "QYWXQKYAPerw4Wfd",
            "YWXQKYAPerw4WfdC",
            "WXQKYAPerw4WfdCs",
            "XQKYAPerw4Wf",
            "QKYAPerw4Wfd",
            "KYAPerw4WfdC",
            "YAPerw4WfdCs",
            "APerw4Wf",
            "Perw4Wfd",
            "erw4WfdC",
            "rw4WfdCs",
            "w4Wf",
            "4Wfd",
            "WfdC",
            "fdCs",
            "A4HaU4Kut45feEMP",
            "4HaU4Kut45feEMPE",
            "HaU4Kut45feEMPEx",
            "aU4Kut45feEMPExx",
            "U4Kut45feEMP",
            "4Kut45feEMPE",
            "Kut45feEMPEx",
            "ut45feEMPExx",
            "t45feEMP",
            "45feEMPE",
            "5feEMPEx",
            "feEMPExx",
            "eEMP",
            "EMPE",
            "MPEx",
            "PExx",
            "neoWA0K3k6wIGyMd",
            "eoWA0K3k6wIGyMdX",
            "oWA0K3k6wIGyMdXf",
            "WA0K3k6wIGyMdXfa",
            "A0K3k6wIGyMd",
            "0K3k6wIGyMdX",
            "K3k6wIGyMdXf",
            "3k6wIGyMdXfa",
            "k6wIGyMd",
            "6wIGyMdX",
            "wIGyMdXf",
            "IGyMdXfa",
            "GyMd",
            "yMdX",
            "MdXf",
            "dXfa",
            "sgvsLfKpUSFAHYp6",
            "gvsLfKpUSFAHYp6q",
            "vsLfKpUSFAHYp6q8",
            "sLfKpUSFAHYp6q8Z",
            "LfKpUSFAHYp6",
            "fKpUSFAHYp6q",
            "KpUSFAHYp6q8",
            "pUSFAHYp6q8Z",
            "USFAHYp6",
            "SFAHYp6q",
            "FAHYp6q8",
            "AHYp6q8Z",
            "HYp6",
            "Yp6q",
            "p6q8",
            "6q8Z",
            "mAJGWwK8TArvLw8P",
            "AJGWwK8TArvLw8P4",
            "JGWwK8TArvLw8P4q",
            "GWwK8TArvLw8P4qN",
            "WwK8TArvLw8P",
            "wK8TArvLw8P4",
            "K8TArvLw8P4q",
            "8TArvLw8P4qN",
            "TArvLw8P",
            "ArvLw8P4",
            "rvLw8P4q",
            "vLw8P4qN",
            "Lw8P",
            "w8P4",
            "8P4q",
            "P4qN",
            "hYMKsIKc9TVB7OhC",
            "YMKsIKc9TVB7OhCB",
            "MKsIKc9TVB7OhCBm",
            "KsIKc9TVB7OhCBmh",
            "sIKc9TVB7OhC",
            "IKc9TVB7OhCB",
            "Kc9TVB7OhCBm",
            "c9TVB7OhCBmh",
            "9TVB7OhC",
            "TVB7OhCB",
            "VB7OhCBm",
            "B7OhCBmh",
            "7OhC",
            "OhCB",
            "hCBm",
            "CBmh",
            "V8mIk0KF0B35LNuS",
            "8mIk0KF0B35LNuSY",
            "mIk0KF0B35LNuSY1",
            "Ik0KF0B35LNuSY1K",
            "k0KF0B35LNuS",
            "0KF0B35LNuSY",
            "KF0B35LNuSY1",
            "F0B35LNuSY1K",
            "0B35LNuS",
            "B35LNuSY",
            "35LNuSY1",
            "5LNuSY1K",
            "LNuS",
            "NuSY",
            "uSY1",
            "SY1K",
            "cHawEkK0OATIEU27",
            "HawEkK0OATIEU27s",
            "awEkK0OATIEU27so",
            "wEkK0OATIEU27soM",
            "EkK0OATIEU27",
            "kK0OATIEU27s",
            "K0OATIEU27so",
            "0OATIEU27soM",
            "OATIEU27",
            "ATIEU27s",
            "TIEU27so",
            "IEU27soM",
            "EU27",
            "U27s",
            "27so",
            "7soM",
            "O5YJGXKOrMUjJNfi",
            "5YJGXKOrMUjJNfi7",
            "YJGXKOrMUjJNfi7U",
            "JGXKOrMUjJNfi7UN",
            "GXKOrMUjJNfi",
            "XKOrMUjJNfi7",
            "KOrMUjJNfi7U",
            "OrMUjJNfi7UN",
            "rMUjJNfi",
            "MUjJNfi7",
            "UjJNfi7U",
            "jJNfi7UN",
            "JNfi",
            "Nfi7",
            "fi7U",
            "i7UN",
            "AEjd30Kj4CsNeWXv",
            "Ejd30Kj4CsNeWXvG",
            "jd30Kj4CsNeWXvGO",
            "d30Kj4CsNeWXvGOU",
            "30Kj4CsNeWXv",
            "0Kj4CsNeWXvG",
            "Kj4CsNeWXvGO",
            "j4CsNeWXvGOU",
            "4CsNeWXv",
            "CsNeWXvG",
            "sNeWXvGO",
            "NeWXvGOU",
            "eWXv",
            "WXvG",
            "XvGO",
            "vGOU",
            "w8QP5wKQRuXLC69a",
            "8QP5wKQRuXLC69ap",
            "QP5wKQRuXLC69apo",
            "P5wKQRuXLC69apo5",
            "5wKQRuXLC69a",
            "wKQRuXLC69ap",
            "KQRuXLC69apo",
            "QRuXLC69apo5",
            "RuXLC69a",
            "uXLC69ap",
            "XLC69apo",
            "LC69apo5",
            "C69a",
            "69ap",
            "9apo",
            "apo5",
            "lj7eyIKt3ZTs1Vmj",
            "j7eyIKt3ZTs1VmjD",
            "7eyIKt3ZTs1VmjDw",
            "eyIKt3ZTs1VmjDww",
            "yIKt3ZTs1Vmj",
            "IKt3ZTs1VmjD",
            "Kt3ZTs1VmjDw",
            "t3ZTs1VmjDww",
            "3ZTs1Vmj",
            "ZTs1VmjD",
            "Ts1VmjDw",
            "s1VmjDww",
            "1Vmj",
            "VmjD",
            "mjDw",
            "jDww",
            "MUoWTRKCaqM1BJ33",
            "UoWTRKCaqM1BJ334",
            "oWTRKCaqM1BJ334q",
            "WTRKCaqM1BJ334qD",
            "TRKCaqM1BJ33",
            "RKCaqM1BJ334",
            "KCaqM1BJ334q",
            "CaqM1BJ334qD",
            "aqM1BJ33",
            "qM1BJ334",
            "M1BJ334q",
            "1BJ334qD",
            "BJ33",
            "J334",
            "334q",
            "34qD",
            "yK06gIKxRqHBFoeE",
            "K06gIKxRqHBFoeEr",
            "06gIKxRqHBFoeErj",
            "6gIKxRqHBFoeErjs",
            "gIKxRqHBFoeE",
            "IKxRqHBFoeEr",
            "KxRqHBFoeErj",
            "xRqHBFoeErjs",
            "RqHBFoeE",
            "qHBFoeEr",
            "HBFoeErj",
            "BFoeErjs",
            "FoeE",
            "oeEr",
            "eErj",
            "Erjs",
            "olaA1xUVZAC5WHf2",
            "laA1xUVZAC5WHf2a",
            "aA1xUVZAC5WHf2a1",
            "A1xUVZAC5WHf2a1g",
            "1xUVZAC5WHf2",
            "xUVZAC5WHf2a",
            "UVZAC5WHf2a1",
            "VZAC5WHf2a1g",
            "ZAC5WHf2",
            "AC5WHf2a",
            "C5WHf2a1",
            "5WHf2a1g",
            "WHf2",
            "Hf2a",
            "f2a1",
            "2a1g",
            "Euex6WUnqFCfZEDV",
            "uex6WUnqFCfZEDVk",
            "ex6WUnqFCfZEDVkR",
            "x6WUnqFCfZEDVkRp",
            "6WUnqFCfZEDV",
            "WUnqFCfZEDVk",
            "UnqFCfZEDVkR",
            "nqFCfZEDVkRp",
            "qFCfZEDV",
            "FCfZEDVk",
            "CfZEDVkR",
            "fZEDVkRp",
            "ZEDV",
            "EDVk",
            "DVkR",
            "VkRp",
            "ox12UJUZM3aWAF2t",
            "x12UJUZM3aWAF2tF",
            "12UJUZM3aWAF2tFW",
            "2UJUZM3aWAF2tFW7",
            "UJUZM3aWAF2t",
            "JUZM3aWAF2tF",
            "UZM3aWAF2tFW",
            "ZM3aWAF2tFW7",
            "M3aWAF2t",
            "3aWAF2tF",
            "aWAF2tFW",
            "WAF2tFW7",
            "AF2t",
            "F2tF",
            "2tFW",
            "tFW7",
            "M0AU4uUWNxhN671d",
            "0AU4uUWNxhN671dm",
            "AU4uUWNxhN671dmj",
            "U4uUWNxhN671dmjH",
            "4uUWNxhN671d",
            "uUWNxhN671dm",
            "UWNxhN671dmj",
            "WNxhN671dmjH",
            "NxhN671d",
            "xhN671dm",
            "hN671dmj",
            "N671dmjH",
            "671d",
            "71dm",
            "1dmj",
            "dmjH",
            "cinM6yUs7DXpxV2u",
            "inM6yUs7DXpxV2uw",
            "nM6yUs7DXpxV2uwy",
            "M6yUs7DXpxV2uwyl",
            "6yUs7DXpxV2u",
            "yUs7DXpxV2uw",
            "Us7DXpxV2uwy",
            "s7DXpxV2uwyl",
            "7DXpxV2u",
            "DXpxV2uw",
            "XpxV2uwy",
            "pxV2uwyl",
            "xV2u",
            "V2uw",
            "2uwy",
            "uwyl",
            "WJ88isUhykuSdAqr",
            "J88isUhykuSdAqrK",
            "88isUhykuSdAqrKQ",
            "8isUhykuSdAqrKQM",
            "isUhykuSdAqr",
            "sUhykuSdAqrK",
            "UhykuSdAqrKQ",
            "hykuSdAqrKQM",
            "ykuSdAqr",
            "kuSdAqrK",
            "uSdAqrKQ",
            "SdAqrKQM",
            "dAqr",
            "AqrK",
            "qrKQ",
            "rKQM",
            "CdZpBvUKmPxZsqJr",
            "dZpBvUKmPxZsqJrr",
            "ZpBvUKmPxZsqJrra",
            "pBvUKmPxZsqJrraj",
            "BvUKmPxZsqJr",
            "vUKmPxZsqJrr",
            "UKmPxZsqJrra",
            "KmPxZsqJrraj",
            "mPxZsqJr",
            "PxZsqJrr",
            "xZsqJrra",
            "ZsqJrraj",
            "sqJr",
            "qJrr",
            "Jrra",
            "rraj",
            "Cv5RkZUrIhrNK9QI",
            "v5RkZUrIhrNK9QIP",
            "5RkZUrIhrNK9QIPr",
            "RkZUrIhrNK9QIPrw",
            "kZUrIhrNK9QI",
            "ZUrIhrNK9QIP",
            "UrIhrNK9QIPr",
            "rIhrNK9QIPrw",
            "IhrNK9QI",
            "hrNK9QIP",
            "rNK9QIPr",
            "NK9QIPrw",
            "K9QI",
            "9QIP",
            "QIPr",
            "IPrw",
            "O32pEpUetR7rZqcT",
            "32pEpUetR7rZqcTS",
            "2pEpUetR7rZqcTSu",
            "pEpUetR7rZqcTSuh",
            "EpUetR7rZqcT",
            "pUetR7rZqcTS",
            "UetR7rZqcTSu",
            "etR7rZqcTSuh",
            "tR7rZqcT",
            "R7rZqcTS",
            "7rZqcTSu",
            "rZqcTSuh",
            "ZqcT",
            "qcTS",
            "cTSu",
            "TSuh",
            "IaVBMLUGU3u26AYm",
            "aVBMLUGU3u26AYmp",
            "VBMLUGU3u26AYmpG",
            "BMLUGU3u26AYmpG8",
            "MLUGU3u26AYm",
            "LUGU3u26AYmp",
            "UGU3u26AYmpG",
            "GU3u26AYmpG8",
            "U3u26AYm",
            "3u26AYmp",
            "u26AYmpG",
            "26AYmpG8",
            "6AYm",
            "AYmp",
            "YmpG",
            "mpG8",
            "qFBhwiUIpY2WrSKd",
            "FBhwiUIpY2WrSKd1",
            "BhwiUIpY2WrSKd1o",
            "hwiUIpY2WrSKd1o7",
            "wiUIpY2WrSKd",
            "iUIpY2WrSKd1",
            "UIpY2WrSKd1o",
            "IpY2WrSKd1o7",
            "pY2WrSKd",
            "Y2WrSKd1",
            "2WrSKd1o",
            "WrSKd1o7",
            "rSKd",
            "SKd1",
            "Kd1o",
            "d1o7",
            "fn0QUuURGMUER1pe",
            "n0QUuURGMUER1peM",
            "0QUuURGMUER1peMo",
            "QUuURGMUER1peMoI",
            "UuURGMUER1pe",
            "uURGMUER1peM",
            "URGMUER1peMo",
            "RGMUER1peMoI",
            "GMUER1pe",
            "MUER1peM",
            "UER1peMo",
            "ER1peMoI",
            "R1pe",
            "1peM",
            "peMo",
            "eMoI",
            "AOeQetU5paa7atWr",
            "OeQetU5paa7atWrL",
            "eQetU5paa7atWrL1",
            "QetU5paa7atWrL1J",
            "etU5paa7atWr",
            "tU5paa7atWrL",
            "U5paa7atWrL1",
            "5paa7atWrL1J",
            "paa7atWr",
            "aa7atWrL",
            "a7atWrL1",
            "7atWrL1J",
            "atWr",
            "tWrL",
            "WrL1",
            "rL1J",
            "P0YsgYUm6k73rZ2g",
            "0YsgYUm6k73rZ2gk",
            "YsgYUm6k73rZ2gkO",
            "sgYUm6k73rZ2gkOp",
            "gYUm6k73rZ2g",
            "YUm6k73rZ2gk",
            "Um6k73rZ2gkO",
            "m6k73rZ2gkOp",
            "6k73rZ2g",
            "k73rZ2gk",
            "73rZ2gkO",
            "3rZ2gkOp",
            "rZ2g",
            "Z2gk",
            "2gkO",
            "gkOp",
            "neRr2IU43cQl3tIv",
            "eRr2IU43cQl3tIvw",
            "Rr2IU43cQl3tIvw3",
            "r2IU43cQl3tIvw32",
            "2IU43cQl3tIv",
            "IU43cQl3tIvw",
            "U43cQl3tIvw3",
            "43cQl3tIvw32",
            "3cQl3tIv",
            "cQl3tIvw",
            "Ql3tIvw3",
            "l3tIvw32",
            "3tIv",
            "tIvw",
            "Ivw3",
            "vw32",
            "mxyOjyU1eVaBCOKr",
            "xyOjyU1eVaBCOKrs",
            "yOjyU1eVaBCOKrsE",
            "OjyU1eVaBCOKrsEc",
            "jyU1eVaBCOKr",
            "yU1eVaBCOKrs",
            "U1eVaBCOKrsE",
            "1eVaBCOKrsEc",
            "eVaBCOKr",
            "VaBCOKrs",
            "aBCOKrsE",
            "BCOKrsEc",
            "COKr",
            "OKrs",
            "KrsE",
            "rsEc",
            "gLqAwmUqVtdQPLON",
            "LqAwmUqVtdQPLONg",
            "qAwmUqVtdQPLONg1",
            "AwmUqVtdQPLONg11",
            "wmUqVtdQPLON",
            "mUqVtdQPLONg",
            "UqVtdQPLONg1",
            "qVtdQPLONg11",
            "VtdQPLON",
            "tdQPLONg",
            "dQPLONg1",
            "QPLONg11",
            "PLON",
            "LONg",
            "ONg1",
            "Ng11",
            "AIGeKAUYJMbwf7i1",
            "IGeKAUYJMbwf7i1n",
            "GeKAUYJMbwf7i1nb",
            "eKAUYJMbwf7i1nb2",
            "KAUYJMbwf7i1",
            "AUYJMbwf7i1n",
            "UYJMbwf7i1nb",
            "YJMbwf7i1nb2",
            "JMbwf7i1",
            "Mbwf7i1n",
            "bwf7i1nb",
            "wf7i1nb2",
            "f7i1",
            "7i1n",
            "i1nb",
            "1nb2",
            "I9YGd0UupLOvr6Pa",
            "9YGd0UupLOvr6Pa4",
            "YGd0UupLOvr6Pa4g",
            "Gd0UupLOvr6Pa4gA",
            "d0UupLOvr6Pa",
            "0UupLOvr6Pa4",
            "UupLOvr6Pa4g",
            "upLOvr6Pa4gA",
            "pLOvr6Pa",
            "LOvr6Pa4",
            "Ovr6Pa4g",
            "vr6Pa4gA",
            "r6Pa",
            "6Pa4",
            "Pa4g",
            "a4gA",
            "JVPoERU3E474Dndo",
            "VPoERU3E474DndoD",
            "PoERU3E474DndoDD",
            "oERU3E474DndoDDV",
            "ERU3E474Dndo",
            "RU3E474DndoD",
            "U3E474DndoDD",
            "3E474DndoDDV",
            "E474Dndo",
            "474DndoD",
            "74DndoDD",
            "4DndoDDV",
            "Dndo",
            "ndoD",
            "doDD",
            "oDDV",
            "GP4KXDUp154wYrFC",
            "P4KXDUp154wYrFCt",
            "4KXDUp154wYrFCtc",
            "KXDUp154wYrFCtcJ",
            "XDUp154wYrFC",
            "DUp154wYrFCt",
            "Up154wYrFCtc",
            "p154wYrFCtcJ",
            "154wYrFC",
            "54wYrFCt",
            "4wYrFCtc",
            "wYrFCtcJ",
            "YrFC",
            "rFCt",
            "FCtc",
            "CtcJ",
            "refYt5U8I3WJrRHa",
            "efYt5U8I3WJrRHaw",
            "fYt5U8I3WJrRHawO",
            "Yt5U8I3WJrRHawOw",
            "t5U8I3WJrRHa",
            "5U8I3WJrRHaw",
            "U8I3WJrRHawO",
            "8I3WJrRHawOw",
            "I3WJrRHa",
            "3WJrRHaw",
            "WJrRHawO",
            "JrRHawOw",
            "rRHa",
            "RHaw",
            "HawO",
            "awOw",
            "qxMLGBUcJuYFUOYo",
            "xMLGBUcJuYFUOYoe",
            "MLGBUcJuYFUOYoeM",
            "LGBUcJuYFUOYoeMo",
            "GBUcJuYFUOYo",
            "BUcJuYFUOYoe",
            "UcJuYFUOYoeM",
            "cJuYFUOYoeMo",
            "JuYFUOYo",
            "uYFUOYoe",
            "YFUOYoeM",
            "FUOYoeMo",
            "UOYo",
            "OYoe",
            "YoeM",
            "oeMo",
            "AhyhHEUFryR0ueeH",
            "hyhHEUFryR0ueeHf",
            "yhHEUFryR0ueeHfC",
            "hHEUFryR0ueeHfCw",
            "HEUFryR0ueeH",
            "EUFryR0ueeHf",
            "UFryR0ueeHfC",
            "FryR0ueeHfCw",
            "ryR0ueeH",
            "yR0ueeHf",
            "R0ueeHfC",
            "0ueeHfCw",
            "ueeH",
            "eeHf",
            "eHfC",
            "HfCw",
            "LE0EUmU0Io8ro13f",
            "E0EUmU0Io8ro13fS",
            "0EUmU0Io8ro13fS4",
            "EUmU0Io8ro13fS4v",
            "UmU0Io8ro13f",
            "mU0Io8ro13fS",
            "U0Io8ro13fS4",
            "0Io8ro13fS4v",
            "Io8ro13f",
            "o8ro13fS",
            "8ro13fS4",
            "ro13fS4v",
            "o13f",
            "13fS",
            "3fS4",
            "fS4v",
            "ggghL4UO435ugSPh",
            "gghL4UO435ugSPhL",
            "ghL4UO435ugSPhLM",
            "hL4UO435ugSPhLMx",
            "L4UO435ugSPh",
            "4UO435ugSPhL",
            "UO435ugSPhLM",
            "O435ugSPhLMx",
            "435ugSPh",
            "35ugSPhL",
            "5ugSPhLM",
            "ugSPhLMx",
            "gSPh",
            "SPhL",
            "PhLM",
            "hLMx",
            "OfE1sLUj2HEEDN6K",
            "fE1sLUj2HEEDN6KY",
            "E1sLUj2HEEDN6KYl",
            "1sLUj2HEEDN6KYll",
            "sLUj2HEEDN6K",
            "LUj2HEEDN6KY",
            "Uj2HEEDN6KYl",
            "j2HEEDN6KYll",
            "2HEEDN6K",
            "HEEDN6KY",
            "EEDN6KYl",
            "EDN6KYll",
            "DN6K",
            "N6KY",
            "6KYl",
            "KYll",
            "iJjG0UUQmwxMnpP7",
            "JjG0UUQmwxMnpP7k",
            "jG0UUQmwxMnpP7km",
            "G0UUQmwxMnpP7kmf",
            "0UUQmwxMnpP7",
            "UUQmwxMnpP7k",
            "UQmwxMnpP7km",
            "QmwxMnpP7kmf",
            "mwxMnpP7",
            "wxMnpP7k",
            "xMnpP7km",
            "MnpP7kmf",
            "npP7",
            "pP7k",
            "P7km",
            "7kmf",
            "xNRQwKUtFnYYN8ds",
            "NRQwKUtFnYYN8ds6",
            "RQwKUtFnYYN8ds6R",
            "QwKUtFnYYN8ds6Rv",
            "wKUtFnYYN8ds",
            "KUtFnYYN8ds6",
            "UtFnYYN8ds6R",
            "tFnYYN8ds6Rv",
            "FnYYN8ds",
            "nYYN8ds6",
            "YYN8ds6R",
            "YN8ds6Rv",
            "N8ds",
            "8ds6",
            "ds6R",
            "s6Rv",
            "rEY7iYUCJkiqFAhT",
            "EY7iYUCJkiqFAhTi",
            "Y7iYUCJkiqFAhTiE",
            "7iYUCJkiqFAhTiEU",
            "iYUCJkiqFAhT",
            "YUCJkiqFAhTi",
            "UCJkiqFAhTiE",
            "CJkiqFAhTiEU",
            "JkiqFAhT",
            "kiqFAhTi",
            "iqFAhTiE",
            "qFAhTiEU",
            "FAhT",
            "AhTi",
            "hTiE",
            "TiEU",
            "yXi1UpUxlQChMtTn",
            "Xi1UpUxlQChMtTnB",
            "i1UpUxlQChMtTnBp",
            "1UpUxlQChMtTnBpN",
            "UpUxlQChMtTn",
            "pUxlQChMtTnB",
            "UxlQChMtTnBp",
            "xlQChMtTnBpN",
            "lQChMtTn",
            "QChMtTnB",
            "ChMtTnBp",
            "hMtTnBpN",
            "MtTn",
            "tTnB",
            "TnBp",
            "nBpN",
            "G438qkrVcUO7yndh",
            "438qkrVcUO7yndhn",
            "38qkrVcUO7yndhnW",
            "8qkrVcUO7yndhnWy",
            "qkrVcUO7yndh",
            "krVcUO7yndhn",
            "rVcUO7yndhnW",
            "VcUO7yndhnWy",
            "cUO7yndh",
            "UO7yndhn",
            "O7yndhnW",
            "7yndhnWy",
            "yndh",
            "ndhn",
            "dhnW",
            "hnWy",
            "sYDKpernMCMqfDpR",
            "YDKpernMCMqfDpRT",
            "DKpernMCMqfDpRTw",
            "KpernMCMqfDpRTwE",
            "pernMCMqfDpR",
            "ernMCMqfDpRT",
            "rnMCMqfDpRTw",
            "nMCMqfDpRTwE",
            "MCMqfDpR",
            "CMqfDpRT",
            "MqfDpRTw",
            "qfDpRTwE",
            "fDpR",
            "DpRT",
            "pRTw",
            "RTwE",
            "o4unxurZc2gToNad",
            "4unxurZc2gToNadJ",
            "unxurZc2gToNadJS",
            "nxurZc2gToNadJSp",
            "xurZc2gToNad",
            "urZc2gToNadJ",
            "rZc2gToNadJS",
            "Zc2gToNadJSp",
            "c2gToNad",
            "2gToNadJ",
            "gToNadJS",
            "ToNadJSp",
            "oNad",
            "NadJ",
            "adJS",
            "dJSp",
            "v0lkGsrW6YIFE0Bb",
            "0lkGsrW6YIFE0BbL",
            "lkGsrW6YIFE0BbLG",
            "kGsrW6YIFE0BbLGy",
            "GsrW6YIFE0Bb",
            "srW6YIFE0BbL",
            "rW6YIFE0BbLG",
            "W6YIFE0BbLGy",
            "6YIFE0Bb",
            "YIFE0BbL",
            "IFE0BbLG",
            "FE0BbLGy",
            "E0Bb",
            "0BbL",
            "BbLG",
            "bLGy",
            "V5D5djrsaThPDZj8",
            "5D5djrsaThPDZj8T",
            "D5djrsaThPDZj8Ta",
            "5djrsaThPDZj8Tau",
            "djrsaThPDZj8",
            "jrsaThPDZj8T",
            "rsaThPDZj8Ta",
            "saThPDZj8Tau",
            "aThPDZj8",
            "ThPDZj8T",
            "hPDZj8Ta",
            "PDZj8Tau",
            "DZj8",
            "Zj8T",
            "j8Ta",
            "8Tau",
            "OUGxxQrhibuv2px9",
            "UGxxQrhibuv2px9X",
            "GxxQrhibuv2px9Xn",
            "xxQrhibuv2px9Xn9",
            "xQrhibuv2px9",
            "Qrhibuv2px9X",
            "rhibuv2px9Xn",
            "hibuv2px9Xn9",
            "ibuv2px9",
            "buv2px9X",
            "uv2px9Xn",
            "v2px9Xn9",
            "2px9",
            "px9X",
            "x9Xn",
            "9Xn9",
            "sOaxBdrKbf0RWYM2",
            "OaxBdrKbf0RWYM2s",
            "axBdrKbf0RWYM2ss",
            "xBdrKbf0RWYM2ssw",
            "BdrKbf0RWYM2",
            "drKbf0RWYM2s",
            "rKbf0RWYM2ss",
            "Kbf0RWYM2ssw",
            "bf0RWYM2",
            "f0RWYM2s",
            "0RWYM2ss",
            "RWYM2ssw",
            "WYM2",
            "YM2s",
            "M2ss",
            "2ssw",
            "NdkEIQrrFMdB5jH1",
            "dkEIQrrFMdB5jH18",
            "kEIQrrFMdB5jH183",
            "EIQrrFMdB5jH183Q",
            "IQrrFMdB5jH1",
            "QrrFMdB5jH18",
            "rrFMdB5jH183",
            "rFMdB5jH183Q",
            "FMdB5jH1",
            "MdB5jH18",
            "dB5jH183",
            "B5jH183Q",
            "5jH1",
            "jH18",
            "H183",
            "183Q",
            "oawGFYrem2HVnZPn",
            "awGFYrem2HVnZPnU",
            "wGFYrem2HVnZPnUr",
            "GFYrem2HVnZPnUr9",
            "FYrem2HVnZPn",
            "Yrem2HVnZPnU",
            "rem2HVnZPnUr",
            "em2HVnZPnUr9",
            "m2HVnZPn",
            "2HVnZPnU",
            "HVnZPnUr",
            "VnZPnUr9",
            "nZPn",
            "ZPnU",
            "PnUr",
            "nUr9",
            "mqnyYHrG4oPf70Dg",
            "qnyYHrG4oPf70Dgb",
            "nyYHrG4oPf70DgbF",
            "yYHrG4oPf70DgbFZ",
            "YHrG4oPf70Dg",
            "HrG4oPf70Dgb",
            "rG4oPf70DgbF",
            "G4oPf70DgbFZ",
            "4oPf70Dg",
            "oPf70Dgb",
            "Pf70DgbF",
            "f70DgbFZ",
            "70Dg",
            "0Dgb",
            "DgbF",
            "gbFZ",
            "rAmSjYrI5jfBVhyY",
            "AmSjYrI5jfBVhyYv",
            "mSjYrI5jfBVhyYvR",
            "SjYrI5jfBVhyYvR1",
            "jYrI5jfBVhyY",
            "YrI5jfBVhyYv",
            "rI5jfBVhyYvR",
            "I5jfBVhyYvR1",
            "5jfBVhyY",
            "jfBVhyYv",
            "fBVhyYvR",
            "BVhyYvR1",
            "VhyY",
            "hyYv",
            "yYvR",
            "YvR1",
            "ii2YcUrRE5CcZXDV",
            "i2YcUrRE5CcZXDVa",
            "2YcUrRE5CcZXDVaS",
            "YcUrRE5CcZXDVaSy",
            "cUrRE5CcZXDV",
            "UrRE5CcZXDVa",
            "rRE5CcZXDVaS",
            "RE5CcZXDVaSy",
            "E5CcZXDV",
            "5CcZXDVa",
            "CcZXDVaS",
            "cZXDVaSy",
            "ZXDV",
            "XDVa",
            "DVaS",
            "VaSy",
            "qGt063r5GJBrTW4f",
            "Gt063r5GJBrTW4fa",
            "t063r5GJBrTW4faq",
            "063r5GJBrTW4faq6",
            "63r5GJBrTW4f",
            "3r5GJBrTW4fa",
            "r5GJBrTW4faq",
            "5GJBrTW4faq6",
            "GJBrTW4f",
            "JBrTW4fa",
            "BrTW4faq",
            "rTW4faq6",
            "TW4f",
            "W4fa",
            "4faq",
            "faq6",
            "jg7Gl1rm3VxOHZX3",
            "g7Gl1rm3VxOHZX3D",
            "7Gl1rm3VxOHZX3D4",
            "Gl1rm3VxOHZX3D4y",
            "l1rm3VxOHZX3",
            "1rm3VxOHZX3D",
            "rm3VxOHZX3D4",
            "m3VxOHZX3D4y",
            "3VxOHZX3",
            "VxOHZX3D",
            "xOHZX3D4",
            "OHZX3D4y",
            "HZX3",
            "ZX3D",
            "X3D4",
            "3D4y",
            "UV7af7r4xrZcCISZ",
            "V7af7r4xrZcCISZQ",
            "7af7r4xrZcCISZQc",
            "af7r4xrZcCISZQcN",
            "f7r4xrZcCISZ",
            "7r4xrZcCISZQ",
            "r4xrZcCISZQc",
            "4xrZcCISZQcN",
            "xrZcCISZ",
            "rZcCISZQ",
            "ZcCISZQc",
            "cCISZQcN",
            "CISZ",
            "ISZQ",
            "SZQc",
            "ZQcN",
            "S56PIgr1MjKFkcRX",
            "56PIgr1MjKFkcRXd",
            "6PIgr1MjKFkcRXdf",
            "PIgr1MjKFkcRXdfT",
            "Igr1MjKFkcRX",
            "gr1MjKFkcRXd",
            "r1MjKFkcRXdf",
            "1MjKFkcRXdfT",
            "MjKFkcRX",
            "jKFkcRXd",
            "KFkcRXdf",
            "FkcRXdfT",
            "kcRX",
            "cRXd",
            "RXdf",
            "XdfT",
            "kytXZjrqtCSYiYSJ",
            "ytXZjrqtCSYiYSJK",
            "tXZjrqtCSYiYSJKJ",
            "XZjrqtCSYiYSJKJL",
            "ZjrqtCSYiYSJ",
            "jrqtCSYiYSJK",
            "rqtCSYiYSJKJ",
            "qtCSYiYSJKJL",
            "tCSYiYSJ",
            "CSYiYSJK",
            "SYiYSJKJ",
            "YiYSJKJL",
            "iYSJ",
            "YSJK",
            "SJKJ",
            "JKJL",
            "U7F8A4rYqJ2ZQdh1",
            "7F8A4rYqJ2ZQdh1N",
            "F8A4rYqJ2ZQdh1NM",
            "8A4rYqJ2ZQdh1NMl",
            "A4rYqJ2ZQdh1",
            "4rYqJ2ZQdh1N",
            "rYqJ2ZQdh1NM",
            "YqJ2ZQdh1NMl",
            "qJ2ZQdh1",
            "J2ZQdh1N",
            "2ZQdh1NM",
            "ZQdh1NMl",
            "Qdh1",
            "dh1N",
            "h1NM",
            "1NMl",
            "XYBnwsrukPqdYQ3K",
            "YBnwsrukPqdYQ3Ks",
            "BnwsrukPqdYQ3Kso",
            "nwsrukPqdYQ3Kso6",
            "wsrukPqdYQ3K",
            "srukPqdYQ3Ks",
            "rukPqdYQ3Kso",
            "ukPqdYQ3Kso6",
            "kPqdYQ3K",
            "PqdYQ3Ks",
            "qdYQ3Kso",
            "dYQ3Kso6",
            "YQ3K",
            "Q3Ks",
            "3Kso",
            "Kso6",
            "URaq3Nr3LpFTL3if",
            "Raq3Nr3LpFTL3if2",
            "aq3Nr3LpFTL3if2m",
            "q3Nr3LpFTL3if2mP",
            "3Nr3LpFTL3if",
            "Nr3LpFTL3if2",
            "r3LpFTL3if2m",
            "3LpFTL3if2mP",
            "LpFTL3if",
            "pFTL3if2",
            "FTL3if2m",
            "TL3if2mP",
            "L3if",
            "3if2",
            "if2m",
            "f2mP",
            "Qv2Xx5rpEZgu0621",
            "v2Xx5rpEZgu0621h",
            "2Xx5rpEZgu0621hf",
            "Xx5rpEZgu0621hfp",
            "x5rpEZgu0621",
            "5rpEZgu0621h",
            "rpEZgu0621hf",
            "pEZgu0621hfp",
            "EZgu0621",
            "Zgu0621h",
            "gu0621hf",
            "u0621hfp",
            "0621",
            "621h",
            "21hf",
            "1hfp",
            "XDLoffr8R4EK7XwJ",
            "DLoffr8R4EK7XwJJ",
            "Loffr8R4EK7XwJJp",
            "offr8R4EK7XwJJpn",
            "ffr8R4EK7XwJ",
            "fr8R4EK7XwJJ",
            "r8R4EK7XwJJp",
            "8R4EK7XwJJpn",
            "R4EK7XwJ",
            "4EK7XwJJ",
            "EK7XwJJp",
            "K7XwJJpn",
            "7XwJ",
            "XwJJ",
            "wJJp",
            "JJpn",
            "E2sVHZrcUHugAlwA",
            "2sVHZrcUHugAlwAx",
            "sVHZrcUHugAlwAxS",
            "VHZrcUHugAlwAxSj",
            "HZrcUHugAlwA",
            "ZrcUHugAlwAx",
            "rcUHugAlwAxS",
            "cUHugAlwAxSj",
            "UHugAlwA",
            "HugAlwAx",
            "ugAlwAxS",
            "gAlwAxSj",
            "AlwA",
            "lwAx",
            "wAxS",
            "AxSj",
            "N4GijkrF7fZCtH9Q",
            "4GijkrF7fZCtH9Qt",
            "GijkrF7fZCtH9QtS",
            "ijkrF7fZCtH9QtSi",
            "jkrF7fZCtH9Q",
            "krF7fZCtH9Qt",
            "rF7fZCtH9QtS",
            "F7fZCtH9QtSi",
            "7fZCtH9Q",
            "fZCtH9Qt",
            "ZCtH9QtS",
            "CtH9QtSi",
            "tH9Q",
            "H9Qt",
            "9QtS",
            "QtSi",
            "bIQOJ9r0bVEdbDZ1",
            "IQOJ9r0bVEdbDZ17",
            "QOJ9r0bVEdbDZ17F",
            "OJ9r0bVEdbDZ17Fg",
            "J9r0bVEdbDZ1",
            "9r0bVEdbDZ17",
            "r0bVEdbDZ17F",
            "0bVEdbDZ17Fg",
            "bVEdbDZ1",
            "VEdbDZ17",
            "EdbDZ17F",
            "dbDZ17Fg",
            "bDZ1",
            "DZ17",
            "Z17F",
            "17Fg",
            "cQIyjqrOy0LwdNNx",
            "QIyjqrOy0LwdNNxi",
            "IyjqrOy0LwdNNxim",
            "yjqrOy0LwdNNximd",
            "jqrOy0LwdNNx",
            "qrOy0LwdNNxi",
            "rOy0LwdNNxim",
            "Oy0LwdNNximd",
            "y0LwdNNx",
            "0LwdNNxi",
            "LwdNNxim",
            "wdNNximd",
            "dNNx",
            "NNxi",
            "Nxim",
            "ximd",
            "VSy2nCrj3cmCJ131",
            "Sy2nCrj3cmCJ131F",
            "y2nCrj3cmCJ131Fi",
            "2nCrj3cmCJ131FiF",
            "nCrj3cmCJ131",
            "Crj3cmCJ131F",
            "rj3cmCJ131Fi",
            "j3cmCJ131FiF",
            "3cmCJ131",
            "cmCJ131F",
            "mCJ131Fi",
            "CJ131FiF",
            "J131",
            "131F",
            "31Fi",
            "1FiF",
            "BFvNDsrQwbUCIUjV",
            "FvNDsrQwbUCIUjVC",
            "vNDsrQwbUCIUjVCO",
            "NDsrQwbUCIUjVCO4",
            "DsrQwbUCIUjV",
            "srQwbUCIUjVC",
            "rQwbUCIUjVCO",
            "QwbUCIUjVCO4",
            "wbUCIUjV",
            "bUCIUjVC",
            "UCIUjVCO",
            "CIUjVCO4",
            "IUjV",
            "UjVC",
            "jVCO",
            "VCO4",
            "WodSNrrtAbUWlXv4",
            "odSNrrtAbUWlXv4f",
            "dSNrrtAbUWlXv4fJ",
            "SNrrtAbUWlXv4fJy",
            "NrrtAbUWlXv4",
            "rrtAbUWlXv4f",
            "rtAbUWlXv4fJ",
            "tAbUWlXv4fJy",
            "AbUWlXv4",
            "bUWlXv4f",
            "UWlXv4fJ",
            "WlXv4fJy",
            "lXv4",
            "Xv4f",
            "v4fJ",
            "4fJy",
            "ca4IjWrCbTOwqvLo",
            "a4IjWrCbTOwqvLoQ",
            "4IjWrCbTOwqvLoQR",
            "IjWrCbTOwqvLoQRy",
            "jWrCbTOwqvLo",
            "WrCbTOwqvLoQ",
            "rCbTOwqvLoQR",
            "CbTOwqvLoQRy",
            "bTOwqvLo",
            "TOwqvLoQ",
            "OwqvLoQR",
            "wqvLoQRy",
            "qvLo",
            "vLoQ",
            "LoQR",
            "oQRy",
            "SwOhpFrxEgCFQvya",
            "wOhpFrxEgCFQvyaV",
            "OhpFrxEgCFQvyaVx",
            "hpFrxEgCFQvyaVxN",
            "pFrxEgCFQvya",
            "FrxEgCFQvyaV",
            "rxEgCFQvyaVx",
            "xEgCFQvyaVxN",
            "EgCFQvya",
            "gCFQvyaV",
            "CFQvyaVx",
            "FQvyaVxN",
            "Qvya",
            "vyaV",
            "yaVx",
            "aVxN",
            "DPPeoMTVmgG4Wbym",
            "PPeoMTVmgG4WbymX",
            "PeoMTVmgG4WbymXT",
            "eoMTVmgG4WbymXT1",
            "oMTVmgG4Wbym",
            "MTVmgG4WbymX",
            "TVmgG4WbymXT",
            "VmgG4WbymXT1",
            "mgG4Wbym",
            "gG4WbymX",
            "G4WbymXT",
            "4WbymXT1",
            "Wbym",
            "bymX",
            "ymXT",
            "mXT1",
            "e27eL3TnVhQTcYvw",
            "27eL3TnVhQTcYvwd",
            "7eL3TnVhQTcYvwdI",
            "eL3TnVhQTcYvwdI3",
            "L3TnVhQTcYvw",
            "3TnVhQTcYvwd",
            "TnVhQTcYvwdI",
            "nVhQTcYvwdI3",
            "VhQTcYvw",
            "hQTcYvwd",
            "QTcYvwdI",
            "TcYvwdI3",
            "cYvw",
            "Yvwd",
            "vwdI",
            "wdI3",
            "ssLT1kTZbHlweTgQ",
            "sLT1kTZbHlweTgQU",
            "LT1kTZbHlweTgQUo",
            "T1kTZbHlweTgQUoY",
            "1kTZbHlweTgQ",
            "kTZbHlweTgQU",
            "TZbHlweTgQUo",
            "ZbHlweTgQUoY",
            "bHlweTgQ",
            "HlweTgQU",
            "lweTgQUo",
            "weTgQUoY",
            "eTgQ",
            "TgQU",
            "gQUo",
            "QUoY",
            "If0wWFTWq0OOBYHq",
            "f0wWFTWq0OOBYHqU",
            "0wWFTWq0OOBYHqU1",
            "wWFTWq0OOBYHqU1O",
            "WFTWq0OOBYHq",
            "FTWq0OOBYHqU",
            "TWq0OOBYHqU1",
            "Wq0OOBYHqU1O",
            "q0OOBYHq",
            "0OOBYHqU",
            "OOBYHqU1",
            "OBYHqU1O",
            "BYHq",
            "YHqU",
            "HqU1",
            "qU1O",
            "AfwAnfTshDlpXhOD",
            "fwAnfTshDlpXhODV",
            "wAnfTshDlpXhODVE",
            "AnfTshDlpXhODVEb",
            "nfTshDlpXhOD",
            "fTshDlpXhODV",
            "TshDlpXhODVE",
            "shDlpXhODVEb",
            "hDlpXhOD",
            "DlpXhODV",
            "lpXhODVE",
            "pXhODVEb",
            "XhOD",
            "hODV",
            "ODVE",
            "DVEb",
            "fypgVBThttn1bCNF",
            "ypgVBThttn1bCNFq",
            "pgVBThttn1bCNFqJ",
            "gVBThttn1bCNFqJd",
            "VBThttn1bCNF",
            "BThttn1bCNFq",
            "Thttn1bCNFqJ",
            "httn1bCNFqJd",
            "ttn1bCNF",
            "tn1bCNFq",
            "n1bCNFqJ",
            "1bCNFqJd",
            "bCNF",
            "CNFq",
            "NFqJ",
            "FqJd",
            "ymlgoaTKIRoiTar9",
            "mlgoaTKIRoiTar9W",
            "lgoaTKIRoiTar9WQ",
            "goaTKIRoiTar9WQ9",
            "oaTKIRoiTar9",
            "aTKIRoiTar9W",
            "TKIRoiTar9WQ",
            "KIRoiTar9WQ9",
            "IRoiTar9",
            "RoiTar9W",
            "oiTar9WQ",
            "iTar9WQ9",
            "Tar9",
            "ar9W",
            "r9WQ",
            "9WQ9",
            "TaioR7TrmL5kx47w",
            "aioR7TrmL5kx47wT",
            "ioR7TrmL5kx47wTI",
            "oR7TrmL5kx47wTI6",
            "R7TrmL5kx47w",
            "7TrmL5kx47wT",
            "TrmL5kx47wTI",
            "rmL5kx47wTI6",
            "mL5kx47w",
            "L5kx47wT",
            "5kx47wTI",
            "kx47wTI6",
            "x47w",
            "47wT",
            "7wTI",
            "wTI6",
            "yioMiiTeHwXQ0Ym4",
            "ioMiiTeHwXQ0Ym4Z",
            "oMiiTeHwXQ0Ym4Z7",
            "MiiTeHwXQ0Ym4Z7S",
            "iiTeHwXQ0Ym4",
            "iTeHwXQ0Ym4Z",
            "TeHwXQ0Ym4Z7",
            "eHwXQ0Ym4Z7S",
            "HwXQ0Ym4",
            "wXQ0Ym4Z",
            "XQ0Ym4Z7",
            "Q0Ym4Z7S",
            "0Ym4",
            "Ym4Z",
            "m4Z7",
            "4Z7S",
            "lf9Pa2TGtHLERbyp",
            "f9Pa2TGtHLERbypK",
            "9Pa2TGtHLERbypKd",
            "Pa2TGtHLERbypKdk",
            "a2TGtHLERbyp",
            "2TGtHLERbypK",
            "TGtHLERbypKd",
            "GtHLERbypKdk",
            "tHLERbyp",
            "HLERbypK",
            "LERbypKd",
            "ERbypKdk",
            "Rbyp",
            "bypK",
            "ypKd",
            "pKdk",
            "Cxxy82TIyVYRnK7j",
            "xxy82TIyVYRnK7jG",
            "xy82TIyVYRnK7jGe",
            "y82TIyVYRnK7jGeL",
            "82TIyVYRnK7j",
            "2TIyVYRnK7jG",
            "TIyVYRnK7jGe",
            "IyVYRnK7jGeL",
            "yVYRnK7j",
            "VYRnK7jG",
            "YRnK7jGe",
            "RnK7jGeL",
            "nK7j",
            "K7jG",
            "7jGe",
            "jGeL",
            "r96fPGTRePHnhtjh",
            "96fPGTRePHnhtjhb",
            "6fPGTRePHnhtjhbM",
            "fPGTRePHnhtjhbMw",
            "PGTRePHnhtjh",
            "GTRePHnhtjhb",
            "TRePHnhtjhbM",
            "RePHnhtjhbMw",
            "ePHnhtjh",
            "PHnhtjhb",
            "HnhtjhbM",
            "nhtjhbMw",
            "htjh",
            "tjhb",
            "jhbM",
            "hbMw",
            "XyUFl4T5r0OsPTuq",
            "yUFl4T5r0OsPTuqU",
            "UFl4T5r0OsPTuqU9",
            "Fl4T5r0OsPTuqU91",
            "l4T5r0OsPTuq",
            "4T5r0OsPTuqU",
            "T5r0OsPTuqU9",
            "5r0OsPTuqU91",
            "r0OsPTuq",
            "0OsPTuqU",
            "OsPTuqU9",
            "sPTuqU91",
            "PTuq",
            "TuqU",
            "uqU9",
            "qU91",
            "iJaSADTmjoNPme1y",
            "JaSADTmjoNPme1yI",
            "aSADTmjoNPme1yI6",
            "SADTmjoNPme1yI63",
            "ADTmjoNPme1y",
            "DTmjoNPme1yI",
            "TmjoNPme1yI6",
            "mjoNPme1yI63",
            "joNPme1y",
            "oNPme1yI",
            "NPme1yI6",
            "Pme1yI63",
            "me1y",
            "e1yI",
            "1yI6",
            "yI63",
            "XN5BNJT4IGjydrv3",
            "N5BNJT4IGjydrv3T",
            "5BNJT4IGjydrv3T9",
            "BNJT4IGjydrv3T9n",
            "NJT4IGjydrv3",
            "JT4IGjydrv3T",
            "T4IGjydrv3T9",
            "4IGjydrv3T9n",
            "IGjydrv3",
            "Gjydrv3T",
            "jydrv3T9",
            "ydrv3T9n",
            "drv3",
            "rv3T",
            "v3T9",
            "3T9n",
            "UiRWkuT1WRoO6qvP",
            "iRWkuT1WRoO6qvPC",
            "RWkuT1WRoO6qvPCe",
            "WkuT1WRoO6qvPCeb",
            "kuT1WRoO6qvP",
            "uT1WRoO6qvPC",
            "T1WRoO6qvPCe",
            "1WRoO6qvPCeb",
            "WRoO6qvP",
            "RoO6qvPC",
            "oO6qvPCe",
            "O6qvPCeb",
            "6qvP",
            "qvPC",
            "vPCe",
            "PCeb",
            "dxNXlPTqkgOYCTVw",
            "xNXlPTqkgOYCTVwn",
            "NXlPTqkgOYCTVwn2",
            "XlPTqkgOYCTVwn2o",
            "lPTqkgOYCTVw",
            "PTqkgOYCTVwn",
            "TqkgOYCTVwn2",
            "qkgOYCTVwn2o",
            "kgOYCTVw",
            "gOYCTVwn",
            "OYCTVwn2",
            "YCTVwn2o",
            "CTVw",
            "TVwn",
            "Vwn2",
            "wn2o",
            "faGmLsTYcS0iQ5eJ",
            "aGmLsTYcS0iQ5eJZ",
            "GmLsTYcS0iQ5eJZi",
            "mLsTYcS0iQ5eJZii",
            "LsTYcS0iQ5eJ",
            "sTYcS0iQ5eJZ",
            "TYcS0iQ5eJZi",
            "YcS0iQ5eJZii",
            "cS0iQ5eJ",
            "S0iQ5eJZ",
            "0iQ5eJZi",
            "iQ5eJZii",
            "Q5eJ",
            "5eJZ",
            "eJZi",
            "JZii",
            "pct2HeTuuji49o5E",
            "ct2HeTuuji49o5Ex",
            "t2HeTuuji49o5Exk",
            "2HeTuuji49o5Exko",
            "HeTuuji49o5E",
            "eTuuji49o5Ex",
            "Tuuji49o5Exk",
            "uuji49o5Exko",
            "uji49o5E",
            "ji49o5Ex",
            "i49o5Exk",
            "49o5Exko",
            "9o5E",
            "o5Ex",
            "5Exk",
            "Exko",
            "XQoQ4NT3ih7kjOXs",
            "QoQ4NT3ih7kjOXsZ",
            "oQ4NT3ih7kjOXsZW",
            "Q4NT3ih7kjOXsZWp",
            "4NT3ih7kjOXs",
            "NT3ih7kjOXsZ",
            "T3ih7kjOXsZW",
            "3ih7kjOXsZWp",
            "ih7kjOXs",
            "h7kjOXsZ",
            "7kjOXsZW",
            "kjOXsZWp",
            "jOXs",
            "OXsZ",
            "XsZW",
            "sZWp",
            "SU1gC5Tp0jnRwUXn",
            "U1gC5Tp0jnRwUXnV",
            "1gC5Tp0jnRwUXnV2",
            "gC5Tp0jnRwUXnV2V",
            "C5Tp0jnRwUXn",
            "5Tp0jnRwUXnV",
            "Tp0jnRwUXnV2",
            "p0jnRwUXnV2V",
            "0jnRwUXn",
            "jnRwUXnV",
            "nRwUXnV2",
            "RwUXnV2V",
            "wUXn",
            "UXnV",
            "XnV2",
            "nV2V",
            "y8MCqVT8qUUEH6TL",
            "8MCqVT8qUUEH6TLb",
            "MCqVT8qUUEH6TLb2",
            "CqVT8qUUEH6TLb2t",
            "qVT8qUUEH6TL",
            "VT8qUUEH6TLb",
            "T8qUUEH6TLb2",
            "8qUUEH6TLb2t",
            "qUUEH6TL",
            "UUEH6TLb",
            "UEH6TLb2",
            "EH6TLb2t",
            "H6TL",
            "6TLb",
            "TLb2",
            "Lb2t",
            "n5NrBXTcyrXpLmNo",
            "5NrBXTcyrXpLmNoD",
            "NrBXTcyrXpLmNoDl",
            "rBXTcyrXpLmNoDlP",
            "BXTcyrXpLmNo",
            "XTcyrXpLmNoD",
            "TcyrXpLmNoDl",
            "cyrXpLmNoDlP",
            "yrXpLmNo",
            "rXpLmNoD",
            "XpLmNoDl",
            "pLmNoDlP",
            "LmNo",
            "mNoD",
            "NoDl",
            "oDlP",
            "GN9QpVTFScoA66S7",
            "N9QpVTFScoA66S7L",
            "9QpVTFScoA66S7L9",
            "QpVTFScoA66S7L9U",
            "pVTFScoA66S7",
            "VTFScoA66S7L",
            "TFScoA66S7L9",
            "FScoA66S7L9U",
            "ScoA66S7",
            "coA66S7L",
            "oA66S7L9",
            "A66S7L9U",
            "66S7",
            "6S7L",
            "S7L9",
            "7L9U",
            "IENXlST0s5B0UrfC",
            "ENXlST0s5B0UrfCH",
            "NXlST0s5B0UrfCHY",
            "XlST0s5B0UrfCHYU",
            "lST0s5B0UrfC",
            "ST0s5B0UrfCH",
            "T0s5B0UrfCHY",
            "0s5B0UrfCHYU",
            "s5B0UrfC",
            "5B0UrfCH",
            "B0UrfCHY",
            "0UrfCHYU",
            "UrfC",
            "rfCH",
            "fCHY",
            "CHYU",
            "YkgmEkTOSM6lHn7w",
            "kgmEkTOSM6lHn7wl",
            "gmEkTOSM6lHn7wlh",
            "mEkTOSM6lHn7wlhh",
            "EkTOSM6lHn7w",
            "kTOSM6lHn7wl",
            "TOSM6lHn7wlh",
            "OSM6lHn7wlhh",
            "SM6lHn7w",
            "M6lHn7wl",
            "6lHn7wlh",
            "lHn7wlhh",
            "Hn7w",
            "n7wl",
            "7wlh",
            "wlhh",
            "jLxnB7Tj4qGrU6wX",
            "LxnB7Tj4qGrU6wXe",
            "xnB7Tj4qGrU6wXeg",
            "nB7Tj4qGrU6wXegR",
            "B7Tj4qGrU6wX",
            "7Tj4qGrU6wXe",
            "Tj4qGrU6wXeg",
            "j4qGrU6wXegR",
            "4qGrU6wX",
            "qGrU6wXe",
            "GrU6wXeg",
            "rU6wXegR",
            "U6wX",
            "6wXe",
            "wXeg",
            "XegR",
            "QjaXJUTQD3K88Qy7",
            "jaXJUTQD3K88Qy7P",
            "aXJUTQD3K88Qy7PM",
            "XJUTQD3K88Qy7PMk",
            "JUTQD3K88Qy7",
            "UTQD3K88Qy7P",
            "TQD3K88Qy7PM",
            "QD3K88Qy7PMk",
            "D3K88Qy7",
            "3K88Qy7P",
            "K88Qy7PM",
            "88Qy7PMk",
            "8Qy7",
            "Qy7P",
            "y7PM",
            "7PMk",
            "rmUY2vTtK6S8GOD7",
            "mUY2vTtK6S8GOD7E",
            "UY2vTtK6S8GOD7Ek",
            "Y2vTtK6S8GOD7Eku",
            "2vTtK6S8GOD7",
            "vTtK6S8GOD7E",
            "TtK6S8GOD7Ek",
            "tK6S8GOD7Eku",
            "K6S8GOD7",
            "6S8GOD7E",
            "S8GOD7Ek",
            "8GOD7Eku",
            "GOD7",
            "OD7E",
            "D7Ek",
            "7Eku",
            "QVdshlTCgluF8YV2",
            "VdshlTCgluF8YV2I",
            "dshlTCgluF8YV2Ik",
            "shlTCgluF8YV2Iks",
            "hlTCgluF8YV2",
            "lTCgluF8YV2I",
            "TCgluF8YV2Ik",
            "CgluF8YV2Iks",
            "gluF8YV2",
            "luF8YV2I",
            "uF8YV2Ik",
            "F8YV2Iks",
            "8YV2",
            "YV2I",
            "V2Ik",
            "2Iks",
            "jn8oA1Tx84gsY8YI",
            "n8oA1Tx84gsY8YIY",
            "8oA1Tx84gsY8YIYs",
            "oA1Tx84gsY8YIYsr",
            "A1Tx84gsY8YI",
            "1Tx84gsY8YIY",
            "Tx84gsY8YIYs",
            "x84gsY8YIYsr",
            "84gsY8YI",
            "4gsY8YIY",
            "gsY8YIYs",
            "sY8YIYsr",
            "Y8YI",
            "8YIY",
            "YIYs",
            "IYsr",
            "WlHe7CeVLyK2Z25R",
            "lHe7CeVLyK2Z25RE",
            "He7CeVLyK2Z25REb",
            "e7CeVLyK2Z25REb2",
            "7CeVLyK2Z25R",
            "CeVLyK2Z25RE",
            "eVLyK2Z25REb",
            "VLyK2Z25REb2",
            "LyK2Z25R",
            "yK2Z25RE",
            "K2Z25REb",
            "2Z25REb2",
            "Z25R",
            "25RE",
            "5REb",
            "REb2",
            "DVYlSkenBubjFM0x",
            "VYlSkenBubjFM0x0",
            "YlSkenBubjFM0x0R",
            "lSkenBubjFM0x0R2",
            "SkenBubjFM0x",
            "kenBubjFM0x0",
            "enBubjFM0x0R",
            "nBubjFM0x0R2",
            "BubjFM0x",
            "ubjFM0x0",
            "bjFM0x0R",
            "jFM0x0R2",
            "FM0x",
            "M0x0",
            "0x0R",
            "x0R2",
            "s5iCBZeZv7JBKB3Z",
            "5iCBZeZv7JBKB3ZW",
            "iCBZeZv7JBKB3ZW9",
            "CBZeZv7JBKB3ZW9y",
            "BZeZv7JBKB3Z",
            "ZeZv7JBKB3ZW",
            "eZv7JBKB3ZW9",
            "Zv7JBKB3ZW9y",
            "v7JBKB3Z",
            "7JBKB3ZW",
            "JBKB3ZW9",
            "BKB3ZW9y",
            "KB3Z",
            "B3ZW",
            "3ZW9",
            "ZW9y",
            "HrUWhteWbl0NpT7j",
            "rUWhteWbl0NpT7jn",
            "UWhteWbl0NpT7jnR",
            "WhteWbl0NpT7jnRJ",
            "hteWbl0NpT7j",
            "teWbl0NpT7jn",
            "eWbl0NpT7jnR",
            "Wbl0NpT7jnRJ",
            "bl0NpT7j",
            "l0NpT7jn",
            "0NpT7jnR",
            "NpT7jnRJ",
            "pT7j",
            "T7jn",
            "7jnR",
            "jnRJ",
            "EaGAeoesYA61v43d",
            "aGAeoesYA61v43dK",
            "GAeoesYA61v43dKo",
            "AeoesYA61v43dKoY",
            "eoesYA61v43d",
            "oesYA61v43dK",
            "esYA61v43dKo",
            "sYA61v43dKoY",
            "YA61v43d",
            "A61v43dK",
            "61v43dKo",
            "1v43dKoY",
            "v43d",
            "43dK",
            "3dKo",
            "dKoY",
            "PPooX7eh6TNC2EmF",
            "PooX7eh6TNC2EmFU",
            "ooX7eh6TNC2EmFUP",
            "oX7eh6TNC2EmFUP2",
            "X7eh6TNC2EmF",
            "7eh6TNC2EmFU",
            "eh6TNC2EmFUP",
            "h6TNC2EmFUP2",
            "6TNC2EmF",
            "TNC2EmFU",
            "NC2EmFUP",
            "C2EmFUP2",
            "2EmF",
            "EmFU",
            "mFUP",
            "FUP2",
            "lnpvpoeKwkyLN3t5",
            "npvpoeKwkyLN3t5W",
            "pvpoeKwkyLN3t5Wo",
            "vpoeKwkyLN3t5Wox",
            "poeKwkyLN3t5",
            "oeKwkyLN3t5W",
            "eKwkyLN3t5Wo",
            "KwkyLN3t5Wox",
            "wkyLN3t5",
            "kyLN3t5W",
            "yLN3t5Wo",
            "LN3t5Wox",
            "N3t5",
            "3t5W",
            "t5Wo",
            "5Wox",
            "nyJosAerrOmKAqOI",
            "yJosAerrOmKAqOIp",
            "JosAerrOmKAqOIpx",
            "osAerrOmKAqOIpxU",
            "sAerrOmKAqOI",
            "AerrOmKAqOIp",
            "errOmKAqOIpx",
            "rrOmKAqOIpxU",
            "rOmKAqOI",
            "OmKAqOIp",
            "mKAqOIpx",
            "KAqOIpxU",
            "AqOI",
            "qOIp",
            "OIpx",
            "IpxU",
            "FF60YneeLnPm01pw",
            "F60YneeLnPm01pwP",
            "60YneeLnPm01pwPl",
            "0YneeLnPm01pwPlX",
            "YneeLnPm01pw",
            "neeLnPm01pwP",
            "eeLnPm01pwPl",
            "eLnPm01pwPlX",
            "LnPm01pw",
            "nPm01pwP",
            "Pm01pwPl",
            "m01pwPlX",
            "01pw",
            "1pwP",
            "pwPl",
            "wPlX",
            "eq57rCeGLZISo9e9",
            "q57rCeGLZISo9e9p",
            "57rCeGLZISo9e9pP",
            "7rCeGLZISo9e9pPd",
            "rCeGLZISo9e9",
            "CeGLZISo9e9p",
            "eGLZISo9e9pP",
            "GLZISo9e9pPd",
            "LZISo9e9",
            "ZISo9e9p",
            "ISo9e9pP",
            "So9e9pPd",
            "o9e9",
            "9e9p",
            "e9pP",
            "9pPd",
            "FEJOEGeIrT9K7pfu",
            "EJOEGeIrT9K7pfuK",
            "JOEGeIrT9K7pfuK5",
            "OEGeIrT9K7pfuK57",
            "EGeIrT9K7pfu",
            "GeIrT9K7pfuK",
            "eIrT9K7pfuK5",
            "IrT9K7pfuK57",
            "rT9K7pfu",
            "T9K7pfuK",
            "9K7pfuK5",
            "K7pfuK57",
            "7pfu",
            "pfuK",
            "fuK5",
            "uK57",
            "Ng5m6WeR8nOr2Kqr",
            "g5m6WeR8nOr2Kqrs",
            "5m6WeR8nOr2KqrsD",
            "m6WeR8nOr2KqrsDI",
            "6WeR8nOr2Kqr",
            "WeR8nOr2Kqrs",
            "eR8nOr2KqrsD",
            "R8nOr2KqrsDI",
            "8nOr2Kqr",
            "nOr2Kqrs",
            "Or2KqrsD",
            "r2KqrsDI",
            "2Kqr",
            "Kqrs",
            "qrsD",
            "rsDI",
            "AKmwfje5nOjm9Tc5",
            "Kmwfje5nOjm9Tc5A",
            "mwfje5nOjm9Tc5Al",
            "wfje5nOjm9Tc5AlY",
            "fje5nOjm9Tc5",
            "je5nOjm9Tc5A",
            "e5nOjm9Tc5Al",
            "5nOjm9Tc5AlY",
            "nOjm9Tc5",
            "Ojm9Tc5A",
            "jm9Tc5Al",
            "m9Tc5AlY",
            "9Tc5",
            "Tc5A",
            "c5Al",
            "5AlY",
            "wvCt1semMHYMxJdf",
            "vCt1semMHYMxJdfr",
            "Ct1semMHYMxJdfrq",
            "t1semMHYMxJdfrq2",
            "1semMHYMxJdf",
            "semMHYMxJdfr",
            "emMHYMxJdfrq",
            "mMHYMxJdfrq2",
            "MHYMxJdf",
            "HYMxJdfr",
            "YMxJdfrq",
            "MxJdfrq2",
            "xJdf",
            "Jdfr",
            "dfrq",
            "frq2",
            "GPDKfAe4CqRX7Zmk",
            "PDKfAe4CqRX7ZmkR",
            "DKfAe4CqRX7ZmkRi",
            "KfAe4CqRX7ZmkRi6",
            "fAe4CqRX7Zmk",
            "Ae4CqRX7ZmkR",
            "e4CqRX7ZmkRi",
            "4CqRX7ZmkRi6",
            "CqRX7Zmk",
            "qRX7ZmkR",
            "RX7ZmkRi",
            "X7ZmkRi6",
            "7Zmk",
            "ZmkR",
            "mkRi",
            "kRi6",
            "HNWxt9e1nrXkd73h",
            "NWxt9e1nrXkd73hF",
            "Wxt9e1nrXkd73hFL",
            "xt9e1nrXkd73hFLb",
            "t9e1nrXkd73h",
            "9e1nrXkd73hF",
            "e1nrXkd73hFL",
            "1nrXkd73hFLb",
            "nrXkd73h",
            "rXkd73hF",
            "Xkd73hFL",
            "kd73hFLb",
            "d73h",
            "73hF",
            "3hFL",
            "hFLb",
            "mTPU8deqrh4oeEXW",
            "TPU8deqrh4oeEXWP",
            "PU8deqrh4oeEXWP5",
            "U8deqrh4oeEXWP5q",
            "8deqrh4oeEXW",
            "deqrh4oeEXWP",
            "eqrh4oeEXWP5",
            "qrh4oeEXWP5q",
            "rh4oeEXW",
            "h4oeEXWP",
            "4oeEXWP5",
            "oeEXWP5q",
            "eEXW",
            "EXWP",
            "XWP5",
            "WP5q",
            "FxEZiWeY0pr796hv",
            "xEZiWeY0pr796hvn",
            "EZiWeY0pr796hvnm",
            "ZiWeY0pr796hvnmi",
            "iWeY0pr796hv",
            "WeY0pr796hvn",
            "eY0pr796hvnm",
            "Y0pr796hvnmi",
            "0pr796hv",
            "pr796hvn",
            "r796hvnm",
            "796hvnmi",
            "96hv",
            "6hvn",
            "hvnm",
            "vnmi",
            "b7ZHI2euo13rvdM2",
            "7ZHI2euo13rvdM2k",
            "ZHI2euo13rvdM2kv",
            "HI2euo13rvdM2kvn",
            "I2euo13rvdM2",
            "2euo13rvdM2k",
            "euo13rvdM2kv",
            "uo13rvdM2kvn",
            "o13rvdM2",
            "13rvdM2k",
            "3rvdM2kv",
            "rvdM2kvn",
            "vdM2",
            "dM2k",
            "M2kv",
            "2kvn",
            "kP3KFAe3iBWHUJ44",
            "P3KFAe3iBWHUJ44K",
            "3KFAe3iBWHUJ44KT",
            "KFAe3iBWHUJ44KTN",
            "FAe3iBWHUJ44",
            "Ae3iBWHUJ44K",
            "e3iBWHUJ44KT",
            "3iBWHUJ44KTN",
            "iBWHUJ44",
            "BWHUJ44K",
            "WHUJ44KT",
            "HUJ44KTN",
            "UJ44",
            "J44K",
            "44KT",
            "4KTN",
            "SqrpvNep4jtdgMYl",
            "qrpvNep4jtdgMYli",
            "rpvNep4jtdgMYlix",
            "pvNep4jtdgMYlixY",
            "vNep4jtdgMYl",
            "Nep4jtdgMYli",
            "ep4jtdgMYlix",
            "p4jtdgMYlixY",
            "4jtdgMYl",
            "jtdgMYli",
            "tdgMYlix",
            "dgMYlixY",
            "gMYl",
            "MYli",
            "Ylix",
            "lixY",
            "gJ0A6Se8034Ok5lK",
            "J0A6Se8034Ok5lKd",
            "0A6Se8034Ok5lKd6",
            "A6Se8034Ok5lKd6w",
            "6Se8034Ok5lK",
            "Se8034Ok5lKd",
            "e8034Ok5lKd6",
            "8034Ok5lKd6w",
            "034Ok5lK",
            "34Ok5lKd",
            "4Ok5lKd6",
            "Ok5lKd6w",
            "k5lK",
            "5lKd",
            "lKd6",
            "Kd6w",
            "PXZV8kecy9bmaFd3",
            "XZV8kecy9bmaFd3y",
            "ZV8kecy9bmaFd3yw",
            "V8kecy9bmaFd3ywu",
            "8kecy9bmaFd3",
            "kecy9bmaFd3y",
            "ecy9bmaFd3yw",
            "cy9bmaFd3ywu",
            "y9bmaFd3",
            "9bmaFd3y",
            "bmaFd3yw",
            "maFd3ywu",
            "aFd3",
            "Fd3y",
            "d3yw",
            "3ywu",
            "oA2Fk1eFYgwisMxb",
            "A2Fk1eFYgwisMxb4",
            "2Fk1eFYgwisMxb4P",
            "Fk1eFYgwisMxb4Pi",
            "k1eFYgwisMxb",
            "1eFYgwisMxb4",
            "eFYgwisMxb4P",
            "FYgwisMxb4Pi",
            "YgwisMxb",
            "gwisMxb4",
            "wisMxb4P",
            "isMxb4Pi",
            "sMxb",
            "Mxb4",
            "xb4P",
            "b4Pi",
            "xGIXpoe0PPQj01VU",
            "GIXpoe0PPQj01VUK",
            "IXpoe0PPQj01VUK8",
            "Xpoe0PPQj01VUK83",
            "poe0PPQj01VU",
            "oe0PPQj01VUK",
            "e0PPQj01VUK8",
            "0PPQj01VUK83",
            "PPQj01VU",
            "PQj01VUK",
            "Qj01VUK8",
            "j01VUK83",
            "01VU",
            "1VUK",
            "VUK8",
            "UK83",
            "g4ORuTeOEcrqgbwm",
            "4ORuTeOEcrqgbwmJ",
            "ORuTeOEcrqgbwmJ8",
            "RuTeOEcrqgbwmJ8f",
            "uTeOEcrqgbwm",
            "TeOEcrqgbwmJ",
            "eOEcrqgbwmJ8",
            "OEcrqgbwmJ8f",
            "Ecrqgbwm",
            "crqgbwmJ",
            "rqgbwmJ8",
            "qgbwmJ8f",
            "gbwm",
            "bwmJ",
            "wmJ8",
            "mJ8f",
            "RP6scyejX1ere9FR",
            "P6scyejX1ere9FRY",
            "6scyejX1ere9FRY8",
            "scyejX1ere9FRY8R",
            "cyejX1ere9FR",
            "yejX1ere9FRY",
            "ejX1ere9FRY8",
            "jX1ere9FRY8R",
            "X1ere9FR",
            "1ere9FRY",
            "ere9FRY8",
            "re9FRY8R",
            "e9FR",
            "9FRY",
            "FRY8",
            "RY8R",
            "QxQkYJeQZahyQBja",
            "xQkYJeQZahyQBjaI",
            "QkYJeQZahyQBjaIv",
            "kYJeQZahyQBjaIvS",
            "YJeQZahyQBja",
            "JeQZahyQBjaI",
            "eQZahyQBjaIv",
            "QZahyQBjaIvS",
            "ZahyQBja",
            "ahyQBjaI",
            "hyQBjaIv",
            "yQBjaIvS",
            "QBja",
            "BjaI",
            "jaIv",
            "aIvS",
            "qDaefPetNZYvvwgV",
            "DaefPetNZYvvwgVp",
            "aefPetNZYvvwgVpC",
            "efPetNZYvvwgVpCP",
            "fPetNZYvvwgV",
            "PetNZYvvwgVp",
            "etNZYvvwgVpC",
            "tNZYvvwgVpCP",
            "NZYvvwgV",
            "ZYvvwgVp",
            "YvvwgVpC",
            "vvwgVpCP",
            "vwgV",
            "wgVp",
            "gVpC",
            "VpCP",
            "R7oU3AeC4iPfwq1n",
            "7oU3AeC4iPfwq1nn",
            "oU3AeC4iPfwq1nnL",
            "U3AeC4iPfwq1nnLr",
            "3AeC4iPfwq1n",
            "AeC4iPfwq1nn",
            "eC4iPfwq1nnL",
            "C4iPfwq1nnLr",
            "4iPfwq1n",
            "iPfwq1nn",
            "Pfwq1nnL",
            "fwq1nnLr",
            "wq1n",
            "q1nn",
            "1nnL",
            "nnLr",
            "ftZYkqex9qHgslRK",
            "tZYkqex9qHgslRKk",
            "ZYkqex9qHgslRKkU",
            "Ykqex9qHgslRKkUB",
            "kqex9qHgslRK",
            "qex9qHgslRKk",
            "ex9qHgslRKkU",
            "x9qHgslRKkUB",
            "9qHgslRK",
            "qHgslRKk",
            "HgslRKkU",
            "gslRKkUB",
            "slRK",
            "lRKk",
            "RKkU",
            "KkUB",
            "bDENPfPVxHreHxZd",
            "DENPfPVxHreHxZdo",
            "ENPfPVxHreHxZdo0",
            "NPfPVxHreHxZdo0E",
            "PfPVxHreHxZd",
            "fPVxHreHxZdo",
            "PVxHreHxZdo0",
            "VxHreHxZdo0E",
            "xHreHxZd",
            "HreHxZdo",
            "reHxZdo0",
            "eHxZdo0E",
            "HxZd",
            "xZdo",
            "Zdo0",
            "do0E",
            "uqJTLbPnTk59Mk3Y",
            "qJTLbPnTk59Mk3Y3",
            "JTLbPnTk59Mk3Y3c",
            "TLbPnTk59Mk3Y3cO",
            "LbPnTk59Mk3Y",
            "bPnTk59Mk3Y3",
            "PnTk59Mk3Y3c",
            "nTk59Mk3Y3cO",
            "Tk59Mk3Y",
            "k59Mk3Y3",
            "59Mk3Y3c",
            "9Mk3Y3cO",
            "Mk3Y",
            "k3Y3",
            "3Y3c",
            "Y3cO",
            "nO5W8RPZyyXMMyAp",
            "O5W8RPZyyXMMyApc",
            "5W8RPZyyXMMyApc4",
            "W8RPZyyXMMyApc4y",
            "8RPZyyXMMyAp",
            "RPZyyXMMyApc",
            "PZyyXMMyApc4",
            "ZyyXMMyApc4y",
            "yyXMMyAp",
            "yXMMyApc",
            "XMMyApc4",
            "MMyApc4y",
            "MyAp",
            "yApc",
            "Apc4",
            "pc4y",
            "J1u68pPW662xJcBN",
            "1u68pPW662xJcBNH",
            "u68pPW662xJcBNHx",
            "68pPW662xJcBNHxc",
            "8pPW662xJcBN",
            "pPW662xJcBNH",
            "PW662xJcBNHx",
            "W662xJcBNHxc",
            "662xJcBN",
            "62xJcBNH",
            "2xJcBNHx",
            "xJcBNHxc",
            "JcBN",
            "cBNH",
            "BNHx",
            "NHxc",
            "yAaWHAPs5945x8Kp",
            "AaWHAPs5945x8Kpj",
            "aWHAPs5945x8KpjI",
            "WHAPs5945x8KpjIO",
            "HAPs5945x8Kp",
            "APs5945x8Kpj",
            "Ps5945x8KpjI",
            "s5945x8KpjIO",
            "5945x8Kp",
            "945x8Kpj",
            "45x8KpjI",
            "5x8KpjIO",
            "x8Kp",
            "8Kpj",
            "KpjI",
            "pjIO",
            "RQUuV0PhR65FVLDN",
            "QUuV0PhR65FVLDNO",
            "UuV0PhR65FVLDNOH",
            "uV0PhR65FVLDNOHp",
            "V0PhR65FVLDN",
            "0PhR65FVLDNO",
            "PhR65FVLDNOH",
            "hR65FVLDNOHp",
            "R65FVLDN",
            "65FVLDNO",
            "5FVLDNOH",
            "FVLDNOHp",
            "VLDN",
            "LDNO",
            "DNOH",
            "NOHp",
            "UlOfakPKb29XMN2q",
            "lOfakPKb29XMN2qB",
            "OfakPKb29XMN2qBn",
            "fakPKb29XMN2qBnN",
            "akPKb29XMN2q",
            "kPKb29XMN2qB",
            "PKb29XMN2qBn",
            "Kb29XMN2qBnN",
            "b29XMN2q",
            "29XMN2qB",
            "9XMN2qBn",
            "XMN2qBnN",
            "MN2q",
            "N2qB",
            "2qBn",
            "qBnN",
            "Jbec75Prpe3Eo9Ug",
            "bec75Prpe3Eo9Ugx",
            "ec75Prpe3Eo9UgxS",
            "c75Prpe3Eo9UgxSd",
            "75Prpe3Eo9Ug",
            "5Prpe3Eo9Ugx",
            "Prpe3Eo9UgxS",
            "rpe3Eo9UgxSd",
            "pe3Eo9Ug",
            "e3Eo9Ugx",
            "3Eo9UgxS",
            "Eo9UgxSd",
            "o9Ug",
            "9Ugx",
            "UgxS",
            "gxSd",
            "AXjK2DPeCtjdlGyd",
            "XjK2DPeCtjdlGyd4",
            "jK2DPeCtjdlGyd44",
            "K2DPeCtjdlGyd44C",
            "2DPeCtjdlGyd",
            "DPeCtjdlGyd4",
            "PeCtjdlGyd44",
            "eCtjdlGyd44C",
            "CtjdlGyd",
            "tjdlGyd4",
            "jdlGyd44",
            "dlGyd44C",
            "lGyd",
            "Gyd4",
            "yd44",
            "d44C",
            "GH9gG7PGLKFQPpIn",
            "H9gG7PGLKFQPpInT",
            "9gG7PGLKFQPpInTT",
            "gG7PGLKFQPpInTTL",
            "G7PGLKFQPpIn",
            "7PGLKFQPpInT",
            "PGLKFQPpInTT",
            "GLKFQPpInTTL",
            "LKFQPpIn",
            "KFQPpInT",
            "FQPpInTT",
            "QPpInTTL",
            "PpIn",
            "pInT",
            "InTT",
            "nTTL",
            "ewmu3dPI0Z9MPFd8",
            "wmu3dPI0Z9MPFd8l",
            "mu3dPI0Z9MPFd8ls",
            "u3dPI0Z9MPFd8lsn",
            "3dPI0Z9MPFd8",
            "dPI0Z9MPFd8l",
            "PI0Z9MPFd8ls",
            "I0Z9MPFd8lsn",
            "0Z9MPFd8",
            "Z9MPFd8l",
            "9MPFd8ls",
            "MPFd8lsn",
            "PFd8",
            "Fd8l",
            "d8ls",
            "8lsn",
            "HEb6RbPRSUGn76df",
            "Eb6RbPRSUGn76dfT",
            "b6RbPRSUGn76dfTu",
            "6RbPRSUGn76dfTuw",
            "RbPRSUGn76df",
            "bPRSUGn76dfT",
            "PRSUGn76dfTu",
            "RSUGn76dfTuw",
            "SUGn76df",
            "UGn76dfT",
            "Gn76dfTu",
            "n76dfTuw",
            "76df",
            "6dfT",
            "dfTu",
            "fTuw",
            "MsQG8DP5LBX0PaaS",
            "sQG8DP5LBX0PaaSx",
            "QG8DP5LBX0PaaSxv",
            "G8DP5LBX0PaaSxvQ",
            "8DP5LBX0PaaS",
            "DP5LBX0PaaSx",
            "P5LBX0PaaSxv",
            "5LBX0PaaSxvQ",
            "LBX0PaaS",
            "BX0PaaSx",
            "X0PaaSxv",
            "0PaaSxvQ",
            "PaaS",
            "aaSx",
            "aSxv",
            "SxvQ",
            "X1BpsBPmJJn7vO3P",
            "1BpsBPmJJn7vO3PB",
            "BpsBPmJJn7vO3PBs",
            "psBPmJJn7vO3PBsc",
            "sBPmJJn7vO3P",
            "BPmJJn7vO3PB",
            "PmJJn7vO3PBs",
            "mJJn7vO3PBsc",
            "JJn7vO3P",
            "Jn7vO3PB",
            "n7vO3PBs",
            "7vO3PBsc",
            "vO3P",
            "O3PB",
            "3PBs",
            "PBsc",
            "Kyc7luP4MleWGXSU",
            "yc7luP4MleWGXSUe",
            "c7luP4MleWGXSUeb",
            "7luP4MleWGXSUebt",
            "luP4MleWGXSU",
            "uP4MleWGXSUe",
            "P4MleWGXSUeb",
            "4MleWGXSUebt",
            "MleWGXSU",
            "leWGXSUe",
            "eWGXSUeb",
            "WGXSUebt",
            "GXSU",
            "XSUe",
            "SUeb",
            "Uebt",
            "D2XTY9P1yycrVNid",
            "2XTY9P1yycrVNidr",
            "XTY9P1yycrVNidrM",
            "TY9P1yycrVNidrMG",
            "Y9P1yycrVNid",
            "9P1yycrVNidr",
            "P1yycrVNidrM",
            "1yycrVNidrMG",
            "yycrVNid",
            "ycrVNidr",
            "crVNidrM",
            "rVNidrMG",
            "VNid",
            "Nidr",
            "idrM",
            "drMG",
            "s3iMX6PqEdpucpo3",
            "3iMX6PqEdpucpo3k",
            "iMX6PqEdpucpo3kj",
            "MX6PqEdpucpo3kju",
            "X6PqEdpucpo3",
            "6PqEdpucpo3k",
            "PqEdpucpo3kj",
            "qEdpucpo3kju",
            "Edpucpo3",
            "dpucpo3k",
            "pucpo3kj",
            "ucpo3kju",
            "cpo3",
            "po3k",
            "o3kj",
            "3kju",
            "unsUCmPYWk9J44dN",
            "nsUCmPYWk9J44dNu",
            "sUCmPYWk9J44dNuc",
            "UCmPYWk9J44dNuch",
            "CmPYWk9J44dN",
            "mPYWk9J44dNu",
            "PYWk9J44dNuc",
            "YWk9J44dNuch",
            "Wk9J44dN",
            "k9J44dNu",
            "9J44dNuc",
            "J44dNuch",
            "44dN",
            "4dNu",
            "dNuc",
            "Nuch",
            "KkdPwXPukYfv2TcD",
            "kdPwXPukYfv2TcDL",
            "dPwXPukYfv2TcDLP",
            "PwXPukYfv2TcDLP3",
            "wXPukYfv2TcD",
            "XPukYfv2TcDL",
            "PukYfv2TcDLP",
            "ukYfv2TcDLP3",
            "kYfv2TcD",
            "Yfv2TcDL",
            "fv2TcDLP",
            "v2TcDLP3",
            "2TcD",
            "TcDL",
            "cDLP",
            "DLP3",
            "kIUGVuP3UTjKmsEl",
            "IUGVuP3UTjKmsEls",
            "UGVuP3UTjKmsElsh",
            "GVuP3UTjKmsElshE",
            "VuP3UTjKmsEl",
            "uP3UTjKmsEls",
            "P3UTjKmsElsh",
            "3UTjKmsElshE",
            "UTjKmsEl",
            "TjKmsEls",
            "jKmsElsh",
            "KmsElshE",
            "msEl",
            "sEls",
            "Elsh",
            "lshE",
            "JmFCPwPpD7IXqabb",
            "mFCPwPpD7IXqabb1",
            "FCPwPpD7IXqabb1y",
            "CPwPpD7IXqabb1yN",
            "PwPpD7IXqabb",
            "wPpD7IXqabb1",
            "PpD7IXqabb1y",
            "pD7IXqabb1yN",
            "D7IXqabb",
            "7IXqabb1",
            "IXqabb1y",
            "Xqabb1yN",
            "qabb",
            "abb1",
            "bb1y",
            "b1yN",
            "zF2hvyP8GkVDdZG9",
            "F2hvyP8GkVDdZG9k",
            "2hvyP8GkVDdZG9kv",
            "hvyP8GkVDdZG9kvj",
            "vyP8GkVDdZG9",
            "yP8GkVDdZG9k",
            "P8GkVDdZG9kv",
            "8GkVDdZG9kvj",
            "GkVDdZG9",
            "kVDdZG9k",
            "VDdZG9kv",
            "DdZG9kvj",
            "dZG9",
            "ZG9k",
            "G9kv",
            "9kvj",
            "i4cl1iPcJOewiCBX",
            "4cl1iPcJOewiCBXE",
            "cl1iPcJOewiCBXEm",
            "l1iPcJOewiCBXEmb",
            "1iPcJOewiCBX",
            "iPcJOewiCBXE",
            "PcJOewiCBXEm",
            "cJOewiCBXEmb",
            "JOewiCBX",
            "OewiCBXE",
            "ewiCBXEm",
            "wiCBXEmb",
            "iCBX",
            "CBXE",
            "BXEm",
            "XEmb",
            "wVSHaqPFXWFq3not",
            "VSHaqPFXWFq3notQ",
            "SHaqPFXWFq3notQ9",
            "HaqPFXWFq3notQ9F",
            "aqPFXWFq3not",
            "qPFXWFq3notQ",
            "PFXWFq3notQ9",
            "FXWFq3notQ9F",
            "XWFq3not",
            "WFq3notQ",
            "Fq3notQ9",
            "q3notQ9F",
            "3not",
            "notQ",
            "otQ9",
            "tQ9F",
            "n9q3DSP0BPr7BAvq",
            "9q3DSP0BPr7BAvqd",
            "q3DSP0BPr7BAvqdn",
            "3DSP0BPr7BAvqdnm",
            "DSP0BPr7BAvq",
            "SP0BPr7BAvqd",
            "P0BPr7BAvqdn",
            "0BPr7BAvqdnm",
            "BPr7BAvq",
            "Pr7BAvqd",
            "r7BAvqdn",
            "7BAvqdnm",
            "BAvq",
            "Avqd",
            "vqdn",
            "qdnm",
            "geFyeTPOxoA61re6",
            "eFyeTPOxoA61re6Q",
            "FyeTPOxoA61re6Qa",
            "yeTPOxoA61re6QaR",
            "eTPOxoA61re6",
            "TPOxoA61re6Q",
            "POxoA61re6Qa",
            "OxoA61re6QaR",
            "xoA61re6",
            "oA61re6Q",
            "A61re6Qa",
            "61re6QaR",
            "1re6",
            "re6Q",
            "e6Qa",
            "6QaR",
            "B5vQMnPjZfcLE4HQ",
            "5vQMnPjZfcLE4HQM",
            "vQMnPjZfcLE4HQM8",
            "QMnPjZfcLE4HQM8V",
            "MnPjZfcLE4HQ",
            "nPjZfcLE4HQM",
            "PjZfcLE4HQM8",
            "jZfcLE4HQM8V",
            "ZfcLE4HQ",
            "fcLE4HQM",
            "cLE4HQM8",
            "LE4HQM8V",
            "E4HQ",
            "4HQM",
            "HQM8",
            "QM8V",
            "CLICrcPQpuoOCxjD",
            "LICrcPQpuoOCxjDC",
            "ICrcPQpuoOCxjDCL",
            "CrcPQpuoOCxjDCLy",
            "rcPQpuoOCxjD",
            "cPQpuoOCxjDC",
            "PQpuoOCxjDCL",
            "QpuoOCxjDCLy",
            "puoOCxjD",
            "uoOCxjDC",
            "oOCxjDCL",
            "OCxjDCLy",
            "CxjD",
            "xjDC",
            "jDCL",
            "DCLy",
            "jCJ3M2PtN61gdiVF",
            "CJ3M2PtN61gdiVFP",
            "J3M2PtN61gdiVFPM",
            "3M2PtN61gdiVFPMn",
            "M2PtN61gdiVF",
            "2PtN61gdiVFP",
            "PtN61gdiVFPM",
            "tN61gdiVFPMn",
            "N61gdiVF",
            "61gdiVFP",
            "1gdiVFPM",
            "gdiVFPMn",
            "diVF",
            "iVFP",
            "VFPM",
            "FPMn",
            "N8qgDAPCkMR6kecL",
            "8qgDAPCkMR6kecLF",
            "qgDAPCkMR6kecLFQ",
            "gDAPCkMR6kecLFQX",
            "DAPCkMR6kecL",
            "APCkMR6kecLF",
            "PCkMR6kecLFQ",
            "CkMR6kecLFQX",
            "kMR6kecL",
            "MR6kecLF",
            "R6kecLFQ",
            "6kecLFQX",
            "kecL",
            "ecLF",
            "cLFQ",
            "LFQX",
            "snntaJPxmwMkW8lv",
            "nntaJPxmwMkW8lvC",
            "ntaJPxmwMkW8lvC2",
            "taJPxmwMkW8lvC2e",
            "aJPxmwMkW8lv",
            "JPxmwMkW8lvC",
            "PxmwMkW8lvC2",
            "xmwMkW8lvC2e",
            "mwMkW8lv",
            "wMkW8lvC",
            "MkW8lvC2",
            "kW8lvC2e",
            "W8lv",
            "8lvC",
            "lvC2",
            "vC2e",
            "UwkItgGV0VG6GHV3",
            "wkItgGV0VG6GHV3Y",
            "kItgGV0VG6GHV3Ym",
            "ItgGV0VG6GHV3YmW",
            "tgGV0VG6GHV3",
            "gGV0VG6GHV3Y",
            "GV0VG6GHV3Ym",
            "V0VG6GHV3YmW",
            "0VG6GHV3",
            "VG6GHV3Y",
            "G6GHV3Ym",
            "6GHV3YmW",
            "GHV3",
            "HV3Y",
            "V3Ym",
            "3YmW",
            "aYfE7JGnaqa8C6xE",
            "YfE7JGnaqa8C6xE6",
            "fE7JGnaqa8C6xE6C",
            "E7JGnaqa8C6xE6C9",
            "7JGnaqa8C6xE",
            "JGnaqa8C6xE6",
            "Gnaqa8C6xE6C",
            "naqa8C6xE6C9",
            "aqa8C6xE",
            "qa8C6xE6",
            "a8C6xE6C",
            "8C6xE6C9",
            "C6xE",
            "6xE6",
            "xE6C",
            "E6C9",
            "M5jXTAGZ1CKe4rPO",
            "5jXTAGZ1CKe4rPOh",
            "jXTAGZ1CKe4rPOhZ",
            "XTAGZ1CKe4rPOhZ6",
            "TAGZ1CKe4rPO",
            "AGZ1CKe4rPOh",
            "GZ1CKe4rPOhZ",
            "Z1CKe4rPOhZ6",
            "1CKe4rPO",
            "CKe4rPOh",
            "Ke4rPOhZ",
            "e4rPOhZ6",
            "4rPO",
            "rPOh",
            "POhZ",
            "OhZ6",
            "IXsCIgGWaVa0OLyD",
            "XsCIgGWaVa0OLyDQ",
            "sCIgGWaVa0OLyDQ7",
            "CIgGWaVa0OLyDQ7A",
            "IgGWaVa0OLyD",
            "gGWaVa0OLyDQ",
            "GWaVa0OLyDQ7",
            "WaVa0OLyDQ7A",
            "aVa0OLyD",
            "Va0OLyDQ",
            "a0OLyDQ7",
            "0OLyDQ7A",
            "OLyD",
            "LyDQ",
            "yDQ7",
            "DQ7A",
            "AVubQcGskkT78yRf",
            "VubQcGskkT78yRfs",
            "ubQcGskkT78yRfsc",
            "bQcGskkT78yRfscQ",
            "QcGskkT78yRf",
            "cGskkT78yRfs",
            "GskkT78yRfsc",
            "skkT78yRfscQ",
            "kkT78yRf",
            "kT78yRfs",
            "T78yRfsc",
            "78yRfscQ",
            "8yRf",
            "yRfs",
            "Rfsc",
            "fscQ",
            "CcQiZEGhKA0KusZN",
            "cQiZEGhKA0KusZN3",
            "QiZEGhKA0KusZN3o",
            "iZEGhKA0KusZN3oi",
            "ZEGhKA0KusZN",
            "EGhKA0KusZN3",
            "GhKA0KusZN3o",
            "hKA0KusZN3oi",
            "KA0KusZN",
            "A0KusZN3",
            "0KusZN3o",
            "KusZN3oi",
            "usZN",
            "sZN3",
            "ZN3o",
            "N3oi",
            "PVV4LRGKkvJ9P1cA",
            "VV4LRGKkvJ9P1cAp",
            "V4LRGKkvJ9P1cApv",
            "4LRGKkvJ9P1cApvr",
            "LRGKkvJ9P1cA",
            "RGKkvJ9P1cAp",
            "GKkvJ9P1cApv",
            "KkvJ9P1cApvr",
            "kvJ9P1cA",
            "vJ9P1cAp",
            "J9P1cApv",
            "9P1cApvr",
            "P1cA",
            "1cAp",
            "cApv",
            "Apvr",
            "DbJM2EGrhNfPjSpx",
            "bJM2EGrhNfPjSpxj",
            "JM2EGrhNfPjSpxjq",
            "M2EGrhNfPjSpxjqd",
            "2EGrhNfPjSpx",
            "EGrhNfPjSpxj",
            "GrhNfPjSpxjq",
            "rhNfPjSpxjqd",
            "hNfPjSpx",
            "NfPjSpxj",
            "fPjSpxjq",
            "PjSpxjqd",
            "jSpx",
            "Spxj",
            "pxjq",
            "xjqd",
            "cXp9cRGeZP9Vhq5F",
            "Xp9cRGeZP9Vhq5FF",
            "p9cRGeZP9Vhq5FFk",
            "9cRGeZP9Vhq5FFkZ",
            "cRGeZP9Vhq5F",
            "RGeZP9Vhq5FF",
            "GeZP9Vhq5FFk",
            "eZP9Vhq5FFkZ",
            "ZP9Vhq5F",
            "P9Vhq5FF",
            "9Vhq5FFk",
            "Vhq5FFkZ",
            "hq5F",
            "q5FF",
            "5FFk",
            "FFkZ",
            "OfJPyYGGrEo3YWI7",
            "fJPyYGGrEo3YWI76",
            "JPyYGGrEo3YWI763",
            "PyYGGrEo3YWI763P",
            "yYGGrEo3YWI7",
            "YGGrEo3YWI76",
            "GGrEo3YWI763",
            "GrEo3YWI763P",
            "rEo3YWI7",
            "Eo3YWI76",
            "o3YWI763",
            "3YWI763P",
            "YWI7",
            "WI76",
            "I763",
            "763P",
            "B8EIqjGIQdIdklFW",
            "8EIqjGIQdIdklFWg",
            "EIqjGIQdIdklFWgW",
            "IqjGIQdIdklFWgWm",
            "qjGIQdIdklFW",
            "jGIQdIdklFWg",
            "GIQdIdklFWgW",
            "IQdIdklFWgWm",
            "QdIdklFW",
            "dIdklFWg",
            "IdklFWgW",
            "dklFWgWm",
            "klFW",
            "lFWg",
            "FWgW",
            "WgWm",
            "vvMZlMGRfHGUoMwL",
            "vMZlMGRfHGUoMwLq",
            "MZlMGRfHGUoMwLqg",
            "ZlMGRfHGUoMwLqgd",
            "lMGRfHGUoMwL",
            "MGRfHGUoMwLq",
            "GRfHGUoMwLqg",
            "RfHGUoMwLqgd",
            "fHGUoMwL",
            "HGUoMwLq",
            "GUoMwLqg",
            "UoMwLqgd",
            "oMwL",
            "MwLq",
            "wLqg",
            "Lqgd",
            "EPcRDIG5jwsv4KSu",
            "PcRDIG5jwsv4KSuX",
            "cRDIG5jwsv4KSuX7",
            "RDIG5jwsv4KSuX7X",
            "DIG5jwsv4KSu",
            "IG5jwsv4KSuX",
            "G5jwsv4KSuX7",
            "5jwsv4KSuX7X",
            "jwsv4KSu",
            "wsv4KSuX",
            "sv4KSuX7",
            "v4KSuX7X",
            "4KSu",
            "KSuX",
            "SuX7",
            "uX7X",
            "FQ7pjNGmuGi3bJO5",
            "Q7pjNGmuGi3bJO5l",
            "7pjNGmuGi3bJO5lD",
            "pjNGmuGi3bJO5lDc",
            "jNGmuGi3bJO5",
            "NGmuGi3bJO5l",
            "GmuGi3bJO5lD",
            "muGi3bJO5lDc",
            "uGi3bJO5",
            "Gi3bJO5l",
            "i3bJO5lD",
            "3bJO5lDc",
            "bJO5",
            "JO5l",
            "O5lD",
            "5lDc",
            "tNADkJG4oxgDiHCI",
            "NADkJG4oxgDiHCIN",
            "ADkJG4oxgDiHCIN3",
            "DkJG4oxgDiHCIN35",
            "kJG4oxgDiHCI",
            "JG4oxgDiHCIN",
            "G4oxgDiHCIN3",
            "4oxgDiHCIN35",
            "oxgDiHCI",
            "xgDiHCIN",
            "gDiHCIN3",
            "DiHCIN35",
            "iHCI",
            "HCIN",
            "CIN3",
            "IN35",
            "pSVgTnG1gcQV8MWt",
            "SVgTnG1gcQV8MWtc",
            "VgTnG1gcQV8MWtc8",
            "gTnG1gcQV8MWtc8V",
            "TnG1gcQV8MWt",
            "nG1gcQV8MWtc",
            "G1gcQV8MWtc8",
            "1gcQV8MWtc8V",
            "gcQV8MWt",
            "cQV8MWtc",
            "QV8MWtc8",
            "V8MWtc8V",
            "8MWt",
            "MWtc",
            "Wtc8",
            "tc8V",
            "HBFpu2Gq03TxRIS4",
            "BFpu2Gq03TxRIS4b",
            "Fpu2Gq03TxRIS4bx",
            "pu2Gq03TxRIS4bxt",
            "u2Gq03TxRIS4",
            "2Gq03TxRIS4b",
            "Gq03TxRIS4bx",
            "q03TxRIS4bxt",
            "03TxRIS4",
            "3TxRIS4b",
            "TxRIS4bx",
            "xRIS4bxt",
            "RIS4",
            "IS4b",
            "S4bx",
            "4bxt",
            "j9f1IGGYUVFCg4S9",
            "9f1IGGYUVFCg4S9G",
            "f1IGGYUVFCg4S9GS",
            "1IGGYUVFCg4S9GSp",
            "IGGYUVFCg4S9",
            "GGYUVFCg4S9G",
            "GYUVFCg4S9GS",
            "YUVFCg4S9GSp",
            "UVFCg4S9",
            "VFCg4S9G",
            "FCg4S9GS",
            "Cg4S9GSp",
            "g4S9",
            "4S9G",
            "S9GS",
            "9GSp",
            "sIwALYGul5cr8lUy",
            "IwALYGul5cr8lUyc",
            "wALYGul5cr8lUycv",
            "ALYGul5cr8lUycv2",
            "LYGul5cr8lUy",
            "YGul5cr8lUyc",
            "Gul5cr8lUycv",
            "ul5cr8lUycv2",
            "l5cr8lUy",
            "5cr8lUyc",
            "cr8lUycv",
            "r8lUycv2",
            "8lUy",
            "lUyc",
            "Uycv",
            "ycv2",
            "KSArKIG3UhgndsSl",
            "SArKIG3UhgndsSlq",
            "ArKIG3UhgndsSlqR",
            "rKIG3UhgndsSlqRC",
            "KIG3UhgndsSl",
            "IG3UhgndsSlq",
            "G3UhgndsSlqR",
            "3UhgndsSlqRC",
            "UhgndsSl",
            "hgndsSlq",
            "gndsSlqR",
            "ndsSlqRC",
            "dsSl",
            "sSlq",
            "SlqR",
            "lqRC",
            "UuxKndGpUBFnrfYi",
            "uxKndGpUBFnrfYiT",
            "xKndGpUBFnrfYiT1",
            "KndGpUBFnrfYiT1H",
            "ndGpUBFnrfYi",
            "dGpUBFnrfYiT",
            "GpUBFnrfYiT1",
            "pUBFnrfYiT1H",
            "UBFnrfYi",
            "BFnrfYiT",
            "FnrfYiT1",
            "nrfYiT1H",
            "rfYi",
            "fYiT",
            "YiT1",
            "iT1H",
            "oDfhe0G82DZFEbPJ",
            "Dfhe0G82DZFEbPJh",
            "fhe0G82DZFEbPJh6",
            "he0G82DZFEbPJh6l",
            "e0G82DZFEbPJ",
            "0G82DZFEbPJh",
            "G82DZFEbPJh6",
            "82DZFEbPJh6l",
            "2DZFEbPJ",
            "DZFEbPJh",
            "ZFEbPJh6",
            "FEbPJh6l",
            "EbPJ",
            "bPJh",
            "PJh6",
            "Jh6l",
            "djulbdGcbroIlHx8",
            "julbdGcbroIlHx8o",
            "ulbdGcbroIlHx8oQ",
            "lbdGcbroIlHx8oQ6",
            "bdGcbroIlHx8",
            "dGcbroIlHx8o",
            "GcbroIlHx8oQ",
            "cbroIlHx8oQ6",
            "broIlHx8",
            "roIlHx8o",
            "oIlHx8oQ",
            "IlHx8oQ6",
            "lHx8",
            "Hx8o",
            "x8oQ",
            "8oQ6",
            "bJelTmGFPRNlLmnE",
            "JelTmGFPRNlLmnEm",
            "elTmGFPRNlLmnEm9",
            "lTmGFPRNlLmnEm92",
            "TmGFPRNlLmnE",
            "mGFPRNlLmnEm",
            "GFPRNlLmnEm9",
            "FPRNlLmnEm92",
            "PRNlLmnE",
            "RNlLmnEm",
            "NlLmnEm9",
            "lLmnEm92",
            "LmnE",
            "mnEm",
            "nEm9",
            "Em92",
            "BDL78LG0of0B29ht",
            "DL78LG0of0B29htw",
            "L78LG0of0B29htwR",
            "78LG0of0B29htwRd",
            "8LG0of0B29ht",
            "LG0of0B29htw",
            "G0of0B29htwR",
            "0of0B29htwRd",
            "of0B29ht",
            "f0B29htw",
            "0B29htwR",
            "B29htwRd",
            "29ht",
            "9htw",
            "htwR",
            "twRd",
            "idXdi7GOMKmnSq6M",
            "dXdi7GOMKmnSq6MR",
            "Xdi7GOMKmnSq6MRZ",
            "di7GOMKmnSq6MRZn",
            "i7GOMKmnSq6M",
            "7GOMKmnSq6MR",
            "GOMKmnSq6MRZ",
            "OMKmnSq6MRZn",
            "MKmnSq6M",
            "KmnSq6MR",
            "mnSq6MRZ",
            "nSq6MRZn",
            "Sq6M",
            "q6MR",
            "6MRZ",
            "MRZn",
            "IsbCYAGjWjB0hqJh",
            "sbCYAGjWjB0hqJhX",
            "bCYAGjWjB0hqJhXD",
            "CYAGjWjB0hqJhXDM",
            "YAGjWjB0hqJh",
            "AGjWjB0hqJhX",
            "GjWjB0hqJhXD",
            "jWjB0hqJhXDM",
            "WjB0hqJh",
            "jB0hqJhX",
            "B0hqJhXD",
            "0hqJhXDM",
            "hqJh",
            "qJhX",
            "JhXD",
            "hXDM",
            "Hw8qiGGQU58JxMnu",
            "w8qiGGQU58JxMnuS",
            "8qiGGQU58JxMnuST",
            "qiGGQU58JxMnuSTj",
            "iGGQU58JxMnu",
            "GGQU58JxMnuS",
            "GQU58JxMnuST",
            "QU58JxMnuSTj",
            "U58JxMnu",
            "58JxMnuS",
            "8JxMnuST",
            "JxMnuSTj",
            "xMnu",
            "MnuS",
            "nuST",
            "uSTj",
            "P2umuYGt6ReeNetb",
            "2umuYGt6ReeNetbX",
            "umuYGt6ReeNetbX8",
            "muYGt6ReeNetbX8i",
            "uYGt6ReeNetb",
            "YGt6ReeNetbX",
            "Gt6ReeNetbX8",
            "t6ReeNetbX8i",
            "6ReeNetb",
            "ReeNetbX",
            "eeNetbX8",
            "eNetbX8i",
            "Netb",
            "etbX",
            "tbX8",
            "bX8i",
            "DLfg5xGCda1seJdh",
            "Lfg5xGCda1seJdhN",
            "fg5xGCda1seJdhNx",
            "g5xGCda1seJdhNxd",
            "5xGCda1seJdh",
            "xGCda1seJdhN",
            "GCda1seJdhNx",
            "Cda1seJdhNxd",
            "da1seJdh",
            "a1seJdhN",
            "1seJdhNx",
            "seJdhNxd",
            "eJdh",
            "JdhN",
            "dhNx",
            "hNxd",
            "d9qAAwGxM3GTCU8l",
            "9qAAwGxM3GTCU8lf",
            "qAAwGxM3GTCU8lf2",
            "AAwGxM3GTCU8lf2X",
            "AwGxM3GTCU8l",
            "wGxM3GTCU8lf",
            "GxM3GTCU8lf2",
            "xM3GTCU8lf2X",
            "M3GTCU8l",
            "3GTCU8lf",
            "GTCU8lf2",
            "TCU8lf2X",
            "CU8l",
            "U8lf",
            "8lf2",
            "lf2X",
            "dwD5BFlVSbcEVTZJ",
            "wD5BFlVSbcEVTZJm",
            "D5BFlVSbcEVTZJmY",
            "5BFlVSbcEVTZJmYb",
            "BFlVSbcEVTZJ",
            "FlVSbcEVTZJm",
            "lVSbcEVTZJmY",
            "VSbcEVTZJmYb",
            "SbcEVTZJ",
            "bcEVTZJm",
            "cEVTZJmY",
            "EVTZJmYb",
            "VTZJ",
            "TZJm",
            "ZJmY",
            "JmYb",
            "qb9UbhlnMajOf4na",
            "b9UbhlnMajOf4naE",
            "9UbhlnMajOf4naEm",
            "UbhlnMajOf4naEms",
            "bhlnMajOf4na",
            "hlnMajOf4naE",
            "lnMajOf4naEm",
            "nMajOf4naEms",
            "MajOf4na",
            "ajOf4naE",
            "jOf4naEm",
            "Of4naEms",
            "f4na",
            "4naE",
            "naEm",
            "aEms",
            "tkEP9AlZBnRnCBiR",
            "kEP9AlZBnRnCBiRa",
            "EP9AlZBnRnCBiRaP",
            "P9AlZBnRnCBiRaPv",
            "9AlZBnRnCBiR",
            "AlZBnRnCBiRa",
            "lZBnRnCBiRaP",
            "ZBnRnCBiRaPv",
            "BnRnCBiR",
            "nRnCBiRa",
            "RnCBiRaP",
            "nCBiRaPv",
            "CBiR",
            "BiRa",
            "iRaP",
            "RaPv",
            "RAq0UolWatajXeQC",
            "Aq0UolWatajXeQCg",
            "q0UolWatajXeQCgx",
            "0UolWatajXeQCgxx",
            "UolWatajXeQC",
            "olWatajXeQCg",
            "lWatajXeQCgx",
            "WatajXeQCgxx",
            "atajXeQC",
            "tajXeQCg",
            "ajXeQCgx",
            "jXeQCgxx",
            "XeQC",
            "eQCg",
            "QCgx",
            "Cgxx",
            "vqx3TflsRqkvooLS",
            "qx3TflsRqkvooLSp",
            "x3TflsRqkvooLSpG",
            "3TflsRqkvooLSpGA",
            "TflsRqkvooLS",
            "flsRqkvooLSp",
            "lsRqkvooLSpG",
            "sRqkvooLSpGA",
            "RqkvooLS",
            "qkvooLSp",
            "kvooLSpG",
            "vooLSpGA",
            "ooLS",
            "oLSp",
            "LSpG",
            "SpGA",
            "GEJkIQlhvkOsLULk",
            "EJkIQlhvkOsLULky",
            "JkIQlhvkOsLULkyM",
            "kIQlhvkOsLULkyM1",
            "IQlhvkOsLULk",
            "QlhvkOsLULky",
            "lhvkOsLULkyM",
            "hvkOsLULkyM1",
            "vkOsLULk",
            "kOsLULky",
            "OsLULkyM",
            "sLULkyM1",
            "LULk",
            "ULky",
            "LkyM",
            "kyM1",
            "beDwP3lKXmAFqmYw",
            "eDwP3lKXmAFqmYwS",
            "DwP3lKXmAFqmYwSM",
            "wP3lKXmAFqmYwSMk",
            "P3lKXmAFqmYw",
            "3lKXmAFqmYwS",
            "lKXmAFqmYwSM",
            "KXmAFqmYwSMk",
            "XmAFqmYw",
            "mAFqmYwS",
            "AFqmYwSM",
            "FqmYwSMk",
            "qmYw",
            "mYwS",
            "YwSM",
            "wSMk",
            "Bi5mGYlr07gqnsiE",
            "i5mGYlr07gqnsiE5",
            "5mGYlr07gqnsiE53",
            "mGYlr07gqnsiE53i",
            "GYlr07gqnsiE",
            "Ylr07gqnsiE5",
            "lr07gqnsiE53",
            "r07gqnsiE53i",
            "07gqnsiE",
            "7gqnsiE5",
            "gqnsiE53",
            "qnsiE53i",
            "nsiE",
            "siE5",
            "iE53",
            "E53i",
            "lNd5sJleolUwKn7b",
            "Nd5sJleolUwKn7bn",
            "d5sJleolUwKn7bnw",
            "5sJleolUwKn7bnw3",
            "sJleolUwKn7b",
            "JleolUwKn7bn",
            "leolUwKn7bnw",
            "eolUwKn7bnw3",
            "olUwKn7b",
            "lUwKn7bn",
            "UwKn7bnw",
            "wKn7bnw3",
            "Kn7b",
            "n7bn",
            "7bnw",
            "bnw3",
            "H0JEVJlGodu0emAC",
            "0JEVJlGodu0emACv",
            "JEVJlGodu0emACvy",
            "EVJlGodu0emACvyW",
            "VJlGodu0emAC",
            "JlGodu0emACv",
            "lGodu0emACvy",
            "Godu0emACvyW",
            "odu0emAC",
            "du0emACv",
            "u0emACvy",
            "0emACvyW",
            "emAC",
            "mACv",
            "ACvy",
            "CvyW",
            "wpfYGDlIeTMVrcQe",
            "pfYGDlIeTMVrcQeE",
            "fYGDlIeTMVrcQeEQ",
            "YGDlIeTMVrcQeEQX",
            "GDlIeTMVrcQe",
            "DlIeTMVrcQeE",
            "lIeTMVrcQeEQ",
            "IeTMVrcQeEQX",
            "eTMVrcQe",
            "TMVrcQeE",
            "MVrcQeEQ",
            "VrcQeEQX",
            "rcQe",
            "cQeE",
            "QeEQ",
            "eEQX",
            "XngvpjlRNdh7QtUB",
            "ngvpjlRNdh7QtUBI",
            "gvpjlRNdh7QtUBIN",
            "vpjlRNdh7QtUBINZ",
            "pjlRNdh7QtUB",
            "jlRNdh7QtUBI",
            "lRNdh7QtUBIN",
            "RNdh7QtUBINZ",
            "Ndh7QtUB",
            "dh7QtUBI",
            "h7QtUBIN",
            "7QtUBINZ",
            "QtUB",
            "tUBI",
            "UBIN",
            "BINZ",
            "iuEEPwl5teTI37uF",
            "uEEPwl5teTI37uFq",
            "EEPwl5teTI37uFq9",
            "EPwl5teTI37uFq9f",
            "Pwl5teTI37uF",
            "wl5teTI37uFq",
            "l5teTI37uFq9",
            "5teTI37uFq9f",
            "teTI37uF",
            "eTI37uFq",
            "TI37uFq9",
            "I37uFq9f",
            "37uF",
            "7uFq",
            "uFq9",
            "Fq9f",
            "VMTmrElmIvEjhC5F",
            "MTmrElmIvEjhC5Fu",
            "TmrElmIvEjhC5FuT",
            "mrElmIvEjhC5FuTB",
            "rElmIvEjhC5F",
            "ElmIvEjhC5Fu",
            "lmIvEjhC5FuT",
            "mIvEjhC5FuTB",
            "IvEjhC5F",
            "vEjhC5Fu",
            "EjhC5FuT",
            "jhC5FuTB",
            "hC5F",
            "C5Fu",
            "5FuT",
            "FuTB",
            "bu60Qkl4Ya3sLo7F",
            "u60Qkl4Ya3sLo7FK",
            "60Qkl4Ya3sLo7FKe",
            "0Qkl4Ya3sLo7FKeY",
            "Qkl4Ya3sLo7F",
            "kl4Ya3sLo7FK",
            "l4Ya3sLo7FKe",
            "4Ya3sLo7FKeY",
            "Ya3sLo7F",
            "a3sLo7FK",
            "3sLo7FKe",
            "sLo7FKeY",
            "Lo7F",
            "o7FK",
            "7FKe",
            "FKeY",
            "EeKPRjl1pYCAALtq",
            "eKPRjl1pYCAALtqN",
            "KPRjl1pYCAALtqNl",
            "PRjl1pYCAALtqNll",
            "Rjl1pYCAALtq",
            "jl1pYCAALtqN",
            "l1pYCAALtqNl",
            "1pYCAALtqNll",
            "pYCAALtq",
            "YCAALtqN",
            "CAALtqNl",
            "AALtqNll",
            "ALtq",
            "LtqN",
            "tqNl",
            "qNll",
            "BjJUDAlq2JGIDsvc",
            "jJUDAlq2JGIDsvc7",
            "JUDAlq2JGIDsvc72",
            "UDAlq2JGIDsvc72g",
            "DAlq2JGIDsvc",
            "Alq2JGIDsvc7",
            "lq2JGIDsvc72",
            "q2JGIDsvc72g",
            "2JGIDsvc",
            "JGIDsvc7",
            "GIDsvc72",
            "IDsvc72g",
            "Dsvc",
            "svc7",
            "vc72",
            "c72g",
            "mi7VRtlYALtt23nv",
            "i7VRtlYALtt23nva",
            "7VRtlYALtt23nvaw",
            "VRtlYALtt23nvaw3",
            "RtlYALtt23nv",
            "tlYALtt23nva",
            "lYALtt23nvaw",
            "YALtt23nvaw3",
            "ALtt23nv",
            "Ltt23nva",
            "tt23nvaw",
            "t23nvaw3",
            "23nv",
            "3nva",
            "nvaw",
            "vaw3",
            "PbT7LWlucWjBsHBR",
            "bT7LWlucWjBsHBRc",
            "T7LWlucWjBsHBRcg",
            "7LWlucWjBsHBRcgg",
            "LWlucWjBsHBR",
            "WlucWjBsHBRc",
            "lucWjBsHBRcg",
            "ucWjBsHBRcgg",
            "cWjBsHBR",
            "WjBsHBRc",
            "jBsHBRcg",
            "BsHBRcgg",
            "sHBR",
            "HBRc",
            "BRcg",
            "Rcgg",
            "yQwEDGl3FBkoNK7Y",
            "QwEDGl3FBkoNK7Yx",
            "wEDGl3FBkoNK7YxV",
            "EDGl3FBkoNK7YxVV",
            "DGl3FBkoNK7Y",
            "Gl3FBkoNK7Yx",
            "l3FBkoNK7YxV",
            "3FBkoNK7YxVV",
            "FBkoNK7Y",
            "BkoNK7Yx",
            "koNK7YxV",
            "oNK7YxVV",
            "NK7Y",
            "K7Yx",
            "7YxV",
            "YxVV",
            "MXMN61lpbcTboB84",
            "XMN61lpbcTboB84a",
            "MN61lpbcTboB84aa",
            "N61lpbcTboB84aa5",
            "61lpbcTboB84",
            "1lpbcTboB84a",
            "lpbcTboB84aa",
            "pbcTboB84aa5",
            "bcTboB84",
            "cTboB84a",
            "TboB84aa",
            "boB84aa5",
            "oB84",
            "B84a",
            "84aa",
            "4aa5",
            "IUvfMWl8lDbtFWrF",
            "UvfMWl8lDbtFWrFx",
            "vfMWl8lDbtFWrFxp",
            "fMWl8lDbtFWrFxpG",
            "MWl8lDbtFWrF",
            "Wl8lDbtFWrFx",
            "l8lDbtFWrFxp",
            "8lDbtFWrFxpG",
            "lDbtFWrF",
            "DbtFWrFx",
            "btFWrFxp",
            "tFWrFxpG",
            "FWrF",
            "WrFx",
            "rFxp",
            "FxpG",
            "nL7D4glc6yKQOfVj",
            "L7D4glc6yKQOfVjq",
            "7D4glc6yKQOfVjqm",
            "D4glc6yKQOfVjqmI",
            "4glc6yKQOfVj",
            "glc6yKQOfVjq",
            "lc6yKQOfVjqm",
            "c6yKQOfVjqmI",
            "6yKQOfVj",
            "yKQOfVjq",
            "KQOfVjqm",
            "QOfVjqmI",
            "OfVj",
            "fVjq",
            "Vjqm",
            "jqmI",
            "iINn56lFFgdWRQoJ",
            "INn56lFFgdWRQoJq",
            "Nn56lFFgdWRQoJqS",
            "n56lFFgdWRQoJqSk",
            "56lFFgdWRQoJ",
            "6lFFgdWRQoJq",
            "lFFgdWRQoJqS",
            "FFgdWRQoJqSk",
            "FgdWRQoJ",
            "gdWRQoJq",
            "dWRQoJqS",
            "WRQoJqSk",
            "RQoJ",
            "QoJq",
            "oJqS",
            "JqSk",
            "Vd82gml0O47Dy4Is",
            "d82gml0O47Dy4Isv",
            "82gml0O47Dy4Isvo",
            "2gml0O47Dy4IsvoH",
            "gml0O47Dy4Is",
            "ml0O47Dy4Isv",
            "l0O47Dy4Isvo",
            "0O47Dy4IsvoH",
            "O47Dy4Is",
            "47Dy4Isv",
            "7Dy4Isvo",
            "Dy4IsvoH",
            "y4Is",
            "4Isv",
            "Isvo",
            "svoH",
            "dErCUhlOnPf5DaX2",
            "ErCUhlOnPf5DaX2M",
            "rCUhlOnPf5DaX2Mh",
            "CUhlOnPf5DaX2MhQ",
            "UhlOnPf5DaX2",
            "hlOnPf5DaX2M",
            "lOnPf5DaX2Mh",
            "OnPf5DaX2MhQ",
            "nPf5DaX2",
            "Pf5DaX2M",
            "f5DaX2Mh",
            "5DaX2MhQ",
            "DaX2",
            "aX2M",
            "X2Mh",
            "2MhQ",
            "RV1ruxlj87A58hy4",
            "V1ruxlj87A58hy4W",
            "1ruxlj87A58hy4W1",
            "ruxlj87A58hy4W1p",
            "uxlj87A58hy4",
            "xlj87A58hy4W",
            "lj87A58hy4W1",
            "j87A58hy4W1p",
            "87A58hy4",
            "7A58hy4W",
            "A58hy4W1",
            "58hy4W1p",
            "8hy4",
            "hy4W",
            "y4W1",
            "4W1p",
            "ysCBgulQLVV3QIye",
            "sCBgulQLVV3QIyev",
            "CBgulQLVV3QIyevR",
            "BgulQLVV3QIyevRs",
            "gulQLVV3QIye",
            "ulQLVV3QIyev",
            "lQLVV3QIyevR",
            "QLVV3QIyevRs",
            "LVV3QIye",
            "VV3QIyev",
            "V3QIyevR",
            "3QIyevRs",
            "QIye",
            "Iyev",
            "yevR",
            "evRs",
            "D8cnT3ltIB3GCJ9D",
            "8cnT3ltIB3GCJ9Dm",
            "cnT3ltIB3GCJ9DmG",
            "nT3ltIB3GCJ9DmGV",
            "T3ltIB3GCJ9D",
            "3ltIB3GCJ9Dm",
            "ltIB3GCJ9DmG",
            "tIB3GCJ9DmGV",
            "IB3GCJ9D",
            "B3GCJ9Dm",
            "3GCJ9DmG",
            "GCJ9DmGV",
            "CJ9D",
            "J9Dm",
            "9DmG",
            "DmGV",
            "o9QbZ6lCGHIYeQI6",
            "9QbZ6lCGHIYeQI66",
            "QbZ6lCGHIYeQI66S",
            "bZ6lCGHIYeQI66Sf",
            "Z6lCGHIYeQI6",
            "6lCGHIYeQI66",
            "lCGHIYeQI66S",
            "CGHIYeQI66Sf",
            "GHIYeQI6",
            "HIYeQI66",
            "IYeQI66S",
            "YeQI66Sf",
            "eQI6",
            "QI66",
            "I66S",
            "66Sf",
            "HmyY5OlxVgfsu2kS",
            "myY5OlxVgfsu2kS2",
            "yY5OlxVgfsu2kS2C",
            "Y5OlxVgfsu2kS2CL",
            "5OlxVgfsu2kS",
            "OlxVgfsu2kS2",
            "lxVgfsu2kS2C",
            "xVgfsu2kS2CL",
            "Vgfsu2kS",
            "gfsu2kS2",
            "fsu2kS2C",
            "su2kS2CL",
            "u2kS",
            "2kS2",
            "kS2C",
            "S2CL",
            "xB0SDlIVE8M2TYqc",
            "B0SDlIVE8M2TYqcs",
            "0SDlIVE8M2TYqcsL",
            "SDlIVE8M2TYqcsLX",
            "DlIVE8M2TYqc",
            "lIVE8M2TYqcs",
            "IVE8M2TYqcsL",
            "VE8M2TYqcsLX",
            "E8M2TYqc",
            "8M2TYqcs",
            "M2TYqcsL",
            "2TYqcsLX",
            "TYqc",
            "Yqcs",
            "qcsL",
            "csLX",
            "kFhsUiInpNdcDrob",
            "FhsUiInpNdcDrobB",
            "hsUiInpNdcDrobBf",
            "sUiInpNdcDrobBfi",
            "UiInpNdcDrob",
            "iInpNdcDrobB",
            "InpNdcDrobBf",
            "npNdcDrobBfi",
            "pNdcDrob",
            "NdcDrobB",
            "dcDrobBf",
            "cDrobBfi",
            "Drob",
            "robB",
            "obBf",
            "bBfi",
            "jjtomNIZ57cv4IuV",
            "jtomNIZ57cv4IuVi",
            "tomNIZ57cv4IuVid",
            "omNIZ57cv4IuVidb",
            "mNIZ57cv4IuV",
            "NIZ57cv4IuVi",
            "IZ57cv4IuVid",
            "Z57cv4IuVidb",
            "57cv4IuV",
            "7cv4IuVi",
            "cv4IuVid",
            "v4IuVidb",
            "4IuV",
            "IuVi",
            "uVid",
            "Vidb",
            "Gj8VpfIW09A9aX7h",
            "j8VpfIW09A9aX7h4",
            "8VpfIW09A9aX7h4V",
            "VpfIW09A9aX7h4VI",
            "pfIW09A9aX7h",
            "fIW09A9aX7h4",
            "IW09A9aX7h4V",
            "W09A9aX7h4VI",
            "09A9aX7h",
            "9A9aX7h4",
            "A9aX7h4V",
            "9aX7h4VI",
            "aX7h",
            "X7h4",
            "7h4V",
            "h4VI",
            "cPqEG7IsYReEGbm4",
            "PqEG7IsYReEGbm4A",
            "qEG7IsYReEGbm4AH",
            "EG7IsYReEGbm4AHL",
            "G7IsYReEGbm4",
            "7IsYReEGbm4A",
            "IsYReEGbm4AH",
            "sYReEGbm4AHL",
            "YReEGbm4",
            "ReEGbm4A",
            "eEGbm4AH",
            "EGbm4AHL",
            "Gbm4",
            "bm4A",
            "m4AH",
            "4AHL",
            "n0qdBOIhGIuEqvpU",
            "0qdBOIhGIuEqvpUr",
            "qdBOIhGIuEqvpUrZ",
            "dBOIhGIuEqvpUrZC",
            "BOIhGIuEqvpU",
            "OIhGIuEqvpUr",
            "IhGIuEqvpUrZ",
            "hGIuEqvpUrZC",
            "GIuEqvpU",
            "IuEqvpUr",
            "uEqvpUrZ",
            "EqvpUrZC",
            "qvpU",
            "vpUr",
            "pUrZ",
            "UrZC",
            "vyeAVIIKBRitfYnF",
            "yeAVIIKBRitfYnFm",
            "eAVIIKBRitfYnFmg",
            "AVIIKBRitfYnFmgd",
            "VIIKBRitfYnF",
            "IIKBRitfYnFm",
            "IKBRitfYnFmg",
            "KBRitfYnFmgd",
            "BRitfYnF",
            "RitfYnFm",
            "itfYnFmg",
            "tfYnFmgd",
            "fYnF",
            "YnFm",
            "nFmg",
            "Fmgd",
            "OHWs1cIrF8VORxxd",
            "HWs1cIrF8VORxxd9",
            "Ws1cIrF8VORxxd92",
            "s1cIrF8VORxxd92c",
            "1cIrF8VORxxd",
            "cIrF8VORxxd9",
            "IrF8VORxxd92",
            "rF8VORxxd92c",
            "F8VORxxd",
            "8VORxxd9",
            "VORxxd92",
            "ORxxd92c",
            "Rxxd",
            "xxd9",
            "xd92",
            "d92c",
            "L5crm3IeNcRWUAXj",
            "5crm3IeNcRWUAXjK",
            "crm3IeNcRWUAXjKd",
            "rm3IeNcRWUAXjKdy",
            "m3IeNcRWUAXj",
            "3IeNcRWUAXjK",
            "IeNcRWUAXjKd",
            "eNcRWUAXjKdy",
            "NcRWUAXj",
            "cRWUAXjK",
            "RWUAXjKd",
            "WUAXjKdy",
            "UAXj",
            "AXjK",
            "XjKd",
            "jKdy",
            "t8x7usIGdRAoo5mQ",
            "8x7usIGdRAoo5mQp",
            "x7usIGdRAoo5mQpm",
            "7usIGdRAoo5mQpmp",
            "usIGdRAoo5mQ",
            "sIGdRAoo5mQp",
            "IGdRAoo5mQpm",
            "GdRAoo5mQpmp",
            "dRAoo5mQ",
            "RAoo5mQp",
            "Aoo5mQpm",
            "oo5mQpmp",
            "o5mQ",
            "5mQp",
            "mQpm",
            "Qpmp",
            "OFDNmpIIJoZAJTvW",
            "FDNmpIIJoZAJTvWd",
            "DNmpIIJoZAJTvWdR",
            "NmpIIJoZAJTvWdRl",
            "mpIIJoZAJTvW",
            "pIIJoZAJTvWd",
            "IIJoZAJTvWdR",
            "IJoZAJTvWdRl",
            "JoZAJTvW",
            "oZAJTvWd",
            "ZAJTvWdR",
            "AJTvWdRl",
            "JTvW",
            "TvWd",
            "vWdR",
            "WdRl",
            "g5CxwOIRP8Ijn7K4",
            "5CxwOIRP8Ijn7K4x",
            "CxwOIRP8Ijn7K4xC",
            "xwOIRP8Ijn7K4xC7",
            "wOIRP8Ijn7K4",
            "OIRP8Ijn7K4x",
            "IRP8Ijn7K4xC",
            "RP8Ijn7K4xC7",
            "P8Ijn7K4",
            "8Ijn7K4x",
            "Ijn7K4xC",
            "jn7K4xC7",
            "n7K4",
            "7K4x",
            "K4xC",
            "4xC7",
            "nxIdXJI5hrcSKZ39",
            "xIdXJI5hrcSKZ39O",
            "IdXJI5hrcSKZ39OD",
            "dXJI5hrcSKZ39ODq",
            "XJI5hrcSKZ39",
            "JI5hrcSKZ39O",
            "I5hrcSKZ39OD",
            "5hrcSKZ39ODq",
            "hrcSKZ39",
            "rcSKZ39O",
            "cSKZ39OD",
            "SKZ39ODq",
            "KZ39",
            "Z39O",
            "39OD",
            "9ODq",
            "BDond8Imd8OgN3Ky",
            "Dond8Imd8OgN3KyZ",
            "ond8Imd8OgN3KyZW",
            "nd8Imd8OgN3KyZWh",
            "d8Imd8OgN3Ky",
            "8Imd8OgN3KyZ",
            "Imd8OgN3KyZW",
            "md8OgN3KyZWh",
            "d8OgN3Ky",
            "8OgN3KyZ",
            "OgN3KyZW",
            "gN3KyZWh",
            "N3Ky",
            "3KyZ",
            "KyZW",
            "yZWh",
            "HNRi13I4pEK8xLZJ",
            "NRi13I4pEK8xLZJe",
            "Ri13I4pEK8xLZJeG",
            "i13I4pEK8xLZJeGP",
            "13I4pEK8xLZJ",
            "3I4pEK8xLZJe",
            "I4pEK8xLZJeG",
            "4pEK8xLZJeGP",
            "pEK8xLZJ",
            "EK8xLZJe",
            "K8xLZJeG",
            "8xLZJeGP",
            "xLZJ",
            "LZJe",
            "ZJeG",
            "JeGP",
            "RhsJSoI1EVdnAeAS",
            "hsJSoI1EVdnAeASc",
            "sJSoI1EVdnAeAScn",
            "JSoI1EVdnAeAScnx",
            "SoI1EVdnAeAS",
            "oI1EVdnAeASc",
            "I1EVdnAeAScn",
            "1EVdnAeAScnx",
            "EVdnAeAS",
            "VdnAeASc",
            "dnAeAScn",
            "nAeAScnx",
            "AeAS",
            "eASc",
            "AScn",
            "Scnx",
            "GaKtxXIqMOGG7EiD",
            "aKtxXIqMOGG7EiDT",
            "KtxXIqMOGG7EiDT2",
            "txXIqMOGG7EiDT2i",
            "xXIqMOGG7EiD",
            "XIqMOGG7EiDT",
            "IqMOGG7EiDT2",
            "qMOGG7EiDT2i",
            "MOGG7EiD",
            "OGG7EiDT",
            "GG7EiDT2",
            "G7EiDT2i",
            "7EiD",
            "EiDT",
            "iDT2",
            "DT2i",
            "STPEKkIYbBrs8sKw",
            "TPEKkIYbBrs8sKw0",
            "PEKkIYbBrs8sKw0w",
            "EKkIYbBrs8sKw0ws",
            "KkIYbBrs8sKw",
            "kIYbBrs8sKw0",
            "IYbBrs8sKw0w",
            "YbBrs8sKw0ws",
            "bBrs8sKw",
            "Brs8sKw0",
            "rs8sKw0w",
            "s8sKw0ws",
            "8sKw",
            "sKw0",
            "Kw0w",
            "w0ws",
            "jetMm3IuCme2GmBP",
            "etMm3IuCme2GmBPi",
            "tMm3IuCme2GmBPiX",
            "Mm3IuCme2GmBPiXS",
            "m3IuCme2GmBP",
            "3IuCme2GmBPi",
            "IuCme2GmBPiX",
            "uCme2GmBPiXS",
            "Cme2GmBP",
            "me2GmBPi",
            "e2GmBPiX",
            "2GmBPiXS",
            "GmBP",
            "mBPi",
            "BPiX",
            "PiXS",
            "siCDZoI3RQ7xrHgj",
            "iCDZoI3RQ7xrHgj0",
            "CDZoI3RQ7xrHgj0n",
            "DZoI3RQ7xrHgj0nZ",
            "ZoI3RQ7xrHgj",
            "oI3RQ7xrHgj0",
            "I3RQ7xrHgj0n",
            "3RQ7xrHgj0nZ",
            "RQ7xrHgj",
            "Q7xrHgj0",
            "7xrHgj0n",
            "xrHgj0nZ",
            "rHgj",
            "Hgj0",
            "gj0n",
            "j0nZ",
            "m4OymgIp6ttwtu4b",
            "4OymgIp6ttwtu4be",
            "OymgIp6ttwtu4beZ",
            "ymgIp6ttwtu4beZa",
            "mgIp6ttwtu4b",
            "gIp6ttwtu4be",
            "Ip6ttwtu4beZ",
            "p6ttwtu4beZa",
            "6ttwtu4b",
            "ttwtu4be",
            "twtu4beZ",
            "wtu4beZa",
            "tu4b",
            "u4be",
            "4beZ",
            "beZa",
            "TPu0LOI8S2oC0Llg",
            "Pu0LOI8S2oC0LlgU",
            "u0LOI8S2oC0LlgUf",
            "0LOI8S2oC0LlgUfd",
            "LOI8S2oC0Llg",
            "OI8S2oC0LlgU",
            "I8S2oC0LlgUf",
            "8S2oC0LlgUfd",
            "S2oC0Llg",
            "2oC0LlgU",
            "oC0LlgUf",
            "C0LlgUfd",
            "0Llg",
            "LlgU",
            "lgUf",
            "gUfd",
            "zCj3NhIcSpm63hKK",
            "Cj3NhIcSpm63hKKG",
            "j3NhIcSpm63hKKGH",
            "3NhIcSpm63hKKGHP",
            "NhIcSpm63hKK",
            "hIcSpm63hKKG",
            "IcSpm63hKKGH",
            "cSpm63hKKGHP",
            "Spm63hKK",
            "pm63hKKG",
            "m63hKKGH",
            "63hKKGHP",
            "3hKK",
            "hKKG",
            "KKGH",
            "KGHP",
            "xh8cGIIFxILlC8ZL",
            "h8cGIIFxILlC8ZLX",
            "8cGIIFxILlC8ZLXg",
            "cGIIFxILlC8ZLXgE",
            "GIIFxILlC8ZL",
            "IIFxILlC8ZLX",
            "IFxILlC8ZLXg",
            "FxILlC8ZLXgE",
            "xILlC8ZL",
            "ILlC8ZLX",
            "LlC8ZLXg",
            "lC8ZLXgE",
            "C8ZL",
            "8ZLX",
            "ZLXg",
            "LXgE",
            "LrXB1GI0QWLv9kLg",
            "rXB1GI0QWLv9kLgH",
            "XB1GI0QWLv9kLgH7",
            "B1GI0QWLv9kLgH7Y",
            "1GI0QWLv9kLg",
            "GI0QWLv9kLgH",
            "I0QWLv9kLgH7",
            "0QWLv9kLgH7Y",
            "QWLv9kLg",
            "WLv9kLgH",
            "Lv9kLgH7",
            "v9kLgH7Y",
            "9kLg",
            "kLgH",
            "LgH7",
            "gH7Y",
            "cxBRXyIOWoB8S8j0",
            "xBRXyIOWoB8S8j0b",
            "BRXyIOWoB8S8j0bK",
            "RXyIOWoB8S8j0bKC",
            "XyIOWoB8S8j0",
            "yIOWoB8S8j0b",
            "IOWoB8S8j0bK",
            "OWoB8S8j0bKC",
            "WoB8S8j0",
            "oB8S8j0b",
            "B8S8j0bK",
            "8S8j0bKC",
            "S8j0",
            "8j0b",
            "j0bK",
            "0bKC",
            "jdYAy3IjjXrJE8Sl",
            "dYAy3IjjXrJE8Slx",
            "YAy3IjjXrJE8SlxT",
            "Ay3IjjXrJE8SlxTY",
            "y3IjjXrJE8Sl",
            "3IjjXrJE8Slx",
            "IjjXrJE8SlxT",
            "jjXrJE8SlxTY",
            "jXrJE8Sl",
            "XrJE8Slx",
            "rJE8SlxT",
            "JE8SlxTY",
            "E8Sl",
            "8Slx",
            "SlxT",
            "lxTY",
            "kXc7DLIQKMlO07BR",
            "Xc7DLIQKMlO07BR7",
            "c7DLIQKMlO07BR7J",
            "7DLIQKMlO07BR7Jw",
            "DLIQKMlO07BR",
            "LIQKMlO07BR7",
            "IQKMlO07BR7J",
            "QKMlO07BR7Jw",
            "KMlO07BR",
            "MlO07BR7",
            "lO07BR7J",
            "O07BR7Jw",
            "07BR",
            "7BR7",
            "BR7J",
            "R7Jw",
            "OngmyOItRKm97bXZ",
            "ngmyOItRKm97bXZH",
            "gmyOItRKm97bXZHg",
            "myOItRKm97bXZHgZ",
            "yOItRKm97bXZ",
            "OItRKm97bXZH",
            "ItRKm97bXZHg",
            "tRKm97bXZHgZ",
            "RKm97bXZ",
            "Km97bXZH",
            "m97bXZHg",
            "97bXZHgZ",
            "7bXZ",
            "bXZH",
            "XZHg",
            "ZHgZ",
            "loIVacIC5ap44CAM",
            "oIVacIC5ap44CAMa",
            "IVacIC5ap44CAMaS",
            "VacIC5ap44CAMaSA",
            "acIC5ap44CAM",
            "cIC5ap44CAMa",
            "IC5ap44CAMaS",
            "C5ap44CAMaSA",
            "5ap44CAM",
            "ap44CAMa",
            "p44CAMaS",
            "44CAMaSA",
            "4CAM",
            "CAMa",
            "AMaS",
            "MaSA",
            "OwdNTvIxTfNWQ0X1",
            "wdNTvIxTfNWQ0X1Q",
            "dNTvIxTfNWQ0X1QM",
            "NTvIxTfNWQ0X1QMa",
            "TvIxTfNWQ0X1",
            "vIxTfNWQ0X1Q",
            "IxTfNWQ0X1QM",
            "xTfNWQ0X1QMa",
            "TfNWQ0X1",
            "fNWQ0X1Q",
            "NWQ0X1QM",
            "WQ0X1QMa",
            "Q0X1",
            "0X1Q",
            "X1QM",
            "1QMa",
            "km4DQ5LVCSDvKgHw",
            "m4DQ5LVCSDvKgHw1",
            "4DQ5LVCSDvKgHw19",
            "DQ5LVCSDvKgHw19h",
            "Q5LVCSDvKgHw",
            "5LVCSDvKgHw1",
            "LVCSDvKgHw19",
            "VCSDvKgHw19h",
            "CSDvKgHw",
            "SDvKgHw1",
            "DvKgHw19",
            "vKgHw19h",
            "KgHw",
            "gHw1",
            "Hw19",
            "w19h",
            "m8DE78A63BFBEA70",
            "8DE78A63BFBE",
            "DE78A63BFBEA",
            "E78A63BFBEA7",
            "78A63BFBEA70",
            "8A63BFBE",
            "A63BFBEA",
            "63BFBEA7",
            "3BFBEA70",
            "BFBE",
            "FBEA",
            "BEA7",
            "EA70",
            "ccto",
            "QG3SIDL72Z0LWjLs",
            "G3SIDL72Z0LWjLsw",
            "3SIDL72Z0LWjLswB",
            "SIDL72Z0LWjLswBe",
            "IDL72Z0LWjLs",
            "DL72Z0LWjLsw",
            "L72Z0LWjLswB",
            "72Z0LWjLswBe",
            "2Z0LWjLs",
            "Z0LWjLsw",
            "0LWjLswB",
            "LWjLswBe",
            "WjLs",
            "jLsw",
            "LswB",
            "swBe",
            "Ghwgc4LW7yD5E7ln",
            "hwgc4LW7yD5E7lnk",
            "wgc4LW7yD5E7lnkh",
            "gc4LW7yD5E7lnkhj",
            "c4LW7yD5E7ln",
            "4LW7yD5E7lnk",
            "LW7yD5E7lnkh",
            "W7yD5E7lnkhj",
            "7yD5E7ln",
            "yD5E7lnk",
            "D5E7lnkh",
            "5E7lnkhj",
            "E7ln",
            "7lnk",
            "lnkh",
            "nkhj",
            "w21fV5LNgjFfcjOL",
            "21fV5LNgjFfcjOLH",
            "1fV5LNgjFfcjOLH5",
            "fV5LNgjFfcjOLH5X",
            "V5LNgjFfcjOL",
            "5LNgjFfcjOLH",
            "LNgjFfcjOLH5",
            "NgjFfcjOLH5X",
            "gjFfcjOL",
            "jFfcjOLH",
            "FfcjOLH5",
            "fcjOLH5X",
            "cjOL",
            "jOLH",
            "OLH5",
            "LH5X",
            "Vers",
            "ersi",
            "rsio",
            "dnSjoeLsUv7PHNPW",
            "nSjoeLsUv7PHNPWD",
            "SjoeLsUv7PHNPWDZ",
            "joeLsUv7PHNPWDZY",
            "oeLsUv7PHNPW",
            "eLsUv7PHNPWD",
            "LsUv7PHNPWDZ",
            "sUv7PHNPWDZY",
            "Uv7PHNPW",
            "v7PHNPWD",
            "7PHNPWDZ",
            "PHNPWDZY",
            "HNPW",
            "NPWD",
            "PWDZ",
            "WDZY",
            "eZXK6pL6FSAUKMnJ",
            "ZXK6pL6FSAUKMnJi",
            "XK6pL6FSAUKMnJiO",
            "K6pL6FSAUKMnJiOQ",
            "6pL6FSAUKMnJ",
            "pL6FSAUKMnJi",
            "L6FSAUKMnJiO",
            "6FSAUKMnJiOQ",
            "FSAUKMnJ",
            "SAUKMnJi",
            "AUKMnJiO",
            "UKMnJiOQ",
            "KMnJ",
            "MnJi",
            "nJiO",
            "JiOQ",
            "qgVXSPLhIl5ci7ZH",
            "gVXSPLhIl5ci7ZHZ",
            "VXSPLhIl5ci7ZHZA",
            "XSPLhIl5ci7ZHZAB",
            "SPLhIl5ci7ZH",
            "PLhIl5ci7ZHZ",
            "LhIl5ci7ZHZA",
            "hIl5ci7ZHZAB",
            "Il5ci7ZH",
            "l5ci7ZHZ",
            "5ci7ZHZA",
            "ci7ZHZAB",
            "i7ZH",
            "7ZHZ",
            "ZHZA",
            "HZAB",
            "A1wRc4LBZ9ynMaRv",
            "1wRc4LBZ9ynMaRvH",
            "wRc4LBZ9ynMaRvHC",
            "Rc4LBZ9ynMaRvHC4",
            "c4LBZ9ynMaRv",
            "4LBZ9ynMaRvH",
            "LBZ9ynMaRvHC",
            "BZ9ynMaRvHC4",
            "Z9ynMaRv",
            "9ynMaRvH",
            "ynMaRvHC",
            "nMaRvHC4",
            "MaRv",
            "aRvH",
            "RvHC",
            "vHC4",
            "KedTgyFC",
            "edTgyFC3",
            "dTgy",
            "TgyF",
            "gyFC",
            "yFC3",
            "InvalidOperationExceptio",
            "nvalidOperationException",
            "validOperationExcept",
            "alidOperationExcepti",
            "lidOperationExceptio",
            "idOperationException",
            "dOperationExcept",
            "OperationExcepti",
            "perationExceptio",
            "erationException",
            "rationExcept",
            "ationExcepti",
            "tionExceptio",
            "ionException",
            "onExcept",
            "nExcepti",
            "IuSCx5LKPmw8UyqW",
            "uSCx5LKPmw8UyqWa",
            "SCx5LKPmw8UyqWat",
            "Cx5LKPmw8UyqWatm",
            "x5LKPmw8UyqW",
            "5LKPmw8UyqWa",
            "LKPmw8UyqWat",
            "KPmw8UyqWatm",
            "Pmw8UyqW",
            "mw8UyqWa",
            "w8UyqWat",
            "8UyqWatm",
            "UyqW",
            "yqWa",
            "qWat",
            "Watm",
            "d8t9gOLUQmJjnhk5",
            "8t9gOLUQmJjnhk5h",
            "t9gOLUQmJjnhk5h6",
            "9gOLUQmJjnhk5h6F",
            "gOLUQmJjnhk5",
            "OLUQmJjnhk5h",
            "LUQmJjnhk5h6",
            "UQmJjnhk5h6F",
            "QmJjnhk5",
            "mJjnhk5h",
            "Jjnhk5h6",
            "jnhk5h6F",
            "nhk5",
            "hk5h",
            "k5h6",
            "5h6F",
            "MObfuAEx",
            "ObfuAExT",
            "bfuA",
            "fuAE",
            "uAEx",
            "AExT",
            "qx4TvRLroRiXFfNs",
            "x4TvRLroRiXFfNsG",
            "4TvRLroRiXFfNsGW",
            "TvRLroRiXFfNsGWe",
            "vRLroRiXFfNs",
            "RLroRiXFfNsG",
            "LroRiXFfNsGW",
            "roRiXFfNsGWe",
            "oRiXFfNs",
            "RiXFfNsG",
            "iXFfNsGW",
            "XFfNsGWe",
            "FfNs",
            "fNsG",
            "NsGW",
            "sGWe",
            "RZTI4UOp",
            "ZTI4UOpm",
            "TI4U",
            "I4UO",
            "4UOp",
            "UOpm",
            "OHJLigBR",
            "HJLigBRe",
            "JLig",
            "LigB",
            "igBR",
            "gBRe",
            "APTGwrQu",
            "PTGwrQuf",
            "TGwr",
            "GwrQ",
            "wrQu",
            "rQuf",
            "Byte",
            "MemoryStream",
            "emoryStr",
            "moryStre",
            "oryStrea",
            "ryStream",
            "yStr",
            "Stre",
            "trea",
            "ream",
            "GZipStre",
            "ZipStrea",
            "ipStream",
            "pStr",
            "Compress",
            "ompressi",
            "mpressio",
            "pression",
            "ress",
            "essi",
            "ssio",
            "CompressionM",
            "ompressionMo",
            "mpressionMod",
            "pressionMode",
            "ressionM",
            "essionMo",
            "ssionMod",
            "sionMode",
            "ionM",
            "onMo",
            "nMod",
            "jfRlcSJN",
            "fRlcSJNU",
            "RlcS",
            "lcSJ",
            "cSJN",
            "SJNU",
            "BZunCuLTO55KqLQP",
            "ZunCuLTO55KqLQPc",
            "unCuLTO55KqLQPc8",
            "nCuLTO55KqLQPc8v",
            "CuLTO55KqLQP",
            "uLTO55KqLQPc",
            "LTO55KqLQPc8",
            "TO55KqLQPc8v",
            "O55KqLQP",
            "55KqLQPc",
            "5KqLQPc8",
            "KqLQPc8v",
            "qLQP",
            "LQPc",
            "QPc8",
            "Pc8v",
            "wgqN7OLem4FLQAnh",
            "gqN7OLem4FLQAnhJ",
            "qN7OLem4FLQAnhJU",
            "N7OLem4FLQAnhJU8",
            "7OLem4FLQAnh",
            "OLem4FLQAnhJ",
            "Lem4FLQAnhJU",
            "em4FLQAnhJU8",
            "m4FLQAnh",
            "4FLQAnhJ",
            "FLQAnhJU",
            "LQAnhJU8",
            "QAnh",
            "AnhJ",
            "nhJU",
            "hJU8",
            "WbV1PATm",
            "bV1PATmN",
            "V1PA",
            "1PAT",
            "PATm",
            "ATmN",
            "TnyXn6LPMbe3JXo0",
            "nyXn6LPMbe3JXo01",
            "yXn6LPMbe3JXo01P",
            "Xn6LPMbe3JXo01P9",
            "n6LPMbe3JXo0",
            "6LPMbe3JXo01",
            "LPMbe3JXo01P",
            "PMbe3JXo01P9",
            "Mbe3JXo0",
            "be3JXo01",
            "e3JXo01P",
            "3JXo01P9",
            "JXo0",
            "Xo01",
            "o01P",
            "01P9",
            "NOSvdaP6",
            "OSvdaP6M",
            "Svda",
            "vdaP",
            "daP6",
            "aP6M",
            "qxk4p1aR",
            "xk4p1aRp",
            "k4p1",
            "4p1a",
            "p1aR",
            "1aRp",
            "Xl5mwNmf",
            "l5mwNmfl",
            "5mwN",
            "mwNm",
            "wNmf",
            "Nmfl",
            "TripleDE",
            "ripleDES",
            "iple",
            "pleD",
            "leDE",
            "eDES",
            "Security",
            "ecur",
            "curi",
            "urit",
            "rity",
            "Cryptography",
            "ryptogra",
            "yptograp",
            "ptograph",
            "tography",
            "grap",
            "raph",
            "aphy",
            "CryptoStream",
            "ryptoStr",
            "yptoStre",
            "ptoStrea",
            "toStream",
            "oStr",
            "ArgumentExceptio",
            "rgumentException",
            "gumentExcept",
            "umentExcepti",
            "mentExceptio",
            "entException",
            "ntExcept",
            "tExcepti",
            "ICryptoTransform",
            "CryptoTransf",
            "ryptoTransfo",
            "yptoTransfor",
            "ptoTransform",
            "toTransf",
            "oTransfo",
            "Transfor",
            "ransform",
            "ansf",
            "nsfo",
            "sfor",
            "form",
            "CryptoStreamMode",
            "ryptoStreamM",
            "yptoStreamMo",
            "ptoStreamMod",
            "toStreamMode",
            "oStreamM",
            "StreamMo",
            "treamMod",
            "reamMode",
            "eamM",
            "amMo",
            "mMod",
            "bJ3sjvLGYtJ2swQw",
            "J3sjvLGYtJ2swQwo",
            "3sjvLGYtJ2swQwob",
            "sjvLGYtJ2swQwob1",
            "jvLGYtJ2swQw",
            "vLGYtJ2swQwo",
            "LGYtJ2swQwob",
            "GYtJ2swQwob1",
            "YtJ2swQw",
            "tJ2swQwo",
            "J2swQwob",
            "2swQwob1",
            "swQw",
            "wQwo",
            "Qwob",
            "wob1",
            "YBBhxGLlpEnafpQk",
            "BBhxGLlpEnafpQkS",
            "BhxGLlpEnafpQkST",
            "hxGLlpEnafpQkSTU",
            "xGLlpEnafpQk",
            "GLlpEnafpQkS",
            "LlpEnafpQkST",
            "lpEnafpQkSTU",
            "pEnafpQk",
            "EnafpQkS",
            "nafpQkST",
            "afpQkSTU",
            "fpQk",
            "pQkS",
            "QkST",
            "kSTU",
            "i1v2PZm0",
            "1v2PZm0J",
            "v2PZ",
            "2PZm",
            "PZm0",
            "Zm0J",
            "mED3msLIoCOXmqNH",
            "ED3msLIoCOXmqNHj",
            "D3msLIoCOXmqNHjy",
            "3msLIoCOXmqNHjyV",
            "msLIoCOXmqNH",
            "sLIoCOXmqNHj",
            "LIoCOXmqNHjy",
            "IoCOXmqNHjyV",
            "oCOXmqNH",
            "COXmqNHj",
            "OXmqNHjy",
            "XmqNHjyV",
            "mqNH",
            "qNHj",
            "NHjy",
            "HjyV",
            "sDikMOWK",
            "DikMOWKE",
            "ikMO",
            "kMOW",
            "MOWK",
            "OWKE",
            "HxyYwdy1",
            "xyYwdy1J",
            "yYwd",
            "Ywdy",
            "wdy1",
            "dy1J",
            "SdiMiHLLOak1HqlL",
            "diMiHLLOak1HqlLT",
            "iMiHLLOak1HqlLTt",
            "MiHLLOak1HqlLTtt",
            "iHLLOak1HqlL",
            "HLLOak1HqlLT",
            "LLOak1HqlLTt",
            "LOak1HqlLTtt",
            "Oak1HqlL",
            "ak1HqlLT",
            "k1HqlLTt",
            "1HqlLTtt",
            "HqlL",
            "qlLT",
            "lLTt",
            "LTtt",
            "tvwltuLR9IuBHEKR",
            "vwltuLR9IuBHEKRL",
            "wltuLR9IuBHEKRLk",
            "ltuLR9IuBHEKRLk7",
            "tuLR9IuBHEKR",
            "uLR9IuBHEKRL",
            "LR9IuBHEKRLk",
            "R9IuBHEKRLk7",
            "9IuBHEKR",
            "IuBHEKRL",
            "uBHEKRLk",
            "BHEKRLk7",
            "HEKR",
            "EKRL",
            "KRLk",
            "RLk7",
            "VaWSoBey",
            "aWSoBeyS",
            "WSoB",
            "SoBe",
            "oBey",
            "BeyS",
            "enFThnLfcve3i3iN",
            "nFThnLfcve3i3iN7",
            "FThnLfcve3i3iN7m",
            "ThnLfcve3i3iN7mZ",
            "hnLfcve3i3iN",
            "nLfcve3i3iN7",
            "Lfcve3i3iN7m",
            "fcve3i3iN7mZ",
            "cve3i3iN",
            "ve3i3iN7",
            "e3i3iN7m",
            "3i3iN7mZ",
            "i3iN",
            "3iN7",
            "iN7m",
            "N7mZ",
            "BrtpQQan",
            "rtpQQanV",
            "tpQQ",
            "pQQa",
            "QQan",
            "QanV",
            "bYgJ0a5j",
            "YgJ0a5jH",
            "gJ0a",
            "J0a5",
            "0a5j",
            "a5jH",
            "yqZ3kdLA",
            "qZ3kdLAi",
            "Z3kd",
            "3kdL",
            "kdLA",
            "dLAi",
            "Assembly",
            "ssem",
            "semb",
            "embl",
            "mbly",
            "wiFyHgwr",
            "iFyHgwrh",
            "FyHg",
            "yHgw",
            "Hgwr",
            "gwrh",
            "r9upeGL5Tgy331CT",
            "9upeGL5Tgy331CTC",
            "upeGL5Tgy331CTCl",
            "peGL5Tgy331CTClf",
            "eGL5Tgy331CT",
            "GL5Tgy331CTC",
            "L5Tgy331CTCl",
            "5Tgy331CTClf",
            "Tgy331CT",
            "gy331CTC",
            "y331CTCl",
            "331CTClf",
            "31CT",
            "1CTC",
            "CTCl",
            "TClf",
            "iuuvmeLDJVN4Sa8f",
            "uuvmeLDJVN4Sa8fX",
            "uvmeLDJVN4Sa8fXI",
            "vmeLDJVN4Sa8fXIT",
            "meLDJVN4Sa8f",
            "eLDJVN4Sa8fX",
            "LDJVN4Sa8fXI",
            "DJVN4Sa8fXIT",
            "JVN4Sa8f",
            "VN4Sa8fX",
            "N4Sa8fXI",
            "4Sa8fXIT",
            "Sa8f",
            "a8fX",
            "8fXI",
            "fXIT",
            "CFUiBYhP",
            "FUiBYhPp",
            "UiBY",
            "iBYh",
            "BYhP",
            "YhPp",
            "cCOtsJX1",
            "COtsJX1l",
            "OtsJ",
            "tsJX",
            "sJX1",
            "JX1l",
            "L6TLLrLmbFjyDpar",
            "6TLLrLmbFjyDparS",
            "TLLrLmbFjyDparSv",
            "LLrLmbFjyDparSvM",
            "LrLmbFjyDpar",
            "rLmbFjyDparS",
            "LmbFjyDparSv",
            "mbFjyDparSvM",
            "bFjyDpar",
            "FjyDparS",
            "jyDparSv",
            "yDparSvM",
            "Dpar",
            "parS",
            "arSv",
            "rSvM",
            "LVXAsVt2",
            "VXAsVt2Q",
            "XAsV",
            "AsVt",
            "sVt2",
            "Vt2Q",
            "bFEOiGWl",
            "FEOiGWlx",
            "EOiG",
            "OiGW",
            "iGWl",
            "GWlx",
            "vn0jxqy3",
            "n0jxqy33",
            "0jxq",
            "jxqy",
            "xqy3",
            "qy33",
            "fH0bPqiq",
            "H0bPqiqZ",
            "0bPq",
            "bPqi",
            "Pqiq",
            "qiqZ",
            "pb6Fry1g",
            "b6Fry1gR",
            "6Fry",
            "Fry1",
            "ry1g",
            "y1gR",
            "Fw1a1wIr",
            "w1a1wIrn",
            "1a1w",
            "a1wI",
            "1wIr",
            "wIrn",
            "q810l36u",
            "810l36us",
            "10l3",
            "0l36",
            "l36u",
            "36us",
            "MethodIn",
            "ethodInf",
            "thodInfo",
            "hodI",
            "odIn",
            "dInf",
            "Info",
            "MethodBa",
            "ethodBas",
            "thodBase",
            "hodB",
            "odBa",
            "dBas",
            "Base",
            "Invo",
            "nvok",
            "voke",
            "Oil5WELv2NkrlEnY",
            "il5WELv2NkrlEnYW",
            "l5WELv2NkrlEnYWo",
            "5WELv2NkrlEnYWol",
            "WELv2NkrlEnY",
            "ELv2NkrlEnYW",
            "Lv2NkrlEnYWo",
            "v2NkrlEnYWol",
            "2NkrlEnY",
            "NkrlEnYW",
            "krlEnYWo",
            "rlEnYWol",
            "lEnY",
            "EnYW",
            "nYWo",
            "YWol",
            "bJyANdL4JXOj8CDZ",
            "JyANdL4JXOj8CDZ4",
            "yANdL4JXOj8CDZ4v",
            "ANdL4JXOj8CDZ4vq",
            "NdL4JXOj8CDZ",
            "dL4JXOj8CDZ4",
            "L4JXOj8CDZ4v",
            "4JXOj8CDZ4vq",
            "JXOj8CDZ",
            "XOj8CDZ4",
            "Oj8CDZ4v",
            "j8CDZ4vq",
            "8CDZ",
            "CDZ4",
            "DZ4v",
            "Z4vq",
            "uEAdobon",
            "EAdobonp",
            "Adob",
            "dobo",
            "obon",
            "bonp",
            "ResourceMana",
            "esourceManag",
            "sourceManage",
            "ourceManager",
            "urceMana",
            "rceManag",
            "ceManage",
            "eManager",
            "Mana",
            "anag",
            "nage",
            "ager",
            "Resource",
            "esources",
            "sour",
            "ourc",
            "urce",
            "rces",
            "stuCEPhC",
            "tuCEPhCA",
            "uCEP",
            "CEPh",
            "EPhC",
            "PhCA",
            "CultureI",
            "ultureIn",
            "ltureInf",
            "tureInfo",
            "ureI",
            "reIn",
            "eInf",
            "Globalizatio",
            "lobalization",
            "obalizat",
            "balizati",
            "alizatio",
            "lization",
            "izat",
            "zati",
            "atio",
            "h0bUwqLXt3dCfBCs",
            "0bUwqLXt3dCfBCsV",
            "bUwqLXt3dCfBCsVF",
            "UwqLXt3dCfBCsVFy",
            "wqLXt3dCfBCs",
            "qLXt3dCfBCsV",
            "LXt3dCfBCsVF",
            "Xt3dCfBCsVFy",
            "t3dCfBCs",
            "3dCfBCsV",
            "dCfBCsVF",
            "CfBCsVFy",
            "fBCs",
            "BCsV",
            "CsVF",
            "sVFy",
            "Cult",
            "ultu",
            "ltur",
            "ture",
            "Uivddewb",
            "ivddewbi",
            "vddewbij",
            "ddewbijc",
            "dewb",
            "ewbi",
            "wbij",
            "bijc",
            "Omit",
            "mitp",
            "itpg",
            "gyMas2L12R17UtFQ",
            "yMas2L12R17UtFQf",
            "Mas2L12R17UtFQfs",
            "as2L12R17UtFQfsJ",
            "s2L12R17UtFQ",
            "2L12R17UtFQf",
            "L12R17UtFQfs",
            "12R17UtFQfsJ",
            "2R17UtFQ",
            "R17UtFQf",
            "17UtFQfs",
            "7UtFQfsJ",
            "UtFQ",
            "tFQf",
            "FQfs",
            "QfsJ",
            "s0j50xL9rMfdMgto",
            "0j50xL9rMfdMgtoD",
            "j50xL9rMfdMgtoDS",
            "50xL9rMfdMgtoDS3",
            "0xL9rMfdMgto",
            "xL9rMfdMgtoD",
            "L9rMfdMgtoDS",
            "9rMfdMgtoDS3",
            "rMfdMgto",
            "MfdMgtoD",
            "fdMgtoDS",
            "dMgtoDS3",
            "Mgto",
            "gtoD",
            "toDS",
            "oDS3",
            "Hhyb",
            "hybt",
            "Cljdkwhz",
            "ljdkwhzk",
            "jdkwhzks",
            "dkwh",
            "kwhz",
            "whzk",
            "hzks",
            "Pork",
            "orkb",
            "Ra8zcVqH",
            "a8zcVqHc",
            "8zcV",
            "zcVq",
            "cVqH",
            "VqHc",
            "QDev67L2YLdXVO5o",
            "Dev67L2YLdXVO5oK",
            "ev67L2YLdXVO5oKH",
            "v67L2YLdXVO5oKHX",
            "67L2YLdXVO5o",
            "7L2YLdXVO5oK",
            "L2YLdXVO5oKH",
            "2YLdXVO5oKHX",
            "YLdXVO5o",
            "LdXVO5oK",
            "dXVO5oKH",
            "XVO5oKHX",
            "VO5o",
            "O5oK",
            "5oKH",
            "oKHX",
            "Xiq52tbU",
            "iq52tbU0",
            "q52tbU0K",
            "52tb",
            "2tbU",
            "tbU0",
            "bU0K",
            "type",
            "ypem",
            "pemd",
            "emdt",
            "FieldInf",
            "ieldInfo",
            "eldI",
            "ldIn",
            "sScvjfLuJw12gB6q",
            "ScvjfLuJw12gB6qP",
            "cvjfLuJw12gB6qPc",
            "vjfLuJw12gB6qPcj",
            "jfLuJw12gB6q",
            "fLuJw12gB6qP",
            "LuJw12gB6qPc",
            "uJw12gB6qPcj",
            "Jw12gB6q",
            "w12gB6qP",
            "12gB6qPc",
            "2gB6qPcj",
            "gB6q",
            "B6qP",
            "6qPc",
            "qPcj",
            "EsyClrLwFvPXZ9Rc",
            "syClrLwFvPXZ9RcZ",
            "yClrLwFvPXZ9RcZg",
            "ClrLwFvPXZ9RcZgC",
            "lrLwFvPXZ9Rc",
            "rLwFvPXZ9RcZ",
            "LwFvPXZ9RcZg",
            "wFvPXZ9RcZgC",
            "FvPXZ9Rc",
            "vPXZ9RcZ",
            "PXZ9RcZg",
            "XZ9RcZgC",
            "Z9Rc",
            "9RcZ",
            "RcZg",
            "cZgC",
            "IntP",
            "ntPt",
            "tPtr",
            "BeginInv",
            "eginInvo",
            "ginInvok",
            "inInvoke",
            "nInv",
            "IAsyncResult",
            "AsyncRes",
            "syncResu",
            "yncResul",
            "ncResult",
            "cRes",
            "Resu",
            "esul",
            "sult",
            "AsyncCallbac",
            "syncCallback",
            "yncCallb",
            "ncCallba",
            "cCallbac",
            "Callback",
            "allb",
            "llba",
            "lbac",
            "back",
            "callback",
            "obje",
            "EndInvok",
            "ndInvoke",
            "dInv",
            "resu",
            "WLKHoQEM",
            "LKHoQEM3",
            "KHoQEM3N",
            "HoQE",
            "oQEM",
            "QEM3",
            "EM3N",
            "ASiHQYZ2",
            "SiHQYZ2g",
            "iHQYZ2gf",
            "HQYZ",
            "QYZ2",
            "YZ2g",
            "Z2gf",
            "jSQHtyjM",
            "SQHtyjMP",
            "QHtyjMPQ",
            "Htyj",
            "tyjM",
            "yjMP",
            "jMPQ",
            "sHNnVFfr",
            "HNnVFfrg",
            "NnVFfrgq",
            "nVFf",
            "VFfr",
            "Ffrg",
            "frgq",
            "List",
            "Collecti",
            "ollectio",
            "llection",
            "lections",
            "ions",
            "Gene",
            "ener",
            "neri",
            "eric",
            "BjRnEgf4",
            "jRnEgf49",
            "RnEgf49u",
            "nEgf",
            "Egf4",
            "gf49",
            "f49u",
            "vhqn7ygb",
            "hqn7ygbU",
            "qn7ygbUg",
            "n7yg",
            "7ygb",
            "ygbU",
            "gbUg",
            "ct5nWAij",
            "t5nWAijp",
            "5nWAijpG",
            "nWAi",
            "WAij",
            "Aijp",
            "ijpG",
            "IAJnrSjX",
            "AJnrSjXX",
            "JnrSjXXP",
            "nrSj",
            "rSjX",
            "SjXX",
            "jXXP",
            "Int6",
            "nt64",
            "gXcnTPfY",
            "XcnTPfYj",
            "cnTPfYjj",
            "nTPf",
            "TPfY",
            "PfYj",
            "fYjj",
            "LNwnl0wT",
            "Nwnl0wTG",
            "wnl0wTGA",
            "nl0w",
            "l0wT",
            "0wTG",
            "wTGA",
            "Mx1nLpOO",
            "x1nLpOOy",
            "1nLpOOyX",
            "nLpO",
            "LpOO",
            "pOOy",
            "OOyX",
            "tMWn59TX",
            "MWn59TXk",
            "Wn59TXkN",
            "n59T",
            "59TX",
            "9TXk",
            "TXkN",
            "hObnmDtX",
            "ObnmDtXb",
            "bnmDtXbI",
            "nmDt",
            "mDtX",
            "DtXb",
            "tXbI",
            "N34n4fCn",
            "34n4fCne",
            "4n4fCneO",
            "n4fC",
            "4fCn",
            "fCne",
            "CneO",
            "tjPn6KrM",
            "jPn6KrMB",
            "Pn6KrMBE",
            "n6Kr",
            "6KrM",
            "KrMB",
            "rMBE",
            "hgMHd2o4",
            "gMHd2o4c",
            "MHd2o4ca",
            "Hd2o",
            "d2o4",
            "2o4c",
            "o4ca",
            "Dictiona",
            "ictionar",
            "ctionary",
            "iona",
            "onar",
            "nary",
            "LoynDEMw",
            "oynDEMwD",
            "ynDEMwDo",
            "nDEM",
            "DEMw",
            "EMwD",
            "MwDo",
            "tJYnUqlZ",
            "JYnUqlZj",
            "YnUqlZju",
            "nUql",
            "UqlZ",
            "qlZj",
            "lZju",
            "KqxnfEMd",
            "qxnfEMdS",
            "xnfEMdST",
            "nfEM",
            "fEMd",
            "EMdS",
            "MdST",
            "nwjHzAiq",
            "wjHzAiqB",
            "jHzAiqBL",
            "HzAi",
            "zAiq",
            "AiqB",
            "iqBL",
            "YwRHxgSn",
            "wRHxgSn6",
            "RHxgSn6O",
            "HxgS",
            "xgSn",
            "gSn6",
            "Sn6O",
            "WcoHMZvx",
            "coHMZvxI",
            "oHMZvxIU",
            "HMZv",
            "MZvx",
            "ZvxI",
            "vxIU",
            "PPvnHZNL",
            "PvnHZNLv",
            "vnHZNLvB",
            "nHZN",
            "HZNL",
            "ZNLv",
            "NLvB",
            "p40nKo8N",
            "40nKo8NC",
            "0nKo8NC6",
            "nKo8",
            "Ko8N",
            "o8NC",
            "8NC6",
            "M4NnsRQq",
            "4NnsRQqm",
            "NnsRQqmh",
            "nsRQ",
            "sRQq",
            "RQqm",
            "Qqmh",
            "rhsnPNJK",
            "hsnPNJKu",
            "snPNJKuP",
            "nPNJ",
            "PNJK",
            "NJKu",
            "JKuP",
            "wEOnBBf5",
            "EOnBBf5w",
            "OnBBf5wl",
            "nBBf",
            "BBf5",
            "Bf5w",
            "f5wl",
            "AC3Hj7Qd",
            "C3Hj7QdX",
            "3Hj7QdXb",
            "Hj7Q",
            "j7Qd",
            "7QdX",
            "QdXb",
            "dmDnN8YW",
            "mDnN8YWj",
            "DnN8YWjS",
            "nN8Y",
            "N8YW",
            "8YWj",
            "YWjS",
            "TmwnGV6H",
            "mwnGV6HM",
            "wnGV6HMm",
            "nGV6",
            "GV6H",
            "V6HM",
            "6HMm",
            "mFLHbjlK",
            "FLHbjlKY",
            "LHbjlKYn",
            "Hbjl",
            "bjlK",
            "jlKY",
            "lKYn",
            "mNFneJqG",
            "NFneJqGS",
            "FneJqGSM",
            "neJq",
            "eJqG",
            "JqGS",
            "qGSM",
            "IjVnv013",
            "jVnv013e",
            "Vnv013ev",
            "nv01",
            "v013",
            "013e",
            "13ev",
            "EIrnZN0m",
            "IrnZN0mH",
            "rnZN0mHB",
            "nZN0",
            "ZN0m",
            "N0mH",
            "0mHB",
            "uNMnnK2M",
            "NMnnK2Ml",
            "MnnK2Mlt",
            "nnK2",
            "nK2M",
            "K2Ml",
            "2Mlt",
            "QTsnRpOc",
            "TsnRpOcj",
            "snRpOcjM",
            "nRpO",
            "RpOc",
            "pOcj",
            "OcjM",
            "EfhnhGaB",
            "fhnhGaBQ",
            "hnhGaBQq",
            "nhGa",
            "hGaB",
            "GaBQ",
            "aBQq",
            "PJ4HiQKu",
            "J4HiQKuh",
            "4HiQKuhW",
            "HiQK",
            "iQKu",
            "QKuh",
            "KuhW",
            "DDZnIGmG",
            "DZnIGmGC",
            "ZnIGmGCs",
            "nIGm",
            "IGmG",
            "GmGC",
            "mGCs",
            "kTfHCFJW",
            "TfHCFJWY",
            "fHCFJWYa",
            "HCFJ",
            "CFJW",
            "FJWY",
            "JWYa",
            "GetTypeFromHandl",
            "etTypeFromHandle",
            "tTypeFromHan",
            "TypeFromHand",
            "ypeFromHandl",
            "peFromHandle",
            "eFromHan",
            "FromHand",
            "romHandl",
            "omHandle",
            "mHan",
            "Hand",
            "andl",
            "ndle",
            "RuntimeTypeHandl",
            "untimeTypeHandle",
            "ntimeTypeHan",
            "timeTypeHand",
            "imeTypeHandl",
            "meTypeHandle",
            "eTypeHan",
            "TypeHand",
            "ypeHandl",
            "peHandle",
            "eHan",
            "UInt",
            "RuntimeHelpe",
            "untimeHelper",
            "ntimeHelpers",
            "timeHelp",
            "imeHelpe",
            "meHelper",
            "eHelpers",
            "Help",
            "elpe",
            "lper",
            "pers",
            "InitializeAr",
            "nitializeArr",
            "itializeArra",
            "tializeArray",
            "ializeAr",
            "alizeArr",
            "lizeArra",
            "izeArray",
            "zeAr",
            "eArr",
            "Arra",
            "rray",
            "RuntimeFieldHand",
            "untimeFieldHandl",
            "ntimeFieldHandle",
            "timeFieldHan",
            "imeFieldHand",
            "meFieldHandl",
            "eFieldHandle",
            "FieldHan",
            "ieldHand",
            "eldHandl",
            "ldHandle",
            "dHan",
            "Zero",
            "SortedLi",
            "ortedLis",
            "rtedList",
            "tedL",
            "edLi",
            "dLis",
            "Hashtabl",
            "ashtable",
            "shta",
            "htab",
            "tabl",
            "able",
            "RSACryptoServiceProvider",
            "SACryptoServiceProvi",
            "ACryptoServiceProvid",
            "CryptoServiceProvide",
            "ryptoServiceProvider",
            "yptoServiceProvi",
            "ptoServiceProvid",
            "toServiceProvide",
            "oServiceProvider",
            "ServiceProvi",
            "erviceProvid",
            "rviceProvide",
            "viceProvider",
            "iceProvi",
            "ceProvid",
            "eProvide",
            "Provider",
            "rovi",
            "ovid",
            "vide",
            "ider",
            "UseMachineKeySto",
            "seMachineKeyStor",
            "eMachineKeyStore",
            "MachineKeySt",
            "achineKeySto",
            "chineKeyStor",
            "hineKeyStore",
            "ineKeySt",
            "neKeySto",
            "eKeyStor",
            "KeyStore",
            "eySt",
            "ySto",
            "Stor",
            "tore",
            "BMj5uUm6",
            "Mj5uUm6e",
            "j5uUm6e7",
            "5uUm",
            "uUm6",
            "Um6e",
            "m6e7",
            "CJ4HEjQV",
            "J4HEjQV7",
            "4HEjQV77",
            "HEjQ",
            "EjQV",
            "jQV7",
            "QV77",
            "BitConverter",
            "itConver",
            "tConvert",
            "Converte",
            "onverter",
            "nver",
            "vert",
            "erte",
            "rter",
            "GetBytes",
            "etBy",
            "tByt",
            "ytes",
            "Copy",
            "pdjHZAAw",
            "djHZAAwr",
            "jHZAAwrH",
            "HZAA",
            "ZAAw",
            "AAwr",
            "AwrH",
            "Int1",
            "nt16",
            "kgTH7kXO",
            "gTH7kXOj",
            "TH7kXOjo",
            "H7kX",
            "7kXO",
            "kXOj",
            "XOjo",
            "jUqHWer1",
            "UqHWer1g",
            "qHWer1gE",
            "HWer",
            "Wer1",
            "er1g",
            "r1gE",
            "j3cHN6JM",
            "3cHN6JMu",
            "cHN6JMun",
            "HN6J",
            "N6JM",
            "6JMu",
            "JMun",
            "ALvHsFHm",
            "LvHsFHml",
            "vHsFHmlO",
            "HsFH",
            "sFHm",
            "FHml",
            "HmlO",
            "KG4H67ar",
            "G4H67arI",
            "4H67arIH",
            "H67a",
            "67ar",
            "7arI",
            "arIH",
            "WdnHhygS",
            "dnHhygSf",
            "nHhygSfN",
            "Hhyg",
            "hygS",
            "ygSf",
            "gSfN",
            "SNbHB5n5",
            "NbHB5n5h",
            "bHB5n5hx",
            "HB5n",
            "B5n5",
            "5n5h",
            "n5hx",
            "SymmetricAlgorit",
            "ymmetricAlgorith",
            "mmetricAlgorithm",
            "metricAlgori",
            "etricAlgorit",
            "tricAlgorith",
            "ricAlgorithm",
            "icAlgori",
            "cAlgorit",
            "Algorith",
            "lgorithm",
            "gori",
            "orit",
            "rith",
            "ithm",
            "AesCryptoServiceProvider",
            "esCryptoServiceProvi",
            "sCryptoServiceProvid",
            "Core",
            "RijndaelMana",
            "ijndaelManag",
            "jndaelManage",
            "ndaelManaged",
            "daelMana",
            "aelManag",
            "elManage",
            "lManaged",
            "aged",
            "Activato",
            "ctivator",
            "tiva",
            "ivat",
            "vato",
            "ator",
            "CreateInstan",
            "reateInstanc",
            "eateInstance",
            "ateInsta",
            "teInstan",
            "eInstanc",
            "Instance",
            "nsta",
            "stan",
            "tanc",
            "ance",
            "ObjectHandle",
            "bjectHan",
            "jectHand",
            "ectHandl",
            "ctHandle",
            "tHan",
            "Remoting",
            "emot",
            "moti",
            "otin",
            "ting",
            "Unwr",
            "nwra",
            "wrap",
            "tFWHKlMJ",
            "FWHKlMJC",
            "WHKlMJC2",
            "HKlM",
            "KlMJ",
            "lMJC",
            "MJC2",
            "MD5CryptoServiceProvider",
            "D5CryptoServiceProvi",
            "5CryptoServiceProvid",
            "CryptoConfig",
            "ryptoCon",
            "yptoConf",
            "ptoConfi",
            "toConfig",
            "oCon",
            "Conf",
            "onfi",
            "nfig",
            "AllowOnlyFipsAlgorit",
            "llowOnlyFipsAlgorith",
            "lowOnlyFipsAlgorithm",
            "owOnlyFipsAlgorithms",
            "wOnlyFipsAlgorit",
            "OnlyFipsAlgorith",
            "nlyFipsAlgorithm",
            "lyFipsAlgorithms",
            "yFipsAlgorit",
            "FipsAlgorith",
            "ipsAlgorithm",
            "psAlgorithms",
            "sAlgorit",
            "gorithms",
            "thms",
            "aA0HUYSu",
            "A0HUYSuR",
            "0HUYSuRT",
            "HUYS",
            "UYSu",
            "YSuR",
            "SuRT",
            "HashAlgorith",
            "ashAlgorithm",
            "shAlgori",
            "hAlgorit",
            "ComputeH",
            "omputeHa",
            "mputeHas",
            "puteHash",
            "uteH",
            "teHa",
            "eHas",
            "Hash",
            "y0fHrL9S",
            "0fHrL9SO",
            "fHrL9SOV",
            "HrL9",
            "rL9S",
            "L9SO",
            "9SOV",
            "Read",
            "TTTHTNb0",
            "TTHTNb0Q",
            "THTNb0Qc",
            "HTNb",
            "TNb0",
            "Nb0Q",
            "b0Qc",
            "TransformBlo",
            "ransformBloc",
            "ansformBlock",
            "nsformBl",
            "sformBlo",
            "formBloc",
            "ormBlock",
            "rmBl",
            "mBlo",
            "Bloc",
            "lock",
            "fVVHe7v0",
            "VVHe7v0F",
            "VHe7v0FW",
            "He7v",
            "e7v0",
            "7v0F",
            "v0FW",
            "BinaryReader",
            "inaryRea",
            "naryRead",
            "aryReade",
            "ryReader",
            "yRea",
            "eade",
            "ader",
            "BaseStre",
            "aseStrea",
            "seStream",
            "eStr",
            "Position",
            "osit",
            "siti",
            "itio",
            "ReadUInt",
            "eadUInt3",
            "adUInt32",
            "dUIn",
            "oJOHP2wc",
            "JOHP2wcR",
            "OHP2wcRw",
            "HP2w",
            "P2wc",
            "2wcR",
            "wcRw",
            "ParameterInf",
            "arameterInfo",
            "rameterI",
            "ameterIn",
            "meterInf",
            "eterInfo",
            "terI",
            "erIn",
            "rInf",
            "DynamicMetho",
            "ynamicMethod",
            "namicMet",
            "amicMeth",
            "micMetho",
            "icMethod",
            "cMet",
            "Meth",
            "etho",
            "thod",
            "Emit",
            "ILGenera",
            "LGenerat",
            "Generato",
            "enerator",
            "nera",
            "erat",
            "rato",
            "Moni",
            "onit",
            "nito",
            "itor",
            "Threadin",
            "hreading",
            "read",
            "eadi",
            "adin",
            "ding",
            "Ente",
            "nter",
            "GetManifestResourceStrea",
            "etManifestResourceStream",
            "tManifestResourceStr",
            "ManifestResourceStre",
            "anifestResourceStrea",
            "nifestResourceStream",
            "ifestResourceStr",
            "festResourceStre",
            "estResourceStrea",
            "stResourceStream",
            "tResourceStr",
            "ResourceStre",
            "esourceStrea",
            "sourceStream",
            "ourceStr",
            "urceStre",
            "rceStrea",
            "ceStream",
            "Leng",
            "engt",
            "ngth",
            "ReadByte",
            "eadBytes",
            "adBy",
            "dByt",
            "Clos",
            "lose",
            "Exit",
            "GetField",
            "etFields",
            "tFie",
            "Fiel",
            "ield",
            "elds",
            "BindingFlags",
            "indingFl",
            "ndingFla",
            "dingFlag",
            "ingFlags",
            "ngFl",
            "gFla",
            "Flag",
            "lags",
            "MemberIn",
            "emberInf",
            "mberInfo",
            "berI",
            "MetadataToke",
            "etadataToken",
            "tadataTo",
            "adataTok",
            "dataToke",
            "ataToken",
            "taTo",
            "aTok",
            "Toke",
            "oken",
            "Item",
            "GetGenericArgume",
            "etGenericArgumen",
            "tGenericArgument",
            "GenericArguments",
            "enericArgume",
            "nericArgumen",
            "ericArgument",
            "ricArguments",
            "icArgume",
            "cArgumen",
            "Argument",
            "rguments",
            "gume",
            "umen",
            "ment",
            "ents",
            "ResolveMetho",
            "esolveMethod",
            "solveMet",
            "olveMeth",
            "lveMetho",
            "veMethod",
            "eMet",
            "IsStatic",
            "sSta",
            "Stat",
            "tati",
            "atic",
            "FieldTyp",
            "ieldType",
            "eldT",
            "ldTy",
            "dTyp",
            "CreateDelega",
            "reateDelegat",
            "eateDelegate",
            "ateDeleg",
            "teDelega",
            "eDelegat",
            "SetValue",
            "etVa",
            "tVal",
            "Valu",
            "alue",
            "GetParameter",
            "etParameters",
            "tParamet",
            "Paramete",
            "arameter",
            "rameters",
            "amet",
            "mete",
            "eter",
            "ters",
            "DeclaringTyp",
            "eclaringType",
            "claringT",
            "laringTy",
            "aringTyp",
            "ringType",
            "ingT",
            "ngTy",
            "gTyp",
            "IsValueT",
            "sValueTy",
            "MakeByRefTyp",
            "akeByRefType",
            "keByRefT",
            "eByRefTy",
            "ByRefTyp",
            "yRefType",
            "RefT",
            "efTy",
            "fTyp",
            "ParameterTyp",
            "arameterType",
            "rameterT",
            "ameterTy",
            "meterTyp",
            "eterType",
            "terT",
            "erTy",
            "rTyp",
            "Empt",
            "mpty",
            "ReturnTy",
            "eturnTyp",
            "turnType",
            "urnT",
            "rnTy",
            "nTyp",
            "GetILGenerat",
            "etILGenerato",
            "tILGenerator",
            "OpCo",
            "pCod",
            "Code",
            "Ldar",
            "darg",
            "Tailcall",
            "ailc",
            "ilca",
            "lcal",
            "call",
            "Call",
            "Callvirt",
            "allv",
            "llvi",
            "lvir",
            "virt",
            "KCGHlhtQ",
            "CGHlhtQF",
            "GHlhtQFi",
            "Hlht",
            "lhtQ",
            "htQF",
            "tQFi",
            "FEwHLwOR",
            "EwHLwORs",
            "wHLwORsI",
            "HLwO",
            "LwOR",
            "wORs",
            "ORsI",
            "hU1HREL8",
            "U1HREL8f",
            "1HREL8fC",
            "HREL",
            "REL8",
            "EL8f",
            "L8fC",
            "eZ7HfWmj",
            "Z7HfWmjw",
            "7HfWmjwO",
            "HfWm",
            "fWmj",
            "Wmjw",
            "mjwO",
            "AssemblyName",
            "ssemblyN",
            "semblyNa",
            "emblyNam",
            "mblyName",
            "blyN",
            "lyNa",
            "yNam",
            "Name",
            "StackFra",
            "tackFram",
            "ackFrame",
            "ckFr",
            "kFra",
            "Fram",
            "rame",
            "GetMetho",
            "etMethod",
            "tMet",
            "Inequali",
            "nequalit",
            "equality",
            "qual",
            "uali",
            "alit",
            "lity",
            "GetN",
            "etNa",
            "tNam",
            "GetReferencedAssembl",
            "etReferencedAssembli",
            "tReferencedAssemblie",
            "ReferencedAssemblies",
            "eferencedAssembl",
            "ferencedAssembli",
            "erencedAssemblie",
            "rencedAssemblies",
            "encedAssembl",
            "ncedAssembli",
            "cedAssemblie",
            "edAssemblies",
            "dAssembl",
            "Assembli",
            "ssemblie",
            "semblies",
            "mbli",
            "blie",
            "lies",
            "Equality",
            "ToIn",
            "oInt",
            "Coun",
            "ount",
            "Encoding",
            "ncod",
            "codi",
            "odin",
            "Text",
            "Unic",
            "nico",
            "icod",
            "code",
            "GetStrin",
            "etString",
            "tStr",
            "ae4H5bup",
            "e4H5bupe",
            "4H5bupex",
            "H5bu",
            "5bup",
            "bupe",
            "upex",
            "Trim",
            "Conv",
            "onve",
            "FromBase64String",
            "romBase64Str",
            "omBase64Stri",
            "mBase64Strin",
            "Base64String",
            "ase64Str",
            "se64Stri",
            "e64Strin",
            "64String",
            "4Str",
            "ayMHD9QE",
            "yMHD9QEg",
            "MHD9QEgo",
            "HD9Q",
            "D9QE",
            "9QEg",
            "QEgo",
            "CP2HmQ3M",
            "P2HmQ3MH",
            "2HmQ3MH6",
            "HmQ3",
            "mQ3M",
            "Q3MH",
            "3MH6",
            "LtWHvWZd",
            "tWHvWZde",
            "WHvWZdeP",
            "HvWZ",
            "vWZd",
            "WZde",
            "ZdeP",
            "Mars",
            "arsh",
            "rsha",
            "shal",
            "yC3H4Nww",
            "C3H4NwwI",
            "3H4NwwIj",
            "H4Nw",
            "4Nww",
            "NwwI",
            "wwIj",
            "Location",
            "ocat",
            "cati",
            "File",
            "Exis",
            "xist",
            "ists",
            "CodeBase",
            "odeB",
            "deBa",
            "eBas",
            "ToString",
            "Repl",
            "epla",
            "plac",
            "lace",
            "GetT",
            "etTy",
            "tTyp",
            "GetPrope",
            "etProper",
            "tPropert",
            "Property",
            "rope",
            "oper",
            "erty",
            "PropertyInfo",
            "ropertyI",
            "opertyIn",
            "pertyInf",
            "ertyInfo",
            "rtyI",
            "tyIn",
            "yInf",
            "GetValue",
            "dTWHXgNN",
            "TWHXgNNW",
            "WHXgNNWQ",
            "HXgN",
            "XgNN",
            "gNNW",
            "NNWQ",
            "LoadLibr",
            "oadLibra",
            "adLibrar",
            "dLibrary",
            "Libr",
            "ibra",
            "brar",
            "rary",
            "kernel32",
            "erne",
            "rnel",
            "nel3",
            "el32",
            "kIiH1IDC",
            "IiH1IDCp",
            "iH1IDCpe",
            "H1ID",
            "1IDC",
            "IDCp",
            "DCpe",
            "GetProcAddre",
            "etProcAddres",
            "tProcAddress",
            "ProcAddr",
            "rocAddre",
            "ocAddres",
            "cAddress",
            "Addr",
            "ddre",
            "dres",
            "IB4H9OS8",
            "B4H9OS8e",
            "4H9OS8e0",
            "H9OS",
            "9OS8",
            "OS8e",
            "S8e0",
            "Conc",
            "onca",
            "ncat",
            "GetDelegateForFunctionPointe",
            "etDelegateForFunctionPointer",
            "tDelegateForFunctionPoin",
            "DelegateForFunctionPoint",
            "elegateForFunctionPointe",
            "legateForFunctionPointer",
            "egateForFunctionPoin",
            "gateForFunctionPoint",
            "ateForFunctionPointe",
            "teForFunctionPointer",
            "eForFunctionPoin",
            "ForFunctionPoint",
            "orFunctionPointe",
            "rFunctionPointer",
            "FunctionPoin",
            "unctionPoint",
            "nctionPointe",
            "ctionPointer",
            "tionPoin",
            "ionPoint",
            "onPointe",
            "nPointer",
            "Poin",
            "oint",
            "inte",
            "uOXHqyhI",
            "OXHqyhIa",
            "XHqyhIaS",
            "Hqyh",
            "qyhI",
            "yhIa",
            "hIaS",
            "l71HkhvE",
            "71HkhvEG",
            "1HkhvEGF",
            "Hkhv",
            "khvE",
            "hvEG",
            "vEGF",
            "tggHYhTg",
            "ggHYhTg7",
            "gHYhTg7s",
            "HYhT",
            "YhTg",
            "hTg7",
            "Tg7s",
            "U72H2Jkf",
            "72H2JkfI",
            "2H2JkfIP",
            "H2Jk",
            "2Jkf",
            "JkfI",
            "kfIP",
            "Y0pHusBn",
            "0pHusBnt",
            "pHusBnt0",
            "HusB",
            "usBn",
            "sBnt",
            "Bnt0",
            "gEHrfEJa",
            "EHrfEJaJ",
            "HrfE",
            "rfEJ",
            "fEJa",
            "EJaJ",
            "wWBHw78R",
            "WBHw78Rp",
            "BHw78RpX",
            "Hw78",
            "w78R",
            "78Rp",
            "8RpX",
            "FileStre",
            "ileStrea",
            "leStream",
            "FileMode",
            "ileM",
            "leMo",
            "eMod",
            "FileAcce",
            "ileAcces",
            "leAccess",
            "eAcc",
            "Acce",
            "cces",
            "cess",
            "FileShar",
            "ileShare",
            "leSh",
            "eSha",
            "Shar",
            "hare",
            "IDisposa",
            "Disposab",
            "isposabl",
            "sposable",
            "posa",
            "osab",
            "sabl",
            "Disp",
            "ispo",
            "spos",
            "pose",
            "amqH33Tn",
            "mqH33Tnr",
            "qH33Tnrd",
            "H33T",
            "33Tn",
            "3Tnr",
            "Tnrd",
            "lbUHysDL",
            "bUHysDLt",
            "UHysDLtM",
            "HysD",
            "ysDL",
            "sDLt",
            "DLtM",
            "ToAr",
            "oArr",
            "A6WHpW5l",
            "6WHpW5ls",
            "WHpW5lsW",
            "HpW5",
            "pW5l",
            "W5ls",
            "5lsW",
            "CreateDecryp",
            "reateDecrypt",
            "eateDecrypto",
            "ateDecryptor",
            "teDecryp",
            "eDecrypt",
            "Decrypto",
            "ecryptor",
            "cryp",
            "rypt",
            "ypto",
            "ptor",
            "Writ",
            "rite",
            "RhQHJAls",
            "hQHJAlsH",
            "QHJAlsHJ",
            "HJAl",
            "JAls",
            "AlsH",
            "lsHJ",
            "S1AH8NJW",
            "1AH8NJWT",
            "AH8NJWTY",
            "H8NJ",
            "8NJW",
            "NJWT",
            "JWTY",
            "DUqHSrIZ",
            "UqHSrIZh",
            "qHSrIZhB",
            "HSrI",
            "SrIZ",
            "rIZh",
            "IZhB",
            "F4xHcRwo",
            "4xHcRwoa",
            "xHcRwoaQ",
            "HcRw",
            "cRwo",
            "Rwoa",
            "woaQ",
            "R6vHgpxK",
            "6vHgpxKx",
            "vHgpxKxw",
            "Hgpx",
            "gpxK",
            "pxKx",
            "xKxw",
            "gudHFgNW",
            "udHFgNWA",
            "dHFgNWAS",
            "HFgN",
            "FgNW",
            "gNWA",
            "NWAS",
            "cWpHaXn8",
            "WpHaXn81",
            "pHaXn810",
            "HaXn",
            "aXn8",
            "Xn81",
            "n810",
            "k6dH0Cgv",
            "6dH0Cgvn",
            "dH0Cgvnf",
            "H0Cg",
            "0Cgv",
            "Cgvn",
            "gvnf",
            "VqeHAClj",
            "qeHACljL",
            "eHACljLH",
            "HACl",
            "AClj",
            "CljL",
            "ljLH",
            "IQjHORJY",
            "QjHORJY1",
            "jHORJY1k",
            "HORJ",
            "ORJY",
            "RJY1",
            "JY1k",
            "fWHKHCBMk8RmiVZU",
            "WHKHCBMk8RmiVZU7",
            "HKHCBMk8RmiVZU7K",
            "KHCBMk8RmiVZU7K3",
            "HCBMk8RmiVZU",
            "CBMk8RmiVZU7",
            "BMk8RmiVZU7K",
            "Mk8RmiVZU7K3",
            "k8RmiVZU",
            "8RmiVZU7",
            "RmiVZU7K",
            "miVZU7K3",
            "iVZU",
            "VZU7",
            "ZU7K",
            "U7K3",
            "aNrno9BxSZ9C94I9",
            "Nrno9BxSZ9C94I99",
            "rno9BxSZ9C94I99V",
            "no9BxSZ9C94I99VC",
            "o9BxSZ9C94I9",
            "9BxSZ9C94I99",
            "BxSZ9C94I99V",
            "xSZ9C94I99VC",
            "SZ9C94I9",
            "Z9C94I99",
            "9C94I99V",
            "C94I99VC",
            "94I9",
            "4I99",
            "I99V",
            "99VC",
            "YoEAByBzxC0wcOeT",
            "oEAByBzxC0wcOeTM",
            "EAByBzxC0wcOeTM5",
            "AByBzxC0wcOeTM5A",
            "ByBzxC0wcOeT",
            "yBzxC0wcOeTM",
            "BzxC0wcOeTM5",
            "zxC0wcOeTM5A",
            "xC0wcOeT",
            "C0wcOeTM",
            "0wcOeTM5",
            "wcOeTM5A",
            "cOeT",
            "OeTM",
            "eTM5",
            "TM5A",
            "lETua8KVGFTFNnui",
            "ETua8KVGFTFNnuiE",
            "Tua8KVGFTFNnuiEw",
            "ua8KVGFTFNnuiEw4",
            "a8KVGFTFNnui",
            "8KVGFTFNnuiE",
            "KVGFTFNnuiEw",
            "VGFTFNnuiEw4",
            "GFTFNnui",
            "FTFNnuiE",
            "TFNnuiEw",
            "FNnuiEw4",
            "Nnui",
            "nuiE",
            "uiEw",
            "iEw4",
            "AGx73NKHt2bss6Lf",
            "Gx73NKHt2bss6LfA",
            "x73NKHt2bss6LfAS",
            "73NKHt2bss6LfASM",
            "3NKHt2bss6Lf",
            "NKHt2bss6LfA",
            "KHt2bss6LfAS",
            "Ht2bss6LfASM",
            "t2bss6Lf",
            "2bss6LfA",
            "bss6LfAS",
            "ss6LfASM",
            "s6Lf",
            "6LfA",
            "LfAS",
            "fASM",
            "C8GwpUKninAGEBNS",
            "8GwpUKninAGEBNSL",
            "GwpUKninAGEBNSL8",
            "wpUKninAGEBNSL8V",
            "pUKninAGEBNS",
            "UKninAGEBNSL",
            "KninAGEBNSL8",
            "ninAGEBNSL8V",
            "inAGEBNS",
            "nAGEBNSL",
            "AGEBNSL8",
            "GEBNSL8V",
            "EBNS",
            "BNSL",
            "NSL8",
            "SL8V",
            "Reve",
            "ever",
            "vers",
            "erse",
            "lqN2G0KExuMfavIZ",
            "qN2G0KExuMfavIZH",
            "N2G0KExuMfavIZHC",
            "2G0KExuMfavIZHCA",
            "G0KExuMfavIZ",
            "0KExuMfavIZH",
            "KExuMfavIZHC",
            "ExuMfavIZHCA",
            "xuMfavIZ",
            "uMfavIZH",
            "MfavIZHC",
            "favIZHCA",
            "avIZ",
            "vIZH",
            "IZHC",
            "ZHCA",
            "ccAyUVKZOeYYLG2l",
            "cAyUVKZOeYYLG2ln",
            "AyUVKZOeYYLG2lnD",
            "yUVKZOeYYLG2lnDX",
            "UVKZOeYYLG2l",
            "VKZOeYYLG2ln",
            "KZOeYYLG2lnD",
            "ZOeYYLG2lnDX",
            "OeYYLG2l",
            "eYYLG2ln",
            "YYLG2lnD",
            "YLG2lnDX",
            "LG2l",
            "G2ln",
            "2lnD",
            "lnDX",
            "GetPublicKeyToke",
            "etPublicKeyToken",
            "tPublicKeyTo",
            "PublicKeyTok",
            "ublicKeyToke",
            "blicKeyToken",
            "licKeyTo",
            "icKeyTok",
            "cKeyToke",
            "KeyToken",
            "eyTo",
            "yTok",
            "Q0ywkXK70Gc3cl8X",
            "0ywkXK70Gc3cl8X6",
            "ywkXK70Gc3cl8X68",
            "wkXK70Gc3cl8X68X",
            "kXK70Gc3cl8X",
            "XK70Gc3cl8X6",
            "K70Gc3cl8X68",
            "70Gc3cl8X68X",
            "0Gc3cl8X",
            "Gc3cl8X6",
            "c3cl8X68",
            "3cl8X68X",
            "cl8X",
            "l8X6",
            "8X68",
            "X68X",
            "xJXEMLKWNieklTtV",
            "JXEMLKWNieklTtVr",
            "XEMLKWNieklTtVre",
            "EMLKWNieklTtVreD",
            "MLKWNieklTtV",
            "LKWNieklTtVr",
            "KWNieklTtVre",
            "WNieklTtVreD",
            "NieklTtV",
            "ieklTtVr",
            "eklTtVre",
            "klTtVreD",
            "lTtV",
            "TtVr",
            "tVre",
            "VreD",
            "CipherMo",
            "ipherMod",
            "pherMode",
            "herM",
            "erMo",
            "rMod",
            "qhflmHKNKhLXQsnM",
            "hflmHKNKhLXQsnMM",
            "flmHKNKhLXQsnMMM",
            "lmHKNKhLXQsnMMMV",
            "mHKNKhLXQsnM",
            "HKNKhLXQsnMM",
            "KNKhLXQsnMMM",
            "NKhLXQsnMMMV",
            "KhLXQsnM",
            "hLXQsnMM",
            "LXQsnMMM",
            "XQsnMMMV",
            "QsnM",
            "snMM",
            "nMMM",
            "MMMV",
            "RAECwXKsB5PKXan6",
            "AECwXKsB5PKXan6H",
            "ECwXKsB5PKXan6HH",
            "CwXKsB5PKXan6HHG",
            "wXKsB5PKXan6",
            "XKsB5PKXan6H",
            "KsB5PKXan6HH",
            "sB5PKXan6HHG",
            "B5PKXan6",
            "5PKXan6H",
            "PKXan6HH",
            "KXan6HHG",
            "Xan6",
            "an6H",
            "n6HH",
            "6HHG",
            "TYMBMAK68Q9Tq6wW",
            "YMBMAK68Q9Tq6wWS",
            "MBMAK68Q9Tq6wWS7",
            "BMAK68Q9Tq6wWS7y",
            "MAK68Q9Tq6wW",
            "AK68Q9Tq6wWS",
            "K68Q9Tq6wWS7",
            "68Q9Tq6wWS7y",
            "8Q9Tq6wW",
            "Q9Tq6wWS",
            "9Tq6wWS7",
            "Tq6wWS7y",
            "q6wW",
            "6wWS",
            "wWS7",
            "WS7y",
            "XQpm33KhUJadrxqZ",
            "Qpm33KhUJadrxqZS",
            "pm33KhUJadrxqZSI",
            "m33KhUJadrxqZSIm",
            "33KhUJadrxqZ",
            "3KhUJadrxqZS",
            "KhUJadrxqZSI",
            "hUJadrxqZSIm",
            "UJadrxqZ",
            "JadrxqZS",
            "adrxqZSI",
            "drxqZSIm",
            "rxqZ",
            "xqZS",
            "qZSI",
            "ZSIm",
            "FlushFinalBl",
            "lushFinalBlo",
            "ushFinalBloc",
            "shFinalBlock",
            "hFinalBl",
            "FinalBlo",
            "inalBloc",
            "nalBlock",
            "alBl",
            "lBlo",
            "bfFCfXKBIs1QCilS",
            "fFCfXKBIs1QCilSt",
            "FCfXKBIs1QCilSt3",
            "CfXKBIs1QCilSt37",
            "fXKBIs1QCilS",
            "XKBIs1QCilSt",
            "KBIs1QCilSt3",
            "BIs1QCilSt37",
            "Is1QCilS",
            "s1QCilSt",
            "1QCilSt3",
            "QCilSt37",
            "CilS",
            "ilSt",
            "lSt3",
            "St37",
            "Vn4PLCKKlgZ3yAnV",
            "n4PLCKKlgZ3yAnV0",
            "4PLCKKlgZ3yAnV01",
            "PLCKKlgZ3yAnV01U",
            "LCKKlgZ3yAnV",
            "CKKlgZ3yAnV0",
            "KKlgZ3yAnV01",
            "KlgZ3yAnV01U",
            "lgZ3yAnV",
            "gZ3yAnV0",
            "Z3yAnV01",
            "3yAnV01U",
            "yAnV",
            "AnV0",
            "nV01",
            "V01U",
            "hJrTdRKUCJfQy5ih",
            "JrTdRKUCJfQy5ih3",
            "rTdRKUCJfQy5ih3w",
            "TdRKUCJfQy5ih3wd",
            "dRKUCJfQy5ih",
            "RKUCJfQy5ih3",
            "KUCJfQy5ih3w",
            "UCJfQy5ih3wd",
            "CJfQy5ih",
            "JfQy5ih3",
            "fQy5ih3w",
            "Qy5ih3wd",
            "y5ih",
            "5ih3",
            "ih3w",
            "h3wd",
            "EntryPoi",
            "ntryPoin",
            "tryPoint",
            "ryPo",
            "yPoi",
            "zTCSeZKrw5PThQ9k",
            "TCSeZKrw5PThQ9ku",
            "CSeZKrw5PThQ9kux",
            "SeZKrw5PThQ9kuxF",
            "eZKrw5PThQ9k",
            "ZKrw5PThQ9ku",
            "Krw5PThQ9kux",
            "rw5PThQ9kuxF",
            "w5PThQ9k",
            "5PThQ9ku",
            "PThQ9kux",
            "ThQ9kuxF",
            "hQ9k",
            "Q9ku",
            "9kux",
            "kuxF",
            "SFObT7BdNQx3OBmw",
            "FObT7BdNQx3OBmwr",
            "ObT7BdNQx3OBmwrf",
            "bT7BdNQx3OBmwrfj",
            "T7BdNQx3OBmw",
            "7BdNQx3OBmwr",
            "BdNQx3OBmwrf",
            "dNQx3OBmwrfj",
            "NQx3OBmw",
            "Qx3OBmwr",
            "x3OBmwrf",
            "3OBmwrfj",
            "OBmw",
            "Bmwr",
            "mwrf",
            "wrfj",
            "d2wIUbBCeWqr2Nlb",
            "2wIUbBCeWqr2Nlb5",
            "wIUbBCeWqr2Nlb5K",
            "IUbBCeWqr2Nlb5Kj",
            "UbBCeWqr2Nlb",
            "bBCeWqr2Nlb5",
            "BCeWqr2Nlb5K",
            "CeWqr2Nlb5Kj",
            "eWqr2Nlb",
            "Wqr2Nlb5",
            "qr2Nlb5K",
            "r2Nlb5Kj",
            "2Nlb",
            "Nlb5",
            "lb5K",
            "b5Kj",
            "WyFsCTLJ5QqUnPiI",
            "yFsCTLJ5QqUnPiIY",
            "FsCTLJ5QqUnPiIYf",
            "sCTLJ5QqUnPiIYfI",
            "CTLJ5QqUnPiI",
            "TLJ5QqUnPiIY",
            "LJ5QqUnPiIYf",
            "J5QqUnPiIYfI",
            "5QqUnPiI",
            "QqUnPiIY",
            "qUnPiIYf",
            "UnPiIYfI",
            "nPiI",
            "PiIY",
            "iIYf",
            "IYfI",
            "du9curL8hdgUrEbG",
            "u9curL8hdgUrEbGZ",
            "9curL8hdgUrEbGZU",
            "curL8hdgUrEbGZUr",
            "urL8hdgUrEbG",
            "rL8hdgUrEbGZ",
            "L8hdgUrEbGZU",
            "8hdgUrEbGZUr",
            "hdgUrEbG",
            "dgUrEbGZ",
            "gUrEbGZU",
            "UrEbGZUr",
            "rEbG",
            "EbGZ",
            "bGZU",
            "GZUr",
            "j2IhntLStUmqMX05",
            "2IhntLStUmqMX05e",
            "IhntLStUmqMX05eH",
            "hntLStUmqMX05eHp",
            "ntLStUmqMX05",
            "tLStUmqMX05e",
            "LStUmqMX05eH",
            "StUmqMX05eHp",
            "tUmqMX05",
            "UmqMX05e",
            "mqMX05eH",
            "qMX05eHp",
            "MX05",
            "X05e",
            "05eH",
            "5eHp",
            "UOsYX6nqjBtcgwV3",
            "OsYX6nqjBtcgwV3o",
            "sYX6nqjBtcgwV3oI",
            "YX6nqjBtcgwV3oIb",
            "X6nqjBtcgwV3",
            "6nqjBtcgwV3o",
            "nqjBtcgwV3oI",
            "qjBtcgwV3oIb",
            "jBtcgwV3",
            "BtcgwV3o",
            "tcgwV3oI",
            "cgwV3oIb",
            "gwV3",
            "wV3o",
            "V3oI",
            "3oIb",
            "yIanYXFt",
            "IanYXFt9",
            "anYXFt9g",
            "nYXF",
            "YXFt",
            "XFt9",
            "Ft9g",
            "CreateEncryp",
            "reateEncrypt",
            "eateEncrypto",
            "ateEncryptor",
            "teEncryp",
            "eEncrypt",
            "Encrypto",
            "ncryptor",
            "ToBase64Stri",
            "oBase64Strin",
            "classthi",
            "lassthis",
            "asst",
            "ssth",
            "sthi",
            "this",
            "comp",
            "info",
            "flag",
            "nativeEn",
            "ativeEnt",
            "tiveEntr",
            "iveEntry",
            "veEn",
            "eEnt",
            "Entr",
            "ntry",
            "nativeSizeOfCode",
            "ativeSizeOfC",
            "tiveSizeOfCo",
            "iveSizeOfCod",
            "veSizeOfCode",
            "eSizeOfC",
            "SizeOfCo",
            "izeOfCod",
            "zeOfCode",
            "eOfC",
            "OfCo",
            "fCod",
            "tnAn34G0",
            "nAn34G0A",
            "An34G0AN",
            "n34G",
            "34G0",
            "4G0A",
            "G0AN",
            "nb3nyl2p",
            "b3nyl2pu",
            "3nyl2puH",
            "nyl2",
            "yl2p",
            "l2pu",
            "2puH",
            "AGJngIyr",
            "GJngIyrb",
            "JngIyrbt",
            "ngIy",
            "gIyr",
            "Iyrb",
            "yrbt",
            "KCFlcDdR",
            "CFlcDdR6",
            "FlcDdR6L",
            "lcDd",
            "cDdR",
            "DdR6",
            "dR6L",
            "EANnJx5j",
            "ANnJx5j0",
            "NnJx5j0h",
            "nJx5",
            "Jx5j",
            "x5j0",
            "5j0h",
            "rrCn8HJ5",
            "rCn8HJ5O",
            "Cn8HJ5Ox",
            "n8HJ",
            "8HJ5",
            "HJ5O",
            "J5Ox",
            "G3mnSLIk",
            "3mnSLIku",
            "mnSLIkus",
            "nSLI",
            "SLIk",
            "LIku",
            "Ikus",
            "ReadInt3",
            "eadInt32",
            "adIn",
            "dInt",
            "cvBncy6o",
            "vBncy6oE",
            "Bncy6oEJ",
            "ncy6",
            "cy6o",
            "y6oE",
            "6oEJ",
            "hMod",
            "lpNa",
            "pNam",
            "lpTy",
            "pTyp",
            "lpAddres",
            "pAddress",
            "dwSi",
            "wSiz",
            "flAllocationType",
            "lAllocationT",
            "AllocationTy",
            "llocationTyp",
            "locationType",
            "ocationT",
            "cationTy",
            "ationTyp",
            "tionType",
            "ionT",
            "onTy",
            "flProtec",
            "lProtect",
            "Prot",
            "rote",
            "otec",
            "tect",
            "hProcess",
            "Proc",
            "roce",
            "oces",
            "lpBaseAddres",
            "pBaseAddress",
            "BaseAddr",
            "aseAddre",
            "seAddres",
            "eAddress",
            "buff",
            "uffe",
            "ffer",
            "size",
            "lpNumberOfBytesWritt",
            "pNumberOfBytesWritte",
            "NumberOfBytesWritten",
            "umberOfBytesWrit",
            "mberOfBytesWritt",
            "berOfBytesWritte",
            "erOfBytesWritten",
            "rOfBytesWrit",
            "OfBytesWritt",
            "fBytesWritte",
            "BytesWritten",
            "ytesWrit",
            "tesWritt",
            "esWritte",
            "sWritten",
            "ritt",
            "itte",
            "tten",
            "flNewProtect",
            "lNewProt",
            "NewProte",
            "ewProtec",
            "wProtect",
            "lpflOldProte",
            "pflOldProtec",
            "flOldProtect",
            "lOldProt",
            "OldProte",
            "ldProtec",
            "dProtect",
            "dwDesiredAcc",
            "wDesiredAcce",
            "DesiredAcces",
            "esiredAccess",
            "siredAcc",
            "iredAcce",
            "redAcces",
            "edAccess",
            "dAcc",
            "bInheritHand",
            "InheritHandl",
            "nheritHandle",
            "heritHan",
            "eritHand",
            "ritHandl",
            "itHandle",
            "dwProces",
            "wProcess",
            "ProcessI",
            "rocessId",
            "essI",
            "ssId",
            "valu",
            "CwrnicIa",
            "wrnicIa9",
            "rnicIa9T",
            "nicI",
            "icIa",
            "cIa9",
            "Ia9T",
            "HEy5wMGu",
            "Ey5wMGuJ",
            "y5wMGuJY",
            "5wMG",
            "wMGu",
            "MGuJ",
            "GuJY",
            "phFESeB4",
            "hFESeB4L",
            "FESeB4L3",
            "ESeB",
            "SeB4",
            "eB4L",
            "B4L3",
            "D6iEcs6w",
            "6iEcs6wq",
            "iEcs6wqH",
            "Ecs6",
            "cs6w",
            "s6wq",
            "6wqH",
            "gq1EgOyX",
            "q1EgOyXl",
            "1EgOyXl2",
            "EgOy",
            "gOyX",
            "OyXl",
            "yXl2",
            "Qa3EFsRx",
            "a3EFsRxn",
            "3EFsRxnc",
            "EFsR",
            "FsRx",
            "sRxn",
            "Rxnc",
            "yI7EaD7c",
            "I7EaD7ci",
            "7EaD7ci6",
            "EaD7",
            "aD7c",
            "D7ci",
            "7ci6",
            "Im8E0cL5",
            "m8E0cL5B",
            "8E0cL5BO",
            "E0cL",
            "0cL5",
            "cL5B",
            "L5BO",
            "hqcEA8lt",
            "qcEA8ltn",
            "cEA8ltn2",
            "EA8l",
            "A8lt",
            "8ltn",
            "ltn2",
            "BRgEOiGc",
            "RgEOiGcw",
            "gEOiGcwI",
            "OiGc",
            "iGcw",
            "GcwI",
            "ijkEoThw",
            "jkEoThw7",
            "kEoThw7F",
            "EoTh",
            "oThw",
            "Thw7",
            "hw7F",
            "mbiEj4eq",
            "biEj4eqr",
            "iEj4eqrO",
            "Ej4e",
            "j4eq",
            "4eqr",
            "eqrO",
            "i69EbM53",
            "69EbM53O",
            "9EbM53Og",
            "EbM5",
            "bM53",
            "M53O",
            "53Og",
            "hFPEQ07X",
            "FPEQ07XS",
            "PEQ07XSj",
            "EQ07",
            "Q07X",
            "07XS",
            "7XSj",
            "wpQEiiYl",
            "pQEiiYlq",
            "QEiiYlqT",
            "EiiY",
            "iiYl",
            "iYlq",
            "YlqT",
            "N4xEtEjM",
            "4xEtEjM3",
            "xEtEjM3I",
            "EtEj",
            "tEjM",
            "EjM3",
            "jM3I",
            "UXgEdxr6",
            "XgEdxr6J",
            "gEdxr6Jl",
            "Edxr",
            "dxr6",
            "xr6J",
            "r6Jl",
            "MCYdB9RVO7JM1IMc",
            "CYdB9RVO7JM1IMcC",
            "YdB9RVO7JM1IMcCP",
            "dB9RVO7JM1IMcCPc",
            "B9RVO7JM1IMc",
            "9RVO7JM1IMcC",
            "RVO7JM1IMcCP",
            "VO7JM1IMcCPc",
            "O7JM1IMc",
            "7JM1IMcC",
            "JM1IMcCP",
            "M1IMcCPc",
            "1IMc",
            "IMcC",
            "McCP",
            "cCPc",
            "yEKEIT9i",
            "EKEIT9iw",
            "KEIT9iwd",
            "EIT9",
            "IT9i",
            "T9iw",
            "9iwd",
            "YdBELiOT",
            "dBELiOTB",
            "BELiOTBx",
            "ELiO",
            "LiOT",
            "iOTB",
            "OTBx",
            "P7nER3EM",
            "7nER3EMB",
            "nER3EMBI",
            "ER3E",
            "R3EM",
            "3EMB",
            "EMBI",
            "HMrEfTTD",
            "MrEfTTD1",
            "rEfTTD1e",
            "EfTT",
            "fTTD",
            "TTD1",
            "TD1e",
            "KvAE5FBi",
            "vAE5FBi7",
            "AE5FBi7A",
            "E5FB",
            "5FBi",
            "FBi7",
            "Bi7A",
            "bIfEDVRv",
            "IfEDVRvL",
            "fEDVRvLp",
            "EDVR",
            "DVRv",
            "VRvL",
            "RvLp",
            "B1SEmhH1",
            "1SEmhH1X",
            "SEmhH1X9",
            "EmhH",
            "mhH1",
            "hH1X",
            "H1X9",
            "IiBEvZKm",
            "iBEvZKmG",
            "BEvZKmGD",
            "EvZK",
            "vZKm",
            "ZKmG",
            "KmGD",
            "pq6E4dNi",
            "q6E4dNib",
            "6E4dNibH",
            "E4dN",
            "4dNi",
            "dNib",
            "NibH",
            "eTuEXb5i",
            "TuEXb5iy",
            "uEXb5iy9",
            "EXb5",
            "Xb5i",
            "b5iy",
            "5iy9",
            "RuntimeMethodHan",
            "untimeMethodHand",
            "ntimeMethodHandl",
            "timeMethodHandle",
            "imeMethodHan",
            "meMethodHand",
            "eMethodHandl",
            "MethodHandle",
            "ethodHan",
            "thodHand",
            "hodHandl",
            "odHandle",
            "wsaE1Ibs",
            "saE1Ibsq",
            "aE1IbsqY",
            "E1Ib",
            "1Ibs",
            "Ibsq",
            "bsqY",
            "ThoE9v6o",
            "hoE9v6oq",
            "oE9v6oqu",
            "E9v6",
            "9v6o",
            "v6oq",
            "6oqu",
            "NotSupportedExceptio",
            "otSupportedException",
            "tSupportedExcept",
            "SupportedExcepti",
            "upportedExceptio",
            "pportedException",
            "portedExcept",
            "ortedExcepti",
            "rtedExceptio",
            "tedException",
            "edExcept",
            "dExcepti",
            "s8PEqMWu",
            "8PEqMWuI",
            "PEqMWuIp",
            "EqMW",
            "qMWu",
            "MWuI",
            "WuIp",
            "E2KEkM7P",
            "2KEkM7PJ",
            "KEkM7PJI",
            "EkM7",
            "kM7P",
            "M7PJ",
            "7PJI",
            "mN1EYt05",
            "N1EYt05p",
            "1EYt05pb",
            "EYt0",
            "Yt05",
            "t05p",
            "05pb",
            "YZxE2QwF",
            "ZxE2QwFu",
            "xE2QwFuG",
            "E2Qw",
            "2QwF",
            "QwFu",
            "wFuG",
            "wvUfIFEu29WgjAMb",
            "vUfIFEu29WgjAMb7",
            "UfIFEu29WgjAMb7E",
            "fIFEu29WgjAMb7Eb",
            "IFEu29WgjAMb",
            "FEu29WgjAMb7",
            "Eu29WgjAMb7E",
            "u29WgjAMb7Eb",
            "29WgjAMb",
            "9WgjAMb7",
            "WgjAMb7E",
            "gjAMb7Eb",
            "jAMb",
            "AMb7",
            "Mb7E",
            "b7Eb",
            "SByt",
            "Sing",
            "ingl",
            "ngle",
            "Doub",
            "oubl",
            "uble",
            "Char",
            "Comparis",
            "ompariso",
            "mparison",
            "pari",
            "aris",
            "riso",
            "ison",
            "aO83AL6F",
            "O83AL6Fa",
            "83AL6Fau",
            "3AL6",
            "AL6F",
            "L6Fa",
            "6Fau",
            "Sort",
            "KxqEwUvg",
            "xqEwUvgs",
            "qEwUvgsI",
            "EwUv",
            "wUvg",
            "Uvgs",
            "vgsI",
            "licE3V4O",
            "icE3V4OM",
            "cE3V4OMe",
            "E3V4",
            "3V4O",
            "V4OM",
            "4OMe",
            "wVfqVNEyRMnxw8G9",
            "VfqVNEyRMnxw8G9k",
            "fqVNEyRMnxw8G9kM",
            "qVNEyRMnxw8G9kM4",
            "VNEyRMnxw8G9",
            "NEyRMnxw8G9k",
            "EyRMnxw8G9kM",
            "yRMnxw8G9kM4",
            "RMnxw8G9",
            "Mnxw8G9k",
            "nxw8G9kM",
            "xw8G9kM4",
            "w8G9",
            "8G9k",
            "G9kM",
            "9kM4",
            "wPuEp6SG",
            "PuEp6SG2",
            "uEp6SG26",
            "Ep6S",
            "p6SG",
            "6SG2",
            "SG26",
            "VkDEJGwi",
            "kDEJGwi0",
            "DEJGwi0O",
            "EJGw",
            "JGwi",
            "Gwi0",
            "wi0O",
            "pjSE86wv",
            "jSE86wvv",
            "SE86wvvN",
            "E86w",
            "86wv",
            "6wvv",
            "wvvN",
            "lVx1hTRHxIewqobb",
            "Vx1hTRHxIewqobb3",
            "x1hTRHxIewqobb3G",
            "1hTRHxIewqobb3GJ",
            "hTRHxIewqobb",
            "TRHxIewqobb3",
            "RHxIewqobb3G",
            "HxIewqobb3GJ",
            "xIewqobb",
            "Iewqobb3",
            "ewqobb3G",
            "wqobb3GJ",
            "qobb",
            "obb3",
            "bb3G",
            "b3GJ",
            "Yf9fvaRnbKHZkv3J",
            "f9fvaRnbKHZkv3J7",
            "9fvaRnbKHZkv3J7C",
            "fvaRnbKHZkv3J7C0",
            "vaRnbKHZkv3J",
            "aRnbKHZkv3J7",
            "RnbKHZkv3J7C",
            "nbKHZkv3J7C0",
            "bKHZkv3J",
            "KHZkv3J7",
            "HZkv3J7C",
            "Zkv3J7C0",
            "kv3J",
            "v3J7",
            "3J7C",
            "J7C0",
            "kXpEMRiv",
            "XpEMRivi",
            "pEMRiviV",
            "EMRi",
            "MRiv",
            "Rivi",
            "iviV",
            "MaEExkZN",
            "aEExkZNQ",
            "EExkZNQc",
            "ExkZ",
            "xkZN",
            "kZNQ",
            "ZNQc",
            "TFxEzOYU",
            "FxEzOYU9",
            "xEzOYU99",
            "EzOY",
            "zOYU",
            "OYU9",
            "YU99",
            "heWZVe2E",
            "eWZVe2ET",
            "WZVe2ETX",
            "ZVe2",
            "Ve2E",
            "e2ET",
            "2ETX",
            "iEaZH5v9",
            "EaZH5v9A",
            "aZH5v9AX",
            "ZH5v",
            "H5v9",
            "5v9A",
            "v9AX",
            "aoIZn8Fy",
            "oIZn8Fyj",
            "IZn8Fyjy",
            "Zn8F",
            "n8Fy",
            "8Fyj",
            "Fyjy",
            "DkVZN0Y5",
            "kVZN0Y5H",
            "VZN0Y5Hv",
            "ZN0Y",
            "N0Y5",
            "0Y5H",
            "Y5Hv",
            "LGhZs1a9",
            "GhZs1a9F",
            "hZs1a9FW",
            "Zs1a",
            "s1a9",
            "1a9F",
            "a9FW",
            "VDlyUjRWJVtYu98a",
            "DlyUjRWJVtYu98aS",
            "lyUjRWJVtYu98aSP",
            "yUjRWJVtYu98aSP4",
            "UjRWJVtYu98a",
            "jRWJVtYu98aS",
            "RWJVtYu98aSP",
            "WJVtYu98aSP4",
            "JVtYu98a",
            "VtYu98aS",
            "tYu98aSP",
            "Yu98aSP4",
            "u98a",
            "98aS",
            "8aSP",
            "aSP4",
            "T7MhRDMc",
            "7MhRDMcv",
            "MhRDMcvi",
            "hRDM",
            "RDMc",
            "DMcv",
            "Mcvi",
            "rHvhfZTj",
            "HvhfZTjp",
            "vhfZTjpD",
            "hfZT",
            "fZTj",
            "ZTjp",
            "TjpD",
            "PQch5BK6",
            "Qch5BK6b",
            "ch5BK6bF",
            "h5BK",
            "5BK6",
            "BK6b",
            "K6bF",
            "I7YhDMQr",
            "7YhDMQrH",
            "YhDMQrHp",
            "hDMQ",
            "DMQr",
            "MQrH",
            "QrHp",
            "uqxhmmb8",
            "qxhmmb8H",
            "xhmmb8H3",
            "hmmb",
            "mmb8",
            "mb8H",
            "b8H3",
            "HymhvB9M",
            "ymhvB9Mu",
            "mhvB9Mu7",
            "hvB9",
            "vB9M",
            "B9Mu",
            "9Mu7",
            "VTvh44Vk",
            "Tvh44VkN",
            "vh44VkNE",
            "h44V",
            "44Vk",
            "4VkN",
            "VkNE",
            "GX8ZZZW9",
            "X8ZZZW9O",
            "8ZZZW9Ou",
            "ZZZW",
            "ZZW9",
            "ZW9O",
            "W9Ou",
            "JI6hXc6S",
            "I6hXc6SZ",
            "6hXc6SZU",
            "hXc6",
            "Xc6S",
            "c6SZ",
            "6SZU",
            "JQDh1ZSg",
            "QDh1ZSgi",
            "Dh1ZSgiw",
            "h1ZS",
            "1ZSg",
            "ZSgi",
            "Sgiw",
            "xG2h9dJc",
            "G2h9dJcH",
            "2h9dJcHa",
            "h9dJ",
            "9dJc",
            "dJcH",
            "JcHa",
            "Y4rZ7NJC",
            "4rZ7NJCy",
            "rZ7NJCyW",
            "Z7NJ",
            "7NJC",
            "NJCy",
            "JCyW",
            "LUPhqJEm",
            "UPhqJEmh",
            "PhqJEmhw",
            "hqJE",
            "qJEm",
            "JEmh",
            "Emhw",
            "Ms1hkNwy",
            "s1hkNwyv",
            "1hkNwyvm",
            "hkNw",
            "kNwy",
            "Nwyv",
            "wyvm",
            "BGLhYJO1",
            "GLhYJO1b",
            "LhYJO1b0",
            "hYJO",
            "YJO1",
            "JO1b",
            "O1b0",
            "iNCh2Oil",
            "NCh2OilS",
            "Ch2OilSm",
            "h2Oi",
            "2Oil",
            "OilS",
            "ilSm",
            "t9ahuiBh",
            "9ahuiBh1",
            "ahuiBh1J",
            "huiB",
            "uiBh",
            "iBh1",
            "Bh1J",
            "YoNhwU3w",
            "oNhwU3wp",
            "NhwU3wpo",
            "hwU3",
            "wU3w",
            "U3wp",
            "3wpo",
            "uDLh3unY",
            "DLh3unYb",
            "Lh3unYbe",
            "h3un",
            "3unY",
            "unYb",
            "nYbe",
            "esLhyDoW",
            "sLhyDoWN",
            "LhyDoWNv",
            "hyDo",
            "yDoW",
            "DoWN",
            "oWNv",
            "clNhp3Xc",
            "lNhp3XcJ",
            "Nhp3XcJE",
            "hp3X",
            "p3Xc",
            "3XcJ",
            "XcJE",
            "UrehJHGD",
            "rehJHGDD",
            "ehJHGDDd",
            "hJHG",
            "JHGD",
            "HGDD",
            "GDDd",
            "QObh8ANB",
            "Obh8ANBt",
            "bh8ANBtU",
            "h8AN",
            "8ANB",
            "ANBt",
            "NBtU",
            "QTKhS2t6",
            "TKhS2t6r",
            "KhS2t6rA",
            "hS2t",
            "S2t6",
            "2t6r",
            "t6rA",
            "Tw7hcUoa",
            "w7hcUoa7",
            "7hcUoa7j",
            "hcUo",
            "cUoa",
            "Uoa7",
            "oa7j",
            "UBAhgc9f",
            "BAhgc9f7",
            "Ahgc9f77",
            "hgc9",
            "gc9f",
            "c9f7",
            "9f77",
            "MTKhFJDd",
            "TKhFJDdj",
            "KhFJDdj4",
            "hFJD",
            "FJDd",
            "JDdj",
            "Ddj4",
            "yeShaO43",
            "eShaO43N",
            "ShaO43Nb",
            "haO4",
            "aO43",
            "O43N",
            "43Nb",
            "nC3h0gFn",
            "C3h0gFnc",
            "3h0gFnc2",
            "h0gF",
            "0gFn",
            "gFnc",
            "Fnc2",
            "k0ghA5dX",
            "0ghA5dXh",
            "ghA5dXha",
            "hA5d",
            "A5dX",
            "5dXh",
            "dXha",
            "dwahOq06",
            "wahOq06J",
            "ahOq06JD",
            "hOq0",
            "Oq06",
            "q06J",
            "06JD",
            "Xephoqhd",
            "ephoqhdF",
            "phoqhdFO",
            "hoqh",
            "oqhd",
            "qhdF",
            "hdFO",
            "QBEhjhne",
            "BEhjhneC",
            "EhjhneCg",
            "hjhn",
            "jhne",
            "hneC",
            "neCg",
            "slwhbguM",
            "lwhbguM8",
            "whbguM8j",
            "hbgu",
            "bguM",
            "guM8",
            "uM8j",
            "I8chQAHs",
            "8chQAHsa",
            "chQAHsa4",
            "hQAH",
            "QAHs",
            "AHsa",
            "Hsa4",
            "DQ2hiqeF",
            "Q2hiqeFg",
            "2hiqeFgI",
            "hiqe",
            "iqeF",
            "qeFg",
            "eFgI",
            "SZoht2am",
            "Zoht2amg",
            "oht2amg7",
            "ht2a",
            "t2am",
            "2amg",
            "amg7",
            "pFDhdFQG",
            "FDhdFQG2",
            "DhdFQG2f",
            "hdFQ",
            "dFQG",
            "FQG2",
            "QG2f",
            "bQDhCp9J",
            "QDhCp9J3",
            "DhCp9J3N",
            "hCp9",
            "Cp9J",
            "p9J3",
            "9J3N",
            "H3QhMGjs",
            "3QhMGjsa",
            "QhMGjsan",
            "hMGj",
            "MGjs",
            "Gjsa",
            "jsan",
            "cQhhxhKA",
            "QhhxhKAB",
            "hhxhKABq",
            "hxhK",
            "xhKA",
            "hKAB",
            "KABq",
            "z4JhzgW1",
            "4JhzgW1W",
            "JhzgW1Wd",
            "hzgW",
            "zgW1",
            "gW1W",
            "W1Wd",
            "VbQBVFV0",
            "bQBVFV0e",
            "QBVFV0ep",
            "BVFV",
            "VFV0",
            "FV0e",
            "V0ep",
            "SvqBH78a",
            "vqBH78aJ",
            "qBH78aJq",
            "BH78",
            "H78a",
            "78aJ",
            "8aJq",
            "YxEBnOxU",
            "xEBnOxUt",
            "EBnOxUtY",
            "BnOx",
            "nOxU",
            "OxUt",
            "xUtY",
            "XDbBE6I0",
            "DbBE6I08",
            "bBE6I08m",
            "BE6I",
            "E6I0",
            "6I08",
            "I08m",
            "KcTBZtUP",
            "cTBZtUP5",
            "TBZtUP5P",
            "BZtU",
            "ZtUP",
            "tUP5",
            "UP5P",
            "cAcB74eG",
            "AcB74eGt",
            "cB74eGtY",
            "B74e",
            "74eG",
            "4eGt",
            "eGtY",
            "g47BWrCW",
            "47BWrCWL",
            "7BWrCWLV",
            "BWrC",
            "WrCW",
            "rCWL",
            "CWLV",
            "MhDBNAux",
            "hDBNAuxe",
            "DBNAuxeb",
            "BNAu",
            "NAux",
            "Auxe",
            "uxeb",
            "aVfBstI6",
            "VfBstI61",
            "fBstI61o",
            "BstI",
            "stI6",
            "tI61",
            "I61o",
            "lTVB6Vgh",
            "TVB6VghP",
            "VB6VghP8",
            "B6Vg",
            "6Vgh",
            "VghP",
            "ghP8",
            "LNPBhmgr",
            "NPBhmgr1",
            "PBhmgr1m",
            "Bhmg",
            "hmgr",
            "mgr1",
            "gr1m",
            "pg5BBDVW",
            "g5BBDVWT",
            "5BBDVWTr",
            "BBDV",
            "BDVW",
            "DVWT",
            "VWTr",
            "UNDBKvWk",
            "NDBKvWky",
            "DBKvWkyn",
            "BKvW",
            "KvWk",
            "vWky",
            "Wkyn",
            "cqsBUclt",
            "qsBUcltj",
            "sBUcltjJ",
            "BUcl",
            "Uclt",
            "cltj",
            "ltjJ",
            "djdBreD2",
            "jdBreD2n",
            "dBreD2nB",
            "BreD",
            "reD2",
            "eD2n",
            "D2nB",
            "AZLBTSq3",
            "ZLBTSq3V",
            "LBTSq3Vl",
            "BTSq",
            "TSq3",
            "Sq3V",
            "q3Vl",
            "VTXBeTND",
            "TXBeTND2",
            "XBeTND2P",
            "BeTN",
            "eTND",
            "TND2",
            "ND2P",
            "lx0BPJp2",
            "x0BPJp2O",
            "0BPJp2On",
            "BPJp",
            "PJp2",
            "Jp2O",
            "p2On",
            "xQRBGtrf",
            "QRBGtrfv",
            "RBGtrfvf",
            "BGtr",
            "Gtrf",
            "trfv",
            "rfvf",
            "BSDBlxe8",
            "SDBlxe8c",
            "DBlxe8cU",
            "Blxe",
            "lxe8",
            "xe8c",
            "e8cU",
            "DbpBI6Nx",
            "bpBI6NxE",
            "pBI6NxEp",
            "BI6N",
            "I6Nx",
            "6NxE",
            "NxEp",
            "UjrBLSDj",
            "jrBLSDjZ",
            "rBLSDjZb",
            "BLSD",
            "LSDj",
            "SDjZ",
            "DjZb",
            "tyXBRPk2",
            "yXBRPk22",
            "XBRPk22r",
            "BRPk",
            "RPk2",
            "Pk22",
            "k22r",
            "nwFBfCVm",
            "wFBfCVmo",
            "FBfCVmok",
            "BfCV",
            "fCVm",
            "CVmo",
            "Vmok",
            "mSSB53fP",
            "SSB53fPw",
            "SB53fPwo",
            "B53f",
            "53fP",
            "3fPw",
            "fPwo",
            "xCOBDubO",
            "COBDubOP",
            "OBDubOPV",
            "BDub",
            "DubO",
            "ubOP",
            "bOPV",
            "M1IBmvpe",
            "1IBmvpeL",
            "IBmvpeLt",
            "Bmvp",
            "mvpe",
            "vpeL",
            "peLt",
            "T5RBv2ai",
            "5RBv2ai1",
            "RBv2ai19",
            "Bv2a",
            "v2ai",
            "2ai1",
            "ai19",
            "iGGB4SVB",
            "GGB4SVBV",
            "GB4SVBVT",
            "B4SV",
            "4SVB",
            "SVBV",
            "VBVT",
            "lfIBXkFa",
            "fIBXkFaT",
            "IBXkFaTA",
            "BXkF",
            "XkFa",
            "kFaT",
            "FaTA",
            "q6jB1p1x",
            "6jB1p1xd",
            "jB1p1xdK",
            "B1p1",
            "1p1x",
            "p1xd",
            "1xdK",
            "YnRBqZa3",
            "nRBqZa3h",
            "RBqZa3he",
            "BqZa",
            "qZa3",
            "Za3h",
            "a3he",
            "JPRBkZ3X",
            "PRBkZ3Xi",
            "RBkZ3Xiq",
            "BkZ3",
            "kZ3X",
            "Z3Xi",
            "3Xiq",
            "iadBYjR0",
            "adBYjR0i",
            "dBYjR0io",
            "BYjR",
            "YjR0",
            "jR0i",
            "R0io",
            "SZNZW5LI",
            "ZNZW5LId",
            "NZW5LIdc",
            "ZW5L",
            "W5LI",
            "5LId",
            "LIdc",
            "tPqB2CUZ",
            "PqB2CUZt",
            "qB2CUZtI",
            "B2CU",
            "2CUZ",
            "CUZt",
            "UZtI",
            "PFYBuqfI",
            "FYBuqfIs",
            "YBuqfIsR",
            "Buqf",
            "uqfI",
            "qfIs",
            "fIsR",
            "BtiBwAxn",
            "tiBwAxn3",
            "iBwAxn3L",
            "BwAx",
            "wAxn",
            "Axn3",
            "xn3L",
            "CuFB35NG",
            "uFB35NGP",
            "FB35NGPq",
            "B35N",
            "35NG",
            "5NGP",
            "NGPq",
            "uXmBySeI",
            "XmBySeIv",
            "mBySeIvF",
            "BySe",
            "ySeI",
            "SeIv",
            "eIvF",
            "O4UBp22y",
            "4UBp22yb",
            "UBp22ybk",
            "Bp22",
            "p22y",
            "22yb",
            "2ybk",
            "DU2BJK3o",
            "U2BJK3or",
            "2BJK3orI",
            "BJK3",
            "JK3o",
            "K3or",
            "3orI",
            "lgYB8MHO",
            "gYB8MHOo",
            "YB8MHOo2",
            "B8MH",
            "8MHO",
            "MHOo",
            "HOo2",
            "veHBSOQQ",
            "eHBSOQQS",
            "HBSOQQSU",
            "BSOQ",
            "SOQQ",
            "OQQS",
            "QQSU",
            "k87bpRRNCEDLpvU4",
            "87bpRRNCEDLpvU4p",
            "7bpRRNCEDLpvU4pO",
            "bpRRNCEDLpvU4pOT",
            "pRRNCEDLpvU4",
            "RRNCEDLpvU4p",
            "RNCEDLpvU4pO",
            "NCEDLpvU4pOT",
            "CEDLpvU4",
            "EDLpvU4p",
            "DLpvU4pO",
            "LpvU4pOT",
            "pvU4",
            "vU4p",
            "U4pO",
            "4pOT",
            "M7JsoiRsXv6SGMtT",
            "7JsoiRsXv6SGMtTX",
            "JsoiRsXv6SGMtTXC",
            "soiRsXv6SGMtTXCd",
            "oiRsXv6SGMtT",
            "iRsXv6SGMtTX",
            "RsXv6SGMtTXC",
            "sXv6SGMtTXCd",
            "Xv6SGMtT",
            "v6SGMtTX",
            "6SGMtTXC",
            "SGMtTXCd",
            "GMtT",
            "MtTX",
            "tTXC",
            "TXCd",
            "VByZhnuM",
            "ByZhnuMn",
            "yZhnuMnS",
            "Zhnu",
            "hnuM",
            "nuMn",
            "uMnS",
            "rufZBX3s",
            "ufZBX3sP",
            "fZBX3sPp",
            "ZBX3",
            "BX3s",
            "X3sP",
            "3sPp",
            "lo9ZK5ns",
            "o9ZK5nsr",
            "9ZK5nsrH",
            "ZK5n",
            "K5ns",
            "5nsr",
            "nsrH",
            "cHaZUFMj",
            "HaZUFMjt",
            "aZUFMjtx",
            "ZUFM",
            "UFMj",
            "FMjt",
            "Mjtx",
            "lerZreo2",
            "erZreo2u",
            "rZreo2uB",
            "Zreo",
            "reo2",
            "eo2u",
            "o2uB",
            "mbqZTFZT",
            "bqZTFZTS",
            "qZTFZTS3",
            "ZTFZ",
            "TFZT",
            "FZTS",
            "ZTS3",
            "QnkZewau",
            "nkZewauU",
            "kZewauUA",
            "Zewa",
            "ewau",
            "wauU",
            "auUA",
            "dUrZP3wk",
            "UrZP3wk7",
            "rZP3wk7E",
            "ZP3w",
            "P3wk",
            "3wk7",
            "wk7E",
            "i7GZRmlB",
            "7GZRmlBm",
            "GZRmlBmN",
            "ZRml",
            "RmlB",
            "mlBm",
            "lBmN",
            "RISZfVfp",
            "ISZfVfpm",
            "SZfVfpm9",
            "ZfVf",
            "fVfp",
            "Vfpm",
            "fpm9",
            "JuiOVhRKbrpT5boa",
            "uiOVhRKbrpT5boaJ",
            "iOVhRKbrpT5boaJx",
            "OVhRKbrpT5boaJx2",
            "VhRKbrpT5boa",
            "hRKbrpT5boaJ",
            "RKbrpT5boaJx",
            "KbrpT5boaJx2",
            "brpT5boa",
            "rpT5boaJ",
            "pT5boaJx",
            "T5boaJx2",
            "5boa",
            "boaJ",
            "oaJx",
            "aJx2",
            "nA0Zl5nx",
            "A0Zl5nxq",
            "0Zl5nxqK",
            "Zl5n",
            "l5nx",
            "5nxq",
            "nxqK",
            "aANZIXAJ",
            "ANZIXAJ3",
            "NZIXAJ3V",
            "ZIXA",
            "IXAJ",
            "XAJ3",
            "AJ3V",
            "mLyZL9lD",
            "LyZL9lD8",
            "yZL9lD8I",
            "ZL9l",
            "L9lD",
            "9lD8",
            "lD8I",
            "grjFKrRUpMTbGmDK",
            "rjFKrRUpMTbGmDKC",
            "jFKrRUpMTbGmDKCQ",
            "FKrRUpMTbGmDKCQM",
            "KrRUpMTbGmDK",
            "rRUpMTbGmDKC",
            "RUpMTbGmDKCQ",
            "UpMTbGmDKCQM",
            "pMTbGmDK",
            "MTbGmDKC",
            "TbGmDKCQ",
            "bGmDKCQM",
            "GmDK",
            "mDKC",
            "DKCQ",
            "KCQM",
            "DIuyfJRr0SJmN9lS",
            "IuyfJRr0SJmN9lSs",
            "uyfJRr0SJmN9lSsg",
            "yfJRr0SJmN9lSsg0",
            "fJRr0SJmN9lS",
            "JRr0SJmN9lSs",
            "Rr0SJmN9lSsg",
            "r0SJmN9lSsg0",
            "0SJmN9lS",
            "SJmN9lSs",
            "JmN9lSsg",
            "mN9lSsg0",
            "N9lS",
            "9lSs",
            "lSsg",
            "Ssg0",
            "RnNZwTyw",
            "nNZwTywD",
            "NZwTywDV",
            "ZwTy",
            "wTyw",
            "TywD",
            "ywDV",
            "kv7Z3FA0",
            "v7Z3FA0m",
            "7Z3FA0m4",
            "Z3FA",
            "3FA0",
            "FA0m",
            "A0m4",
            "sZeO0iRT9upBM1q6",
            "ZeO0iRT9upBM1q67",
            "eO0iRT9upBM1q67R",
            "O0iRT9upBM1q67RS",
            "0iRT9upBM1q6",
            "iRT9upBM1q67",
            "RT9upBM1q67R",
            "T9upBM1q67RS",
            "9upBM1q6",
            "upBM1q67",
            "pBM1q67R",
            "BM1q67RS",
            "M1q6",
            "1q67",
            "q67R",
            "67RS",
            "GaVZDTAR",
            "aVZDTARi",
            "VZDTARiX",
            "ZDTA",
            "DTAR",
            "TARi",
            "ARiX",
            "CUKBcwvy",
            "UKBcwvyK",
            "KBcwvyKi",
            "Bcwv",
            "cwvy",
            "wvyK",
            "vyKi",
            "eb1ZmpRK",
            "b1ZmpRK4",
            "1ZmpRK4W",
            "ZmpR",
            "mpRK",
            "pRK4",
            "RK4W",
            "LDlZvh9q",
            "DlZvh9qG",
            "lZvh9qGQ",
            "Zvh9",
            "vh9q",
            "h9qG",
            "9qGQ",
            "qTIZ4Myk",
            "TIZ4Myks",
            "IZ4MyksM",
            "Z4My",
            "4Myk",
            "Myks",
            "yksM",
            "EZmZXI2a",
            "ZmZXI2aS",
            "mZXI2aSN",
            "ZXI2",
            "XI2a",
            "I2aS",
            "2aSN",
            "zJFZ1PvO",
            "JFZ1PvO9",
            "FZ1PvO9v",
            "Z1Pv",
            "1PvO",
            "PvO9",
            "vO9v",
            "LoiZ9D2p",
            "oiZ9D2pZ",
            "iZ9D2pZk",
            "Z9D2",
            "9D2p",
            "D2pZ",
            "2pZk",
            "QvDZqlfG",
            "vDZqlfG5",
            "DZqlfG52",
            "Zqlf",
            "qlfG",
            "lfG5",
            "fG52",
            "ajZZkZ3N",
            "jZZkZ3NS",
            "ZZkZ3NSZ",
            "ZkZ3",
            "kZ3N",
            "Z3NS",
            "3NSZ",
            "OGhZY2CY",
            "GhZY2CYb",
            "hZY2CYb5",
            "ZY2C",
            "Y2CY",
            "2CYb",
            "CYb5",
            "ra1Z2SSq",
            "a1Z2SSq3",
            "1Z2SSq3u",
            "Z2SS",
            "2SSq",
            "SSq3",
            "Sq3u",
            "PeQZu0uM",
            "eQZu0uMY",
            "QZu0uMYb",
            "Zu0u",
            "u0uM",
            "0uMY",
            "uMYb",
            "LADLQYReYsFOfSIW",
            "ADLQYReYsFOfSIW9",
            "DLQYReYsFOfSIW9f",
            "LQYReYsFOfSIW9fb",
            "QYReYsFOfSIW",
            "YReYsFOfSIW9",
            "ReYsFOfSIW9f",
            "eYsFOfSIW9fb",
            "YsFOfSIW",
            "sFOfSIW9",
            "FOfSIW9f",
            "OfSIW9fb",
            "fSIW",
            "SIW9",
            "IW9f",
            "W9fb",
            "SuGi1JRPyecpelLF",
            "uGi1JRPyecpelLFI",
            "Gi1JRPyecpelLFIL",
            "i1JRPyecpelLFILJ",
            "1JRPyecpelLF",
            "JRPyecpelLFI",
            "RPyecpelLFIL",
            "PyecpelLFILJ",
            "yecpelLF",
            "ecpelLFI",
            "cpelLFIL",
            "pelLFILJ",
            "elLF",
            "lLFI",
            "LFIL",
            "FILJ",
            "M53iVSRGDot6Bf2v",
            "53iVSRGDot6Bf2vw",
            "3iVSRGDot6Bf2vwP",
            "iVSRGDot6Bf2vwPp",
            "VSRGDot6Bf2v",
            "SRGDot6Bf2vw",
            "RGDot6Bf2vwP",
            "GDot6Bf2vwPp",
            "Dot6Bf2v",
            "ot6Bf2vw",
            "t6Bf2vwP",
            "6Bf2vwPp",
            "Bf2v",
            "f2vw",
            "2vwP",
            "vwPp",
            "leYBgoeq",
            "eYBgoeqM",
            "YBgoeqMB",
            "Bgoe",
            "goeq",
            "oeqM",
            "eqMB",
            "wxdKhURl9m6q2oNl",
            "xdKhURl9m6q2oNlw",
            "dKhURl9m6q2oNlwD",
            "KhURl9m6q2oNlwDT",
            "hURl9m6q2oNl",
            "URl9m6q2oNlw",
            "Rl9m6q2oNlwD",
            "l9m6q2oNlwDT",
            "9m6q2oNl",
            "m6q2oNlw",
            "6q2oNlwD",
            "q2oNlwDT",
            "2oNl",
            "oNlw",
            "NlwD",
            "lwDT",
            "WDtdbmRI7UkcjQja",
            "DtdbmRI7UkcjQja7",
            "tdbmRI7UkcjQja7a",
            "dbmRI7UkcjQja7ax",
            "bmRI7UkcjQja",
            "mRI7UkcjQja7",
            "RI7UkcjQja7a",
            "I7UkcjQja7ax",
            "7UkcjQja",
            "UkcjQja7",
            "kcjQja7a",
            "cjQja7ax",
            "jQja",
            "Qja7",
            "ja7a",
            "a7ax",
            "XmOZJhvt",
            "mOZJhvtB",
            "OZJhvtB0",
            "ZJhv",
            "Jhvt",
            "hvtB",
            "vtB0",
            "WWEZ82AZ",
            "WEZ82AZF",
            "EZ82AZFO",
            "Z82A",
            "82AZ",
            "2AZF",
            "AZFO",
            "e0llrHRLD8SAj5dl",
            "0llrHRLD8SAj5dla",
            "llrHRLD8SAj5dlaN",
            "lrHRLD8SAj5dlaN6",
            "rHRLD8SAj5dl",
            "HRLD8SAj5dla",
            "RLD8SAj5dlaN",
            "LD8SAj5dlaN6",
            "D8SAj5dl",
            "8SAj5dla",
            "SAj5dlaN",
            "Aj5dlaN6",
            "j5dl",
            "5dla",
            "dlaN",
            "laN6",
            "XBRkn5RRtBrxOhp6",
            "BRkn5RRtBrxOhp6H",
            "Rkn5RRtBrxOhp6HQ",
            "kn5RRtBrxOhp6HQB",
            "n5RRtBrxOhp6",
            "5RRtBrxOhp6H",
            "RRtBrxOhp6HQ",
            "RtBrxOhp6HQB",
            "tBrxOhp6",
            "BrxOhp6H",
            "rxOhp6HQ",
            "xOhp6HQB",
            "Ohp6",
            "hp6H",
            "p6HQ",
            "6HQB",
            "K98BgbRfXjXuTgso",
            "98BgbRfXjXuTgsoJ",
            "8BgbRfXjXuTgsoJy",
            "BgbRfXjXuTgsoJyQ",
            "gbRfXjXuTgso",
            "bRfXjXuTgsoJ",
            "RfXjXuTgsoJy",
            "fXjXuTgsoJyQ",
            "XjXuTgso",
            "jXuTgsoJ",
            "XuTgsoJy",
            "uTgsoJyQ",
            "Tgso",
            "gsoJ",
            "soJy",
            "oJyQ",
            "eKTKftR1erKf0Ocm",
            "KTKftR1erKf0Ocm7",
            "TKftR1erKf0Ocm7y",
            "KftR1erKf0Ocm7yJ",
            "ftR1erKf0Ocm",
            "tR1erKf0Ocm7",
            "R1erKf0Ocm7y",
            "1erKf0Ocm7yJ",
            "erKf0Ocm",
            "rKf0Ocm7",
            "Kf0Ocm7y",
            "f0Ocm7yJ",
            "0Ocm",
            "Ocm7",
            "cm7y",
            "m7yJ",
            "hmWhN8R9gAtgqyLG",
            "mWhN8R9gAtgqyLGJ",
            "WhN8R9gAtgqyLGJu",
            "hN8R9gAtgqyLGJuX",
            "N8R9gAtgqyLG",
            "8R9gAtgqyLGJ",
            "R9gAtgqyLGJu",
            "9gAtgqyLGJuX",
            "gAtgqyLG",
            "AtgqyLGJ",
            "tgqyLGJu",
            "gqyLGJuX",
            "qyLG",
            "yLGJ",
            "LGJu",
            "GJuX",
            "Ur5OdQRqPDlO3G6d",
            "r5OdQRqPDlO3G6de",
            "5OdQRqPDlO3G6deH",
            "OdQRqPDlO3G6deHZ",
            "dQRqPDlO3G6d",
            "QRqPDlO3G6de",
            "RqPDlO3G6deH",
            "qPDlO3G6deHZ",
            "PDlO3G6d",
            "DlO3G6de",
            "lO3G6deH",
            "O3G6deHZ",
            "3G6d",
            "G6de",
            "6deH",
            "deHZ",
            "GftkiPRkXI4pTxK7",
            "ftkiPRkXI4pTxK7R",
            "tkiPRkXI4pTxK7Rh",
            "kiPRkXI4pTxK7RhO",
            "iPRkXI4pTxK7",
            "PRkXI4pTxK7R",
            "RkXI4pTxK7Rh",
            "kXI4pTxK7RhO",
            "XI4pTxK7",
            "I4pTxK7R",
            "4pTxK7Rh",
            "pTxK7RhO",
            "TxK7",
            "xK7R",
            "K7Rh",
            "7RhO",
            "NyGrs0RYV89gQQZ0",
            "yGrs0RYV89gQQZ0x",
            "Grs0RYV89gQQZ0x9",
            "rs0RYV89gQQZ0x9D",
            "s0RYV89gQQZ0",
            "0RYV89gQQZ0x",
            "RYV89gQQZ0x9",
            "YV89gQQZ0x9D",
            "V89gQQZ0",
            "89gQQZ0x",
            "9gQQZ0x9",
            "gQQZ0x9D",
            "QQZ0",
            "QZ0x",
            "Z0x9",
            "0x9D",
            "pirkC5R2jl50EedK",
            "irkC5R2jl50EedKO",
            "rkC5R2jl50EedKOn",
            "kC5R2jl50EedKOnQ",
            "C5R2jl50EedK",
            "5R2jl50EedKO",
            "R2jl50EedKOn",
            "2jl50EedKOnQ",
            "jl50EedK",
            "l50EedKO",
            "50EedKOn",
            "0EedKOnQ",
            "EedK",
            "edKO",
            "dKOn",
            "KOnQ",
            "nIMZ0PNc",
            "IMZ0PNc0",
            "MZ0PNc0D",
            "Z0PN",
            "0PNc",
            "PNc0",
            "Nc0D",
            "XFCZAARa",
            "FCZAARaO",
            "CZAARaOx",
            "ZAAR",
            "AARa",
            "ARaO",
            "RaOx",
            "DJLEibRuXugTK14p",
            "JLEibRuXugTK14pF",
            "LEibRuXugTK14pFF",
            "EibRuXugTK14pFFN",
            "ibRuXugTK14p",
            "bRuXugTK14pF",
            "RuXugTK14pFF",
            "uXugTK14pFFN",
            "XugTK14p",
            "ugTK14pF",
            "gTK14pFF",
            "TK14pFFN",
            "K14p",
            "14pF",
            "4pFF",
            "pFFN",
            "KKQmlLRwrFICLfdC",
            "KQmlLRwrFICLfdCM",
            "QmlLRwrFICLfdCMK",
            "mlLRwrFICLfdCMK2",
            "lLRwrFICLfdC",
            "LRwrFICLfdCM",
            "RwrFICLfdCMK",
            "wrFICLfdCMK2",
            "rFICLfdC",
            "FICLfdCM",
            "ICLfdCMK",
            "CLfdCMK2",
            "LfdC",
            "fdCM",
            "dCMK",
            "CMK2",
            "xwo04vR3s5BGjVT9",
            "wo04vR3s5BGjVT9o",
            "o04vR3s5BGjVT9oH",
            "04vR3s5BGjVT9oHe",
            "4vR3s5BGjVT9",
            "vR3s5BGjVT9o",
            "R3s5BGjVT9oH",
            "3s5BGjVT9oHe",
            "s5BGjVT9",
            "5BGjVT9o",
            "BGjVT9oH",
            "GjVT9oHe",
            "jVT9",
            "VT9o",
            "T9oH",
            "9oHe",
            "GbW68qRytHwLwsOh",
            "bW68qRytHwLwsOhW",
            "W68qRytHwLwsOhW6",
            "68qRytHwLwsOhW60",
            "8qRytHwLwsOh",
            "qRytHwLwsOhW",
            "RytHwLwsOhW6",
            "ytHwLwsOhW60",
            "tHwLwsOh",
            "HwLwsOhW",
            "wLwsOhW6",
            "LwsOhW60",
            "wsOh",
            "sOhW",
            "OhW6",
            "hW60",
            "qr4BF91B",
            "r4BF91Bi",
            "4BF91BiI",
            "BF91",
            "F91B",
            "91Bi",
            "1BiI",
            "INaBag4E",
            "NaBag4Ej",
            "aBag4EjB",
            "Bag4",
            "ag4E",
            "g4Ej",
            "4EjB",
            "bowB0X2f",
            "owB0X2fZ",
            "wB0X2fZ8",
            "B0X2",
            "0X2f",
            "X2fZ",
            "2fZ8",
            "WhS4AhRpa4R0v7cJ",
            "hS4AhRpa4R0v7cJV",
            "S4AhRpa4R0v7cJV6",
            "4AhRpa4R0v7cJV6G",
            "AhRpa4R0v7cJ",
            "hRpa4R0v7cJV",
            "Rpa4R0v7cJV6",
            "pa4R0v7cJV6G",
            "a4R0v7cJ",
            "4R0v7cJV",
            "R0v7cJV6",
            "0v7cJV6G",
            "v7cJ",
            "7cJV",
            "cJV6",
            "JV6G",
            "TUvWurRJB28x4ZfS",
            "UvWurRJB28x4ZfS2",
            "vWurRJB28x4ZfS27",
            "WurRJB28x4ZfS27A",
            "urRJB28x4ZfS",
            "rRJB28x4ZfS2",
            "RJB28x4ZfS27",
            "JB28x4ZfS27A",
            "B28x4ZfS",
            "28x4ZfS2",
            "8x4ZfS27",
            "x4ZfS27A",
            "4ZfS",
            "ZfS2",
            "fS27",
            "S27A",
            "YDZZjH0t",
            "DZZjH0tu",
            "ZZjH0tut",
            "ZjH0",
            "jH0t",
            "H0tu",
            "0tut",
            "wtZZbHti",
            "tZZbHtif",
            "ZZbHtifZ",
            "ZbHt",
            "bHti",
            "Htif",
            "tifZ",
            "VgEQt3R8AxmmssoW",
            "gEQt3R8AxmmssoW9",
            "EQt3R8AxmmssoW9l",
            "Qt3R8AxmmssoW9lA",
            "t3R8AxmmssoW",
            "3R8AxmmssoW9",
            "R8AxmmssoW9l",
            "8AxmmssoW9lA",
            "AxmmssoW",
            "xmmssoW9",
            "mmssoW9l",
            "mssoW9lA",
            "ssoW",
            "soW9",
            "oW9l",
            "W9lA",
            "NotImplementedExcept",
            "otImplementedExcepti",
            "tImplementedExceptio",
            "ImplementedException",
            "mplementedExcept",
            "plementedExcepti",
            "lementedExceptio",
            "ementedException",
            "mentedExcept",
            "entedExcepti",
            "ntedExceptio",
            "anatkoRSCX9syrsb",
            "natkoRSCX9syrsbh",
            "atkoRSCX9syrsbhk",
            "tkoRSCX9syrsbhkB",
            "koRSCX9syrsb",
            "oRSCX9syrsbh",
            "RSCX9syrsbhk",
            "SCX9syrsbhkB",
            "CX9syrsb",
            "X9syrsbh",
            "9syrsbhk",
            "syrsbhkB",
            "yrsb",
            "rsbh",
            "sbhk",
            "bhkB",
            "x02p2kRciWX33ZUc",
            "02p2kRciWX33ZUcP",
            "2p2kRciWX33ZUcPS",
            "p2kRciWX33ZUcPSG",
            "2kRciWX33ZUc",
            "kRciWX33ZUcP",
            "RciWX33ZUcPS",
            "ciWX33ZUcPSG",
            "iWX33ZUc",
            "WX33ZUcP",
            "X33ZUcPS",
            "33ZUcPSG",
            "3ZUc",
            "ZUcP",
            "UcPS",
            "cPSG",
            "vmgZirA7",
            "mgZirA7Y",
            "gZirA7Yw",
            "ZirA",
            "irA7",
            "rA7Y",
            "A7Yw",
            "GE8ZtClS",
            "E8ZtClSp",
            "8ZtClSpD",
            "ZtCl",
            "tClS",
            "ClSp",
            "lSpD",
            "x87OP8RgSwaEOmlS",
            "87OP8RgSwaEOmlSO",
            "7OP8RgSwaEOmlSOx",
            "OP8RgSwaEOmlSOxK",
            "P8RgSwaEOmlS",
            "8RgSwaEOmlSO",
            "RgSwaEOmlSOx",
            "gSwaEOmlSOxK",
            "SwaEOmlS",
            "waEOmlSO",
            "aEOmlSOx",
            "EOmlSOxK",
            "OmlS",
            "mlSO",
            "lSOx",
            "SOxK",
            "rvOOPCRFTAD8gsFq",
            "vOOPCRFTAD8gsFqF",
            "OOPCRFTAD8gsFqFO",
            "OPCRFTAD8gsFqFOa",
            "PCRFTAD8gsFq",
            "CRFTAD8gsFqF",
            "RFTAD8gsFqFO",
            "FTAD8gsFqFOa",
            "TAD8gsFq",
            "AD8gsFqF",
            "D8gsFqFO",
            "8gsFqFOa",
            "gsFq",
            "sFqF",
            "FqFO",
            "qFOa",
            "NaDHe8RaFfe1PqDC",
            "aDHe8RaFfe1PqDCS",
            "DHe8RaFfe1PqDCSQ",
            "He8RaFfe1PqDCSQk",
            "e8RaFfe1PqDC",
            "8RaFfe1PqDCS",
            "RaFfe1PqDCSQ",
            "aFfe1PqDCSQk",
            "Ffe1PqDC",
            "fe1PqDCS",
            "e1PqDCSQ",
            "1PqDCSQk",
            "PqDC",
            "qDCS",
            "DCSQ",
            "CSQk",
            "phkZCOMt",
            "hkZCOMtH",
            "kZCOMtHg",
            "ZCOM",
            "COMt",
            "OMtH",
            "MtHg",
            "GXVZMTfb",
            "XVZMTfbe",
            "VZMTfbeF",
            "ZMTf",
            "MTfb",
            "Tfbe",
            "fbeF",
            "MsnSRlR0keyCJpfg",
            "snSRlR0keyCJpfgu",
            "nSRlR0keyCJpfgus",
            "SRlR0keyCJpfgus1",
            "RlR0keyCJpfg",
            "lR0keyCJpfgu",
            "R0keyCJpfgus",
            "0keyCJpfgus1",
            "keyCJpfg",
            "eyCJpfgu",
            "yCJpfgus",
            "CJpfgus1",
            "Jpfg",
            "pfgu",
            "fgus",
            "gus1",
            "rpDt8NRApEWJxLBW",
            "pDt8NRApEWJxLBWu",
            "Dt8NRApEWJxLBWuL",
            "t8NRApEWJxLBWuLX",
            "8NRApEWJxLBW",
            "NRApEWJxLBWu",
            "RApEWJxLBWuL",
            "ApEWJxLBWuLX",
            "pEWJxLBW",
            "EWJxLBWu",
            "WJxLBWuL",
            "JxLBWuLX",
            "xLBW",
            "LBWu",
            "BWuL",
            "WuLX",
            "R2prmkROheqS2uM9",
            "2prmkROheqS2uM99",
            "prmkROheqS2uM99Y",
            "rmkROheqS2uM99YC",
            "mkROheqS2uM9",
            "kROheqS2uM99",
            "ROheqS2uM99Y",
            "OheqS2uM99YC",
            "heqS2uM9",
            "eqS2uM99",
            "qS2uM99Y",
            "S2uM99YC",
            "2uM9",
            "uM99",
            "M99Y",
            "99YC",
            "FvkZzI2g",
            "vkZzI2gU",
            "kZzI2gUJ",
            "ZzI2",
            "zI2g",
            "I2gU",
            "2gUJ",
            "mwa7VWeE",
            "wa7VWeEM",
            "a7VWeEMW",
            "7VWe",
            "VWeE",
            "WeEM",
            "eEMW",
            "oHcJNARoFTZEF2KB",
            "HcJNARoFTZEF2KBd",
            "cJNARoFTZEF2KBdH",
            "JNARoFTZEF2KBdHo",
            "NARoFTZEF2KB",
            "ARoFTZEF2KBd",
            "RoFTZEF2KBdH",
            "oFTZEF2KBdHo",
            "FTZEF2KB",
            "TZEF2KBd",
            "ZEF2KBdH",
            "EF2KBdHo",
            "F2KB",
            "2KBd",
            "KBdH",
            "BdHo",
            "GLhQduRj1hfPl829",
            "LhQduRj1hfPl829f",
            "hQduRj1hfPl829fQ",
            "QduRj1hfPl829fQk",
            "duRj1hfPl829",
            "uRj1hfPl829f",
            "Rj1hfPl829fQ",
            "j1hfPl829fQk",
            "1hfPl829",
            "hfPl829f",
            "fPl829fQ",
            "Pl829fQk",
            "l829",
            "829f",
            "29fQ",
            "9fQk",
            "u6cYu0Rb0XOr5tkG",
            "6cYu0Rb0XOr5tkG7",
            "cYu0Rb0XOr5tkG74",
            "Yu0Rb0XOr5tkG74G",
            "u0Rb0XOr5tkG",
            "0Rb0XOr5tkG7",
            "Rb0XOr5tkG74",
            "b0XOr5tkG74G",
            "0XOr5tkG",
            "XOr5tkG7",
            "Or5tkG74",
            "r5tkG74G",
            "5tkG",
            "tkG7",
            "kG74",
            "G74G",
            "Q3V7nGW3",
            "3V7nGW3F",
            "V7nGW3Fp",
            "7nGW",
            "nGW3",
            "GW3F",
            "W3Fp",
            "K3N7El22",
            "3N7El22F",
            "N7El22Fk",
            "7El2",
            "El22",
            "l22F",
            "22Fk",
            "Vr2g8sRQO29gutCx",
            "r2g8sRQO29gutCxa",
            "2g8sRQO29gutCxap",
            "g8sRQO29gutCxapB",
            "8sRQO29gutCx",
            "sRQO29gutCxa",
            "RQO29gutCxap",
            "QO29gutCxapB",
            "O29gutCx",
            "29gutCxa",
            "9gutCxap",
            "gutCxapB",
            "utCx",
            "tCxa",
            "Cxap",
            "xapB",
            "rFRnruRitXWSO9BH",
            "FRnruRitXWSO9BHQ",
            "RnruRitXWSO9BHQA",
            "nruRitXWSO9BHQA1",
            "ruRitXWSO9BH",
            "uRitXWSO9BHQ",
            "RitXWSO9BHQA",
            "itXWSO9BHQA1",
            "tXWSO9BH",
            "XWSO9BHQ",
            "WSO9BHQA",
            "SO9BHQA1",
            "O9BH",
            "9BHQ",
            "BHQA",
            "HQA1",
            "KpfnyiRtrsFp8WC0",
            "pfnyiRtrsFp8WC0F",
            "fnyiRtrsFp8WC0FX",
            "nyiRtrsFp8WC0FXA",
            "yiRtrsFp8WC0",
            "iRtrsFp8WC0F",
            "RtrsFp8WC0FX",
            "trsFp8WC0FXA",
            "rsFp8WC0",
            "sFp8WC0F",
            "Fp8WC0FX",
            "p8WC0FXA",
            "8WC0",
            "WC0F",
            "C0FX",
            "0FXA",
            "SZk77awE",
            "Zk77awEa",
            "k77awEaC",
            "77aw",
            "7awE",
            "awEa",
            "wEaC",
            "Raf7W2D3",
            "af7W2D3h",
            "f7W2D3hB",
            "7W2D",
            "W2D3",
            "2D3h",
            "D3hB",
            "usD7NY16",
            "sD7NY16c",
            "D7NY16cp",
            "7NY1",
            "NY16",
            "Y16c",
            "16cp",
            "IlphE0RdBsfEaejt",
            "lphE0RdBsfEaejtb",
            "phE0RdBsfEaejtbN",
            "hE0RdBsfEaejtbN5",
            "E0RdBsfEaejt",
            "0RdBsfEaejtb",
            "RdBsfEaejtbN",
            "dBsfEaejtbN5",
            "BsfEaejt",
            "sfEaejtb",
            "fEaejtbN",
            "EaejtbN5",
            "aejt",
            "ejtb",
            "jtbN",
            "tbN5",
            "yeSSUMRC2gLxa8gJ",
            "eSSUMRC2gLxa8gJ7",
            "SSUMRC2gLxa8gJ7V",
            "SUMRC2gLxa8gJ7Vs",
            "UMRC2gLxa8gJ",
            "MRC2gLxa8gJ7",
            "RC2gLxa8gJ7V",
            "C2gLxa8gJ7Vs",
            "2gLxa8gJ",
            "gLxa8gJ7",
            "Lxa8gJ7V",
            "xa8gJ7Vs",
            "a8gJ",
            "8gJ7",
            "gJ7V",
            "J7Vs",
            "ImrC1SRMY0YOHZ9n",
            "mrC1SRMY0YOHZ9na",
            "rC1SRMY0YOHZ9naW",
            "C1SRMY0YOHZ9naWw",
            "1SRMY0YOHZ9n",
            "SRMY0YOHZ9na",
            "RMY0YOHZ9naW",
            "MY0YOHZ9naWw",
            "Y0YOHZ9n",
            "0YOHZ9na",
            "YOHZ9naW",
            "OHZ9naWw",
            "HZ9n",
            "Z9na",
            "9naW",
            "naWw",
            "YLm76ERv",
            "Lm76ERvQ",
            "m76ERvQR",
            "76ER",
            "6ERv",
            "ERvQ",
            "RvQR",
            "N337h3nj",
            "337h3njP",
            "37h3njPh",
            "7h3n",
            "h3nj",
            "3njP",
            "njPh",
            "f4u7BoF1",
            "4u7BoF1D",
            "u7BoF1Db",
            "7BoF",
            "BoF1",
            "oF1D",
            "F1Db",
            "Ux67KNyb",
            "x67KNybr",
            "67KNybrS",
            "7KNy",
            "KNyb",
            "Nybr",
            "ybrS",
            "sNnYPeRxaRBL8h2s",
            "NnYPeRxaRBL8h2st",
            "nYPeRxaRBL8h2std",
            "YPeRxaRBL8h2stdp",
            "PeRxaRBL8h2s",
            "eRxaRBL8h2st",
            "RxaRBL8h2std",
            "xaRBL8h2stdp",
            "aRBL8h2s",
            "RBL8h2st",
            "BL8h2std",
            "L8h2stdp",
            "8h2s",
            "h2st",
            "2std",
            "stdp",
            "tctyWiRzQVUZN2pY",
            "ctyWiRzQVUZN2pYn",
            "tyWiRzQVUZN2pYnX",
            "yWiRzQVUZN2pYnX7",
            "WiRzQVUZN2pY",
            "iRzQVUZN2pYn",
            "RzQVUZN2pYnX",
            "zQVUZN2pYnX7",
            "QVUZN2pY",
            "VUZN2pYn",
            "UZN2pYnX",
            "ZN2pYnX7",
            "N2pY",
            "2pYn",
            "pYnX",
            "YnX7",
            "zaJLmWfVI73pdmBS",
            "aJLmWfVI73pdmBSr",
            "JLmWfVI73pdmBSrt",
            "LmWfVI73pdmBSrtP",
            "mWfVI73pdmBS",
            "WfVI73pdmBSr",
            "fVI73pdmBSrt",
            "VI73pdmBSrtP",
            "I73pdmBS",
            "73pdmBSr",
            "3pdmBSrt",
            "pdmBSrtP",
            "dmBS",
            "mBSr",
            "BSrt",
            "SrtP",
            "Auk7ritv",
            "uk7ritvh",
            "k7ritvh5",
            "7rit",
            "ritv",
            "itvh",
            "tvh5",
            "rvd7TY9I",
            "vd7TY9If",
            "d7TY9IfL",
            "7TY9",
            "TY9I",
            "Y9If",
            "9IfL",
            "hCm7eHqo",
            "Cm7eHqoi",
            "m7eHqoiE",
            "7eHq",
            "eHqo",
            "Hqoi",
            "qoiE",
            "GRwleQfHRSYMHjXE",
            "RwleQfHRSYMHjXEW",
            "wleQfHRSYMHjXEWs",
            "leQfHRSYMHjXEWs7",
            "eQfHRSYMHjXE",
            "QfHRSYMHjXEW",
            "fHRSYMHjXEWs",
            "HRSYMHjXEWs7",
            "RSYMHjXE",
            "SYMHjXEW",
            "YMHjXEWs",
            "MHjXEWs7",
            "HjXE",
            "jXEW",
            "XEWs",
            "EWs7",
            "aoqbZJfnq7ir5nPJ",
            "oqbZJfnq7ir5nPJA",
            "qbZJfnq7ir5nPJAw",
            "bZJfnq7ir5nPJAwW",
            "ZJfnq7ir5nPJ",
            "Jfnq7ir5nPJA",
            "fnq7ir5nPJAw",
            "nq7ir5nPJAwW",
            "q7ir5nPJ",
            "7ir5nPJA",
            "ir5nPJAw",
            "r5nPJAwW",
            "5nPJ",
            "nPJA",
            "PJAw",
            "JAwW",
            "mIFd86fEgt2W73h2",
            "IFd86fEgt2W73h2B",
            "Fd86fEgt2W73h2BC",
            "d86fEgt2W73h2BCV",
            "86fEgt2W73h2",
            "6fEgt2W73h2B",
            "fEgt2W73h2BC",
            "Egt2W73h2BCV",
            "gt2W73h2",
            "t2W73h2B",
            "2W73h2BC",
            "W73h2BCV",
            "73h2",
            "3h2B",
            "h2BC",
            "2BCV",
            "qJI7GnC1",
            "JI7GnC10",
            "I7GnC10n",
            "7GnC",
            "GnC1",
            "nC10",
            "C10n",
            "YI37l5uB",
            "I37l5uBR",
            "37l5uBR4",
            "7l5u",
            "l5uB",
            "5uBR",
            "uBR4",
            "VVK7IMB5",
            "VK7IMB5J",
            "K7IMB5JY",
            "7IMB",
            "IMB5",
            "MB5J",
            "B5JY",
            "YxD7Lmiw",
            "xD7LmiwF",
            "D7LmiwFh",
            "7Lmi",
            "Lmiw",
            "miwF",
            "iwFh",
            "DCG7RyqX",
            "CG7RyqXE",
            "G7RyqXEF",
            "7Ryq",
            "RyqX",
            "yqXE",
            "qXEF",
            "th17fCEJ",
            "h17fCEJ0",
            "17fCEJ0X",
            "7fCE",
            "fCEJ",
            "CEJ0",
            "EJ0X",
            "Dn4KyefZE1WYxQHo",
            "n4KyefZE1WYxQHob",
            "4KyefZE1WYxQHobv",
            "KyefZE1WYxQHobvT",
            "yefZE1WYxQHo",
            "efZE1WYxQHob",
            "fZE1WYxQHobv",
            "ZE1WYxQHobvT",
            "E1WYxQHo",
            "1WYxQHob",
            "WYxQHobv",
            "YxQHobvT",
            "xQHo",
            "QHob",
            "Hobv",
            "obvT",
            "PhrsCNf7UU5DC3Q6",
            "hrsCNf7UU5DC3Q6c",
            "rsCNf7UU5DC3Q6cy",
            "sCNf7UU5DC3Q6cy0",
            "CNf7UU5DC3Q6",
            "Nf7UU5DC3Q6c",
            "f7UU5DC3Q6cy",
            "7UU5DC3Q6cy0",
            "UU5DC3Q6",
            "U5DC3Q6c",
            "5DC3Q6cy",
            "DC3Q6cy0",
            "C3Q6",
            "3Q6c",
            "Q6cy",
            "6cy0",
            "R2ql6MfWLd0sQ8QW",
            "2ql6MfWLd0sQ8QWK",
            "ql6MfWLd0sQ8QWKN",
            "l6MfWLd0sQ8QWKNs",
            "6MfWLd0sQ8QW",
            "MfWLd0sQ8QWK",
            "fWLd0sQ8QWKN",
            "WLd0sQ8QWKNs",
            "Ld0sQ8QW",
            "d0sQ8QWK",
            "0sQ8QWKN",
            "sQ8QWKNs",
            "Q8QW",
            "8QWK",
            "QWKN",
            "WKNs",
            "afV7Dbki",
            "fV7Dbkib",
            "V7DbkibE",
            "7Dbk",
            "Dbki",
            "bkib",
            "kibE",
            "HAG7mg48",
            "AG7mg48T",
            "G7mg48T1",
            "7mg4",
            "mg48",
            "g48T",
            "48T1",
            "dbF7vHQD",
            "bF7vHQDk",
            "F7vHQDkw",
            "7vHQ",
            "vHQD",
            "HQDk",
            "QDkw",
            "IDw74Xy5",
            "Dw74Xy5P",
            "w74Xy5Pe",
            "74Xy",
            "4Xy5",
            "Xy5P",
            "y5Pe",
            "vp97XCnj",
            "p97XCnjg",
            "97XCnjgR",
            "7XCn",
            "XCnj",
            "Cnjg",
            "njgR",
            "GL3MMPfNg6Z4IX4A",
            "L3MMPfNg6Z4IX4Ab",
            "3MMPfNg6Z4IX4Aba",
            "MMPfNg6Z4IX4Aban",
            "MPfNg6Z4IX4A",
            "PfNg6Z4IX4Ab",
            "fNg6Z4IX4Aba",
            "Ng6Z4IX4Aban",
            "g6Z4IX4A",
            "6Z4IX4Ab",
            "Z4IX4Aba",
            "4IX4Aban",
            "IX4A",
            "X4Ab",
            "4Aba",
            "Aban",
            "gZm6WvfsFF5a2BuX",
            "Zm6WvfsFF5a2BuXF",
            "m6WvfsFF5a2BuXFD",
            "6WvfsFF5a2BuXFDR",
            "WvfsFF5a2BuX",
            "vfsFF5a2BuXF",
            "fsFF5a2BuXFD",
            "sFF5a2BuXFDR",
            "FF5a2BuX",
            "F5a2BuXF",
            "5a2BuXFD",
            "a2BuXFDR",
            "2BuX",
            "BuXF",
            "uXFD",
            "XFDR",
            "EGTlr4f6cbuXAPUX",
            "GTlr4f6cbuXAPUXc",
            "Tlr4f6cbuXAPUXc8",
            "lr4f6cbuXAPUXc8s",
            "r4f6cbuXAPUX",
            "4f6cbuXAPUXc",
            "f6cbuXAPUXc8",
            "6cbuXAPUXc8s",
            "cbuXAPUX",
            "buXAPUXc",
            "uXAPUXc8",
            "XAPUXc8s",
            "APUX",
            "PUXc",
            "UXc8",
            "Xc8s",
            "qs379u1o",
            "s379u1oS",
            "379u1oS7",
            "79u1",
            "9u1o",
            "u1oS",
            "1oS7",
            "GJ97qXw2",
            "J97qXw25",
            "97qXw25C",
            "7qXw",
            "qXw2",
            "Xw25",
            "w25C",
            "P1vbF7fhcIGmMK0u",
            "1vbF7fhcIGmMK0uj",
            "vbF7fhcIGmMK0ujG",
            "bF7fhcIGmMK0ujGg",
            "F7fhcIGmMK0u",
            "7fhcIGmMK0uj",
            "fhcIGmMK0ujG",
            "hcIGmMK0ujGg",
            "cIGmMK0u",
            "IGmMK0uj",
            "GmMK0ujG",
            "mMK0ujGg",
            "MK0u",
            "K0uj",
            "0ujG",
            "ujGg",
            "TDQRQvfBqqGmbpaH",
            "DQRQvfBqqGmbpaHq",
            "QRQvfBqqGmbpaHqW",
            "RQvfBqqGmbpaHqWQ",
            "QvfBqqGmbpaH",
            "vfBqqGmbpaHq",
            "fBqqGmbpaHqW",
            "BqqGmbpaHqWQ",
            "qqGmbpaH",
            "qGmbpaHq",
            "GmbpaHqW",
            "mbpaHqWQ",
            "bpaH",
            "paHq",
            "aHqW",
            "HqWQ",
            "bymMwAfK5E6akKNQ",
            "ymMwAfK5E6akKNQL",
            "mMwAfK5E6akKNQLR",
            "MwAfK5E6akKNQLRT",
            "wAfK5E6akKNQ",
            "AfK5E6akKNQL",
            "fK5E6akKNQLR",
            "K5E6akKNQLRT",
            "5E6akKNQ",
            "E6akKNQL",
            "6akKNQLR",
            "akKNQLRT",
            "kKNQ",
            "KNQL",
            "NQLR",
            "QLRT",
            "X7T7u5bR",
            "7T7u5bRh",
            "T7u5bRhC",
            "7u5b",
            "u5bR",
            "5bRh",
            "bRhC",
            "cCG7wYqf",
            "CG7wYqfq",
            "G7wYqfqk",
            "7wYq",
            "wYqf",
            "Yqfq",
            "qfqk",
            "LO4JCjfUTOcfy6YJ",
            "O4JCjfUTOcfy6YJK",
            "4JCjfUTOcfy6YJKX",
            "JCjfUTOcfy6YJKXX",
            "CjfUTOcfy6YJ",
            "jfUTOcfy6YJK",
            "fUTOcfy6YJKX",
            "UTOcfy6YJKXX",
            "TOcfy6YJ",
            "Ocfy6YJK",
            "cfy6YJKX",
            "fy6YJKXX",
            "y6YJ",
            "6YJK",
            "YJKX",
            "JKXX",
            "AddRange",
            "ddRa",
            "dRan",
            "Rang",
            "ange",
            "IEnumera",
            "Enumerab",
            "numerabl",
            "umerable",
            "mera",
            "erab",
            "rabl",
            "Equa",
            "uals",
            "GetHashC",
            "etHashCo",
            "tHashCod",
            "HashCode",
            "ashC",
            "shCo",
            "hCod",
            "Enumerat",
            "numerato",
            "umerator",
            "Curr",
            "urre",
            "rren",
            "rent",
            "MoveNext",
            "oveN",
            "veNe",
            "eNex",
            "Next",
            "GetEnumerato",
            "etEnumerator",
            "tEnumera",
            "oa07YFxQ",
            "a07YFxQ8",
            "07YFxQ8V",
            "7YFx",
            "YFxQ",
            "FxQ8",
            "xQ8V",
            "asj72wZe",
            "sj72wZeE",
            "j72wZeEA",
            "72wZ",
            "2wZe",
            "wZeE",
            "ZeEA",
            "pjjWgofru8HbBCo4",
            "jjWgofru8HbBCo4u",
            "jWgofru8HbBCo4ul",
            "Wgofru8HbBCo4ulZ",
            "gofru8HbBCo4",
            "ofru8HbBCo4u",
            "fru8HbBCo4ul",
            "ru8HbBCo4ulZ",
            "u8HbBCo4",
            "8HbBCo4u",
            "HbBCo4ul",
            "bBCo4ulZ",
            "BCo4",
            "Co4u",
            "o4ul",
            "4ulZ",
            "Phvd14fT3x6nDuvb",
            "hvd14fT3x6nDuvbS",
            "vd14fT3x6nDuvbSy",
            "d14fT3x6nDuvbSyi",
            "14fT3x6nDuvb",
            "4fT3x6nDuvbS",
            "fT3x6nDuvbSy",
            "T3x6nDuvbSyi",
            "3x6nDuvb",
            "x6nDuvbS",
            "6nDuvbSy",
            "nDuvbSyi",
            "Duvb",
            "uvbS",
            "vbSy",
            "bSyi",
            "targ",
            "arge",
            "rget",
            "paramter",
            "aramters",
            "ramt",
            "amte",
            "mter",
            "GINs83id",
            "INs83idw",
            "Ns83idwj",
            "s83i",
            "83id",
            "3idw",
            "idwj",
            "E5IsSaV6",
            "5IsSaV6I",
            "IsSaV6IQ",
            "sSaV",
            "SaV6",
            "aV6I",
            "V6IQ",
            "jX9scqBA",
            "X9scqBAf",
            "9scqBAfQ",
            "scqB",
            "cqBA",
            "qBAf",
            "BAfQ",
            "sb8sgtcI",
            "b8sgtcIu",
            "8sgtcIuI",
            "sgtc",
            "gtcI",
            "tcIu",
            "cIuI",
            "S6dsFUvg",
            "6dsFUvgQ",
            "dsFUvgQT",
            "sFUv",
            "FUvg",
            "UvgQ",
            "vgQT",
            "xVvsaQXw",
            "VvsaQXwH",
            "vsaQXwHc",
            "saQX",
            "aQXw",
            "QXwH",
            "XwHc",
            "Gr0s0jcp",
            "r0s0jcpV",
            "0s0jcpV9",
            "s0jc",
            "0jcp",
            "jcpV",
            "cpV9",
            "zMVsAseQ",
            "MVsAseQ9",
            "VsAseQ9X",
            "sAse",
            "AseQ",
            "seQ9",
            "eQ9X",
            "e9wsOQsG",
            "9wsOQsG6",
            "wsOQsG6r",
            "sOQs",
            "OQsG",
            "QsG6",
            "sG6r",
            "E9Pso3Up",
            "9Pso3Upy",
            "Pso3Upyl",
            "so3U",
            "o3Up",
            "3Upy",
            "Upyl",
            "riMsjsJA",
            "iMsjsJAS",
            "MsjsJASg",
            "sjsJ",
            "jsJA",
            "sJAS",
            "JASg",
            "DOHsbuiQ",
            "OHsbuiQL",
            "HsbuiQLT",
            "sbui",
            "buiQ",
            "uiQL",
            "iQLT",
            "hXssQo5V",
            "XssQo5Vw",
            "ssQo5Vw6",
            "sQo5",
            "Qo5V",
            "o5Vw",
            "5Vw6",
            "rkksivkd",
            "kksivkdJ",
            "ksivkdJg",
            "sivk",
            "ivkd",
            "vkdJ",
            "kdJg",
            "NUGstKq9",
            "UGstKq96",
            "GstKq96L",
            "stKq",
            "tKq9",
            "Kq96",
            "q96L",
            "wQRsdbQP",
            "QRsdbQPV",
            "RsdbQPV0",
            "sdbQ",
            "dbQP",
            "bQPV",
            "QPV0",
            "nc1sCSnv",
            "c1sCSnvT",
            "1sCSnvTC",
            "sCSn",
            "CSnv",
            "SnvT",
            "nvTC",
            "WWPsMcPP",
            "WPsMcPPe",
            "PsMcPPeh",
            "sMcP",
            "McPP",
            "cPPe",
            "PPeh",
            "n3ysxsmH",
            "3ysxsmH7",
            "ysxsmH7M",
            "sxsm",
            "xsmH",
            "smH7",
            "mH7M",
            "mMCszqJ5",
            "MCszqJ5t",
            "CszqJ5tC",
            "szqJ",
            "zqJ5",
            "qJ5t",
            "J5tC",
            "eCg6VLWH",
            "Cg6VLWHT",
            "g6VLWHTB",
            "6VLW",
            "VLWH",
            "LWHT",
            "WHTB",
            "GZc6HkOr",
            "Zc6HkOrb",
            "c6HkOrbL",
            "6HkO",
            "HkOr",
            "kOrb",
            "OrbL",
            "BZF6nr8Y",
            "ZF6nr8Yx",
            "F6nr8Yxv",
            "6nr8",
            "nr8Y",
            "r8Yx",
            "8Yxv",
            "x3s6Eqs8",
            "3s6Eqs8u",
            "s6Eqs8uY",
            "6Eqs",
            "Eqs8",
            "qs8u",
            "s8uY",
            "FGU6ZQRu",
            "GU6ZQRuZ",
            "U6ZQRuZe",
            "6ZQR",
            "ZQRu",
            "QRuZ",
            "RuZe",
            "HNp67RpZ",
            "Np67RpZL",
            "p67RpZLA",
            "67Rp",
            "7RpZ",
            "RpZL",
            "pZLA",
            "vor6WVyl",
            "or6WVyls",
            "r6WVylsr",
            "6WVy",
            "WVyl",
            "Vyls",
            "ylsr",
            "jWj6Nkcu",
            "Wj6NkcuG",
            "j6NkcuGN",
            "6Nkc",
            "Nkcu",
            "kcuG",
            "cuGN",
            "jMB6sDUq",
            "MB6sDUqe",
            "B6sDUqea",
            "6sDU",
            "sDUq",
            "DUqe",
            "Uqea",
            "EuY66BxL",
            "uY66BxL5",
            "Y66BxL5n",
            "66Bx",
            "6BxL",
            "BxL5",
            "xL5n",
            "gqH6hyhE",
            "qH6hyhEC",
            "H6hyhEC5",
            "6hyh",
            "hyhE",
            "yhEC",
            "hEC5",
            "cS96BjCI",
            "S96BjCIZ",
            "96BjCIZ6",
            "6BjC",
            "BjCI",
            "jCIZ",
            "CIZ6",
            "ops6KpLd",
            "ps6KpLds",
            "s6KpLds2",
            "6KpL",
            "KpLd",
            "pLds",
            "Lds2",
            "hEX6UxUA",
            "EX6UxUAD",
            "X6UxUADL",
            "6UxU",
            "UxUA",
            "xUAD",
            "UADL",
            "L3M6rc0P",
            "3M6rc0Pc",
            "M6rc0PcQ",
            "6rc0",
            "rc0P",
            "c0Pc",
            "0PcQ",
            "bmM6T56u",
            "mM6T56ud",
            "M6T56ud9",
            "6T56",
            "T56u",
            "56ud",
            "6ud9",
            "BrM6eKbg",
            "rM6eKbgb",
            "M6eKbgbx",
            "6eKb",
            "eKbg",
            "Kbgb",
            "bgbx",
            "SP06PQSf",
            "P06PQSfA",
            "06PQSfAZ",
            "6PQS",
            "PQSf",
            "QSfA",
            "SfAZ",
            "bKQ6GvoS",
            "KQ6GvoSY",
            "Q6GvoSYH",
            "6Gvo",
            "GvoS",
            "voSY",
            "oSYH",
            "s4p6lFH4",
            "4p6lFH45",
            "p6lFH45E",
            "6lFH",
            "lFH4",
            "FH45",
            "H45E",
            "kp0pmofeErPQbEGM",
            "p0pmofeErPQbEGMe",
            "0pmofeErPQbEGMeI",
            "pmofeErPQbEGMeIu",
            "mofeErPQbEGM",
            "ofeErPQbEGMe",
            "feErPQbEGMeI",
            "eErPQbEGMeIu",
            "ErPQbEGM",
            "rPQbEGMe",
            "PQbEGMeI",
            "QbEGMeIu",
            "bEGM",
            "EGMe",
            "GMeI",
            "MeIu",
            "L4Y7c5dJ",
            "4Y7c5dJR",
            "Y7c5dJRb",
            "7c5d",
            "c5dJ",
            "5dJR",
            "dJRb",
            "RMC7gT9J",
            "MC7gT9JD",
            "C7gT9JDL",
            "7gT9",
            "gT9J",
            "T9JD",
            "9JDL",
            "Clea",
            "lear",
            "iul7F0IE",
            "ul7F0IEk",
            "l7F0IEkG",
            "7F0I",
            "F0IE",
            "0IEk",
            "IEkG",
            "TargetInvocationExceptio",
            "argetInvocationException",
            "rgetInvocationExcept",
            "getInvocationExcepti",
            "etInvocationExceptio",
            "tInvocationException",
            "InvocationExcept",
            "nvocationExcepti",
            "vocationExceptio",
            "ocationException",
            "cationExcept",
            "YXQ7aQDY",
            "XQ7aQDY0",
            "Q7aQDY0r",
            "7aQD",
            "aQDY",
            "QDY0",
            "DY0r",
            "osO70miF",
            "sO70miFS",
            "O70miFS3",
            "70mi",
            "0miF",
            "miFS",
            "iFS3",
            "byv7AMsX",
            "yv7AMsX9",
            "v7AMsX9u",
            "7AMs",
            "AMsX",
            "MsX9",
            "sX9u",
            "tG07OUxh",
            "G07OUxhE",
            "07OUxhEl",
            "7OUx",
            "OUxh",
            "UxhE",
            "xhEl",
            "aQm7owUq",
            "Qm7owUqe",
            "m7owUqeP",
            "7owU",
            "owUq",
            "wUqe",
            "UqeP",
            "ConstructorI",
            "onstructorIn",
            "nstructorInf",
            "structorInfo",
            "tructorI",
            "ructorIn",
            "uctorInf",
            "ctorInfo",
            "torI",
            "orIn",
            "TryGetVa",
            "ryGetVal",
            "yGetValu",
            "OverflowExceptio",
            "verflowException",
            "erflowExcept",
            "rflowExcepti",
            "flowExceptio",
            "lowException",
            "owExcept",
            "wExcepti",
            "NullReferenceExcepti",
            "ullReferenceExceptio",
            "llReferenceException",
            "lReferenceExcept",
            "ReferenceExcepti",
            "eferenceExceptio",
            "ferenceException",
            "erenceExcept",
            "renceExcepti",
            "enceExceptio",
            "nceException",
            "ceExcept",
            "eExcepti",
            "ArithmeticExcept",
            "rithmeticExcepti",
            "ithmeticExceptio",
            "thmeticException",
            "hmeticExcept",
            "meticExcepti",
            "eticExceptio",
            "ticException",
            "icExcept",
            "cExcepti",
            "bWM7bsLC",
            "WM7bsLCP",
            "M7bsLCP7",
            "7bsL",
            "bsLC",
            "sLCP",
            "LCP7",
            "MhTNhe2e",
            "hTNhe2e5",
            "TNhe2e58",
            "Nhe2",
            "he2e",
            "e2e5",
            "2e58",
            "wuRNBUfK",
            "uRNBUfKU",
            "RNBUfKU2",
            "NBUf",
            "BUfK",
            "UfKU",
            "fKU2",
            "DnSsNGFb",
            "nSsNGFbs",
            "SsNGFbsF",
            "sNGF",
            "NGFb",
            "GFbs",
            "FbsF",
            "EmptyTyp",
            "mptyType",
            "ptyTypes",
            "tyTy",
            "yTyp",
            "ypes",
            "izeo",
            "zeof",
            "HIZsI9SZ",
            "IZsI9SZ5",
            "ZsI9SZ52",
            "sI9S",
            "I9SZ",
            "9SZ5",
            "SZ52",
            "ePVsLTta",
            "PVsLTtaI",
            "VsLTtaIp",
            "sLTt",
            "LTta",
            "TtaI",
            "taIp",
            "JLos1Dho",
            "Los1Dhor",
            "os1Dhorl",
            "s1Dh",
            "1Dho",
            "Dhor",
            "horl",
            "sJEs9xmI",
            "JEs9xmIw",
            "Es9xmIwE",
            "s9xm",
            "9xmI",
            "xmIw",
            "mIwE",
            "LocalBuilder",
            "ocalBuil",
            "calBuild",
            "alBuilde",
            "lBuilder",
            "Buil",
            "uild",
            "ilde",
            "lder",
            "Ldob",
            "dobj",
            "Stlo",
            "tloc",
            "Ldlo",
            "dloc",
            "Castclas",
            "astclass",
            "stcl",
            "tcla",
            "clas",
            "lass",
            "Stel",
            "tele",
            "elem",
            "Unbo",
            "nbox",
            "Ldel",
            "dele",
            "Ldnu",
            "dnul",
            "null",
            "loca",
            "Ldin",
            "dind",
            "nJssqXHR",
            "JssqXHRX",
            "ssqXHRXp",
            "sqXH",
            "qXHR",
            "XHRX",
            "HRXp",
            "Ldfl",
            "dfld",
            "flda",
            "Ldsf",
            "dsfl",
            "sfld",
            "rBXskrqs",
            "BXskrqsX",
            "XskrqsXq",
            "skrq",
            "krqs",
            "rqsX",
            "qsXq",
            "Newo",
            "ewob",
            "wobj",
            "ICesYN0i",
            "CesYN0ib",
            "esYN0ibX",
            "sYN0",
            "YN0i",
            "N0ib",
            "0ibX",
            "YfLs2e7J",
            "fLs2e7Jc",
            "Ls2e7Jcm",
            "s2e7",
            "2e7J",
            "e7Jc",
            "7Jcm",
            "Stin",
            "tind",
            "J7AsuoIM",
            "7AsuoIM2",
            "AsuoIM2x",
            "suoI",
            "uoIM",
            "oIM2",
            "IM2x",
            "fxXswTVa",
            "xXswTVar",
            "XswTVar3",
            "swTV",
            "wTVa",
            "TVar",
            "Var3",
            "eoLs3W8g",
            "oLs3W8gk",
            "Ls3W8gkm",
            "s3W8",
            "3W8g",
            "W8gk",
            "8gkm",
            "Vh5syBVE",
            "h5syBVEZ",
            "5syBVEZf",
            "syBV",
            "yBVE",
            "BVEZ",
            "VEZf",
            "XwTspJKE",
            "wTspJKEd",
            "TspJKEdZ",
            "spJK",
            "pJKE",
            "JKEd",
            "KEdZ",
            "Ht5sJUqe",
            "t5sJUqeN",
            "5sJUqeNm",
            "sJUq",
            "JUqe",
            "UqeN",
            "qeNm",
            "D19VvtfPW7AhNYOq",
            "19VvtfPW7AhNYOqV",
            "9VvtfPW7AhNYOqV2",
            "VvtfPW7AhNYOqV2k",
            "vtfPW7AhNYOq",
            "tfPW7AhNYOqV",
            "fPW7AhNYOqV2",
            "PW7AhNYOqV2k",
            "W7AhNYOq",
            "7AhNYOqV",
            "AhNYOqV2",
            "hNYOqV2k",
            "NYOq",
            "YOqV",
            "OqV2",
            "qV2k",
            "m08R8ifGeSPJJ2Vn",
            "08R8ifGeSPJJ2Vn5",
            "8R8ifGeSPJJ2Vn5L",
            "R8ifGeSPJJ2Vn5Lc",
            "8ifGeSPJJ2Vn",
            "ifGeSPJJ2Vn5",
            "fGeSPJJ2Vn5L",
            "GeSPJJ2Vn5Lc",
            "eSPJJ2Vn",
            "SPJJ2Vn5",
            "PJJ2Vn5L",
            "JJ2Vn5Lc",
            "J2Vn",
            "2Vn5",
            "Vn5L",
            "n5Lc",
            "RnoySOfl0uahvQxy",
            "noySOfl0uahvQxy9",
            "oySOfl0uahvQxy98",
            "ySOfl0uahvQxy988",
            "SOfl0uahvQxy",
            "Ofl0uahvQxy9",
            "fl0uahvQxy98",
            "l0uahvQxy988",
            "0uahvQxy",
            "uahvQxy9",
            "ahvQxy98",
            "hvQxy988",
            "vQxy",
            "Qxy9",
            "xy98",
            "y988",
            "lWa3HO70",
            "Wa3HO70q",
            "a3HO70qA",
            "3HO7",
            "HO70",
            "O70q",
            "70qA",
            "abYAC8fI7T7gBvo2",
            "bYAC8fI7T7gBvo2b",
            "YAC8fI7T7gBvo2b9",
            "AC8fI7T7gBvo2b9Y",
            "C8fI7T7gBvo2",
            "8fI7T7gBvo2b",
            "fI7T7gBvo2b9",
            "I7T7gBvo2b9Y",
            "7T7gBvo2",
            "T7gBvo2b",
            "7gBvo2b9",
            "gBvo2b9Y",
            "Bvo2",
            "vo2b",
            "o2b9",
            "2b9Y",
            "MekYHmfL0ucHoWo5",
            "ekYHmfL0ucHoWo58",
            "kYHmfL0ucHoWo58N",
            "YHmfL0ucHoWo58Ns",
            "HmfL0ucHoWo5",
            "mfL0ucHoWo58",
            "fL0ucHoWo58N",
            "L0ucHoWo58Ns",
            "0ucHoWo5",
            "ucHoWo58",
            "cHoWo58N",
            "HoWo58Ns",
            "oWo5",
            "Wo58",
            "o58N",
            "58Ns",
            "g5862uKr",
            "5862uKrZ",
            "862uKrZU",
            "62uK",
            "2uKr",
            "uKrZ",
            "KrZU",
            "LPvUcef4WnCZklKm",
            "PvUcef4WnCZklKmy",
            "vUcef4WnCZklKmyA",
            "Ucef4WnCZklKmyAY",
            "cef4WnCZklKm",
            "ef4WnCZklKmy",
            "f4WnCZklKmyA",
            "4WnCZklKmyAY",
            "WnCZklKm",
            "nCZklKmy",
            "CZklKmyA",
            "ZklKmyAY",
            "klKm",
            "lKmy",
            "KmyA",
            "myAY",
            "IF865HO2",
            "F865HO2C",
            "865HO2C9",
            "65HO",
            "5HO2",
            "HO2C",
            "O2C9",
            "pUd6Du5m",
            "Ud6Du5ms",
            "d6Du5msl",
            "6Du5",
            "Du5m",
            "u5ms",
            "5msl",
            "vdR6mpgj",
            "dR6mpgjM",
            "R6mpgjMP",
            "6mpg",
            "mpgj",
            "pgjM",
            "gjMP",
            "Py86vwY8",
            "y86vwY8G",
            "86vwY8GI",
            "6vwY",
            "vwY8",
            "wY8G",
            "Y8GI",
            "TJP64ilI",
            "JP64ilIk",
            "P64ilIkG",
            "64il",
            "4ilI",
            "ilIk",
            "lIkG",
            "lDQ6XUdU",
            "DQ6XUdUq",
            "Q6XUdUqd",
            "6XUd",
            "XUdU",
            "UdUq",
            "dUqd",
            "VBC61esX",
            "BC61esXN",
            "C61esXNp",
            "61es",
            "1esX",
            "esXN",
            "sXNp",
            "wcA69wyj",
            "cA69wyjt",
            "A69wyjtp",
            "69wy",
            "9wyj",
            "wyjt",
            "yjtp",
            "fKl6q01c",
            "Kl6q01cN",
            "l6q01cNL",
            "6q01",
            "q01c",
            "01cN",
            "1cNL",
            "InvalidCastException",
            "nvalidCastExcept",
            "validCastExcepti",
            "alidCastExceptio",
            "lidCastException",
            "idCastExcept",
            "dCastExcepti",
            "CastExceptio",
            "astException",
            "stExcept",
            "bRw6k0oN",
            "Rw6k0oNX",
            "w6k0oNXo",
            "6k0o",
            "k0oN",
            "0oNX",
            "oNXo",
            "qve6YiFZ",
            "ve6YiFZr",
            "e6YiFZru",
            "6YiF",
            "YiFZ",
            "iFZr",
            "FZru",
            "B1RsZufXixBEOhsf",
            "1RsZufXixBEOhsfg",
            "RsZufXixBEOhsfgv",
            "sZufXixBEOhsfgvL",
            "ZufXixBEOhsf",
            "ufXixBEOhsfg",
            "fXixBEOhsfgv",
            "XixBEOhsfgvL",
            "ixBEOhsf",
            "xBEOhsfg",
            "BEOhsfgv",
            "EOhsfgvL",
            "Ohsf",
            "hsfg",
            "sfgv",
            "fgvL",
            "QQbv9Tf1oQWJwyPn",
            "Qbv9Tf1oQWJwyPnw",
            "bv9Tf1oQWJwyPnwh",
            "v9Tf1oQWJwyPnwh8",
            "9Tf1oQWJwyPn",
            "Tf1oQWJwyPnw",
            "f1oQWJwyPnwh",
            "1oQWJwyPnwh8",
            "oQWJwyPn",
            "QWJwyPnw",
            "WJwyPnwh",
            "JwyPnwh8",
            "wyPn",
            "yPnw",
            "Pnwh",
            "nwh8",
            "ihA6wVTQ",
            "hA6wVTQD",
            "A6wVTQD1",
            "6wVT",
            "wVTQ",
            "VTQD",
            "TQD1",
            "Kju633fV",
            "ju633fVa",
            "u633fVaA",
            "633f",
            "33fV",
            "3fVa",
            "fVaA",
            "CdvAc0f9Bs7xio6N",
            "dvAc0f9Bs7xio6NY",
            "vAc0f9Bs7xio6NYm",
            "Ac0f9Bs7xio6NYm4",
            "c0f9Bs7xio6N",
            "0f9Bs7xio6NY",
            "f9Bs7xio6NYm",
            "9Bs7xio6NYm4",
            "Bs7xio6N",
            "s7xio6NY",
            "7xio6NYm",
            "xio6NYm4",
            "io6N",
            "o6NY",
            "6NYm",
            "NYm4",
            "YUVyRYfqWhxeFGos",
            "UVyRYfqWhxeFGosD",
            "VyRYfqWhxeFGosDP",
            "yRYfqWhxeFGosDPl",
            "RYfqWhxeFGos",
            "YfqWhxeFGosD",
            "fqWhxeFGosDP",
            "qWhxeFGosDPl",
            "WhxeFGos",
            "hxeFGosD",
            "xeFGosDP",
            "eFGosDPl",
            "FGos",
            "GosD",
            "osDP",
            "sDPl",
            "LLIO3xfkL54xFuh0",
            "LIO3xfkL54xFuh0p",
            "IO3xfkL54xFuh0pV",
            "O3xfkL54xFuh0pVg",
            "3xfkL54xFuh0",
            "xfkL54xFuh0p",
            "fkL54xFuh0pV",
            "kL54xFuh0pVg",
            "L54xFuh0",
            "54xFuh0p",
            "4xFuh0pV",
            "xFuh0pVg",
            "Fuh0",
            "uh0p",
            "h0pV",
            "0pVg",
            "FHT6p2X8",
            "HT6p2X8u",
            "T6p2X8uq",
            "6p2X",
            "p2X8",
            "2X8u",
            "X8uq",
            "T6tMbZfYnCORrPnm",
            "6tMbZfYnCORrPnmv",
            "tMbZfYnCORrPnmvK",
            "MbZfYnCORrPnmvKM",
            "bZfYnCORrPnm",
            "ZfYnCORrPnmv",
            "fYnCORrPnmvK",
            "YnCORrPnmvKM",
            "nCORrPnm",
            "CORrPnmv",
            "ORrPnmvK",
            "RrPnmvKM",
            "rPnm",
            "Pnmv",
            "nmvK",
            "mvKM",
            "Upln4Zf2uWmJ2tgB",
            "pln4Zf2uWmJ2tgBY",
            "ln4Zf2uWmJ2tgBYG",
            "n4Zf2uWmJ2tgBYGA",
            "4Zf2uWmJ2tgB",
            "Zf2uWmJ2tgBY",
            "f2uWmJ2tgBYG",
            "2uWmJ2tgBYGA",
            "uWmJ2tgB",
            "WmJ2tgBY",
            "mJ2tgBYG",
            "J2tgBYGA",
            "2tgB",
            "tgBY",
            "gBYG",
            "BYGA",
            "c7jEJDfueeGxILg6",
            "7jEJDfueeGxILg6c",
            "jEJDfueeGxILg6cH",
            "EJDfueeGxILg6cHG",
            "JDfueeGxILg6",
            "DfueeGxILg6c",
            "fueeGxILg6cH",
            "ueeGxILg6cHG",
            "eeGxILg6",
            "eGxILg6c",
            "GxILg6cH",
            "xILg6cHG",
            "ILg6",
            "Lg6c",
            "g6cH",
            "6cHG",
            "kbW68RAR",
            "bW68RARg",
            "W68RARgr",
            "68RA",
            "8RAR",
            "RARg",
            "ARgr",
            "ksp6SUFX",
            "sp6SUFXk",
            "p6SUFXkx",
            "6SUF",
            "SUFX",
            "UFXk",
            "FXkx",
            "eyu8ygfwydFLBRBG",
            "yu8ygfwydFLBRBGX",
            "u8ygfwydFLBRBGXb",
            "8ygfwydFLBRBGXbt",
            "ygfwydFLBRBG",
            "gfwydFLBRBGX",
            "fwydFLBRBGXb",
            "wydFLBRBGXbt",
            "ydFLBRBG",
            "dFLBRBGX",
            "FLBRBGXb",
            "LBRBGXbt",
            "BRBG",
            "RBGX",
            "BGXb",
            "GXbt",
            "yQ6Y3Mf3NEDaVijV",
            "Q6Y3Mf3NEDaVijVd",
            "6Y3Mf3NEDaVijVdc",
            "Y3Mf3NEDaVijVdc7",
            "3Mf3NEDaVijV",
            "Mf3NEDaVijVd",
            "f3NEDaVijVdc",
            "3NEDaVijVdc7",
            "NEDaVijV",
            "EDaVijVd",
            "DaVijVdc",
            "aVijVdc7",
            "VijV",
            "ijVd",
            "jVdc",
            "Vdc7",
            "nlhBMRfyBAHEwlTw",
            "lhBMRfyBAHEwlTwV",
            "hBMRfyBAHEwlTwV6",
            "BMRfyBAHEwlTwV6s",
            "MRfyBAHEwlTw",
            "RfyBAHEwlTwV",
            "fyBAHEwlTwV6",
            "yBAHEwlTwV6s",
            "BAHEwlTw",
            "AHEwlTwV",
            "HEwlTwV6",
            "EwlTwV6s",
            "wlTw",
            "lTwV",
            "TwV6",
            "wV6s",
            "m39UMWfp4sd384et",
            "39UMWfp4sd384et0",
            "9UMWfp4sd384et0S",
            "UMWfp4sd384et0SF",
            "MWfp4sd384et",
            "Wfp4sd384et0",
            "fp4sd384et0S",
            "p4sd384et0SF",
            "4sd384et",
            "sd384et0",
            "d384et0S",
            "384et0SF",
            "84et",
            "4et0",
            "et0S",
            "t0SF",
            "Ly7BoqAO",
            "y7BoqAOk",
            "7BoqAOkf",
            "BoqA",
            "oqAO",
            "qAOk",
            "AOkf",
            "idWBjJDC",
            "dWBjJDCF",
            "WBjJDCF2",
            "BjJD",
            "jJDC",
            "JDCF",
            "DCF2",
            "tMXBbPjC",
            "MXBbPjCt",
            "XBbPjCts",
            "BbPj",
            "bPjC",
            "PjCt",
            "jCts",
            "Bs3BQwG1",
            "s3BQwG1E",
            "3BQwG1EQ",
            "BQwG",
            "QwG1",
            "wG1E",
            "G1EQ",
            "UPrBiy1c",
            "PrBiy1cO",
            "rBiy1cOZ",
            "Biy1",
            "iy1c",
            "y1cO",
            "1cOZ",
            "eIeBtnya",
            "IeBtnyaQ",
            "eBtnyaQU",
            "Btny",
            "tnya",
            "nyaQ",
            "yaQU",
            "gML6gjTQ",
            "ML6gjTQT",
            "L6gjTQTC",
            "6gjT",
            "gjTQ",
            "jTQT",
            "TQTC",
            "yBwoGGfJSKtgSNXw",
            "BwoGGfJSKtgSNXwD",
            "woGGfJSKtgSNXwDI",
            "oGGfJSKtgSNXwDIi",
            "GGfJSKtgSNXw",
            "GfJSKtgSNXwD",
            "fJSKtgSNXwDI",
            "JSKtgSNXwDIi",
            "SKtgSNXw",
            "KtgSNXwD",
            "tgSNXwDI",
            "gSNXwDIi",
            "SNXw",
            "NXwD",
            "XwDI",
            "wDIi",
            "c9oUswf8SMtC3unm",
            "9oUswf8SMtC3unmy",
            "oUswf8SMtC3unmyA",
            "Uswf8SMtC3unmyAM",
            "swf8SMtC3unm",
            "wf8SMtC3unmy",
            "f8SMtC3unmyA",
            "8SMtC3unmyAM",
            "SMtC3unm",
            "MtC3unmy",
            "tC3unmyA",
            "C3unmyAM",
            "3unm",
            "unmy",
            "nmyA",
            "myAM",
            "n5P60kE8",
            "5P60kE8p",
            "P60kE8pO",
            "60kE",
            "0kE8",
            "kE8p",
            "E8pO",
            "Nullable",
            "ulla",
            "llab",
            "labl",
            "b8vZbufSroJXELW4",
            "8vZbufSroJXELW4R",
            "vZbufSroJXELW4RY",
            "ZbufSroJXELW4RY7",
            "bufSroJXELW4",
            "ufSroJXELW4R",
            "fSroJXELW4RY",
            "SroJXELW4RY7",
            "roJXELW4",
            "oJXELW4R",
            "JXELW4RY",
            "XELW4RY7",
            "ELW4",
            "LW4R",
            "W4RY",
            "4RY7",
            "HasValue",
            "asVa",
            "sVal",
            "GetValueOrDefaul",
            "etValueOrDefault",
            "tValueOrDefa",
            "ValueOrDefau",
            "alueOrDefaul",
            "lueOrDefault",
            "ueOrDefa",
            "eOrDefau",
            "OrDefaul",
            "rDefault",
            "Defa",
            "efau",
            "faul",
            "ault",
            "H4B64Afcp0XZA5SW",
            "4B64Afcp0XZA5SWG",
            "B64Afcp0XZA5SWGv",
            "64Afcp0XZA5SWGvn",
            "4Afcp0XZA5SW",
            "Afcp0XZA5SWG",
            "fcp0XZA5SWGv",
            "cp0XZA5SWGvn",
            "p0XZA5SW",
            "0XZA5SWG",
            "XZA5SWGv",
            "ZA5SWGvn",
            "A5SW",
            "5SWG",
            "SWGv",
            "WGvn",
            "Tg8aMofgCCGdyI8p",
            "g8aMofgCCGdyI8pN",
            "8aMofgCCGdyI8pNl",
            "aMofgCCGdyI8pNlK",
            "MofgCCGdyI8p",
            "ofgCCGdyI8pN",
            "fgCCGdyI8pNl",
            "gCCGdyI8pNlK",
            "CCGdyI8p",
            "CGdyI8pN",
            "GdyI8pNl",
            "dyI8pNlK",
            "yI8p",
            "I8pN",
            "8pNl",
            "pNlK",
            "Qx637W6ah8UZQlaY",
            "x637W6ah8UZQlaYE",
            "637W6ah8UZQlaYEL",
            "37W6ah8UZQlaYELv",
            "7W6ah8UZQlaY",
            "W6ah8UZQlaYE",
            "6ah8UZQlaYEL",
            "ah8UZQlaYELv",
            "h8UZQlaY",
            "8UZQlaYE",
            "UZQlaYEL",
            "ZQlaYELv",
            "QlaY",
            "laYE",
            "aYEL",
            "YELv",
            "Bd06QiJe",
            "d06QiJeo",
            "06QiJeo7",
            "6QiJ",
            "QiJe",
            "iJeo",
            "Jeo7",
            "ySxIiOfFdrQJxGkd",
            "SxIiOfFdrQJxGkdy",
            "xIiOfFdrQJxGkdyG",
            "IiOfFdrQJxGkdyGk",
            "iOfFdrQJxGkd",
            "OfFdrQJxGkdy",
            "fFdrQJxGkdyG",
            "FdrQJxGkdyGk",
            "drQJxGkd",
            "rQJxGkdy",
            "QJxGkdyG",
            "JxGkdyGk",
            "xGkd",
            "Gkdy",
            "kdyG",
            "dyGk",
            "Y9V3X8qi",
            "9V3X8qiT",
            "V3X8qiTW",
            "3X8q",
            "X8qi",
            "8qiT",
            "qiTW",
            "N8V6O1X4",
            "8V6O1X4y",
            "V6O1X4yx",
            "6O1X",
            "O1X4",
            "1X4y",
            "X4yx",
            "kMU6oBdY",
            "MU6oBdYn",
            "U6oBdYns",
            "6oBd",
            "oBdY",
            "BdYn",
            "dYns",
            "tt66jR72",
            "t66jR72o",
            "66jR72oJ",
            "6jR7",
            "jR72",
            "R72o",
            "72oJ",
            "QY86bPQ0",
            "Y86bPQ0c",
            "86bPQ0cv",
            "6bPQ",
            "bPQ0",
            "PQ0c",
            "Q0cv",
            "RemoveAt",
            "emov",
            "move",
            "oveA",
            "veAt",
            "fvwhuEfaVNKY1dkL",
            "vwhuEfaVNKY1dkLY",
            "whuEfaVNKY1dkLYC",
            "huEfaVNKY1dkLYCu",
            "uEfaVNKY1dkL",
            "EfaVNKY1dkLY",
            "faVNKY1dkLYC",
            "aVNKY1dkLYCu",
            "VNKY1dkL",
            "NKY1dkLY",
            "KY1dkLYC",
            "Y1dkLYCu",
            "1dkL",
            "dkLY",
            "kLYC",
            "LYCu",
            "sydFPef0ZCZNIcmh",
            "ydFPef0ZCZNIcmhJ",
            "dFPef0ZCZNIcmhJV",
            "FPef0ZCZNIcmhJVf",
            "Pef0ZCZNIcmh",
            "ef0ZCZNIcmhJ",
            "f0ZCZNIcmhJV",
            "0ZCZNIcmhJVf",
            "ZCZNIcmh",
            "CZNIcmhJ",
            "ZNIcmhJV",
            "NIcmhJVf",
            "Icmh",
            "cmhJ",
            "mhJV",
            "hJVf",
            "te3hTD4B",
            "e3hTD4B7",
            "3hTD4B7F",
            "hTD4",
            "TD4B",
            "D4B7",
            "4B7F",
            "StringBuilde",
            "tringBuilder",
            "ringBuil",
            "ingBuild",
            "ngBuilde",
            "gBuilder",
            "gm0KLlfAjjF630L2",
            "m0KLlfAjjF630L2b",
            "0KLlfAjjF630L2b8",
            "KLlfAjjF630L2b82",
            "LlfAjjF630L2",
            "lfAjjF630L2b",
            "fAjjF630L2b8",
            "AjjF630L2b82",
            "jjF630L2",
            "jF630L2b",
            "F630L2b8",
            "630L2b82",
            "30L2",
            "0L2b",
            "L2b8",
            "2b82",
            "IFormatProvi",
            "FormatProvid",
            "ormatProvide",
            "rmatProvider",
            "matProvi",
            "atProvid",
            "tProvide",
            "lfP6tUgv",
            "fP6tUgvX",
            "P6tUgvXg",
            "6tUg",
            "tUgv",
            "UgvX",
            "gvXg",
            "L4L6Ck62",
            "4L6Ck62Z",
            "L6Ck62Zh",
            "6Ck6",
            "Ck62",
            "k62Z",
            "62Zh",
            "nbJ5186MtH3CYq0E",
            "bJ5186MtH3CYq0E0",
            "J5186MtH3CYq0E07",
            "5186MtH3CYq0E07W",
            "186MtH3CYq0E",
            "86MtH3CYq0E0",
            "6MtH3CYq0E07",
            "MtH3CYq0E07W",
            "tH3CYq0E",
            "H3CYq0E0",
            "3CYq0E07",
            "CYq0E07W",
            "Yq0E",
            "q0E0",
            "0E07",
            "E07W",
            "x5v4fA6xpPhpJ8vX",
            "5v4fA6xpPhpJ8vXm",
            "v4fA6xpPhpJ8vXmp",
            "4fA6xpPhpJ8vXmpS",
            "fA6xpPhpJ8vX",
            "A6xpPhpJ8vXm",
            "6xpPhpJ8vXmp",
            "xpPhpJ8vXmpS",
            "pPhpJ8vX",
            "PhpJ8vXm",
            "hpJ8vXmp",
            "pJ8vXmpS",
            "J8vX",
            "8vXm",
            "vXmp",
            "XmpS",
            "QnNhV435",
            "nNhV435K",
            "NhV435K3",
            "hV43",
            "V435",
            "435K",
            "35K3",
            "koNpHqhHLE9NHTRI",
            "oNpHqhHLE9NHTRIu",
            "NpHqhHLE9NHTRIug",
            "pHqhHLE9NHTRIugd",
            "HqhHLE9NHTRI",
            "qhHLE9NHTRIu",
            "hHLE9NHTRIug",
            "HLE9NHTRIugd",
            "LE9NHTRI",
            "E9NHTRIu",
            "9NHTRIug",
            "NHTRIugd",
            "HTRI",
            "TRIu",
            "RIug",
            "Iugd",
            "geImdmhnnVeAf1JO",
            "eImdmhnnVeAf1JOW",
            "ImdmhnnVeAf1JOWi",
            "mdmhnnVeAf1JOWiO",
            "dmhnnVeAf1JO",
            "mhnnVeAf1JOW",
            "hnnVeAf1JOWi",
            "nnVeAf1JOWiO",
            "nVeAf1JO",
            "VeAf1JOW",
            "eAf1JOWi",
            "Af1JOWiO",
            "f1JO",
            "1JOW",
            "JOWi",
            "OWiO",
            "sjqhZjJj",
            "jqhZjJjU",
            "qhZjJjU0",
            "hZjJ",
            "ZjJj",
            "jJjU",
            "JjU0",
            "hp4DYyh7viWR6qKn",
            "p4DYyh7viWR6qKno",
            "4DYyh7viWR6qKnoh",
            "DYyh7viWR6qKnohl",
            "Yyh7viWR6qKn",
            "yh7viWR6qKno",
            "h7viWR6qKnoh",
            "7viWR6qKnohl",
            "viWR6qKn",
            "iWR6qKno",
            "WR6qKnoh",
            "R6qKnohl",
            "6qKn",
            "qKno",
            "Knoh",
            "nohl",
            "FnliVyhWbQ3uQ7d3",
            "nliVyhWbQ3uQ7d3A",
            "liVyhWbQ3uQ7d3Ag",
            "iVyhWbQ3uQ7d3AgS",
            "VyhWbQ3uQ7d3",
            "yhWbQ3uQ7d3A",
            "hWbQ3uQ7d3Ag",
            "WbQ3uQ7d3AgS",
            "bQ3uQ7d3",
            "Q3uQ7d3A",
            "3uQ7d3Ag",
            "uQ7d3AgS",
            "Q7d3",
            "7d3A",
            "d3Ag",
            "3AgS",
            "sUIhsvMV",
            "UIhsvMVc",
            "IhsvMVcG",
            "hsvM",
            "svMV",
            "vMVc",
            "MVcG",
            "K83Qmlh6gtXVsgJN",
            "83Qmlh6gtXVsgJN9",
            "3Qmlh6gtXVsgJN91",
            "Qmlh6gtXVsgJN91x",
            "mlh6gtXVsgJN",
            "lh6gtXVsgJN9",
            "h6gtXVsgJN91",
            "6gtXVsgJN91x",
            "gtXVsgJN",
            "tXVsgJN9",
            "XVsgJN91",
            "VsgJN91x",
            "sgJN",
            "gJN9",
            "JN91",
            "N91x",
            "qG50RmhhqnDRufSq",
            "G50RmhhqnDRufSqk",
            "50RmhhqnDRufSqkK",
            "0RmhhqnDRufSqkKj",
            "RmhhqnDRufSq",
            "mhhqnDRufSqk",
            "hhqnDRufSqkK",
            "hqnDRufSqkKj",
            "qnDRufSq",
            "nDRufSqk",
            "DRufSqkK",
            "RufSqkKj",
            "ufSq",
            "fSqk",
            "SqkK",
            "qkKj",
            "yBNhBOxc",
            "BNhBOxco",
            "NhBOxcof",
            "hBOx",
            "BOxc",
            "Oxco",
            "xcof",
            "kNhhKC2n",
            "NhhKC2n6",
            "hhKC2n6L",
            "hKC2",
            "KC2n",
            "C2n6",
            "2n6L",
            "unQhUhSG",
            "nQhUhSGi",
            "QhUhSGiG",
            "hUhS",
            "UhSG",
            "hSGi",
            "SGiG",
            "S1Ohraoy",
            "1OhraoyV",
            "OhraoyV6",
            "hrao",
            "raoy",
            "aoyV",
            "oyV6",
            "Aw9fCUfOLiRLKUT7",
            "w9fCUfOLiRLKUT7H",
            "9fCUfOLiRLKUT7Hg",
            "fCUfOLiRLKUT7HgC",
            "CUfOLiRLKUT7",
            "UfOLiRLKUT7H",
            "fOLiRLKUT7Hg",
            "OLiRLKUT7HgC",
            "LiRLKUT7",
            "iRLKUT7H",
            "RLKUT7Hg",
            "LKUT7HgC",
            "KUT7",
            "UT7H",
            "T7Hg",
            "7HgC",
            "WRA48bfoT7rXhMhs",
            "RA48bfoT7rXhMhs9",
            "A48bfoT7rXhMhs9C",
            "48bfoT7rXhMhs9Cc",
            "8bfoT7rXhMhs",
            "bfoT7rXhMhs9",
            "foT7rXhMhs9C",
            "oT7rXhMhs9Cc",
            "T7rXhMhs",
            "7rXhMhs9",
            "rXhMhs9C",
            "XhMhs9Cc",
            "hMhs",
            "Mhs9",
            "hs9C",
            "s9Cc",
            "y5PjCFfiA5UAgJgf",
            "5PjCFfiA5UAgJgff",
            "PjCFfiA5UAgJgffR",
            "jCFfiA5UAgJgffR7",
            "CFfiA5UAgJgf",
            "FfiA5UAgJgff",
            "fiA5UAgJgffR",
            "iA5UAgJgffR7",
            "A5UAgJgf",
            "5UAgJgff",
            "UAgJgffR",
            "AgJgffR7",
            "gJgf",
            "Jgff",
            "gffR",
            "ffR7",
            "BCDUvLftRQp4Z7dw",
            "CDUvLftRQp4Z7dwh",
            "DUvLftRQp4Z7dwhO",
            "UvLftRQp4Z7dwhOD",
            "vLftRQp4Z7dw",
            "LftRQp4Z7dwh",
            "ftRQp4Z7dwhO",
            "tRQp4Z7dwhOD",
            "RQp4Z7dw",
            "Qp4Z7dwh",
            "p4Z7dwhO",
            "4Z7dwhOD",
            "Z7dw",
            "7dwh",
            "dwhO",
            "whOD",
            "v0GXg0fd88pPxr0u",
            "0GXg0fd88pPxr0u6",
            "GXg0fd88pPxr0u6E",
            "Xg0fd88pPxr0u6Er",
            "g0fd88pPxr0u",
            "0fd88pPxr0u6",
            "fd88pPxr0u6E",
            "d88pPxr0u6Er",
            "88pPxr0u",
            "8pPxr0u6",
            "pPxr0u6E",
            "Pxr0u6Er",
            "xr0u",
            "r0u6",
            "0u6E",
            "u6Er",
            "03DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "3DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "CEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "EB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "B56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "6B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "42C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "2C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "22DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "2DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "DE2821DA9906CD70AB73267EAB1A3947BFD894D19372",
            "E2821DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "2821DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "21DA9906CD70AB73267EAB1A3947BFD894D19372",
            "1DA9906CD70AB73267EAB1A3947BFD894D19372B",
            "DA9906CD70AB73267EAB1A3947BFD894D19372BC",
            "A9906CD70AB73267EAB1A3947BFD894D19372BC7",
            "9906CD70AB73267EAB1A3947BFD894D19372",
            "906CD70AB73267EAB1A3947BFD894D19372B",
            "06CD70AB73267EAB1A3947BFD894D19372BC",
            "6CD70AB73267EAB1A3947BFD894D19372BC7",
            "CD70AB73267EAB1A3947BFD894D19372",
            "D70AB73267EAB1A3947BFD894D19372B",
            "70AB73267EAB1A3947BFD894D19372BC",
            "0AB73267EAB1A3947BFD894D19372BC7",
            "AB73267EAB1A3947BFD894D19372",
            "B73267EAB1A3947BFD894D19372B",
            "73267EAB1A3947BFD894D19372BC",
            "3267EAB1A3947BFD894D19372BC7",
            "267EAB1A3947BFD894D19372",
            "67EAB1A3947BFD894D19372B",
            "7EAB1A3947BFD894D19372BC",
            "EAB1A3947BFD894D19372BC7",
            "AB1A3947BFD894D19372",
            "B1A3947BFD894D19372B",
            "1A3947BFD894D19372BC",
            "A3947BFD894D19372BC7",
            "3947BFD894D19372",
            "947BFD894D19372B",
            "47BFD894D19372BC",
            "7BFD894D19372BC7",
            "BFD894D19372",
            "FD894D19372B",
            "D894D19372BC",
            "894D19372BC7",
            "94D19372",
            "4D19372B",
            "D19372BC",
            "19372BC7",
            "9372",
            "372B",
            "72BC",
            "2BC7",
            "0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "48EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "8EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "F5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "0630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "30BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "0BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "DDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "DB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "B19388CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "9388CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "388CB6378436E3C65D03DD66DA7C6EBFF563BD85",
            "88CB6378436E3C65D03DD66DA7C6EBFF563BD857",
            "8CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
            "CB6378436E3C65D03DD66DA7C6EBFF563BD8",
            "B6378436E3C65D03DD66DA7C6EBFF563BD85",
            "6378436E3C65D03DD66DA7C6EBFF563BD857",
            "378436E3C65D03DD66DA7C6EBFF563BD857A",
            "78436E3C65D03DD66DA7C6EBFF563BD8",
            "8436E3C65D03DD66DA7C6EBFF563BD85",
            "436E3C65D03DD66DA7C6EBFF563BD857",
            "36E3C65D03DD66DA7C6EBFF563BD857A",
            "6E3C65D03DD66DA7C6EBFF563BD8",
            "E3C65D03DD66DA7C6EBFF563BD85",
            "3C65D03DD66DA7C6EBFF563BD857",
            "C65D03DD66DA7C6EBFF563BD857A",
            "65D03DD66DA7C6EBFF563BD8",
            "5D03DD66DA7C6EBFF563BD85",
            "D03DD66DA7C6EBFF563BD857",
            "03DD66DA7C6EBFF563BD857A",
            "3DD66DA7C6EBFF563BD8",
            "DD66DA7C6EBFF563BD85",
            "D66DA7C6EBFF563BD857",
            "66DA7C6EBFF563BD857A",
            "6DA7C6EBFF563BD8",
            "DA7C6EBFF563BD85",
            "A7C6EBFF563BD857",
            "7C6EBFF563BD857A",
            "C6EBFF563BD8",
            "6EBFF563BD85",
            "EBFF563BD857",
            "BFF563BD857A",
            "FF563BD8",
            "F563BD85",
            "563BD857",
            "63BD857A",
            "3BD8",
            "BD85",
            "D857",
            "857A",
            "128605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "28605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "8605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "05DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "5DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "D5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "C3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "7EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "B915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "15E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "5E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "DA22D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "A22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "22D0F52C595C0CF7986D911ED2CA1C403FB7",
            "2D0F52C595C0CF7986D911ED2CA1C403FB7B",
            "D0F52C595C0CF7986D911ED2CA1C403FB7B8",
            "0F52C595C0CF7986D911ED2CA1C403FB7B83",
            "F52C595C0CF7986D911ED2CA1C403FB7",
            "52C595C0CF7986D911ED2CA1C403FB7B",
            "2C595C0CF7986D911ED2CA1C403FB7B8",
            "C595C0CF7986D911ED2CA1C403FB7B83",
            "595C0CF7986D911ED2CA1C403FB7",
            "95C0CF7986D911ED2CA1C403FB7B",
            "5C0CF7986D911ED2CA1C403FB7B8",
            "C0CF7986D911ED2CA1C403FB7B83",
            "0CF7986D911ED2CA1C403FB7",
            "CF7986D911ED2CA1C403FB7B",
            "F7986D911ED2CA1C403FB7B8",
            "7986D911ED2CA1C403FB7B83",
            "986D911ED2CA1C403FB7",
            "86D911ED2CA1C403FB7B",
            "6D911ED2CA1C403FB7B8",
            "D911ED2CA1C403FB7B83",
            "911ED2CA1C403FB7",
            "11ED2CA1C403FB7B",
            "1ED2CA1C403FB7B8",
            "ED2CA1C403FB7B83",
            "D2CA1C403FB7",
            "2CA1C403FB7B",
            "CA1C403FB7B8",
            "A1C403FB7B83",
            "1C403FB7",
            "C403FB7B",
            "403FB7B8",
            "03FB7B83",
            "3FB7",
            "FB7B",
            "B7B8",
            "7B83",
            "4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "ED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "D3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "DC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "C52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "2D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "04075F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "4075F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "75F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "5F6BBF279EC4ACEDE079533B95E229A29809542EA324",
            "F6BBF279EC4ACEDE079533B95E229A29809542EA324A",
            "6BBF279EC4ACEDE079533B95E229A29809542EA324A7",
            "BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
            "BF279EC4ACEDE079533B95E229A29809542EA324",
            "F279EC4ACEDE079533B95E229A29809542EA324A",
            "279EC4ACEDE079533B95E229A29809542EA324A7",
            "79EC4ACEDE079533B95E229A29809542EA324A7B",
            "9EC4ACEDE079533B95E229A29809542EA324",
            "EC4ACEDE079533B95E229A29809542EA324A",
            "C4ACEDE079533B95E229A29809542EA324A7",
            "4ACEDE079533B95E229A29809542EA324A7B",
            "ACEDE079533B95E229A29809542EA324",
            "CEDE079533B95E229A29809542EA324A",
            "EDE079533B95E229A29809542EA324A7",
            "DE079533B95E229A29809542EA324A7B",
            "E079533B95E229A29809542EA324",
            "079533B95E229A29809542EA324A",
            "79533B95E229A29809542EA324A7",
            "9533B95E229A29809542EA324A7B",
            "533B95E229A29809542EA324",
            "33B95E229A29809542EA324A",
            "3B95E229A29809542EA324A7",
            "B95E229A29809542EA324A7B",
            "95E229A29809542EA324",
            "5E229A29809542EA324A",
            "E229A29809542EA324A7",
            "229A29809542EA324A7B",
            "29A29809542EA324",
            "9A29809542EA324A",
            "A29809542EA324A7",
            "29809542EA324A7B",
            "9809542EA324",
            "809542EA324A",
            "09542EA324A7",
            "9542EA324A7B",
            "542EA324",
            "42EA324A",
            "2EA324A7",
            "EA324A7B",
            "A324",
            "324A",
            "24A7",
            "4A7B",
            "59058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "9058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "58FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "8FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "DDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "DE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "E6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "89BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "9BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "CA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "A6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "36FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "6FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "D2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "E2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "98B3ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "8B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
            "B3ABB38A7BC80D8DD4C75CEFD7A5D247",
            "3ABB38A7BC80D8DD4C75CEFD7A5D2470",
            "ABB38A7BC80D8DD4C75CEFD7A5D24707",
            "BB38A7BC80D8DD4C75CEFD7A5D247074",
            "B38A7BC80D8DD4C75CEFD7A5D247",
            "38A7BC80D8DD4C75CEFD7A5D2470",
            "8A7BC80D8DD4C75CEFD7A5D24707",
            "A7BC80D8DD4C75CEFD7A5D247074",
            "7BC80D8DD4C75CEFD7A5D247",
            "BC80D8DD4C75CEFD7A5D2470",
            "C80D8DD4C75CEFD7A5D24707",
            "80D8DD4C75CEFD7A5D247074",
            "0D8DD4C75CEFD7A5D247",
            "D8DD4C75CEFD7A5D2470",
            "8DD4C75CEFD7A5D24707",
            "DD4C75CEFD7A5D247074",
            "D4C75CEFD7A5D247",
            "4C75CEFD7A5D2470",
            "C75CEFD7A5D24707",
            "75CEFD7A5D247074",
            "5CEFD7A5D247",
            "CEFD7A5D2470",
            "EFD7A5D24707",
            "FD7A5D247074",
            "D7A5D247",
            "7A5D2470",
            "A5D24707",
            "5D247074",
            "D247",
            "2470",
            "4707",
            "7074",
            "62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "2E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "3B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "3D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "7FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "DD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "D780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "80E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "0E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "0D89A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "D89A6E8EE503B197AC16AC3F1D2571C147FDD324",
            "89A6E8EE503B197AC16AC3F1D2571C147FDD324C",
            "9A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
            "A6E8EE503B197AC16AC3F1D2571C147FDD32",
            "6E8EE503B197AC16AC3F1D2571C147FDD324",
            "E8EE503B197AC16AC3F1D2571C147FDD324C",
            "8EE503B197AC16AC3F1D2571C147FDD324C9",
            "EE503B197AC16AC3F1D2571C147FDD32",
            "E503B197AC16AC3F1D2571C147FDD324",
            "503B197AC16AC3F1D2571C147FDD324C",
            "03B197AC16AC3F1D2571C147FDD324C9",
            "3B197AC16AC3F1D2571C147FDD32",
            "B197AC16AC3F1D2571C147FDD324",
            "197AC16AC3F1D2571C147FDD324C",
            "97AC16AC3F1D2571C147FDD324C9",
            "7AC16AC3F1D2571C147FDD32",
            "AC16AC3F1D2571C147FDD324",
            "C16AC3F1D2571C147FDD324C",
            "16AC3F1D2571C147FDD324C9",
            "6AC3F1D2571C147FDD32",
            "AC3F1D2571C147FDD324",
            "C3F1D2571C147FDD324C",
            "3F1D2571C147FDD324C9",
            "F1D2571C147FDD32",
            "1D2571C147FDD324",
            "D2571C147FDD324C",
            "2571C147FDD324C9",
            "571C147FDD32",
            "71C147FDD324",
            "1C147FDD324C",
            "C147FDD324C9",
            "147FDD32",
            "47FDD324",
            "7FDD324C",
            "FDD324C9",
            "DD32",
            "D324",
            "324C",
            "24C9",
            "742EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "42EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "2EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "B14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "4EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "C82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "2FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "D7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "CE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "E8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "8165C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "165C5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "65C5AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "5C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
            "C5AE7AABD3935C69B50E82F066C4890BD7C5",
            "5AE7AABD3935C69B50E82F066C4890BD7C5D",
            "AE7AABD3935C69B50E82F066C4890BD7C5D1",
            "E7AABD3935C69B50E82F066C4890BD7C5D1F",
            "7AABD3935C69B50E82F066C4890BD7C5",
            "AABD3935C69B50E82F066C4890BD7C5D",
            "ABD3935C69B50E82F066C4890BD7C5D1",
            "BD3935C69B50E82F066C4890BD7C5D1F",
            "D3935C69B50E82F066C4890BD7C5",
            "3935C69B50E82F066C4890BD7C5D",
            "935C69B50E82F066C4890BD7C5D1",
            "35C69B50E82F066C4890BD7C5D1F",
            "5C69B50E82F066C4890BD7C5",
            "C69B50E82F066C4890BD7C5D",
            "69B50E82F066C4890BD7C5D1",
            "9B50E82F066C4890BD7C5D1F",
            "B50E82F066C4890BD7C5",
            "50E82F066C4890BD7C5D",
            "0E82F066C4890BD7C5D1",
            "E82F066C4890BD7C5D1F",
            "82F066C4890BD7C5",
            "2F066C4890BD7C5D",
            "F066C4890BD7C5D1",
            "066C4890BD7C5D1F",
            "66C4890BD7C5",
            "6C4890BD7C5D",
            "C4890BD7C5D1",
            "4890BD7C5D1F",
            "890BD7C5",
            "90BD7C5D",
            "0BD7C5D1",
            "BD7C5D1F",
            "D7C5",
            "7C5D",
            "C5D1",
            "5D1F",
            "7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "35673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "5673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "73D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "3D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "36D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "6D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "7A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "7DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "B03EB3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "03EB3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "3EB3D71EA780F44372F5AEBECEBEDD696AAEB837",
            "EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
            "B3D71EA780F44372F5AEBECEBEDD696AAEB8",
            "3D71EA780F44372F5AEBECEBEDD696AAEB83",
            "D71EA780F44372F5AEBECEBEDD696AAEB837",
            "71EA780F44372F5AEBECEBEDD696AAEB8378",
            "1EA780F44372F5AEBECEBEDD696AAEB8",
            "EA780F44372F5AEBECEBEDD696AAEB83",
            "A780F44372F5AEBECEBEDD696AAEB837",
            "780F44372F5AEBECEBEDD696AAEB8378",
            "80F44372F5AEBECEBEDD696AAEB8",
            "0F44372F5AEBECEBEDD696AAEB83",
            "F44372F5AEBECEBEDD696AAEB837",
            "44372F5AEBECEBEDD696AAEB8378",
            "4372F5AEBECEBEDD696AAEB8",
            "372F5AEBECEBEDD696AAEB83",
            "72F5AEBECEBEDD696AAEB837",
            "2F5AEBECEBEDD696AAEB8378",
            "F5AEBECEBEDD696AAEB8",
            "5AEBECEBEDD696AAEB83",
            "AEBECEBEDD696AAEB837",
            "EBECEBEDD696AAEB8378",
            "BECEBEDD696AAEB8",
            "ECEBEDD696AAEB83",
            "CEBEDD696AAEB837",
            "EBEDD696AAEB8378",
            "BEDD696AAEB8",
            "EDD696AAEB83",
            "DD696AAEB837",
            "D696AAEB8378",
            "696AAEB8",
            "96AAEB83",
            "6AAEB837",
            "AAEB8378",
            "AEB8",
            "EB83",
            "B837",
            "8378",
            "841F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "41F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "1F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "F48991C286754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "8991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "991C286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "91C286754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "1C286754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "286754FBA5647CA30986070C8F457C22D30959D113010CC1",
            "86754FBA5647CA30986070C8F457C22D30959D113010CC16",
            "6754FBA5647CA30986070C8F457C22D30959D113010CC164",
            "754FBA5647CA30986070C8F457C22D30959D113010CC164C",
            "54FBA5647CA30986070C8F457C22D30959D113010CC1",
            "4FBA5647CA30986070C8F457C22D30959D113010CC16",
            "FBA5647CA30986070C8F457C22D30959D113010CC164",
            "BA5647CA30986070C8F457C22D30959D113010CC164C",
            "A5647CA30986070C8F457C22D30959D113010CC1",
            "5647CA30986070C8F457C22D30959D113010CC16",
            "647CA30986070C8F457C22D30959D113010CC164",
            "47CA30986070C8F457C22D30959D113010CC164C",
            "7CA30986070C8F457C22D30959D113010CC1",
            "CA30986070C8F457C22D30959D113010CC16",
            "A30986070C8F457C22D30959D113010CC164",
            "30986070C8F457C22D30959D113010CC164C",
            "0986070C8F457C22D30959D113010CC1",
            "986070C8F457C22D30959D113010CC16",
            "86070C8F457C22D30959D113010CC164",
            "6070C8F457C22D30959D113010CC164C",
            "070C8F457C22D30959D113010CC1",
            "70C8F457C22D30959D113010CC16",
            "0C8F457C22D30959D113010CC164",
            "C8F457C22D30959D113010CC164C",
            "8F457C22D30959D113010CC1",
            "F457C22D30959D113010CC16",
            "457C22D30959D113010CC164",
            "57C22D30959D113010CC164C",
            "7C22D30959D113010CC1",
            "C22D30959D113010CC16",
            "22D30959D113010CC164",
            "2D30959D113010CC164C",
            "D30959D113010CC1",
            "30959D113010CC16",
            "0959D113010CC164",
            "959D113010CC164C",
            "59D113010CC1",
            "9D113010CC16",
            "D113010CC164",
            "113010CC164C",
            "13010CC1",
            "3010CC16",
            "010CC164",
            "10CC164C",
            "0CC1",
            "CC16",
            "C164",
            "164C",
            "97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "7E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "13E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "3E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "7DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "EC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "C76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "6B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "50D47644B35EA4322F00D594D80D2F1C1F3644F8",
            "0D47644B35EA4322F00D594D80D2F1C1F3644F8A",
            "D47644B35EA4322F00D594D80D2F1C1F3644F8A4",
            "47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "7644B35EA4322F00D594D80D2F1C1F3644F8",
            "644B35EA4322F00D594D80D2F1C1F3644F8A",
            "44B35EA4322F00D594D80D2F1C1F3644F8A4",
            "4B35EA4322F00D594D80D2F1C1F3644F8A4A",
            "B35EA4322F00D594D80D2F1C1F3644F8",
            "35EA4322F00D594D80D2F1C1F3644F8A",
            "5EA4322F00D594D80D2F1C1F3644F8A4",
            "EA4322F00D594D80D2F1C1F3644F8A4A",
            "A4322F00D594D80D2F1C1F3644F8",
            "4322F00D594D80D2F1C1F3644F8A",
            "322F00D594D80D2F1C1F3644F8A4",
            "22F00D594D80D2F1C1F3644F8A4A",
            "2F00D594D80D2F1C1F3644F8",
            "F00D594D80D2F1C1F3644F8A",
            "00D594D80D2F1C1F3644F8A4",
            "0D594D80D2F1C1F3644F8A4A",
            "D594D80D2F1C1F3644F8",
            "594D80D2F1C1F3644F8A",
            "94D80D2F1C1F3644F8A4",
            "4D80D2F1C1F3644F8A4A",
            "D80D2F1C1F3644F8",
            "80D2F1C1F3644F8A",
            "0D2F1C1F3644F8A4",
            "D2F1C1F3644F8A4A",
            "2F1C1F3644F8",
            "F1C1F3644F8A",
            "1C1F3644F8A4",
            "C1F3644F8A4A",
            "1F3644F8",
            "F3644F8A",
            "3644F8A4",
            "644F8A4A",
            "44F8",
            "4F8A",
            "F8A4",
            "8A4A",
            "C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "56AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "6AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "FF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "F1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "1C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "A472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "472E584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "72E584C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "2E584C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "584C8E3C8F875B9A24280435D42836A77B19F5A8",
            "84C8E3C8F875B9A24280435D42836A77B19F5A8C",
            "4C8E3C8F875B9A24280435D42836A77B19F5A8C1",
            "C8E3C8F875B9A24280435D42836A77B19F5A8C18",
            "8E3C8F875B9A24280435D42836A77B19F5A8",
            "E3C8F875B9A24280435D42836A77B19F5A8C",
            "3C8F875B9A24280435D42836A77B19F5A8C1",
            "C8F875B9A24280435D42836A77B19F5A8C18",
            "8F875B9A24280435D42836A77B19F5A8",
            "F875B9A24280435D42836A77B19F5A8C",
            "875B9A24280435D42836A77B19F5A8C1",
            "75B9A24280435D42836A77B19F5A8C18",
            "5B9A24280435D42836A77B19F5A8",
            "B9A24280435D42836A77B19F5A8C",
            "9A24280435D42836A77B19F5A8C1",
            "A24280435D42836A77B19F5A8C18",
            "24280435D42836A77B19F5A8",
            "4280435D42836A77B19F5A8C",
            "280435D42836A77B19F5A8C1",
            "80435D42836A77B19F5A8C18",
            "0435D42836A77B19F5A8",
            "435D42836A77B19F5A8C",
            "35D42836A77B19F5A8C1",
            "5D42836A77B19F5A8C18",
            "D42836A77B19F5A8",
            "42836A77B19F5A8C",
            "2836A77B19F5A8C1",
            "836A77B19F5A8C18",
            "36A77B19F5A8",
            "6A77B19F5A8C",
            "A77B19F5A8C1",
            "77B19F5A8C18",
            "7B19F5A8",
            "B19F5A8C",
            "19F5A8C1",
            "9F5A8C18",
            "F5A8",
            "5A8C",
            "A8C1",
            "8C18",
            "C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "1B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01",
            "B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "41CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01",
            "1CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "F756EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "756EB7551F7C661743802362728B785ADC22E860D269713DFB01",
            "56EB7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "6EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "EB7551F7C661743802362728B785ADC22E860D269713DFB0",
            "B7551F7C661743802362728B785ADC22E860D269713DFB01",
            "7551F7C661743802362728B785ADC22E860D269713DFB01A",
            "551F7C661743802362728B785ADC22E860D269713DFB01A6",
            "51F7C661743802362728B785ADC22E860D269713DFB0",
            "1F7C661743802362728B785ADC22E860D269713DFB01",
            "F7C661743802362728B785ADC22E860D269713DFB01A",
            "7C661743802362728B785ADC22E860D269713DFB01A6",
            "C661743802362728B785ADC22E860D269713DFB0",
            "661743802362728B785ADC22E860D269713DFB01",
            "61743802362728B785ADC22E860D269713DFB01A",
            "1743802362728B785ADC22E860D269713DFB01A6",
            "743802362728B785ADC22E860D269713DFB0",
            "43802362728B785ADC22E860D269713DFB01",
            "3802362728B785ADC22E860D269713DFB01A",
            "802362728B785ADC22E860D269713DFB01A6",
            "02362728B785ADC22E860D269713DFB0",
            "2362728B785ADC22E860D269713DFB01",
            "362728B785ADC22E860D269713DFB01A",
            "62728B785ADC22E860D269713DFB01A6",
            "2728B785ADC22E860D269713DFB0",
            "728B785ADC22E860D269713DFB01",
            "28B785ADC22E860D269713DFB01A",
            "8B785ADC22E860D269713DFB01A6",
            "B785ADC22E860D269713DFB0",
            "785ADC22E860D269713DFB01",
            "85ADC22E860D269713DFB01A",
            "5ADC22E860D269713DFB01A6",
            "ADC22E860D269713DFB0",
            "DC22E860D269713DFB01",
            "C22E860D269713DFB01A",
            "22E860D269713DFB01A6",
            "2E860D269713DFB0",
            "E860D269713DFB01",
            "860D269713DFB01A",
            "60D269713DFB01A6",
            "0D269713DFB0",
            "D269713DFB01",
            "269713DFB01A",
            "69713DFB01A6",
            "9713DFB0",
            "713DFB01",
            "13DFB01A",
            "3DFB01A6",
            "DFB0",
            "FB01",
            "B01A",
            "01A6",
            "D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "47C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "7C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "97788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "7788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "88CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "8CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "F0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "031CEB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "31CEB06E3DF77A45FEF59F1E49633DC7159816D64759",
            "1CEB06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "EB06E3DF77A45FEF59F1E49633DC7159816D6475",
            "B06E3DF77A45FEF59F1E49633DC7159816D64759",
            "06E3DF77A45FEF59F1E49633DC7159816D64759B",
            "6E3DF77A45FEF59F1E49633DC7159816D64759B5",
            "E3DF77A45FEF59F1E49633DC7159816D6475",
            "3DF77A45FEF59F1E49633DC7159816D64759",
            "DF77A45FEF59F1E49633DC7159816D64759B",
            "F77A45FEF59F1E49633DC7159816D64759B5",
            "77A45FEF59F1E49633DC7159816D6475",
            "7A45FEF59F1E49633DC7159816D64759",
            "A45FEF59F1E49633DC7159816D64759B",
            "45FEF59F1E49633DC7159816D64759B5",
            "5FEF59F1E49633DC7159816D6475",
            "FEF59F1E49633DC7159816D64759",
            "EF59F1E49633DC7159816D64759B",
            "F59F1E49633DC7159816D64759B5",
            "59F1E49633DC7159816D6475",
            "9F1E49633DC7159816D64759",
            "F1E49633DC7159816D64759B",
            "1E49633DC7159816D64759B5",
            "E49633DC7159816D6475",
            "49633DC7159816D64759",
            "9633DC7159816D64759B",
            "633DC7159816D64759B5",
            "33DC7159816D6475",
            "3DC7159816D64759",
            "DC7159816D64759B",
            "C7159816D64759B5",
            "7159816D6475",
            "159816D64759",
            "59816D64759B",
            "9816D64759B5",
            "816D6475",
            "16D64759",
            "6D64759B",
            "D64759B5",
            "6475",
            "4759",
            "759B",
            "59B5",
            "F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "BE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "E78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "8BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "D8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "8559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "59BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "9BF3CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "BF3CFCC9A9FA37D221E31780774A3787E26160A61F53",
            "F3CFCC9A9FA37D221E31780774A3787E26160A61F534",
            "3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
            "CFCC9A9FA37D221E31780774A3787E26160A61F5",
            "FCC9A9FA37D221E31780774A3787E26160A61F53",
            "CC9A9FA37D221E31780774A3787E26160A61F534",
            "C9A9FA37D221E31780774A3787E26160A61F5348",
            "9A9FA37D221E31780774A3787E26160A61F5",
            "A9FA37D221E31780774A3787E26160A61F53",
            "9FA37D221E31780774A3787E26160A61F534",
            "FA37D221E31780774A3787E26160A61F5348",
            "A37D221E31780774A3787E26160A61F5",
            "37D221E31780774A3787E26160A61F53",
            "7D221E31780774A3787E26160A61F534",
            "D221E31780774A3787E26160A61F5348",
            "221E31780774A3787E26160A61F5",
            "21E31780774A3787E26160A61F53",
            "1E31780774A3787E26160A61F534",
            "E31780774A3787E26160A61F5348",
            "31780774A3787E26160A61F5",
            "1780774A3787E26160A61F53",
            "780774A3787E26160A61F534",
            "80774A3787E26160A61F5348",
            "0774A3787E26160A61F5",
            "774A3787E26160A61F53",
            "74A3787E26160A61F534",
            "4A3787E26160A61F5348",
            "A3787E26160A61F5",
            "3787E26160A61F53",
            "787E26160A61F534",
            "87E26160A61F5348",
            "7E26160A61F5",
            "E26160A61F53",
            "26160A61F534",
            "6160A61F5348",
            "160A61F5",
            "60A61F53",
            "0A61F534",
            "A61F5348",
            "61F5",
            "1F53",
            "F534",
            "5348",
            "22eafa4717564f83b8fd543fa8bd19a6",
            "2eafa4717564f83b8fd543fa8bd1",
            "eafa4717564f83b8fd543fa8bd19",
            "afa4717564f83b8fd543fa8bd19a",
            "fa4717564f83b8fd543fa8bd19a6",
            "a4717564f83b8fd543fa8bd1",
            "4717564f83b8fd543fa8bd19",
            "717564f83b8fd543fa8bd19a",
            "17564f83b8fd543fa8bd19a6",
            "7564f83b8fd543fa8bd1",
            "564f83b8fd543fa8bd19",
            "64f83b8fd543fa8bd19a",
            "4f83b8fd543fa8bd19a6",
            "f83b8fd543fa8bd1",
            "83b8fd543fa8bd19",
            "3b8fd543fa8bd19a",
            "b8fd543fa8bd19a6",
            "8fd543fa8bd1",
            "fd543fa8bd19",
            "d543fa8bd19a",
            "543fa8bd19a6",
            "43fa8bd1",
            "3fa8bd19",
            "fa8bd19a",
            "a8bd19a6",
            "8bd1",
            "bd19",
            "d19a",
            "19a6",
            "61d9bc5401d34f5690dfcde994cb91f2",
            "1d9bc5401d34f5690dfcde994cb9",
            "d9bc5401d34f5690dfcde994cb91",
            "9bc5401d34f5690dfcde994cb91f",
            "bc5401d34f5690dfcde994cb91f2",
            "c5401d34f5690dfcde994cb9",
            "5401d34f5690dfcde994cb91",
            "401d34f5690dfcde994cb91f",
            "01d34f5690dfcde994cb91f2",
            "1d34f5690dfcde994cb9",
            "d34f5690dfcde994cb91",
            "34f5690dfcde994cb91f",
            "4f5690dfcde994cb91f2",
            "f5690dfcde994cb9",
            "5690dfcde994cb91",
            "690dfcde994cb91f",
            "90dfcde994cb91f2",
            "0dfcde994cb9",
            "dfcde994cb91",
            "fcde994cb91f",
            "cde994cb91f2",
            "de994cb9",
            "e994cb91",
            "994cb91f",
            "94cb91f2",
            "4cb9",
            "cb91",
            "b91f",
            "91f2",
            "3c5a944466c44077b7e1a6ac6f30b03f",
            "c5a944466c44077b7e1a6ac6f30b",
            "5a944466c44077b7e1a6ac6f30b0",
            "a944466c44077b7e1a6ac6f30b03",
            "944466c44077b7e1a6ac6f30b03f",
            "44466c44077b7e1a6ac6f30b",
            "4466c44077b7e1a6ac6f30b0",
            "466c44077b7e1a6ac6f30b03",
            "66c44077b7e1a6ac6f30b03f",
            "6c44077b7e1a6ac6f30b",
            "c44077b7e1a6ac6f30b0",
            "44077b7e1a6ac6f30b03",
            "4077b7e1a6ac6f30b03f",
            "077b7e1a6ac6f30b",
            "77b7e1a6ac6f30b0",
            "7b7e1a6ac6f30b03",
            "b7e1a6ac6f30b03f",
            "7e1a6ac6f30b",
            "e1a6ac6f30b0",
            "1a6ac6f30b03",
            "a6ac6f30b03f",
            "6ac6f30b",
            "ac6f30b0",
            "c6f30b03",
            "6f30b03f",
            "f30b",
            "30b0",
            "0b03",
            "b03f",
            "e50d96f218d84613ba5bd9a617b3f4f0",
            "50d96f218d84613ba5bd9a617b3f",
            "0d96f218d84613ba5bd9a617b3f4",
            "d96f218d84613ba5bd9a617b3f4f",
            "96f218d84613ba5bd9a617b3f4f0",
            "6f218d84613ba5bd9a617b3f",
            "f218d84613ba5bd9a617b3f4",
            "218d84613ba5bd9a617b3f4f",
            "18d84613ba5bd9a617b3f4f0",
            "8d84613ba5bd9a617b3f",
            "d84613ba5bd9a617b3f4",
            "84613ba5bd9a617b3f4f",
            "4613ba5bd9a617b3f4f0",
            "613ba5bd9a617b3f",
            "13ba5bd9a617b3f4",
            "3ba5bd9a617b3f4f",
            "ba5bd9a617b3f4f0",
            "a5bd9a617b3f",
            "5bd9a617b3f4",
            "bd9a617b3f4f",
            "d9a617b3f4f0",
            "9a617b3f",
            "a617b3f4",
            "617b3f4f",
            "17b3f4f0",
            "7b3f",
            "b3f4",
            "3f4f",
            "f4f0",
            "4ff35862067841adab04b1bfccbb1f34",
            "ff35862067841adab04b1bfccbb1",
            "f35862067841adab04b1bfccbb1f",
            "35862067841adab04b1bfccbb1f3",
            "5862067841adab04b1bfccbb1f34",
            "862067841adab04b1bfccbb1",
            "62067841adab04b1bfccbb1f",
            "2067841adab04b1bfccbb1f3",
            "067841adab04b1bfccbb1f34",
            "67841adab04b1bfccbb1",
            "7841adab04b1bfccbb1f",
            "841adab04b1bfccbb1f3",
            "41adab04b1bfccbb1f34",
            "1adab04b1bfccbb1",
            "adab04b1bfccbb1f",
            "dab04b1bfccbb1f3",
            "ab04b1bfccbb1f34",
            "b04b1bfccbb1",
            "04b1bfccbb1f",
            "4b1bfccbb1f3",
            "b1bfccbb1f34",
            "1bfccbb1",
            "bfccbb1f",
            "fccbb1f3",
            "ccbb1f34",
            "cbb1",
            "bb1f",
            "b1f3",
            "1f34",
            "68e4f24cfb8147c289ec646a0a7a0834",
            "8e4f24cfb8147c289ec646a0a7a0",
            "e4f24cfb8147c289ec646a0a7a08",
            "4f24cfb8147c289ec646a0a7a083",
            "f24cfb8147c289ec646a0a7a0834",
            "24cfb8147c289ec646a0a7a0",
            "4cfb8147c289ec646a0a7a08",
            "cfb8147c289ec646a0a7a083",
            "fb8147c289ec646a0a7a0834",
            "b8147c289ec646a0a7a0",
            "8147c289ec646a0a7a08",
            "147c289ec646a0a7a083",
            "47c289ec646a0a7a0834",
            "7c289ec646a0a7a0",
            "c289ec646a0a7a08",
            "289ec646a0a7a083",
            "89ec646a0a7a0834",
            "9ec646a0a7a0",
            "ec646a0a7a08",
            "c646a0a7a083",
            "646a0a7a0834",
            "46a0a7a0",
            "6a0a7a08",
            "a0a7a083",
            "0a7a0834",
            "a7a0",
            "7a08",
            "a083",
            "0834",
            "96c496e3c3a54fbb848ee060f8c4f355",
            "6c496e3c3a54fbb848ee060f8c4f",
            "c496e3c3a54fbb848ee060f8c4f3",
            "496e3c3a54fbb848ee060f8c4f35",
            "96e3c3a54fbb848ee060f8c4f355",
            "6e3c3a54fbb848ee060f8c4f",
            "e3c3a54fbb848ee060f8c4f3",
            "3c3a54fbb848ee060f8c4f35",
            "c3a54fbb848ee060f8c4f355",
            "3a54fbb848ee060f8c4f",
            "a54fbb848ee060f8c4f3",
            "54fbb848ee060f8c4f35",
            "4fbb848ee060f8c4f355",
            "fbb848ee060f8c4f",
            "bb848ee060f8c4f3",
            "b848ee060f8c4f35",
            "848ee060f8c4f355",
            "48ee060f8c4f",
            "8ee060f8c4f3",
            "ee060f8c4f35",
            "e060f8c4f355",
            "060f8c4f",
            "60f8c4f3",
            "0f8c4f35",
            "f8c4f355",
            "8c4f",
            "c4f3",
            "4f35",
            "f355",
            "4a614a8b163d4f0ea438914f5a28ce51",
            "a614a8b163d4f0ea438914f5a28c",
            "614a8b163d4f0ea438914f5a28ce",
            "14a8b163d4f0ea438914f5a28ce5",
            "4a8b163d4f0ea438914f5a28ce51",
            "a8b163d4f0ea438914f5a28c",
            "8b163d4f0ea438914f5a28ce",
            "b163d4f0ea438914f5a28ce5",
            "163d4f0ea438914f5a28ce51",
            "63d4f0ea438914f5a28c",
            "3d4f0ea438914f5a28ce",
            "d4f0ea438914f5a28ce5",
            "4f0ea438914f5a28ce51",
            "f0ea438914f5a28c",
            "0ea438914f5a28ce",
            "ea438914f5a28ce5",
            "a438914f5a28ce51",
            "438914f5a28c",
            "38914f5a28ce",
            "8914f5a28ce5",
            "914f5a28ce51",
            "14f5a28c",
            "4f5a28ce",
            "f5a28ce5",
            "5a28ce51",
            "a28c",
            "28ce",
            "8ce5",
            "ce51",
            "901a84b0d1e143deb562fd17ceebf571",
            "01a84b0d1e143deb562fd17ceebf",
            "1a84b0d1e143deb562fd17ceebf5",
            "a84b0d1e143deb562fd17ceebf57",
            "84b0d1e143deb562fd17ceebf571",
            "4b0d1e143deb562fd17ceebf",
            "b0d1e143deb562fd17ceebf5",
            "0d1e143deb562fd17ceebf57",
            "d1e143deb562fd17ceebf571",
            "1e143deb562fd17ceebf",
            "e143deb562fd17ceebf5",
            "143deb562fd17ceebf57",
            "43deb562fd17ceebf571",
            "3deb562fd17ceebf",
            "deb562fd17ceebf5",
            "eb562fd17ceebf57",
            "b562fd17ceebf571",
            "562fd17ceebf",
            "62fd17ceebf5",
            "2fd17ceebf57",
            "fd17ceebf571",
            "d17ceebf",
            "17ceebf5",
            "7ceebf57",
            "ceebf571",
            "eebf",
            "ebf5",
            "bf57",
            "f571",
            "6eb9e478e2194f1aa7429f8b122121f4",
            "eb9e478e2194f1aa7429f8b12212",
            "b9e478e2194f1aa7429f8b122121",
            "9e478e2194f1aa7429f8b122121f",
            "e478e2194f1aa7429f8b122121f4",
            "478e2194f1aa7429f8b12212",
            "78e2194f1aa7429f8b122121",
            "8e2194f1aa7429f8b122121f",
            "e2194f1aa7429f8b122121f4",
            "2194f1aa7429f8b12212",
            "194f1aa7429f8b122121",
            "94f1aa7429f8b122121f",
            "4f1aa7429f8b122121f4",
            "f1aa7429f8b12212",
            "1aa7429f8b122121",
            "aa7429f8b122121f",
            "a7429f8b122121f4",
            "7429f8b12212",
            "429f8b122121",
            "29f8b122121f",
            "9f8b122121f4",
            "f8b12212",
            "8b122121",
            "b122121f",
            "122121f4",
            "2212",
            "2121",
            "121f",
            "21f4",
            "a08cf5257c9540ffacf5c7f96fb6bf31",
            "08cf5257c9540ffacf5c7f96fb6b",
            "8cf5257c9540ffacf5c7f96fb6bf",
            "cf5257c9540ffacf5c7f96fb6bf3",
            "f5257c9540ffacf5c7f96fb6bf31",
            "5257c9540ffacf5c7f96fb6b",
            "257c9540ffacf5c7f96fb6bf",
            "57c9540ffacf5c7f96fb6bf3",
            "7c9540ffacf5c7f96fb6bf31",
            "c9540ffacf5c7f96fb6b",
            "9540ffacf5c7f96fb6bf",
            "540ffacf5c7f96fb6bf3",
            "40ffacf5c7f96fb6bf31",
            "0ffacf5c7f96fb6b",
            "ffacf5c7f96fb6bf",
            "facf5c7f96fb6bf3",
            "acf5c7f96fb6bf31",
            "cf5c7f96fb6b",
            "f5c7f96fb6bf",
            "5c7f96fb6bf3",
            "c7f96fb6bf31",
            "7f96fb6b",
            "f96fb6bf",
            "96fb6bf3",
            "6fb6bf31",
            "fb6b",
            "b6bf",
            "6bf3",
            "bf31",
            "fd438ea62820497088a0fcb4a7f1a581",
            "d438ea62820497088a0fcb4a7f1a",
            "438ea62820497088a0fcb4a7f1a5",
            "38ea62820497088a0fcb4a7f1a58",
            "8ea62820497088a0fcb4a7f1a581",
            "ea62820497088a0fcb4a7f1a",
            "a62820497088a0fcb4a7f1a5",
            "62820497088a0fcb4a7f1a58",
            "2820497088a0fcb4a7f1a581",
            "820497088a0fcb4a7f1a",
            "20497088a0fcb4a7f1a5",
            "0497088a0fcb4a7f1a58",
            "497088a0fcb4a7f1a581",
            "97088a0fcb4a7f1a",
            "7088a0fcb4a7f1a5",
            "088a0fcb4a7f1a58",
            "88a0fcb4a7f1a581",
            "8a0fcb4a7f1a",
            "a0fcb4a7f1a5",
            "0fcb4a7f1a58",
            "fcb4a7f1a581",
            "cb4a7f1a",
            "b4a7f1a5",
            "4a7f1a58",
            "a7f1a581",
            "7f1a",
            "f1a5",
            "1a58",
            "a581",
            "b6f22ed232a2441da1350ead2b5b7d97",
            "6f22ed232a2441da1350ead2b5b7",
            "f22ed232a2441da1350ead2b5b7d",
            "22ed232a2441da1350ead2b5b7d9",
            "2ed232a2441da1350ead2b5b7d97",
            "ed232a2441da1350ead2b5b7",
            "d232a2441da1350ead2b5b7d",
            "232a2441da1350ead2b5b7d9",
            "32a2441da1350ead2b5b7d97",
            "2a2441da1350ead2b5b7",
            "a2441da1350ead2b5b7d",
            "2441da1350ead2b5b7d9",
            "441da1350ead2b5b7d97",
            "41da1350ead2b5b7",
            "1da1350ead2b5b7d",
            "da1350ead2b5b7d9",
            "a1350ead2b5b7d97",
            "1350ead2b5b7",
            "350ead2b5b7d",
            "50ead2b5b7d9",
            "0ead2b5b7d97",
            "ead2b5b7",
            "ad2b5b7d",
            "d2b5b7d9",
            "2b5b7d97",
            "b5b7",
            "5b7d",
            "b7d9",
            "7d97",
            "93e2abdd886c49d3aa4ce224317dbf55",
            "3e2abdd886c49d3aa4ce224317db",
            "e2abdd886c49d3aa4ce224317dbf",
            "2abdd886c49d3aa4ce224317dbf5",
            "abdd886c49d3aa4ce224317dbf55",
            "bdd886c49d3aa4ce224317db",
            "dd886c49d3aa4ce224317dbf",
            "d886c49d3aa4ce224317dbf5",
            "886c49d3aa4ce224317dbf55",
            "86c49d3aa4ce224317db",
            "6c49d3aa4ce224317dbf",
            "c49d3aa4ce224317dbf5",
            "49d3aa4ce224317dbf55",
            "9d3aa4ce224317db",
            "d3aa4ce224317dbf",
            "3aa4ce224317dbf5",
            "aa4ce224317dbf55",
            "a4ce224317db",
            "4ce224317dbf",
            "ce224317dbf5",
            "e224317dbf55",
            "224317db",
            "24317dbf",
            "4317dbf5",
            "317dbf55",
            "17db",
            "7dbf",
            "dbf5",
            "bf55",
            "e30b53871c1043af98ae565556077eb7",
            "30b53871c1043af98ae565556077",
            "0b53871c1043af98ae565556077e",
            "b53871c1043af98ae565556077eb",
            "53871c1043af98ae565556077eb7",
            "3871c1043af98ae565556077",
            "871c1043af98ae565556077e",
            "71c1043af98ae565556077eb",
            "1c1043af98ae565556077eb7",
            "c1043af98ae565556077",
            "1043af98ae565556077e",
            "043af98ae565556077eb",
            "43af98ae565556077eb7",
            "3af98ae565556077",
            "af98ae565556077e",
            "f98ae565556077eb",
            "98ae565556077eb7",
            "8ae565556077",
            "ae565556077e",
            "e565556077eb",
            "565556077eb7",
            "65556077",
            "5556077e",
            "556077eb",
            "56077eb7",
            "6077",
            "077e",
            "77eb",
            "7eb7",
            "02de2f24483e4f9381a5b4c4ff288a4c",
            "2de2f24483e4f9381a5b4c4ff288",
            "de2f24483e4f9381a5b4c4ff288a",
            "e2f24483e4f9381a5b4c4ff288a4",
            "2f24483e4f9381a5b4c4ff288a4c",
            "f24483e4f9381a5b4c4ff288",
            "24483e4f9381a5b4c4ff288a",
            "4483e4f9381a5b4c4ff288a4",
            "483e4f9381a5b4c4ff288a4c",
            "83e4f9381a5b4c4ff288",
            "3e4f9381a5b4c4ff288a",
            "e4f9381a5b4c4ff288a4",
            "4f9381a5b4c4ff288a4c",
            "f9381a5b4c4ff288",
            "9381a5b4c4ff288a",
            "381a5b4c4ff288a4",
            "81a5b4c4ff288a4c",
            "1a5b4c4ff288",
            "a5b4c4ff288a",
            "5b4c4ff288a4",
            "b4c4ff288a4c",
            "4c4ff288",
            "c4ff288a",
            "4ff288a4",
            "ff288a4c",
            "f288",
            "288a",
            "88a4",
            "8a4c",
            "5589baeb081d49aaaed217379920801b",
            "589baeb081d49aaaed2173799208",
            "89baeb081d49aaaed21737992080",
            "9baeb081d49aaaed217379920801",
            "baeb081d49aaaed217379920801b",
            "aeb081d49aaaed2173799208",
            "eb081d49aaaed21737992080",
            "b081d49aaaed217379920801",
            "081d49aaaed217379920801b",
            "81d49aaaed2173799208",
            "1d49aaaed21737992080",
            "d49aaaed217379920801",
            "49aaaed217379920801b",
            "9aaaed2173799208",
            "aaaed21737992080",
            "aaed217379920801",
            "aed217379920801b",
            "ed2173799208",
            "d21737992080",
            "217379920801",
            "17379920801b",
            "73799208",
            "37992080",
            "79920801",
            "9920801b",
            "9208",
            "2080",
            "0801",
            "801b",
            "1d05a4eb01b941bf99f91100acaa2e4c",
            "d05a4eb01b941bf99f91100acaa2",
            "05a4eb01b941bf99f91100acaa2e",
            "5a4eb01b941bf99f91100acaa2e4",
            "a4eb01b941bf99f91100acaa2e4c",
            "4eb01b941bf99f91100acaa2",
            "eb01b941bf99f91100acaa2e",
            "b01b941bf99f91100acaa2e4",
            "01b941bf99f91100acaa2e4c",
            "1b941bf99f91100acaa2",
            "b941bf99f91100acaa2e",
            "941bf99f91100acaa2e4",
            "41bf99f91100acaa2e4c",
            "1bf99f91100acaa2",
            "bf99f91100acaa2e",
            "f99f91100acaa2e4",
            "99f91100acaa2e4c",
            "9f91100acaa2",
            "f91100acaa2e",
            "91100acaa2e4",
            "1100acaa2e4c",
            "100acaa2",
            "00acaa2e",
            "0acaa2e4",
            "acaa2e4c",
            "caa2",
            "aa2e",
            "a2e4",
            "2e4c",
            "d7d5e8a982a44cc59856a41cf2422189",
            "7d5e8a982a44cc59856a41cf2422",
            "d5e8a982a44cc59856a41cf24221",
            "5e8a982a44cc59856a41cf242218",
            "e8a982a44cc59856a41cf2422189",
            "8a982a44cc59856a41cf2422",
            "a982a44cc59856a41cf24221",
            "982a44cc59856a41cf242218",
            "82a44cc59856a41cf2422189",
            "2a44cc59856a41cf2422",
            "a44cc59856a41cf24221",
            "44cc59856a41cf242218",
            "4cc59856a41cf2422189",
            "cc59856a41cf2422",
            "c59856a41cf24221",
            "59856a41cf242218",
            "9856a41cf2422189",
            "856a41cf2422",
            "56a41cf24221",
            "6a41cf242218",
            "a41cf2422189",
            "41cf2422",
            "1cf24221",
            "cf242218",
            "f2422189",
            "2422",
            "4221",
            "2218",
            "2189",
            "a56e3e5bd8c84978a7ca398598673f64",
            "56e3e5bd8c84978a7ca398598673",
            "6e3e5bd8c84978a7ca398598673f",
            "e3e5bd8c84978a7ca398598673f6",
            "3e5bd8c84978a7ca398598673f64",
            "e5bd8c84978a7ca398598673",
            "5bd8c84978a7ca398598673f",
            "bd8c84978a7ca398598673f6",
            "d8c84978a7ca398598673f64",
            "8c84978a7ca398598673",
            "c84978a7ca398598673f",
            "84978a7ca398598673f6",
            "4978a7ca398598673f64",
            "978a7ca398598673",
            "78a7ca398598673f",
            "8a7ca398598673f6",
            "a7ca398598673f64",
            "7ca398598673",
            "ca398598673f",
            "a398598673f6",
            "398598673f64",
            "98598673",
            "8598673f",
            "598673f6",
            "98673f64",
            "8673",
            "673f",
            "73f6",
            "3f64",
            "9e19f153f45d46198b1c97ed081d980d",
            "e19f153f45d46198b1c97ed081d9",
            "19f153f45d46198b1c97ed081d98",
            "9f153f45d46198b1c97ed081d980",
            "f153f45d46198b1c97ed081d980d",
            "153f45d46198b1c97ed081d9",
            "53f45d46198b1c97ed081d98",
            "3f45d46198b1c97ed081d980",
            "f45d46198b1c97ed081d980d",
            "45d46198b1c97ed081d9",
            "5d46198b1c97ed081d98",
            "d46198b1c97ed081d980",
            "46198b1c97ed081d980d",
            "6198b1c97ed081d9",
            "198b1c97ed081d98",
            "98b1c97ed081d980",
            "8b1c97ed081d980d",
            "b1c97ed081d9",
            "1c97ed081d98",
            "c97ed081d980",
            "97ed081d980d",
            "7ed081d9",
            "ed081d98",
            "d081d980",
            "081d980d",
            "81d9",
            "1d98",
            "d980",
            "980d",
            "bd6c5065737c42c99bc694464bf154ae",
            "d6c5065737c42c99bc694464bf15",
            "6c5065737c42c99bc694464bf154",
            "c5065737c42c99bc694464bf154a",
            "5065737c42c99bc694464bf154ae",
            "065737c42c99bc694464bf15",
            "65737c42c99bc694464bf154",
            "5737c42c99bc694464bf154a",
            "737c42c99bc694464bf154ae",
            "37c42c99bc694464bf15",
            "7c42c99bc694464bf154",
            "c42c99bc694464bf154a",
            "42c99bc694464bf154ae",
            "2c99bc694464bf15",
            "c99bc694464bf154",
            "99bc694464bf154a",
            "9bc694464bf154ae",
            "bc694464bf15",
            "c694464bf154",
            "694464bf154a",
            "94464bf154ae",
            "4464bf15",
            "464bf154",
            "64bf154a",
            "4bf154ae",
            "bf15",
            "f154",
            "154a",
            "54ae",
            "e0734db648774bd89db6758c0cce08c7",
            "0734db648774bd89db6758c0cce0",
            "734db648774bd89db6758c0cce08",
            "34db648774bd89db6758c0cce08c",
            "4db648774bd89db6758c0cce08c7",
            "db648774bd89db6758c0cce0",
            "b648774bd89db6758c0cce08",
            "648774bd89db6758c0cce08c",
            "48774bd89db6758c0cce08c7",
            "8774bd89db6758c0cce0",
            "774bd89db6758c0cce08",
            "74bd89db6758c0cce08c",
            "4bd89db6758c0cce08c7",
            "bd89db6758c0cce0",
            "d89db6758c0cce08",
            "89db6758c0cce08c",
            "9db6758c0cce08c7",
            "db6758c0cce0",
            "b6758c0cce08",
            "6758c0cce08c",
            "758c0cce08c7",
            "58c0cce0",
            "8c0cce08",
            "c0cce08c",
            "0cce08c7",
            "cce0",
            "ce08",
            "e08c",
            "08c7",
            "6aef7c42e7964a5fab0b05b79f5a8a5c",
            "aef7c42e7964a5fab0b05b79f5a8",
            "ef7c42e7964a5fab0b05b79f5a8a",
            "f7c42e7964a5fab0b05b79f5a8a5",
            "7c42e7964a5fab0b05b79f5a8a5c",
            "c42e7964a5fab0b05b79f5a8",
            "42e7964a5fab0b05b79f5a8a",
            "2e7964a5fab0b05b79f5a8a5",
            "e7964a5fab0b05b79f5a8a5c",
            "7964a5fab0b05b79f5a8",
            "964a5fab0b05b79f5a8a",
            "64a5fab0b05b79f5a8a5",
            "4a5fab0b05b79f5a8a5c",
            "a5fab0b05b79f5a8",
            "5fab0b05b79f5a8a",
            "fab0b05b79f5a8a5",
            "ab0b05b79f5a8a5c",
            "b0b05b79f5a8",
            "0b05b79f5a8a",
            "b05b79f5a8a5",
            "05b79f5a8a5c",
            "5b79f5a8",
            "b79f5a8a",
            "79f5a8a5",
            "9f5a8a5c",
            "f5a8",
            "5a8a",
            "a8a5",
            "8a5c",
            "fc96d90fd49d415e848087ac55c4557f",
            "c96d90fd49d415e848087ac55c45",
            "96d90fd49d415e848087ac55c455",
            "6d90fd49d415e848087ac55c4557",
            "d90fd49d415e848087ac55c4557f",
            "90fd49d415e848087ac55c45",
            "0fd49d415e848087ac55c455",
            "fd49d415e848087ac55c4557",
            "d49d415e848087ac55c4557f",
            "49d415e848087ac55c45",
            "9d415e848087ac55c455",
            "d415e848087ac55c4557",
            "415e848087ac55c4557f",
            "15e848087ac55c45",
            "5e848087ac55c455",
            "e848087ac55c4557",
            "848087ac55c4557f",
            "48087ac55c45",
            "8087ac55c455",
            "087ac55c4557",
            "87ac55c4557f",
            "7ac55c45",
            "ac55c455",
            "c55c4557",
            "55c4557f",
            "5c45",
            "c455",
            "4557",
            "557f",
            "9bee1f78b8d148829ce9836e6aa0ec09",
            "bee1f78b8d148829ce9836e6aa0e",
            "ee1f78b8d148829ce9836e6aa0ec",
            "e1f78b8d148829ce9836e6aa0ec0",
            "1f78b8d148829ce9836e6aa0ec09",
            "f78b8d148829ce9836e6aa0e",
            "78b8d148829ce9836e6aa0ec",
            "8b8d148829ce9836e6aa0ec0",
            "b8d148829ce9836e6aa0ec09",
            "8d148829ce9836e6aa0e",
            "d148829ce9836e6aa0ec",
            "148829ce9836e6aa0ec0",
            "48829ce9836e6aa0ec09",
            "8829ce9836e6aa0e",
            "829ce9836e6aa0ec",
            "29ce9836e6aa0ec0",
            "9ce9836e6aa0ec09",
            "ce9836e6aa0e",
            "e9836e6aa0ec",
            "9836e6aa0ec0",
            "836e6aa0ec09",
            "36e6aa0e",
            "6e6aa0ec",
            "e6aa0ec0",
            "6aa0ec09",
            "aa0e",
            "a0ec",
            "0ec0",
            "ec09",
            "072bfb4db7c24767846180ed9891d74a",
            "72bfb4db7c24767846180ed9891d",
            "2bfb4db7c24767846180ed9891d7",
            "bfb4db7c24767846180ed9891d74",
            "fb4db7c24767846180ed9891d74a",
            "b4db7c24767846180ed9891d",
            "4db7c24767846180ed9891d7",
            "db7c24767846180ed9891d74",
            "b7c24767846180ed9891d74a",
            "7c24767846180ed9891d",
            "c24767846180ed9891d7",
            "24767846180ed9891d74",
            "4767846180ed9891d74a",
            "767846180ed9891d",
            "67846180ed9891d7",
            "7846180ed9891d74",
            "846180ed9891d74a",
            "46180ed9891d",
            "6180ed9891d7",
            "180ed9891d74",
            "80ed9891d74a",
            "0ed9891d",
            "ed9891d7",
            "d9891d74",
            "9891d74a",
            "891d",
            "91d7",
            "1d74",
            "d74a",
            "ad102987b2a34a21928edb663ee9cdc6",
            "d102987b2a34a21928edb663ee9c",
            "102987b2a34a21928edb663ee9cd",
            "02987b2a34a21928edb663ee9cdc",
            "2987b2a34a21928edb663ee9cdc6",
            "987b2a34a21928edb663ee9c",
            "87b2a34a21928edb663ee9cd",
            "7b2a34a21928edb663ee9cdc",
            "b2a34a21928edb663ee9cdc6",
            "2a34a21928edb663ee9c",
            "a34a21928edb663ee9cd",
            "34a21928edb663ee9cdc",
            "4a21928edb663ee9cdc6",
            "a21928edb663ee9c",
            "21928edb663ee9cd",
            "1928edb663ee9cdc",
            "928edb663ee9cdc6",
            "28edb663ee9c",
            "8edb663ee9cd",
            "edb663ee9cdc",
            "db663ee9cdc6",
            "b663ee9c",
            "663ee9cd",
            "63ee9cdc",
            "3ee9cdc6",
            "ee9c",
            "e9cd",
            "9cdc",
            "cdc6",
            "41436c7bab6e414e8e9fc07a40cf1cc3",
            "1436c7bab6e414e8e9fc07a40cf1",
            "436c7bab6e414e8e9fc07a40cf1c",
            "36c7bab6e414e8e9fc07a40cf1cc",
            "6c7bab6e414e8e9fc07a40cf1cc3",
            "c7bab6e414e8e9fc07a40cf1",
            "7bab6e414e8e9fc07a40cf1c",
            "bab6e414e8e9fc07a40cf1cc",
            "ab6e414e8e9fc07a40cf1cc3",
            "b6e414e8e9fc07a40cf1",
            "6e414e8e9fc07a40cf1c",
            "e414e8e9fc07a40cf1cc",
            "414e8e9fc07a40cf1cc3",
            "14e8e9fc07a40cf1",
            "4e8e9fc07a40cf1c",
            "e8e9fc07a40cf1cc",
            "8e9fc07a40cf1cc3",
            "e9fc07a40cf1",
            "9fc07a40cf1c",
            "fc07a40cf1cc",
            "c07a40cf1cc3",
            "07a40cf1",
            "7a40cf1c",
            "a40cf1cc",
            "40cf1cc3",
            "0cf1",
            "cf1c",
            "f1cc",
            "1cc3",
            "99917951f7534bbe81016c5d053fec11",
            "9917951f7534bbe81016c5d053fe",
            "917951f7534bbe81016c5d053fec",
            "17951f7534bbe81016c5d053fec1",
            "7951f7534bbe81016c5d053fec11",
            "951f7534bbe81016c5d053fe",
            "51f7534bbe81016c5d053fec",
            "1f7534bbe81016c5d053fec1",
            "f7534bbe81016c5d053fec11",
            "7534bbe81016c5d053fe",
            "534bbe81016c5d053fec",
            "34bbe81016c5d053fec1",
            "4bbe81016c5d053fec11",
            "bbe81016c5d053fe",
            "be81016c5d053fec",
            "e81016c5d053fec1",
            "81016c5d053fec11",
            "1016c5d053fe",
            "016c5d053fec",
            "16c5d053fec1",
            "6c5d053fec11",
            "c5d053fe",
            "5d053fec",
            "d053fec1",
            "053fec11",
            "53fe",
            "3fec",
            "fec1",
            "ec11",
            "5539c661ad0f4e7e99066094d4533489",
            "539c661ad0f4e7e99066094d4533",
            "39c661ad0f4e7e99066094d45334",
            "9c661ad0f4e7e99066094d453348",
            "c661ad0f4e7e99066094d4533489",
            "661ad0f4e7e99066094d4533",
            "61ad0f4e7e99066094d45334",
            "1ad0f4e7e99066094d453348",
            "ad0f4e7e99066094d4533489",
            "d0f4e7e99066094d4533",
            "0f4e7e99066094d45334",
            "f4e7e99066094d453348",
            "4e7e99066094d4533489",
            "e7e99066094d4533",
            "7e99066094d45334",
            "e99066094d453348",
            "99066094d4533489",
            "9066094d4533",
            "066094d45334",
            "66094d453348",
            "6094d4533489",
            "094d4533",
            "94d45334",
            "4d453348",
            "d4533489",
            "4533",
            "5334",
            "3348",
            "3489",
            "5358c8960e734a34a38df267da584b15",
            "358c8960e734a34a38df267da584",
            "58c8960e734a34a38df267da584b",
            "8c8960e734a34a38df267da584b1",
            "c8960e734a34a38df267da584b15",
            "8960e734a34a38df267da584",
            "960e734a34a38df267da584b",
            "60e734a34a38df267da584b1",
            "0e734a34a38df267da584b15",
            "e734a34a38df267da584",
            "734a34a38df267da584b",
            "34a34a38df267da584b1",
            "4a34a38df267da584b15",
            "a34a38df267da584",
            "34a38df267da584b",
            "4a38df267da584b1",
            "a38df267da584b15",
            "38df267da584",
            "8df267da584b",
            "df267da584b1",
            "f267da584b15",
            "267da584",
            "67da584b",
            "7da584b1",
            "da584b15",
            "a584",
            "584b",
            "84b1",
            "4b15",
            "76262de4fa2248c8a143c5df3d18b02c",
            "6262de4fa2248c8a143c5df3d18b",
            "262de4fa2248c8a143c5df3d18b0",
            "62de4fa2248c8a143c5df3d18b02",
            "2de4fa2248c8a143c5df3d18b02c",
            "de4fa2248c8a143c5df3d18b",
            "e4fa2248c8a143c5df3d18b0",
            "4fa2248c8a143c5df3d18b02",
            "fa2248c8a143c5df3d18b02c",
            "a2248c8a143c5df3d18b",
            "2248c8a143c5df3d18b0",
            "248c8a143c5df3d18b02",
            "48c8a143c5df3d18b02c",
            "8c8a143c5df3d18b",
            "c8a143c5df3d18b0",
            "8a143c5df3d18b02",
            "a143c5df3d18b02c",
            "143c5df3d18b",
            "43c5df3d18b0",
            "3c5df3d18b02",
            "c5df3d18b02c",
            "5df3d18b",
            "df3d18b0",
            "f3d18b02",
            "3d18b02c",
            "d18b",
            "18b0",
            "8b02",
            "b02c",
            "37ed1789cdf1452e91f3b74b6a25ab1d",
            "7ed1789cdf1452e91f3b74b6a25a",
            "ed1789cdf1452e91f3b74b6a25ab",
            "d1789cdf1452e91f3b74b6a25ab1",
            "1789cdf1452e91f3b74b6a25ab1d",
            "789cdf1452e91f3b74b6a25a",
            "89cdf1452e91f3b74b6a25ab",
            "9cdf1452e91f3b74b6a25ab1",
            "cdf1452e91f3b74b6a25ab1d",
            "df1452e91f3b74b6a25a",
            "f1452e91f3b74b6a25ab",
            "1452e91f3b74b6a25ab1",
            "452e91f3b74b6a25ab1d",
            "52e91f3b74b6a25a",
            "2e91f3b74b6a25ab",
            "e91f3b74b6a25ab1",
            "91f3b74b6a25ab1d",
            "1f3b74b6a25a",
            "f3b74b6a25ab",
            "3b74b6a25ab1",
            "b74b6a25ab1d",
            "74b6a25a",
            "4b6a25ab",
            "b6a25ab1",
            "6a25ab1d",
            "a25a",
            "25ab",
            "5ab1",
            "ab1d",
            "df61349e2fb145dab8f6fd4c3e6ed676",
            "f61349e2fb145dab8f6fd4c3e6ed",
            "61349e2fb145dab8f6fd4c3e6ed6",
            "1349e2fb145dab8f6fd4c3e6ed67",
            "349e2fb145dab8f6fd4c3e6ed676",
            "49e2fb145dab8f6fd4c3e6ed",
            "9e2fb145dab8f6fd4c3e6ed6",
            "e2fb145dab8f6fd4c3e6ed67",
            "2fb145dab8f6fd4c3e6ed676",
            "fb145dab8f6fd4c3e6ed",
            "b145dab8f6fd4c3e6ed6",
            "145dab8f6fd4c3e6ed67",
            "45dab8f6fd4c3e6ed676",
            "5dab8f6fd4c3e6ed",
            "dab8f6fd4c3e6ed6",
            "ab8f6fd4c3e6ed67",
            "b8f6fd4c3e6ed676",
            "8f6fd4c3e6ed",
            "f6fd4c3e6ed6",
            "6fd4c3e6ed67",
            "fd4c3e6ed676",
            "d4c3e6ed",
            "4c3e6ed6",
            "c3e6ed67",
            "3e6ed676",
            "e6ed",
            "6ed6",
            "ed67",
            "d676",
            "54dda453b94b4b8da0dd9680c199351e",
            "4dda453b94b4b8da0dd9680c1993",
            "dda453b94b4b8da0dd9680c19935",
            "da453b94b4b8da0dd9680c199351",
            "a453b94b4b8da0dd9680c199351e",
            "453b94b4b8da0dd9680c1993",
            "53b94b4b8da0dd9680c19935",
            "3b94b4b8da0dd9680c199351",
            "b94b4b8da0dd9680c199351e",
            "94b4b8da0dd9680c1993",
            "4b4b8da0dd9680c19935",
            "b4b8da0dd9680c199351",
            "4b8da0dd9680c199351e",
            "b8da0dd9680c1993",
            "8da0dd9680c19935",
            "da0dd9680c199351",
            "a0dd9680c199351e",
            "0dd9680c1993",
            "dd9680c19935",
            "d9680c199351",
            "9680c199351e",
            "680c1993",
            "80c19935",
            "0c199351",
            "c199351e",
            "1993",
            "9935",
            "9351",
            "351e",
            "86bce48724d64269bb2956c77d2c9ada",
            "6bce48724d64269bb2956c77d2c9",
            "bce48724d64269bb2956c77d2c9a",
            "ce48724d64269bb2956c77d2c9ad",
            "e48724d64269bb2956c77d2c9ada",
            "48724d64269bb2956c77d2c9",
            "8724d64269bb2956c77d2c9a",
            "724d64269bb2956c77d2c9ad",
            "24d64269bb2956c77d2c9ada",
            "4d64269bb2956c77d2c9",
            "d64269bb2956c77d2c9a",
            "64269bb2956c77d2c9ad",
            "4269bb2956c77d2c9ada",
            "269bb2956c77d2c9",
            "69bb2956c77d2c9a",
            "9bb2956c77d2c9ad",
            "bb2956c77d2c9ada",
            "b2956c77d2c9",
            "2956c77d2c9a",
            "956c77d2c9ad",
            "56c77d2c9ada",
            "6c77d2c9",
            "c77d2c9a",
            "77d2c9ad",
            "7d2c9ada",
            "d2c9",
            "2c9a",
            "c9ad",
            "9ada",
            "2a40c26cc43e4f488c79dd860f94ceca",
            "a40c26cc43e4f488c79dd860f94c",
            "40c26cc43e4f488c79dd860f94ce",
            "0c26cc43e4f488c79dd860f94cec",
            "c26cc43e4f488c79dd860f94ceca",
            "26cc43e4f488c79dd860f94c",
            "6cc43e4f488c79dd860f94ce",
            "cc43e4f488c79dd860f94cec",
            "c43e4f488c79dd860f94ceca",
            "43e4f488c79dd860f94c",
            "3e4f488c79dd860f94ce",
            "e4f488c79dd860f94cec",
            "4f488c79dd860f94ceca",
            "f488c79dd860f94c",
            "488c79dd860f94ce",
            "88c79dd860f94cec",
            "8c79dd860f94ceca",
            "c79dd860f94c",
            "79dd860f94ce",
            "9dd860f94cec",
            "dd860f94ceca",
            "d860f94c",
            "860f94ce",
            "60f94cec",
            "0f94ceca",
            "f94c",
            "94ce",
            "4cec",
            "ceca",
            "a60203533ed947458fcd418c6faee8a6",
            "60203533ed947458fcd418c6faee",
            "0203533ed947458fcd418c6faee8",
            "203533ed947458fcd418c6faee8a",
            "03533ed947458fcd418c6faee8a6",
            "3533ed947458fcd418c6faee",
            "533ed947458fcd418c6faee8",
            "33ed947458fcd418c6faee8a",
            "3ed947458fcd418c6faee8a6",
            "ed947458fcd418c6faee",
            "d947458fcd418c6faee8",
            "947458fcd418c6faee8a",
            "47458fcd418c6faee8a6",
            "7458fcd418c6faee",
            "458fcd418c6faee8",
            "58fcd418c6faee8a",
            "8fcd418c6faee8a6",
            "fcd418c6faee",
            "cd418c6faee8",
            "d418c6faee8a",
            "418c6faee8a6",
            "18c6faee",
            "8c6faee8",
            "c6faee8a",
            "6faee8a6",
            "faee",
            "aee8",
            "ee8a",
            "e8a6",
            "59e0f2643f9144f487a3ec082abe60cf",
            "9e0f2643f9144f487a3ec082abe6",
            "e0f2643f9144f487a3ec082abe60",
            "0f2643f9144f487a3ec082abe60c",
            "f2643f9144f487a3ec082abe60cf",
            "2643f9144f487a3ec082abe6",
            "643f9144f487a3ec082abe60",
            "43f9144f487a3ec082abe60c",
            "3f9144f487a3ec082abe60cf",
            "f9144f487a3ec082abe6",
            "9144f487a3ec082abe60",
            "144f487a3ec082abe60c",
            "44f487a3ec082abe60cf",
            "4f487a3ec082abe6",
            "f487a3ec082abe60",
            "487a3ec082abe60c",
            "87a3ec082abe60cf",
            "7a3ec082abe6",
            "a3ec082abe60",
            "3ec082abe60c",
            "ec082abe60cf",
            "c082abe6",
            "082abe60",
            "82abe60c",
            "2abe60cf",
            "abe6",
            "be60",
            "e60c",
            "60cf",
            "bc46424e3e2a414b87d3ded325ca4037",
            "c46424e3e2a414b87d3ded325ca4",
            "46424e3e2a414b87d3ded325ca40",
            "6424e3e2a414b87d3ded325ca403",
            "424e3e2a414b87d3ded325ca4037",
            "24e3e2a414b87d3ded325ca4",
            "4e3e2a414b87d3ded325ca40",
            "e3e2a414b87d3ded325ca403",
            "3e2a414b87d3ded325ca4037",
            "e2a414b87d3ded325ca4",
            "2a414b87d3ded325ca40",
            "a414b87d3ded325ca403",
            "414b87d3ded325ca4037",
            "14b87d3ded325ca4",
            "4b87d3ded325ca40",
            "b87d3ded325ca403",
            "87d3ded325ca4037",
            "7d3ded325ca4",
            "d3ded325ca40",
            "3ded325ca403",
            "ded325ca4037",
            "ed325ca4",
            "d325ca40",
            "325ca403",
            "25ca4037",
            "5ca4",
            "ca40",
            "a403",
            "4037",
            "348b346f247e4242a9955206ffe865e5",
            "48b346f247e4242a9955206ffe86",
            "8b346f247e4242a9955206ffe865",
            "b346f247e4242a9955206ffe865e",
            "346f247e4242a9955206ffe865e5",
            "46f247e4242a9955206ffe86",
            "6f247e4242a9955206ffe865",
            "f247e4242a9955206ffe865e",
            "247e4242a9955206ffe865e5",
            "47e4242a9955206ffe86",
            "7e4242a9955206ffe865",
            "e4242a9955206ffe865e",
            "4242a9955206ffe865e5",
            "242a9955206ffe86",
            "42a9955206ffe865",
            "2a9955206ffe865e",
            "a9955206ffe865e5",
            "9955206ffe86",
            "955206ffe865",
            "55206ffe865e",
            "5206ffe865e5",
            "206ffe86",
            "06ffe865",
            "6ffe865e",
            "ffe865e5",
            "fe86",
            "e865",
            "865e",
            "65e5",
            "e53253682c7a4a11b47ddf23c682759e",
            "53253682c7a4a11b47ddf23c6827",
            "3253682c7a4a11b47ddf23c68275",
            "253682c7a4a11b47ddf23c682759",
            "53682c7a4a11b47ddf23c682759e",
            "3682c7a4a11b47ddf23c6827",
            "682c7a4a11b47ddf23c68275",
            "82c7a4a11b47ddf23c682759",
            "2c7a4a11b47ddf23c682759e",
            "c7a4a11b47ddf23c6827",
            "7a4a11b47ddf23c68275",
            "a4a11b47ddf23c682759",
            "4a11b47ddf23c682759e",
            "a11b47ddf23c6827",
            "11b47ddf23c68275",
            "1b47ddf23c682759",
            "b47ddf23c682759e",
            "47ddf23c6827",
            "7ddf23c68275",
            "ddf23c682759",
            "df23c682759e",
            "f23c6827",
            "23c68275",
            "3c682759",
            "c682759e",
            "6827",
            "8275",
            "2759",
            "759e",
            "b67cb763f0104298a66947ad71ac7e95",
            "67cb763f0104298a66947ad71ac7",
            "7cb763f0104298a66947ad71ac7e",
            "cb763f0104298a66947ad71ac7e9",
            "b763f0104298a66947ad71ac7e95",
            "763f0104298a66947ad71ac7",
            "63f0104298a66947ad71ac7e",
            "3f0104298a66947ad71ac7e9",
            "f0104298a66947ad71ac7e95",
            "0104298a66947ad71ac7",
            "104298a66947ad71ac7e",
            "04298a66947ad71ac7e9",
            "4298a66947ad71ac7e95",
            "298a66947ad71ac7",
            "98a66947ad71ac7e",
            "8a66947ad71ac7e9",
            "a66947ad71ac7e95",
            "66947ad71ac7",
            "6947ad71ac7e",
            "947ad71ac7e9",
            "47ad71ac7e95",
            "7ad71ac7",
            "ad71ac7e",
            "d71ac7e9",
            "71ac7e95",
            "1ac7",
            "ac7e",
            "c7e9",
            "7e95",
            "2554099822f34631a849e9761bb1acd5",
            "554099822f34631a849e9761bb1a",
            "54099822f34631a849e9761bb1ac",
            "4099822f34631a849e9761bb1acd",
            "099822f34631a849e9761bb1acd5",
            "99822f34631a849e9761bb1a",
            "9822f34631a849e9761bb1ac",
            "822f34631a849e9761bb1acd",
            "22f34631a849e9761bb1acd5",
            "2f34631a849e9761bb1a",
            "f34631a849e9761bb1ac",
            "34631a849e9761bb1acd",
            "4631a849e9761bb1acd5",
            "631a849e9761bb1a",
            "31a849e9761bb1ac",
            "1a849e9761bb1acd",
            "a849e9761bb1acd5",
            "849e9761bb1a",
            "49e9761bb1ac",
            "9e9761bb1acd",
            "e9761bb1acd5",
            "9761bb1a",
            "761bb1ac",
            "61bb1acd",
            "1bb1acd5",
            "bb1a",
            "b1ac",
            "1acd",
            "acd5",
            "f2388ebc7a4f480f88350d91845094cb",
            "2388ebc7a4f480f88350d9184509",
            "388ebc7a4f480f88350d91845094",
            "88ebc7a4f480f88350d91845094c",
            "8ebc7a4f480f88350d91845094cb",
            "ebc7a4f480f88350d9184509",
            "bc7a4f480f88350d91845094",
            "c7a4f480f88350d91845094c",
            "7a4f480f88350d91845094cb",
            "a4f480f88350d9184509",
            "4f480f88350d91845094",
            "f480f88350d91845094c",
            "480f88350d91845094cb",
            "80f88350d9184509",
            "0f88350d91845094",
            "f88350d91845094c",
            "88350d91845094cb",
            "8350d9184509",
            "350d91845094",
            "50d91845094c",
            "0d91845094cb",
            "d9184509",
            "91845094",
            "1845094c",
            "845094cb",
            "4509",
            "5094",
            "094c",
            "94cb",
            "260d05322d1841a6a194d93139fa35ce",
            "60d05322d1841a6a194d93139fa3",
            "0d05322d1841a6a194d93139fa35",
            "d05322d1841a6a194d93139fa35c",
            "05322d1841a6a194d93139fa35ce",
            "5322d1841a6a194d93139fa3",
            "322d1841a6a194d93139fa35",
            "22d1841a6a194d93139fa35c",
            "2d1841a6a194d93139fa35ce",
            "d1841a6a194d93139fa3",
            "1841a6a194d93139fa35",
            "841a6a194d93139fa35c",
            "41a6a194d93139fa35ce",
            "1a6a194d93139fa3",
            "a6a194d93139fa35",
            "6a194d93139fa35c",
            "a194d93139fa35ce",
            "194d93139fa3",
            "94d93139fa35",
            "4d93139fa35c",
            "d93139fa35ce",
            "93139fa3",
            "3139fa35",
            "139fa35c",
            "39fa35ce",
            "9fa3",
            "fa35",
            "a35c",
            "35ce",
            "f10c8a0658784fe1b3493271f1ffbe90",
            "10c8a0658784fe1b3493271f1ffb",
            "0c8a0658784fe1b3493271f1ffbe",
            "c8a0658784fe1b3493271f1ffbe9",
            "8a0658784fe1b3493271f1ffbe90",
            "a0658784fe1b3493271f1ffb",
            "0658784fe1b3493271f1ffbe",
            "658784fe1b3493271f1ffbe9",
            "58784fe1b3493271f1ffbe90",
            "8784fe1b3493271f1ffb",
            "784fe1b3493271f1ffbe",
            "84fe1b3493271f1ffbe9",
            "4fe1b3493271f1ffbe90",
            "fe1b3493271f1ffb",
            "e1b3493271f1ffbe",
            "1b3493271f1ffbe9",
            "b3493271f1ffbe90",
            "3493271f1ffb",
            "493271f1ffbe",
            "93271f1ffbe9",
            "3271f1ffbe90",
            "271f1ffb",
            "71f1ffbe",
            "1f1ffbe9",
            "f1ffbe90",
            "1ffb",
            "ffbe",
            "fbe9",
            "be90",
            "84d4198945cf4b2297c4cb602118ff7f",
            "4d4198945cf4b2297c4cb602118f",
            "d4198945cf4b2297c4cb602118ff",
            "4198945cf4b2297c4cb602118ff7",
            "198945cf4b2297c4cb602118ff7f",
            "98945cf4b2297c4cb602118f",
            "8945cf4b2297c4cb602118ff",
            "945cf4b2297c4cb602118ff7",
            "45cf4b2297c4cb602118ff7f",
            "5cf4b2297c4cb602118f",
            "cf4b2297c4cb602118ff",
            "f4b2297c4cb602118ff7",
            "4b2297c4cb602118ff7f",
            "b2297c4cb602118f",
            "2297c4cb602118ff",
            "297c4cb602118ff7",
            "97c4cb602118ff7f",
            "7c4cb602118f",
            "c4cb602118ff",
            "4cb602118ff7",
            "cb602118ff7f",
            "b602118f",
            "602118ff",
            "02118ff7",
            "2118ff7f",
            "118f",
            "18ff",
            "8ff7",
            "ff7f",
            "a7bbe6fc6cd544e49dda0d4391772313",
            "7bbe6fc6cd544e49dda0d4391772",
            "bbe6fc6cd544e49dda0d43917723",
            "be6fc6cd544e49dda0d439177231",
            "e6fc6cd544e49dda0d4391772313",
            "6fc6cd544e49dda0d4391772",
            "fc6cd544e49dda0d43917723",
            "c6cd544e49dda0d439177231",
            "6cd544e49dda0d4391772313",
            "cd544e49dda0d4391772",
            "d544e49dda0d43917723",
            "544e49dda0d439177231",
            "44e49dda0d4391772313",
            "4e49dda0d4391772",
            "e49dda0d43917723",
            "49dda0d439177231",
            "9dda0d4391772313",
            "dda0d4391772",
            "da0d43917723",
            "a0d439177231",
            "0d4391772313",
            "d4391772",
            "43917723",
            "39177231",
            "91772313",
            "1772",
            "7723",
            "7231",
            "2313",
            "c93ab64aeb16472da89f1ccb114e96b2",
            "93ab64aeb16472da89f1ccb114e9",
            "3ab64aeb16472da89f1ccb114e96",
            "ab64aeb16472da89f1ccb114e96b",
            "b64aeb16472da89f1ccb114e96b2",
            "64aeb16472da89f1ccb114e9",
            "4aeb16472da89f1ccb114e96",
            "aeb16472da89f1ccb114e96b",
            "eb16472da89f1ccb114e96b2",
            "b16472da89f1ccb114e9",
            "16472da89f1ccb114e96",
            "6472da89f1ccb114e96b",
            "472da89f1ccb114e96b2",
            "72da89f1ccb114e9",
            "2da89f1ccb114e96",
            "da89f1ccb114e96b",
            "a89f1ccb114e96b2",
            "89f1ccb114e9",
            "9f1ccb114e96",
            "f1ccb114e96b",
            "1ccb114e96b2",
            "ccb114e9",
            "cb114e96",
            "b114e96b",
            "114e96b2",
            "14e9",
            "4e96",
            "e96b",
            "96b2",
            "9c5c5395f84a459e8804115137a9ba5e",
            "c5c5395f84a459e8804115137a9b",
            "5c5395f84a459e8804115137a9ba",
            "c5395f84a459e8804115137a9ba5",
            "5395f84a459e8804115137a9ba5e",
            "395f84a459e8804115137a9b",
            "95f84a459e8804115137a9ba",
            "5f84a459e8804115137a9ba5",
            "f84a459e8804115137a9ba5e",
            "84a459e8804115137a9b",
            "4a459e8804115137a9ba",
            "a459e8804115137a9ba5",
            "459e8804115137a9ba5e",
            "59e8804115137a9b",
            "9e8804115137a9ba",
            "e8804115137a9ba5",
            "8804115137a9ba5e",
            "804115137a9b",
            "04115137a9ba",
            "4115137a9ba5",
            "115137a9ba5e",
            "15137a9b",
            "5137a9ba",
            "137a9ba5",
            "37a9ba5e",
            "7a9b",
            "a9ba",
            "9ba5",
            "ba5e",
            "8b1e919bddc64c51abc011e9a7fd1682",
            "b1e919bddc64c51abc011e9a7fd1",
            "1e919bddc64c51abc011e9a7fd16",
            "e919bddc64c51abc011e9a7fd168",
            "919bddc64c51abc011e9a7fd1682",
            "19bddc64c51abc011e9a7fd1",
            "9bddc64c51abc011e9a7fd16",
            "bddc64c51abc011e9a7fd168",
            "ddc64c51abc011e9a7fd1682",
            "dc64c51abc011e9a7fd1",
            "c64c51abc011e9a7fd16",
            "64c51abc011e9a7fd168",
            "4c51abc011e9a7fd1682",
            "c51abc011e9a7fd1",
            "51abc011e9a7fd16",
            "1abc011e9a7fd168",
            "abc011e9a7fd1682",
            "bc011e9a7fd1",
            "c011e9a7fd16",
            "011e9a7fd168",
            "11e9a7fd1682",
            "1e9a7fd1",
            "e9a7fd16",
            "9a7fd168",
            "a7fd1682",
            "7fd1",
            "fd16",
            "d168",
            "1682",
            "0c4de8d8af714262b1a19f804407e32e",
            "c4de8d8af714262b1a19f804407e",
            "4de8d8af714262b1a19f804407e3",
            "de8d8af714262b1a19f804407e32",
            "e8d8af714262b1a19f804407e32e",
            "8d8af714262b1a19f804407e",
            "d8af714262b1a19f804407e3",
            "8af714262b1a19f804407e32",
            "af714262b1a19f804407e32e",
            "f714262b1a19f804407e",
            "714262b1a19f804407e3",
            "14262b1a19f804407e32",
            "4262b1a19f804407e32e",
            "262b1a19f804407e",
            "62b1a19f804407e3",
            "2b1a19f804407e32",
            "b1a19f804407e32e",
            "1a19f804407e",
            "a19f804407e3",
            "19f804407e32",
            "9f804407e32e",
            "f804407e",
            "804407e3",
            "04407e32",
            "4407e32e",
            "407e",
            "07e3",
            "7e32",
            "e32e",
            "21b9eec55517423db0eec64055879702",
            "1b9eec55517423db0eec64055879",
            "b9eec55517423db0eec640558797",
            "9eec55517423db0eec6405587970",
            "eec55517423db0eec64055879702",
            "ec55517423db0eec64055879",
            "c55517423db0eec640558797",
            "55517423db0eec6405587970",
            "5517423db0eec64055879702",
            "517423db0eec64055879",
            "17423db0eec640558797",
            "7423db0eec6405587970",
            "423db0eec64055879702",
            "23db0eec64055879",
            "3db0eec640558797",
            "db0eec6405587970",
            "b0eec64055879702",
            "0eec64055879",
            "eec640558797",
            "ec6405587970",
            "c64055879702",
            "64055879",
            "40558797",
            "05587970",
            "55879702",
            "5879",
            "8797",
            "7970",
            "9702",
            "0703956e92e24d799e36cb1bbf898ddc",
            "703956e92e24d799e36cb1bbf898",
            "03956e92e24d799e36cb1bbf898d",
            "3956e92e24d799e36cb1bbf898dd",
            "956e92e24d799e36cb1bbf898ddc",
            "56e92e24d799e36cb1bbf898",
            "6e92e24d799e36cb1bbf898d",
            "e92e24d799e36cb1bbf898dd",
            "92e24d799e36cb1bbf898ddc",
            "2e24d799e36cb1bbf898",
            "e24d799e36cb1bbf898d",
            "24d799e36cb1bbf898dd",
            "4d799e36cb1bbf898ddc",
            "d799e36cb1bbf898",
            "799e36cb1bbf898d",
            "99e36cb1bbf898dd",
            "9e36cb1bbf898ddc",
            "e36cb1bbf898",
            "36cb1bbf898d",
            "6cb1bbf898dd",
            "cb1bbf898ddc",
            "b1bbf898",
            "1bbf898d",
            "bbf898dd",
            "bf898ddc",
            "f898",
            "898d",
            "98dd",
            "8ddc",
            "b100b3aedbe24061ba9b1413dc641f58",
            "100b3aedbe24061ba9b1413dc641",
            "00b3aedbe24061ba9b1413dc641f",
            "0b3aedbe24061ba9b1413dc641f5",
            "b3aedbe24061ba9b1413dc641f58",
            "3aedbe24061ba9b1413dc641",
            "aedbe24061ba9b1413dc641f",
            "edbe24061ba9b1413dc641f5",
            "dbe24061ba9b1413dc641f58",
            "be24061ba9b1413dc641",
            "e24061ba9b1413dc641f",
            "24061ba9b1413dc641f5",
            "4061ba9b1413dc641f58",
            "061ba9b1413dc641",
            "61ba9b1413dc641f",
            "1ba9b1413dc641f5",
            "ba9b1413dc641f58",
            "a9b1413dc641",
            "9b1413dc641f",
            "b1413dc641f5",
            "1413dc641f58",
            "413dc641",
            "13dc641f",
            "3dc641f5",
            "dc641f58",
            "c641",
            "641f",
            "41f5",
            "1f58",
            "cc8cfff1b6e44e8583f824f322c8ef27",
            "c8cfff1b6e44e8583f824f322c8e",
            "8cfff1b6e44e8583f824f322c8ef",
            "cfff1b6e44e8583f824f322c8ef2",
            "fff1b6e44e8583f824f322c8ef27",
            "ff1b6e44e8583f824f322c8e",
            "f1b6e44e8583f824f322c8ef",
            "1b6e44e8583f824f322c8ef2",
            "b6e44e8583f824f322c8ef27",
            "6e44e8583f824f322c8e",
            "e44e8583f824f322c8ef",
            "44e8583f824f322c8ef2",
            "4e8583f824f322c8ef27",
            "e8583f824f322c8e",
            "8583f824f322c8ef",
            "583f824f322c8ef2",
            "83f824f322c8ef27",
            "3f824f322c8e",
            "f824f322c8ef",
            "824f322c8ef2",
            "24f322c8ef27",
            "4f322c8e",
            "f322c8ef",
            "322c8ef2",
            "22c8ef27",
            "2c8e",
            "c8ef",
            "8ef2",
            "ef27",
            "16fbc231e6324a0f95e337cd94956537",
            "6fbc231e6324a0f95e337cd94956",
            "fbc231e6324a0f95e337cd949565",
            "bc231e6324a0f95e337cd9495653",
            "c231e6324a0f95e337cd94956537",
            "231e6324a0f95e337cd94956",
            "31e6324a0f95e337cd949565",
            "1e6324a0f95e337cd9495653",
            "e6324a0f95e337cd94956537",
            "6324a0f95e337cd94956",
            "324a0f95e337cd949565",
            "24a0f95e337cd9495653",
            "4a0f95e337cd94956537",
            "a0f95e337cd94956",
            "0f95e337cd949565",
            "f95e337cd9495653",
            "95e337cd94956537",
            "5e337cd94956",
            "e337cd949565",
            "337cd9495653",
            "37cd94956537",
            "7cd94956",
            "cd949565",
            "d9495653",
            "94956537",
            "4956",
            "9565",
            "5653",
            "6537",
            "0bdfe8a4b5ee4823ba8f5fab173fe7ea",
            "bdfe8a4b5ee4823ba8f5fab173fe",
            "dfe8a4b5ee4823ba8f5fab173fe7",
            "fe8a4b5ee4823ba8f5fab173fe7e",
            "e8a4b5ee4823ba8f5fab173fe7ea",
            "8a4b5ee4823ba8f5fab173fe",
            "a4b5ee4823ba8f5fab173fe7",
            "4b5ee4823ba8f5fab173fe7e",
            "b5ee4823ba8f5fab173fe7ea",
            "5ee4823ba8f5fab173fe",
            "ee4823ba8f5fab173fe7",
            "e4823ba8f5fab173fe7e",
            "4823ba8f5fab173fe7ea",
            "823ba8f5fab173fe",
            "23ba8f5fab173fe7",
            "3ba8f5fab173fe7e",
            "ba8f5fab173fe7ea",
            "a8f5fab173fe",
            "8f5fab173fe7",
            "f5fab173fe7e",
            "5fab173fe7ea",
            "fab173fe",
            "ab173fe7",
            "b173fe7e",
            "173fe7ea",
            "73fe",
            "3fe7",
            "fe7e",
            "e7ea",
            "23302c9ec60546d88321a7fb1d16a3f4",
            "3302c9ec60546d88321a7fb1d16a",
            "302c9ec60546d88321a7fb1d16a3",
            "02c9ec60546d88321a7fb1d16a3f",
            "2c9ec60546d88321a7fb1d16a3f4",
            "c9ec60546d88321a7fb1d16a",
            "9ec60546d88321a7fb1d16a3",
            "ec60546d88321a7fb1d16a3f",
            "c60546d88321a7fb1d16a3f4",
            "60546d88321a7fb1d16a",
            "0546d88321a7fb1d16a3",
            "546d88321a7fb1d16a3f",
            "46d88321a7fb1d16a3f4",
            "6d88321a7fb1d16a",
            "d88321a7fb1d16a3",
            "88321a7fb1d16a3f",
            "8321a7fb1d16a3f4",
            "321a7fb1d16a",
            "21a7fb1d16a3",
            "1a7fb1d16a3f",
            "a7fb1d16a3f4",
            "7fb1d16a",
            "fb1d16a3",
            "b1d16a3f",
            "1d16a3f4",
            "d16a",
            "16a3",
            "6a3f",
            "a3f4",
            "6b3bca204be341f38b750153c4202232",
            "b3bca204be341f38b750153c4202",
            "3bca204be341f38b750153c42022",
            "bca204be341f38b750153c420223",
            "ca204be341f38b750153c4202232",
            "a204be341f38b750153c4202",
            "204be341f38b750153c42022",
            "04be341f38b750153c420223",
            "4be341f38b750153c4202232",
            "be341f38b750153c4202",
            "e341f38b750153c42022",
            "341f38b750153c420223",
            "41f38b750153c4202232",
            "1f38b750153c4202",
            "f38b750153c42022",
            "38b750153c420223",
            "8b750153c4202232",
            "b750153c4202",
            "750153c42022",
            "50153c420223",
            "0153c4202232",
            "153c4202",
            "53c42022",
            "3c420223",
            "c4202232",
            "4202",
            "2022",
            "0223",
            "2232",
            "05e0ee85c1c04918b6940ed1408a6fea",
            "5e0ee85c1c04918b6940ed1408a6",
            "e0ee85c1c04918b6940ed1408a6f",
            "0ee85c1c04918b6940ed1408a6fe",
            "ee85c1c04918b6940ed1408a6fea",
            "e85c1c04918b6940ed1408a6",
            "85c1c04918b6940ed1408a6f",
            "5c1c04918b6940ed1408a6fe",
            "c1c04918b6940ed1408a6fea",
            "1c04918b6940ed1408a6",
            "c04918b6940ed1408a6f",
            "04918b6940ed1408a6fe",
            "4918b6940ed1408a6fea",
            "918b6940ed1408a6",
            "18b6940ed1408a6f",
            "8b6940ed1408a6fe",
            "b6940ed1408a6fea",
            "6940ed1408a6",
            "940ed1408a6f",
            "40ed1408a6fe",
            "0ed1408a6fea",
            "ed1408a6",
            "d1408a6f",
            "1408a6fe",
            "408a6fea",
            "08a6",
            "8a6f",
            "a6fe",
            "6fea",
            "099b6c92f24e435c8eb7a89478bacfef",
            "99b6c92f24e435c8eb7a89478bac",
            "9b6c92f24e435c8eb7a89478bacf",
            "b6c92f24e435c8eb7a89478bacfe",
            "6c92f24e435c8eb7a89478bacfef",
            "c92f24e435c8eb7a89478bac",
            "92f24e435c8eb7a89478bacf",
            "2f24e435c8eb7a89478bacfe",
            "f24e435c8eb7a89478bacfef",
            "24e435c8eb7a89478bac",
            "4e435c8eb7a89478bacf",
            "e435c8eb7a89478bacfe",
            "435c8eb7a89478bacfef",
            "35c8eb7a89478bac",
            "5c8eb7a89478bacf",
            "c8eb7a89478bacfe",
            "8eb7a89478bacfef",
            "eb7a89478bac",
            "b7a89478bacf",
            "7a89478bacfe",
            "a89478bacfef",
            "89478bac",
            "9478bacf",
            "478bacfe",
            "78bacfef",
            "8bac",
            "bacf",
            "acfe",
            "cfef",
            "090d88bfc897461994e985d70ffcfde0",
            "90d88bfc897461994e985d70ffcf",
            "0d88bfc897461994e985d70ffcfd",
            "d88bfc897461994e985d70ffcfde",
            "88bfc897461994e985d70ffcfde0",
            "8bfc897461994e985d70ffcf",
            "bfc897461994e985d70ffcfd",
            "fc897461994e985d70ffcfde",
            "c897461994e985d70ffcfde0",
            "897461994e985d70ffcf",
            "97461994e985d70ffcfd",
            "7461994e985d70ffcfde",
            "461994e985d70ffcfde0",
            "61994e985d70ffcf",
            "1994e985d70ffcfd",
            "994e985d70ffcfde",
            "94e985d70ffcfde0",
            "4e985d70ffcf",
            "e985d70ffcfd",
            "985d70ffcfde",
            "85d70ffcfde0",
            "5d70ffcf",
            "d70ffcfd",
            "70ffcfde",
            "0ffcfde0",
            "ffcf",
            "fcfd",
            "cfde",
            "fde0",
            "537dc3ed79034ac59134387c9b881111",
            "37dc3ed79034ac59134387c9b881",
            "7dc3ed79034ac59134387c9b8811",
            "dc3ed79034ac59134387c9b88111",
            "c3ed79034ac59134387c9b881111",
            "3ed79034ac59134387c9b881",
            "ed79034ac59134387c9b8811",
            "d79034ac59134387c9b88111",
            "79034ac59134387c9b881111",
            "9034ac59134387c9b881",
            "034ac59134387c9b8811",
            "34ac59134387c9b88111",
            "4ac59134387c9b881111",
            "ac59134387c9b881",
            "c59134387c9b8811",
            "59134387c9b88111",
            "9134387c9b881111",
            "134387c9b881",
            "34387c9b8811",
            "4387c9b88111",
            "387c9b881111",
            "87c9b881",
            "7c9b8811",
            "c9b88111",
            "9b881111",
            "b881",
            "8811",
            "8111",
            "1111",
            "2b6568ccadc84e259d04a7c00d87fcae",
            "b6568ccadc84e259d04a7c00d87f",
            "6568ccadc84e259d04a7c00d87fc",
            "568ccadc84e259d04a7c00d87fca",
            "68ccadc84e259d04a7c00d87fcae",
            "8ccadc84e259d04a7c00d87f",
            "ccadc84e259d04a7c00d87fc",
            "cadc84e259d04a7c00d87fca",
            "adc84e259d04a7c00d87fcae",
            "dc84e259d04a7c00d87f",
            "c84e259d04a7c00d87fc",
            "84e259d04a7c00d87fca",
            "4e259d04a7c00d87fcae",
            "e259d04a7c00d87f",
            "259d04a7c00d87fc",
            "59d04a7c00d87fca",
            "9d04a7c00d87fcae",
            "d04a7c00d87f",
            "04a7c00d87fc",
            "4a7c00d87fca",
            "a7c00d87fcae",
            "7c00d87f",
            "c00d87fc",
            "00d87fca",
            "0d87fcae",
            "d87f",
            "87fc",
            "7fca",
            "fcae",
            "1eadf726b4764fd98a7c4ec89080a252",
            "eadf726b4764fd98a7c4ec89080a",
            "adf726b4764fd98a7c4ec89080a2",
            "df726b4764fd98a7c4ec89080a25",
            "f726b4764fd98a7c4ec89080a252",
            "726b4764fd98a7c4ec89080a",
            "26b4764fd98a7c4ec89080a2",
            "6b4764fd98a7c4ec89080a25",
            "b4764fd98a7c4ec89080a252",
            "4764fd98a7c4ec89080a",
            "764fd98a7c4ec89080a2",
            "64fd98a7c4ec89080a25",
            "4fd98a7c4ec89080a252",
            "fd98a7c4ec89080a",
            "d98a7c4ec89080a2",
            "98a7c4ec89080a25",
            "8a7c4ec89080a252",
            "a7c4ec89080a",
            "7c4ec89080a2",
            "c4ec89080a25",
            "4ec89080a252",
            "ec89080a",
            "c89080a2",
            "89080a25",
            "9080a252",
            "080a",
            "80a2",
            "0a25",
            "a252",
            "c3c3ae08b0dd411799d3d0f8cdaeb9d1",
            "3c3ae08b0dd411799d3d0f8cdaeb",
            "c3ae08b0dd411799d3d0f8cdaeb9",
            "3ae08b0dd411799d3d0f8cdaeb9d",
            "ae08b0dd411799d3d0f8cdaeb9d1",
            "e08b0dd411799d3d0f8cdaeb",
            "08b0dd411799d3d0f8cdaeb9",
            "8b0dd411799d3d0f8cdaeb9d",
            "b0dd411799d3d0f8cdaeb9d1",
            "0dd411799d3d0f8cdaeb",
            "dd411799d3d0f8cdaeb9",
            "d411799d3d0f8cdaeb9d",
            "411799d3d0f8cdaeb9d1",
            "11799d3d0f8cdaeb",
            "1799d3d0f8cdaeb9",
            "799d3d0f8cdaeb9d",
            "99d3d0f8cdaeb9d1",
            "9d3d0f8cdaeb",
            "d3d0f8cdaeb9",
            "3d0f8cdaeb9d",
            "d0f8cdaeb9d1",
            "0f8cdaeb",
            "f8cdaeb9",
            "8cdaeb9d",
            "cdaeb9d1",
            "daeb",
            "aeb9",
            "eb9d",
            "b9d1",
            "5167f2f3020c4e0fa8a7a656e771b6df",
            "167f2f3020c4e0fa8a7a656e771b",
            "67f2f3020c4e0fa8a7a656e771b6",
            "7f2f3020c4e0fa8a7a656e771b6d",
            "f2f3020c4e0fa8a7a656e771b6df",
            "2f3020c4e0fa8a7a656e771b",
            "f3020c4e0fa8a7a656e771b6",
            "3020c4e0fa8a7a656e771b6d",
            "020c4e0fa8a7a656e771b6df",
            "20c4e0fa8a7a656e771b",
            "0c4e0fa8a7a656e771b6",
            "c4e0fa8a7a656e771b6d",
            "4e0fa8a7a656e771b6df",
            "e0fa8a7a656e771b",
            "0fa8a7a656e771b6",
            "fa8a7a656e771b6d",
            "a8a7a656e771b6df",
            "8a7a656e771b",
            "a7a656e771b6",
            "7a656e771b6d",
            "a656e771b6df",
            "656e771b",
            "56e771b6",
            "6e771b6d",
            "e771b6df",
            "771b",
            "71b6",
            "1b6d",
            "b6df",
            "cce8e0cf85b04df38df95bf0befa5be3",
            "ce8e0cf85b04df38df95bf0befa5",
            "e8e0cf85b04df38df95bf0befa5b",
            "8e0cf85b04df38df95bf0befa5be",
            "e0cf85b04df38df95bf0befa5be3",
            "0cf85b04df38df95bf0befa5",
            "cf85b04df38df95bf0befa5b",
            "f85b04df38df95bf0befa5be",
            "85b04df38df95bf0befa5be3",
            "5b04df38df95bf0befa5",
            "b04df38df95bf0befa5b",
            "04df38df95bf0befa5be",
            "4df38df95bf0befa5be3",
            "df38df95bf0befa5",
            "f38df95bf0befa5b",
            "38df95bf0befa5be",
            "8df95bf0befa5be3",
            "df95bf0befa5",
            "f95bf0befa5b",
            "95bf0befa5be",
            "5bf0befa5be3",
            "bf0befa5",
            "f0befa5b",
            "0befa5be",
            "befa5be3",
            "efa5",
            "fa5b",
            "a5be",
            "5be3",
            "24d93d9841994e91b187681af280e75d",
            "4d93d9841994e91b187681af280e",
            "d93d9841994e91b187681af280e7",
            "93d9841994e91b187681af280e75",
            "3d9841994e91b187681af280e75d",
            "d9841994e91b187681af280e",
            "9841994e91b187681af280e7",
            "841994e91b187681af280e75",
            "41994e91b187681af280e75d",
            "1994e91b187681af280e",
            "994e91b187681af280e7",
            "94e91b187681af280e75",
            "4e91b187681af280e75d",
            "e91b187681af280e",
            "91b187681af280e7",
            "1b187681af280e75",
            "b187681af280e75d",
            "187681af280e",
            "87681af280e7",
            "7681af280e75",
            "681af280e75d",
            "81af280e",
            "1af280e7",
            "af280e75",
            "f280e75d",
            "280e",
            "80e7",
            "0e75",
            "e75d",
            "e386099634664e97bbbe0a993593a654",
            "386099634664e97bbbe0a993593a",
            "86099634664e97bbbe0a993593a6",
            "6099634664e97bbbe0a993593a65",
            "099634664e97bbbe0a993593a654",
            "99634664e97bbbe0a993593a",
            "9634664e97bbbe0a993593a6",
            "634664e97bbbe0a993593a65",
            "34664e97bbbe0a993593a654",
            "4664e97bbbe0a993593a",
            "664e97bbbe0a993593a6",
            "64e97bbbe0a993593a65",
            "4e97bbbe0a993593a654",
            "e97bbbe0a993593a",
            "97bbbe0a993593a6",
            "7bbbe0a993593a65",
            "bbbe0a993593a654",
            "bbe0a993593a",
            "be0a993593a6",
            "e0a993593a65",
            "0a993593a654",
            "a993593a",
            "993593a6",
            "93593a65",
            "3593a654",
            "593a",
            "93a6",
            "3a65",
            "a654",
            "d396ac4327504576ac4495334d894fd8",
            "396ac4327504576ac4495334d894",
            "96ac4327504576ac4495334d894f",
            "6ac4327504576ac4495334d894fd",
            "ac4327504576ac4495334d894fd8",
            "c4327504576ac4495334d894",
            "4327504576ac4495334d894f",
            "327504576ac4495334d894fd",
            "27504576ac4495334d894fd8",
            "7504576ac4495334d894",
            "504576ac4495334d894f",
            "04576ac4495334d894fd",
            "4576ac4495334d894fd8",
            "576ac4495334d894",
            "76ac4495334d894f",
            "6ac4495334d894fd",
            "ac4495334d894fd8",
            "c4495334d894",
            "4495334d894f",
            "495334d894fd",
            "95334d894fd8",
            "5334d894",
            "334d894f",
            "34d894fd",
            "4d894fd8",
            "d894",
            "894f",
            "94fd",
            "4fd8",
            "ab4742156ed3431e90df3d90c0b8d12e",
            "b4742156ed3431e90df3d90c0b8d",
            "4742156ed3431e90df3d90c0b8d1",
            "742156ed3431e90df3d90c0b8d12",
            "42156ed3431e90df3d90c0b8d12e",
            "2156ed3431e90df3d90c0b8d",
            "156ed3431e90df3d90c0b8d1",
            "56ed3431e90df3d90c0b8d12",
            "6ed3431e90df3d90c0b8d12e",
            "ed3431e90df3d90c0b8d",
            "d3431e90df3d90c0b8d1",
            "3431e90df3d90c0b8d12",
            "431e90df3d90c0b8d12e",
            "31e90df3d90c0b8d",
            "1e90df3d90c0b8d1",
            "e90df3d90c0b8d12",
            "90df3d90c0b8d12e",
            "0df3d90c0b8d",
            "df3d90c0b8d1",
            "f3d90c0b8d12",
            "3d90c0b8d12e",
            "d90c0b8d",
            "90c0b8d1",
            "0c0b8d12",
            "c0b8d12e",
            "0b8d",
            "b8d1",
            "8d12",
            "d12e",
            "c98a1b611d3d48d8a27df90e65f8c4cd",
            "98a1b611d3d48d8a27df90e65f8c",
            "8a1b611d3d48d8a27df90e65f8c4",
            "a1b611d3d48d8a27df90e65f8c4c",
            "1b611d3d48d8a27df90e65f8c4cd",
            "b611d3d48d8a27df90e65f8c",
            "611d3d48d8a27df90e65f8c4",
            "11d3d48d8a27df90e65f8c4c",
            "1d3d48d8a27df90e65f8c4cd",
            "d3d48d8a27df90e65f8c",
            "3d48d8a27df90e65f8c4",
            "d48d8a27df90e65f8c4c",
            "48d8a27df90e65f8c4cd",
            "8d8a27df90e65f8c",
            "d8a27df90e65f8c4",
            "8a27df90e65f8c4c",
            "a27df90e65f8c4cd",
            "27df90e65f8c",
            "7df90e65f8c4",
            "df90e65f8c4c",
            "f90e65f8c4cd",
            "90e65f8c",
            "0e65f8c4",
            "e65f8c4c",
            "65f8c4cd",
            "5f8c",
            "f8c4",
            "8c4c",
            "c4cd",
            "b48b124274464683b60fda75027ce738",
            "48b124274464683b60fda75027ce",
            "8b124274464683b60fda75027ce7",
            "b124274464683b60fda75027ce73",
            "124274464683b60fda75027ce738",
            "24274464683b60fda75027ce",
            "4274464683b60fda75027ce7",
            "274464683b60fda75027ce73",
            "74464683b60fda75027ce738",
            "4464683b60fda75027ce",
            "464683b60fda75027ce7",
            "64683b60fda75027ce73",
            "4683b60fda75027ce738",
            "683b60fda75027ce",
            "83b60fda75027ce7",
            "3b60fda75027ce73",
            "b60fda75027ce738",
            "60fda75027ce",
            "0fda75027ce7",
            "fda75027ce73",
            "da75027ce738",
            "a75027ce",
            "75027ce7",
            "5027ce73",
            "027ce738",
            "27ce",
            "7ce7",
            "ce73",
            "e738",
            "f490530347ef42d185a76a667f571c89",
            "490530347ef42d185a76a667f571",
            "90530347ef42d185a76a667f571c",
            "0530347ef42d185a76a667f571c8",
            "530347ef42d185a76a667f571c89",
            "30347ef42d185a76a667f571",
            "0347ef42d185a76a667f571c",
            "347ef42d185a76a667f571c8",
            "47ef42d185a76a667f571c89",
            "7ef42d185a76a667f571",
            "ef42d185a76a667f571c",
            "f42d185a76a667f571c8",
            "42d185a76a667f571c89",
            "2d185a76a667f571",
            "d185a76a667f571c",
            "185a76a667f571c8",
            "85a76a667f571c89",
            "5a76a667f571",
            "a76a667f571c",
            "76a667f571c8",
            "6a667f571c89",
            "a667f571",
            "667f571c",
            "67f571c8",
            "7f571c89",
            "571c",
            "71c8",
            "1c89",
            "b3952c5eaf90463aad06e57e66d22ad8",
            "3952c5eaf90463aad06e57e66d22",
            "952c5eaf90463aad06e57e66d22a",
            "52c5eaf90463aad06e57e66d22ad",
            "2c5eaf90463aad06e57e66d22ad8",
            "c5eaf90463aad06e57e66d22",
            "5eaf90463aad06e57e66d22a",
            "eaf90463aad06e57e66d22ad",
            "af90463aad06e57e66d22ad8",
            "f90463aad06e57e66d22",
            "90463aad06e57e66d22a",
            "0463aad06e57e66d22ad",
            "463aad06e57e66d22ad8",
            "63aad06e57e66d22",
            "3aad06e57e66d22a",
            "aad06e57e66d22ad",
            "ad06e57e66d22ad8",
            "d06e57e66d22",
            "06e57e66d22a",
            "6e57e66d22ad",
            "e57e66d22ad8",
            "57e66d22",
            "7e66d22a",
            "e66d22ad",
            "66d22ad8",
            "6d22",
            "d22a",
            "22ad",
            "2ad8",
            "7872215e9cc440f390d079c7867a1d5b",
            "872215e9cc440f390d079c7867a1",
            "72215e9cc440f390d079c7867a1d",
            "2215e9cc440f390d079c7867a1d5",
            "215e9cc440f390d079c7867a1d5b",
            "15e9cc440f390d079c7867a1",
            "5e9cc440f390d079c7867a1d",
            "e9cc440f390d079c7867a1d5",
            "9cc440f390d079c7867a1d5b",
            "cc440f390d079c7867a1",
            "c440f390d079c7867a1d",
            "440f390d079c7867a1d5",
            "40f390d079c7867a1d5b",
            "0f390d079c7867a1",
            "f390d079c7867a1d",
            "390d079c7867a1d5",
            "90d079c7867a1d5b",
            "0d079c7867a1",
            "d079c7867a1d",
            "079c7867a1d5",
            "79c7867a1d5b",
            "9c7867a1",
            "c7867a1d",
            "7867a1d5",
            "867a1d5b",
            "67a1",
            "7a1d",
            "a1d5",
            "1d5b",
            "89a266a2ebd140cbae6c02dd044e0400",
            "9a266a2ebd140cbae6c02dd044e0",
            "a266a2ebd140cbae6c02dd044e04",
            "266a2ebd140cbae6c02dd044e040",
            "66a2ebd140cbae6c02dd044e0400",
            "6a2ebd140cbae6c02dd044e0",
            "a2ebd140cbae6c02dd044e04",
            "2ebd140cbae6c02dd044e040",
            "ebd140cbae6c02dd044e0400",
            "bd140cbae6c02dd044e0",
            "d140cbae6c02dd044e04",
            "140cbae6c02dd044e040",
            "40cbae6c02dd044e0400",
            "0cbae6c02dd044e0",
            "cbae6c02dd044e04",
            "bae6c02dd044e040",
            "ae6c02dd044e0400",
            "e6c02dd044e0",
            "6c02dd044e04",
            "c02dd044e040",
            "02dd044e0400",
            "2dd044e0",
            "dd044e04",
            "d044e040",
            "044e0400",
            "44e0",
            "4e04",
            "e040",
            "0400",
            "4163e908fb484acebc656613fcc69fd3",
            "163e908fb484acebc656613fcc69",
            "63e908fb484acebc656613fcc69f",
            "3e908fb484acebc656613fcc69fd",
            "e908fb484acebc656613fcc69fd3",
            "908fb484acebc656613fcc69",
            "08fb484acebc656613fcc69f",
            "8fb484acebc656613fcc69fd",
            "fb484acebc656613fcc69fd3",
            "b484acebc656613fcc69",
            "484acebc656613fcc69f",
            "84acebc656613fcc69fd",
            "4acebc656613fcc69fd3",
            "acebc656613fcc69",
            "cebc656613fcc69f",
            "ebc656613fcc69fd",
            "bc656613fcc69fd3",
            "c656613fcc69",
            "656613fcc69f",
            "56613fcc69fd",
            "6613fcc69fd3",
            "613fcc69",
            "13fcc69f",
            "3fcc69fd",
            "fcc69fd3",
            "cc69",
            "c69f",
            "69fd",
            "9fd3",
            "64bc0d950f994adfac79a0cf7dcd0307",
            "4bc0d950f994adfac79a0cf7dcd0",
            "bc0d950f994adfac79a0cf7dcd03",
            "c0d950f994adfac79a0cf7dcd030",
            "0d950f994adfac79a0cf7dcd0307",
            "d950f994adfac79a0cf7dcd0",
            "950f994adfac79a0cf7dcd03",
            "50f994adfac79a0cf7dcd030",
            "0f994adfac79a0cf7dcd0307",
            "f994adfac79a0cf7dcd0",
            "994adfac79a0cf7dcd03",
            "94adfac79a0cf7dcd030",
            "4adfac79a0cf7dcd0307",
            "adfac79a0cf7dcd0",
            "dfac79a0cf7dcd03",
            "fac79a0cf7dcd030",
            "ac79a0cf7dcd0307",
            "c79a0cf7dcd0",
            "79a0cf7dcd03",
            "9a0cf7dcd030",
            "a0cf7dcd0307",
            "0cf7dcd0",
            "cf7dcd03",
            "f7dcd030",
            "7dcd0307",
            "dcd0",
            "cd03",
            "d030",
            "0307",
            "073f39878b9445e680251b5873d423a3",
            "73f39878b9445e680251b5873d42",
            "3f39878b9445e680251b5873d423",
            "f39878b9445e680251b5873d423a",
            "39878b9445e680251b5873d423a3",
            "9878b9445e680251b5873d42",
            "878b9445e680251b5873d423",
            "78b9445e680251b5873d423a",
            "8b9445e680251b5873d423a3",
            "b9445e680251b5873d42",
            "9445e680251b5873d423",
            "445e680251b5873d423a",
            "45e680251b5873d423a3",
            "5e680251b5873d42",
            "e680251b5873d423",
            "680251b5873d423a",
            "80251b5873d423a3",
            "0251b5873d42",
            "251b5873d423",
            "51b5873d423a",
            "1b5873d423a3",
            "b5873d42",
            "5873d423",
            "873d423a",
            "73d423a3",
            "3d42",
            "d423",
            "423a",
            "23a3",
            "9b77a2f3ca2c4c0bb444196b41a00a53",
            "b77a2f3ca2c4c0bb444196b41a00",
            "77a2f3ca2c4c0bb444196b41a00a",
            "7a2f3ca2c4c0bb444196b41a00a5",
            "a2f3ca2c4c0bb444196b41a00a53",
            "2f3ca2c4c0bb444196b41a00",
            "f3ca2c4c0bb444196b41a00a",
            "3ca2c4c0bb444196b41a00a5",
            "ca2c4c0bb444196b41a00a53",
            "a2c4c0bb444196b41a00",
            "2c4c0bb444196b41a00a",
            "c4c0bb444196b41a00a5",
            "4c0bb444196b41a00a53",
            "c0bb444196b41a00",
            "0bb444196b41a00a",
            "bb444196b41a00a5",
            "b444196b41a00a53",
            "444196b41a00",
            "44196b41a00a",
            "4196b41a00a5",
            "196b41a00a53",
            "96b41a00",
            "6b41a00a",
            "b41a00a5",
            "41a00a53",
            "1a00",
            "a00a",
            "00a5",
            "0a53",
            "8394028c75be407da3d985eee62ffdc1",
            "394028c75be407da3d985eee62ff",
            "94028c75be407da3d985eee62ffd",
            "4028c75be407da3d985eee62ffdc",
            "028c75be407da3d985eee62ffdc1",
            "28c75be407da3d985eee62ff",
            "8c75be407da3d985eee62ffd",
            "c75be407da3d985eee62ffdc",
            "75be407da3d985eee62ffdc1",
            "5be407da3d985eee62ff",
            "be407da3d985eee62ffd",
            "e407da3d985eee62ffdc",
            "407da3d985eee62ffdc1",
            "07da3d985eee62ff",
            "7da3d985eee62ffd",
            "da3d985eee62ffdc",
            "a3d985eee62ffdc1",
            "3d985eee62ff",
            "d985eee62ffd",
            "985eee62ffdc",
            "85eee62ffdc1",
            "5eee62ff",
            "eee62ffd",
            "ee62ffdc",
            "e62ffdc1",
            "62ff",
            "2ffd",
            "ffdc",
            "fdc1",
            "1d96bec8186b425a8cde007fccb865a4",
            "d96bec8186b425a8cde007fccb86",
            "96bec8186b425a8cde007fccb865",
            "6bec8186b425a8cde007fccb865a",
            "bec8186b425a8cde007fccb865a4",
            "ec8186b425a8cde007fccb86",
            "c8186b425a8cde007fccb865",
            "8186b425a8cde007fccb865a",
            "186b425a8cde007fccb865a4",
            "86b425a8cde007fccb86",
            "6b425a8cde007fccb865",
            "b425a8cde007fccb865a",
            "425a8cde007fccb865a4",
            "25a8cde007fccb86",
            "5a8cde007fccb865",
            "a8cde007fccb865a",
            "8cde007fccb865a4",
            "cde007fccb86",
            "de007fccb865",
            "e007fccb865a",
            "007fccb865a4",
            "07fccb86",
            "7fccb865",
            "fccb865a",
            "ccb865a4",
            "cb86",
            "b865",
            "865a",
            "65a4",
            "543225697b084a078a721cb481490088",
            "43225697b084a078a721cb481490",
            "3225697b084a078a721cb4814900",
            "225697b084a078a721cb48149008",
            "25697b084a078a721cb481490088",
            "5697b084a078a721cb481490",
            "697b084a078a721cb4814900",
            "97b084a078a721cb48149008",
            "7b084a078a721cb481490088",
            "b084a078a721cb481490",
            "084a078a721cb4814900",
            "84a078a721cb48149008",
            "4a078a721cb481490088",
            "a078a721cb481490",
            "078a721cb4814900",
            "78a721cb48149008",
            "8a721cb481490088",
            "a721cb481490",
            "721cb4814900",
            "21cb48149008",
            "1cb481490088",
            "cb481490",
            "b4814900",
            "48149008",
            "81490088",
            "1490",
            "4900",
            "9008",
            "0088",
            "7d9b0d8a7456498d83122816cf925b6c",
            "d9b0d8a7456498d83122816cf925",
            "9b0d8a7456498d83122816cf925b",
            "b0d8a7456498d83122816cf925b6",
            "0d8a7456498d83122816cf925b6c",
            "d8a7456498d83122816cf925",
            "8a7456498d83122816cf925b",
            "a7456498d83122816cf925b6",
            "7456498d83122816cf925b6c",
            "456498d83122816cf925",
            "56498d83122816cf925b",
            "6498d83122816cf925b6",
            "498d83122816cf925b6c",
            "98d83122816cf925",
            "8d83122816cf925b",
            "d83122816cf925b6",
            "83122816cf925b6c",
            "3122816cf925",
            "122816cf925b",
            "22816cf925b6",
            "2816cf925b6c",
            "816cf925",
            "16cf925b",
            "6cf925b6",
            "cf925b6c",
            "f925",
            "925b",
            "25b6",
            "5b6c",
            "f6b6684a3f3a49d49b9234e4f37f3bd1",
            "6b6684a3f3a49d49b9234e4f37f3",
            "b6684a3f3a49d49b9234e4f37f3b",
            "6684a3f3a49d49b9234e4f37f3bd",
            "684a3f3a49d49b9234e4f37f3bd1",
            "84a3f3a49d49b9234e4f37f3",
            "4a3f3a49d49b9234e4f37f3b",
            "a3f3a49d49b9234e4f37f3bd",
            "3f3a49d49b9234e4f37f3bd1",
            "f3a49d49b9234e4f37f3",
            "3a49d49b9234e4f37f3b",
            "a49d49b9234e4f37f3bd",
            "49d49b9234e4f37f3bd1",
            "9d49b9234e4f37f3",
            "d49b9234e4f37f3b",
            "49b9234e4f37f3bd",
            "9b9234e4f37f3bd1",
            "b9234e4f37f3",
            "9234e4f37f3b",
            "234e4f37f3bd",
            "34e4f37f3bd1",
            "4e4f37f3",
            "e4f37f3b",
            "4f37f3bd",
            "f37f3bd1",
            "37f3",
            "7f3b",
            "f3bd",
            "3bd1",
            "37077beea53c4f9785a43d0d0613adb5",
            "7077beea53c4f9785a43d0d0613a",
            "077beea53c4f9785a43d0d0613ad",
            "77beea53c4f9785a43d0d0613adb",
            "7beea53c4f9785a43d0d0613adb5",
            "beea53c4f9785a43d0d0613a",
            "eea53c4f9785a43d0d0613ad",
            "ea53c4f9785a43d0d0613adb",
            "a53c4f9785a43d0d0613adb5",
            "53c4f9785a43d0d0613a",
            "3c4f9785a43d0d0613ad",
            "c4f9785a43d0d0613adb",
            "4f9785a43d0d0613adb5",
            "f9785a43d0d0613a",
            "9785a43d0d0613ad",
            "785a43d0d0613adb",
            "85a43d0d0613adb5",
            "5a43d0d0613a",
            "a43d0d0613ad",
            "43d0d0613adb",
            "3d0d0613adb5",
            "d0d0613a",
            "0d0613ad",
            "d0613adb",
            "0613adb5",
            "613a",
            "13ad",
            "3adb",
            "adb5",
            "dc920ac92a34434ca33472533bb2c45a",
            "c920ac92a34434ca33472533bb2c",
            "920ac92a34434ca33472533bb2c4",
            "20ac92a34434ca33472533bb2c45",
            "0ac92a34434ca33472533bb2c45a",
            "ac92a34434ca33472533bb2c",
            "c92a34434ca33472533bb2c4",
            "92a34434ca33472533bb2c45",
            "2a34434ca33472533bb2c45a",
            "a34434ca33472533bb2c",
            "34434ca33472533bb2c4",
            "4434ca33472533bb2c45",
            "434ca33472533bb2c45a",
            "34ca33472533bb2c",
            "4ca33472533bb2c4",
            "ca33472533bb2c45",
            "a33472533bb2c45a",
            "33472533bb2c",
            "3472533bb2c4",
            "472533bb2c45",
            "72533bb2c45a",
            "2533bb2c",
            "533bb2c4",
            "33bb2c45",
            "3bb2c45a",
            "bb2c",
            "b2c4",
            "2c45",
            "c45a",
            "2a03807fb3404a00ad218e9cd6bb1173",
            "a03807fb3404a00ad218e9cd6bb1",
            "03807fb3404a00ad218e9cd6bb11",
            "3807fb3404a00ad218e9cd6bb117",
            "807fb3404a00ad218e9cd6bb1173",
            "07fb3404a00ad218e9cd6bb1",
            "7fb3404a00ad218e9cd6bb11",
            "fb3404a00ad218e9cd6bb117",
            "b3404a00ad218e9cd6bb1173",
            "3404a00ad218e9cd6bb1",
            "404a00ad218e9cd6bb11",
            "04a00ad218e9cd6bb117",
            "4a00ad218e9cd6bb1173",
            "a00ad218e9cd6bb1",
            "00ad218e9cd6bb11",
            "0ad218e9cd6bb117",
            "ad218e9cd6bb1173",
            "d218e9cd6bb1",
            "218e9cd6bb11",
            "18e9cd6bb117",
            "8e9cd6bb1173",
            "e9cd6bb1",
            "9cd6bb11",
            "cd6bb117",
            "d6bb1173",
            "6bb1",
            "bb11",
            "b117",
            "1173",
            "50b85bf61bef4152bb276fe221a04353",
            "0b85bf61bef4152bb276fe221a04",
            "b85bf61bef4152bb276fe221a043",
            "85bf61bef4152bb276fe221a0435",
            "5bf61bef4152bb276fe221a04353",
            "bf61bef4152bb276fe221a04",
            "f61bef4152bb276fe221a043",
            "61bef4152bb276fe221a0435",
            "1bef4152bb276fe221a04353",
            "bef4152bb276fe221a04",
            "ef4152bb276fe221a043",
            "f4152bb276fe221a0435",
            "4152bb276fe221a04353",
            "152bb276fe221a04",
            "52bb276fe221a043",
            "2bb276fe221a0435",
            "bb276fe221a04353",
            "b276fe221a04",
            "276fe221a043",
            "76fe221a0435",
            "6fe221a04353",
            "fe221a04",
            "e221a043",
            "221a0435",
            "21a04353",
            "1a04",
            "a043",
            "0435",
            "4353",
            "bcfb5d8e041243b6a80dca6dc1de1aef",
            "cfb5d8e041243b6a80dca6dc1de1",
            "fb5d8e041243b6a80dca6dc1de1a",
            "b5d8e041243b6a80dca6dc1de1ae",
            "5d8e041243b6a80dca6dc1de1aef",
            "d8e041243b6a80dca6dc1de1",
            "8e041243b6a80dca6dc1de1a",
            "e041243b6a80dca6dc1de1ae",
            "041243b6a80dca6dc1de1aef",
            "41243b6a80dca6dc1de1",
            "1243b6a80dca6dc1de1a",
            "243b6a80dca6dc1de1ae",
            "43b6a80dca6dc1de1aef",
            "3b6a80dca6dc1de1",
            "b6a80dca6dc1de1a",
            "6a80dca6dc1de1ae",
            "a80dca6dc1de1aef",
            "80dca6dc1de1",
            "0dca6dc1de1a",
            "dca6dc1de1ae",
            "ca6dc1de1aef",
            "a6dc1de1",
            "6dc1de1a",
            "dc1de1ae",
            "c1de1aef",
            "1de1",
            "de1a",
            "e1ae",
            "1aef",
            "03bdda1abd0d4f0b9529f23045710b71",
            "3bdda1abd0d4f0b9529f23045710",
            "bdda1abd0d4f0b9529f23045710b",
            "dda1abd0d4f0b9529f23045710b7",
            "da1abd0d4f0b9529f23045710b71",
            "a1abd0d4f0b9529f23045710",
            "1abd0d4f0b9529f23045710b",
            "abd0d4f0b9529f23045710b7",
            "bd0d4f0b9529f23045710b71",
            "d0d4f0b9529f23045710",
            "0d4f0b9529f23045710b",
            "d4f0b9529f23045710b7",
            "4f0b9529f23045710b71",
            "f0b9529f23045710",
            "0b9529f23045710b",
            "b9529f23045710b7",
            "9529f23045710b71",
            "529f23045710",
            "29f23045710b",
            "9f23045710b7",
            "f23045710b71",
            "23045710",
            "3045710b",
            "045710b7",
            "45710b71",
            "5710",
            "710b",
            "10b7",
            "0b71",
            "a8b24676f4a740a0b538d3b7e51e27f2",
            "8b24676f4a740a0b538d3b7e51e2",
            "b24676f4a740a0b538d3b7e51e27",
            "24676f4a740a0b538d3b7e51e27f",
            "4676f4a740a0b538d3b7e51e27f2",
            "676f4a740a0b538d3b7e51e2",
            "76f4a740a0b538d3b7e51e27",
            "6f4a740a0b538d3b7e51e27f",
            "f4a740a0b538d3b7e51e27f2",
            "4a740a0b538d3b7e51e2",
            "a740a0b538d3b7e51e27",
            "740a0b538d3b7e51e27f",
            "40a0b538d3b7e51e27f2",
            "0a0b538d3b7e51e2",
            "a0b538d3b7e51e27",
            "0b538d3b7e51e27f",
            "b538d3b7e51e27f2",
            "538d3b7e51e2",
            "38d3b7e51e27",
            "8d3b7e51e27f",
            "d3b7e51e27f2",
            "3b7e51e2",
            "b7e51e27",
            "7e51e27f",
            "e51e27f2",
            "51e2",
            "1e27",
            "e27f",
            "27f2",
            "2a5ff35f7d1540119bc819a4be1976f8",
            "a5ff35f7d1540119bc819a4be197",
            "5ff35f7d1540119bc819a4be1976",
            "ff35f7d1540119bc819a4be1976f",
            "f35f7d1540119bc819a4be1976f8",
            "35f7d1540119bc819a4be197",
            "5f7d1540119bc819a4be1976",
            "f7d1540119bc819a4be1976f",
            "7d1540119bc819a4be1976f8",
            "d1540119bc819a4be197",
            "1540119bc819a4be1976",
            "540119bc819a4be1976f",
            "40119bc819a4be1976f8",
            "0119bc819a4be197",
            "119bc819a4be1976",
            "19bc819a4be1976f",
            "9bc819a4be1976f8",
            "bc819a4be197",
            "c819a4be1976",
            "819a4be1976f",
            "19a4be1976f8",
            "9a4be197",
            "a4be1976",
            "4be1976f",
            "be1976f8",
            "e197",
            "1976",
            "976f",
            "76f8",
            "0b67444dd74b4ac8a27c124c8240277f",
            "b67444dd74b4ac8a27c124c82402",
            "67444dd74b4ac8a27c124c824027",
            "7444dd74b4ac8a27c124c8240277",
            "444dd74b4ac8a27c124c8240277f",
            "44dd74b4ac8a27c124c82402",
            "4dd74b4ac8a27c124c824027",
            "dd74b4ac8a27c124c8240277",
            "d74b4ac8a27c124c8240277f",
            "74b4ac8a27c124c82402",
            "4b4ac8a27c124c824027",
            "b4ac8a27c124c8240277",
            "4ac8a27c124c8240277f",
            "ac8a27c124c82402",
            "c8a27c124c824027",
            "8a27c124c8240277",
            "a27c124c8240277f",
            "27c124c82402",
            "7c124c824027",
            "c124c8240277",
            "124c8240277f",
            "24c82402",
            "4c824027",
            "c8240277",
            "8240277f",
            "2402",
            "4027",
            "0277",
            "277f",
            "df1d0724ab1943888cd9d60d6581c1ab",
            "f1d0724ab1943888cd9d60d6581c",
            "1d0724ab1943888cd9d60d6581c1",
            "d0724ab1943888cd9d60d6581c1a",
            "0724ab1943888cd9d60d6581c1ab",
            "724ab1943888cd9d60d6581c",
            "24ab1943888cd9d60d6581c1",
            "4ab1943888cd9d60d6581c1a",
            "ab1943888cd9d60d6581c1ab",
            "b1943888cd9d60d6581c",
            "1943888cd9d60d6581c1",
            "943888cd9d60d6581c1a",
            "43888cd9d60d6581c1ab",
            "3888cd9d60d6581c",
            "888cd9d60d6581c1",
            "88cd9d60d6581c1a",
            "8cd9d60d6581c1ab",
            "cd9d60d6581c",
            "d9d60d6581c1",
            "9d60d6581c1a",
            "d60d6581c1ab",
            "60d6581c",
            "0d6581c1",
            "d6581c1a",
            "6581c1ab",
            "581c",
            "81c1",
            "1c1a",
            "c1ab",
            "2d6fd91821e74bb780f96b5b33bb26fb",
            "d6fd91821e74bb780f96b5b33bb2",
            "6fd91821e74bb780f96b5b33bb26",
            "fd91821e74bb780f96b5b33bb26f",
            "d91821e74bb780f96b5b33bb26fb",
            "91821e74bb780f96b5b33bb2",
            "1821e74bb780f96b5b33bb26",
            "821e74bb780f96b5b33bb26f",
            "21e74bb780f96b5b33bb26fb",
            "1e74bb780f96b5b33bb2",
            "e74bb780f96b5b33bb26",
            "74bb780f96b5b33bb26f",
            "4bb780f96b5b33bb26fb",
            "bb780f96b5b33bb2",
            "b780f96b5b33bb26",
            "780f96b5b33bb26f",
            "80f96b5b33bb26fb",
            "0f96b5b33bb2",
            "f96b5b33bb26",
            "96b5b33bb26f",
            "6b5b33bb26fb",
            "b5b33bb2",
            "5b33bb26",
            "b33bb26f",
            "33bb26fb",
            "3bb2",
            "bb26",
            "b26f",
            "26fb",
            "07c03aad43a64d128e9a6913deb9de0e",
            "7c03aad43a64d128e9a6913deb9d",
            "c03aad43a64d128e9a6913deb9de",
            "03aad43a64d128e9a6913deb9de0",
            "3aad43a64d128e9a6913deb9de0e",
            "aad43a64d128e9a6913deb9d",
            "ad43a64d128e9a6913deb9de",
            "d43a64d128e9a6913deb9de0",
            "43a64d128e9a6913deb9de0e",
            "3a64d128e9a6913deb9d",
            "a64d128e9a6913deb9de",
            "64d128e9a6913deb9de0",
            "4d128e9a6913deb9de0e",
            "d128e9a6913deb9d",
            "128e9a6913deb9de",
            "28e9a6913deb9de0",
            "8e9a6913deb9de0e",
            "e9a6913deb9d",
            "9a6913deb9de",
            "a6913deb9de0",
            "6913deb9de0e",
            "913deb9d",
            "13deb9de",
            "3deb9de0",
            "deb9de0e",
            "b9de",
            "9de0",
            "de0e",
            "a8a5d1bec6754eb3afcba066aba16cda",
            "8a5d1bec6754eb3afcba066aba16",
            "a5d1bec6754eb3afcba066aba16c",
            "5d1bec6754eb3afcba066aba16cd",
            "d1bec6754eb3afcba066aba16cda",
            "1bec6754eb3afcba066aba16",
            "bec6754eb3afcba066aba16c",
            "ec6754eb3afcba066aba16cd",
            "c6754eb3afcba066aba16cda",
            "6754eb3afcba066aba16",
            "754eb3afcba066aba16c",
            "54eb3afcba066aba16cd",
            "4eb3afcba066aba16cda",
            "eb3afcba066aba16",
            "b3afcba066aba16c",
            "3afcba066aba16cd",
            "afcba066aba16cda",
            "fcba066aba16",
            "cba066aba16c",
            "ba066aba16cd",
            "a066aba16cda",
            "066aba16",
            "66aba16c",
            "6aba16cd",
            "aba16cda",
            "ba16",
            "a16c",
            "16cd",
            "6cda",
            "58d57f6bc0a44d858087a68eb81766d7",
            "8d57f6bc0a44d858087a68eb8176",
            "d57f6bc0a44d858087a68eb81766",
            "57f6bc0a44d858087a68eb81766d",
            "7f6bc0a44d858087a68eb81766d7",
            "f6bc0a44d858087a68eb8176",
            "6bc0a44d858087a68eb81766",
            "bc0a44d858087a68eb81766d",
            "c0a44d858087a68eb81766d7",
            "0a44d858087a68eb8176",
            "a44d858087a68eb81766",
            "44d858087a68eb81766d",
            "4d858087a68eb81766d7",
            "d858087a68eb8176",
            "858087a68eb81766",
            "58087a68eb81766d",
            "8087a68eb81766d7",
            "087a68eb8176",
            "87a68eb81766",
            "7a68eb81766d",
            "a68eb81766d7",
            "68eb8176",
            "8eb81766",
            "eb81766d",
            "b81766d7",
            "8176",
            "1766",
            "766d",
            "66d7",
            "ff38c5a6f63042468adb5dfd67d81732",
            "f38c5a6f63042468adb5dfd67d81",
            "38c5a6f63042468adb5dfd67d817",
            "8c5a6f63042468adb5dfd67d8173",
            "c5a6f63042468adb5dfd67d81732",
            "5a6f63042468adb5dfd67d81",
            "a6f63042468adb5dfd67d817",
            "6f63042468adb5dfd67d8173",
            "f63042468adb5dfd67d81732",
            "63042468adb5dfd67d81",
            "3042468adb5dfd67d817",
            "042468adb5dfd67d8173",
            "42468adb5dfd67d81732",
            "2468adb5dfd67d81",
            "468adb5dfd67d817",
            "68adb5dfd67d8173",
            "8adb5dfd67d81732",
            "adb5dfd67d81",
            "db5dfd67d817",
            "b5dfd67d8173",
            "5dfd67d81732",
            "dfd67d81",
            "fd67d817",
            "d67d8173",
            "67d81732",
            "7d81",
            "d817",
            "8173",
            "1732",
            "dded5a243bb54fed96bfc6bc474aa244",
            "ded5a243bb54fed96bfc6bc474aa",
            "ed5a243bb54fed96bfc6bc474aa2",
            "d5a243bb54fed96bfc6bc474aa24",
            "5a243bb54fed96bfc6bc474aa244",
            "a243bb54fed96bfc6bc474aa",
            "243bb54fed96bfc6bc474aa2",
            "43bb54fed96bfc6bc474aa24",
            "3bb54fed96bfc6bc474aa244",
            "bb54fed96bfc6bc474aa",
            "b54fed96bfc6bc474aa2",
            "54fed96bfc6bc474aa24",
            "4fed96bfc6bc474aa244",
            "fed96bfc6bc474aa",
            "ed96bfc6bc474aa2",
            "d96bfc6bc474aa24",
            "96bfc6bc474aa244",
            "6bfc6bc474aa",
            "bfc6bc474aa2",
            "fc6bc474aa24",
            "c6bc474aa244",
            "6bc474aa",
            "bc474aa2",
            "c474aa24",
            "474aa244",
            "74aa",
            "4aa2",
            "aa24",
            "a244",
            "b4d63e7d9e4b435aac056bcae361cf8a",
            "4d63e7d9e4b435aac056bcae361c",
            "d63e7d9e4b435aac056bcae361cf",
            "63e7d9e4b435aac056bcae361cf8",
            "3e7d9e4b435aac056bcae361cf8a",
            "e7d9e4b435aac056bcae361c",
            "7d9e4b435aac056bcae361cf",
            "d9e4b435aac056bcae361cf8",
            "9e4b435aac056bcae361cf8a",
            "e4b435aac056bcae361c",
            "4b435aac056bcae361cf",
            "b435aac056bcae361cf8",
            "435aac056bcae361cf8a",
            "35aac056bcae361c",
            "5aac056bcae361cf",
            "aac056bcae361cf8",
            "ac056bcae361cf8a",
            "c056bcae361c",
            "056bcae361cf",
            "56bcae361cf8",
            "6bcae361cf8a",
            "bcae361c",
            "cae361cf",
            "ae361cf8",
            "e361cf8a",
            "361c",
            "61cf",
            "1cf8",
            "cf8a",
            "4e6967a467d0492c8460b5b56ec82e35",
            "e6967a467d0492c8460b5b56ec82",
            "6967a467d0492c8460b5b56ec82e",
            "967a467d0492c8460b5b56ec82e3",
            "67a467d0492c8460b5b56ec82e35",
            "7a467d0492c8460b5b56ec82",
            "a467d0492c8460b5b56ec82e",
            "467d0492c8460b5b56ec82e3",
            "67d0492c8460b5b56ec82e35",
            "7d0492c8460b5b56ec82",
            "d0492c8460b5b56ec82e",
            "0492c8460b5b56ec82e3",
            "492c8460b5b56ec82e35",
            "92c8460b5b56ec82",
            "2c8460b5b56ec82e",
            "c8460b5b56ec82e3",
            "8460b5b56ec82e35",
            "460b5b56ec82",
            "60b5b56ec82e",
            "0b5b56ec82e3",
            "b5b56ec82e35",
            "5b56ec82",
            "b56ec82e",
            "56ec82e3",
            "6ec82e35",
            "ec82",
            "c82e",
            "82e3",
            "2e35",
            "5510e1b68fd64436ac14e0e45af4efab",
            "510e1b68fd64436ac14e0e45af4e",
            "10e1b68fd64436ac14e0e45af4ef",
            "0e1b68fd64436ac14e0e45af4efa",
            "e1b68fd64436ac14e0e45af4efab",
            "1b68fd64436ac14e0e45af4e",
            "b68fd64436ac14e0e45af4ef",
            "68fd64436ac14e0e45af4efa",
            "8fd64436ac14e0e45af4efab",
            "fd64436ac14e0e45af4e",
            "d64436ac14e0e45af4ef",
            "64436ac14e0e45af4efa",
            "4436ac14e0e45af4efab",
            "436ac14e0e45af4e",
            "36ac14e0e45af4ef",
            "6ac14e0e45af4efa",
            "ac14e0e45af4efab",
            "c14e0e45af4e",
            "14e0e45af4ef",
            "4e0e45af4efa",
            "e0e45af4efab",
            "0e45af4e",
            "e45af4ef",
            "45af4efa",
            "5af4efab",
            "af4e",
            "f4ef",
            "4efa",
            "efab",
            "74534355f0e94cdba9309ed01533095d",
            "4534355f0e94cdba9309ed015330",
            "534355f0e94cdba9309ed0153309",
            "34355f0e94cdba9309ed01533095",
            "4355f0e94cdba9309ed01533095d",
            "355f0e94cdba9309ed015330",
            "55f0e94cdba9309ed0153309",
            "5f0e94cdba9309ed01533095",
            "f0e94cdba9309ed01533095d",
            "0e94cdba9309ed015330",
            "e94cdba9309ed0153309",
            "94cdba9309ed01533095",
            "4cdba9309ed01533095d",
            "cdba9309ed015330",
            "dba9309ed0153309",
            "ba9309ed01533095",
            "a9309ed01533095d",
            "9309ed015330",
            "309ed0153309",
            "09ed01533095",
            "9ed01533095d",
            "ed015330",
            "d0153309",
            "01533095",
            "1533095d",
            "5330",
            "3309",
            "3095",
            "095d",
            "96ced60073ee4c2a9539624d536917a9",
            "6ced60073ee4c2a9539624d53691",
            "ced60073ee4c2a9539624d536917",
            "ed60073ee4c2a9539624d536917a",
            "d60073ee4c2a9539624d536917a9",
            "60073ee4c2a9539624d53691",
            "0073ee4c2a9539624d536917",
            "073ee4c2a9539624d536917a",
            "73ee4c2a9539624d536917a9",
            "3ee4c2a9539624d53691",
            "ee4c2a9539624d536917",
            "e4c2a9539624d536917a",
            "4c2a9539624d536917a9",
            "c2a9539624d53691",
            "2a9539624d536917",
            "a9539624d536917a",
            "9539624d536917a9",
            "539624d53691",
            "39624d536917",
            "9624d536917a",
            "624d536917a9",
            "24d53691",
            "4d536917",
            "d536917a",
            "536917a9",
            "3691",
            "6917",
            "917a",
            "17a9",
            "7168cb2bdb644ae0a076c3dddf999620",
            "168cb2bdb644ae0a076c3dddf999",
            "68cb2bdb644ae0a076c3dddf9996",
            "8cb2bdb644ae0a076c3dddf99962",
            "cb2bdb644ae0a076c3dddf999620",
            "b2bdb644ae0a076c3dddf999",
            "2bdb644ae0a076c3dddf9996",
            "bdb644ae0a076c3dddf99962",
            "db644ae0a076c3dddf999620",
            "b644ae0a076c3dddf999",
            "644ae0a076c3dddf9996",
            "44ae0a076c3dddf99962",
            "4ae0a076c3dddf999620",
            "ae0a076c3dddf999",
            "e0a076c3dddf9996",
            "0a076c3dddf99962",
            "a076c3dddf999620",
            "076c3dddf999",
            "76c3dddf9996",
            "6c3dddf99962",
            "c3dddf999620",
            "3dddf999",
            "dddf9996",
            "ddf99962",
            "df999620",
            "f999",
            "9996",
            "9962",
            "9620",
            "738bb41767ff4255a01b4fc82e79ba53",
            "38bb41767ff4255a01b4fc82e79b",
            "8bb41767ff4255a01b4fc82e79ba",
            "bb41767ff4255a01b4fc82e79ba5",
            "b41767ff4255a01b4fc82e79ba53",
            "41767ff4255a01b4fc82e79b",
            "1767ff4255a01b4fc82e79ba",
            "767ff4255a01b4fc82e79ba5",
            "67ff4255a01b4fc82e79ba53",
            "7ff4255a01b4fc82e79b",
            "ff4255a01b4fc82e79ba",
            "f4255a01b4fc82e79ba5",
            "4255a01b4fc82e79ba53",
            "255a01b4fc82e79b",
            "55a01b4fc82e79ba",
            "5a01b4fc82e79ba5",
            "a01b4fc82e79ba53",
            "01b4fc82e79b",
            "1b4fc82e79ba",
            "b4fc82e79ba5",
            "4fc82e79ba53",
            "fc82e79b",
            "c82e79ba",
            "82e79ba5",
            "2e79ba53",
            "e79b",
            "79ba",
            "ba53",
            "d4979c2f76ee48ee9958d9f46617db1a",
            "4979c2f76ee48ee9958d9f46617d",
            "979c2f76ee48ee9958d9f46617db",
            "79c2f76ee48ee9958d9f46617db1",
            "9c2f76ee48ee9958d9f46617db1a",
            "c2f76ee48ee9958d9f46617d",
            "2f76ee48ee9958d9f46617db",
            "f76ee48ee9958d9f46617db1",
            "76ee48ee9958d9f46617db1a",
            "6ee48ee9958d9f46617d",
            "ee48ee9958d9f46617db",
            "e48ee9958d9f46617db1",
            "48ee9958d9f46617db1a",
            "8ee9958d9f46617d",
            "ee9958d9f46617db",
            "e9958d9f46617db1",
            "9958d9f46617db1a",
            "958d9f46617d",
            "58d9f46617db",
            "8d9f46617db1",
            "d9f46617db1a",
            "9f46617d",
            "f46617db",
            "46617db1",
            "6617db1a",
            "617d",
            "7db1",
            "db1a",
            "e161d821e7c841cd801d289b5b42077d",
            "161d821e7c841cd801d289b5b420",
            "61d821e7c841cd801d289b5b4207",
            "1d821e7c841cd801d289b5b42077",
            "d821e7c841cd801d289b5b42077d",
            "821e7c841cd801d289b5b420",
            "21e7c841cd801d289b5b4207",
            "1e7c841cd801d289b5b42077",
            "e7c841cd801d289b5b42077d",
            "7c841cd801d289b5b420",
            "c841cd801d289b5b4207",
            "841cd801d289b5b42077",
            "41cd801d289b5b42077d",
            "1cd801d289b5b420",
            "cd801d289b5b4207",
            "d801d289b5b42077",
            "801d289b5b42077d",
            "01d289b5b420",
            "1d289b5b4207",
            "d289b5b42077",
            "289b5b42077d",
            "89b5b420",
            "9b5b4207",
            "b5b42077",
            "5b42077d",
            "b420",
            "4207",
            "2077",
            "077d",
            "64105168130e48268432a0ff140d0222",
            "4105168130e48268432a0ff140d0",
            "105168130e48268432a0ff140d02",
            "05168130e48268432a0ff140d022",
            "5168130e48268432a0ff140d0222",
            "168130e48268432a0ff140d0",
            "68130e48268432a0ff140d02",
            "8130e48268432a0ff140d022",
            "130e48268432a0ff140d0222",
            "30e48268432a0ff140d0",
            "0e48268432a0ff140d02",
            "e48268432a0ff140d022",
            "48268432a0ff140d0222",
            "8268432a0ff140d0",
            "268432a0ff140d02",
            "68432a0ff140d022",
            "8432a0ff140d0222",
            "432a0ff140d0",
            "32a0ff140d02",
            "2a0ff140d022",
            "a0ff140d0222",
            "0ff140d0",
            "ff140d02",
            "f140d022",
            "140d0222",
            "40d0",
            "0d02",
            "d022",
            "0222",
            "0e7dab93662a4859bdd9bed4abbe4b2e",
            "e7dab93662a4859bdd9bed4abbe4",
            "7dab93662a4859bdd9bed4abbe4b",
            "dab93662a4859bdd9bed4abbe4b2",
            "ab93662a4859bdd9bed4abbe4b2e",
            "b93662a4859bdd9bed4abbe4",
            "93662a4859bdd9bed4abbe4b",
            "3662a4859bdd9bed4abbe4b2",
            "662a4859bdd9bed4abbe4b2e",
            "62a4859bdd9bed4abbe4",
            "2a4859bdd9bed4abbe4b",
            "a4859bdd9bed4abbe4b2",
            "4859bdd9bed4abbe4b2e",
            "859bdd9bed4abbe4",
            "59bdd9bed4abbe4b",
            "9bdd9bed4abbe4b2",
            "bdd9bed4abbe4b2e",
            "dd9bed4abbe4",
            "d9bed4abbe4b",
            "9bed4abbe4b2",
            "bed4abbe4b2e",
            "ed4abbe4",
            "d4abbe4b",
            "4abbe4b2",
            "abbe4b2e",
            "bbe4",
            "be4b",
            "e4b2",
            "4b2e",
            "401ed9364ae24df3876c785c56839617",
            "01ed9364ae24df3876c785c56839",
            "1ed9364ae24df3876c785c568396",
            "ed9364ae24df3876c785c5683961",
            "d9364ae24df3876c785c56839617",
            "9364ae24df3876c785c56839",
            "364ae24df3876c785c568396",
            "64ae24df3876c785c5683961",
            "4ae24df3876c785c56839617",
            "ae24df3876c785c56839",
            "e24df3876c785c568396",
            "24df3876c785c5683961",
            "4df3876c785c56839617",
            "df3876c785c56839",
            "f3876c785c568396",
            "3876c785c5683961",
            "876c785c56839617",
            "76c785c56839",
            "6c785c568396",
            "c785c5683961",
            "785c56839617",
            "85c56839",
            "5c568396",
            "c5683961",
            "56839617",
            "6839",
            "8396",
            "3961",
            "9617",
            "540941d27d7841a683d84c5f658b672d",
            "40941d27d7841a683d84c5f658b6",
            "0941d27d7841a683d84c5f658b67",
            "941d27d7841a683d84c5f658b672",
            "41d27d7841a683d84c5f658b672d",
            "1d27d7841a683d84c5f658b6",
            "d27d7841a683d84c5f658b67",
            "27d7841a683d84c5f658b672",
            "7d7841a683d84c5f658b672d",
            "d7841a683d84c5f658b6",
            "7841a683d84c5f658b67",
            "841a683d84c5f658b672",
            "41a683d84c5f658b672d",
            "1a683d84c5f658b6",
            "a683d84c5f658b67",
            "683d84c5f658b672",
            "83d84c5f658b672d",
            "3d84c5f658b6",
            "d84c5f658b67",
            "84c5f658b672",
            "4c5f658b672d",
            "c5f658b6",
            "5f658b67",
            "f658b672",
            "658b672d",
            "58b6",
            "8b67",
            "b672",
            "672d",
            "DNmxNg5q878ibPLG",
            "NmxNg5q878ibPLGT",
            "mxNg5q878ibPLGTS",
            "xNg5q878ibPLGTSr",
            "Ng5q878ibPLG",
            "g5q878ibPLGT",
            "5q878ibPLGTS",
            "q878ibPLGTSr",
            "878ibPLG",
            "78ibPLGT",
            "8ibPLGTS",
            "ibPLGTSr",
            "bPLG",
            "PLGT",
            "LGTS",
            "GTSr",
            "g91b9c41d2ff549a58f4d9ee3b69c22c",
            "91b9c41d2ff549a58f4d9ee3b69c22c1",
            "1b9c41d2ff549a58f4d9ee3b69c2",
            "b9c41d2ff549a58f4d9ee3b69c22",
            "9c41d2ff549a58f4d9ee3b69c22c",
            "c41d2ff549a58f4d9ee3b69c22c1",
            "41d2ff549a58f4d9ee3b69c2",
            "1d2ff549a58f4d9ee3b69c22",
            "d2ff549a58f4d9ee3b69c22c",
            "2ff549a58f4d9ee3b69c22c1",
            "ff549a58f4d9ee3b69c2",
            "f549a58f4d9ee3b69c22",
            "549a58f4d9ee3b69c22c",
            "49a58f4d9ee3b69c22c1",
            "9a58f4d9ee3b69c2",
            "a58f4d9ee3b69c22",
            "58f4d9ee3b69c22c",
            "8f4d9ee3b69c22c1",
            "f4d9ee3b69c2",
            "4d9ee3b69c22",
            "d9ee3b69c22c",
            "9ee3b69c22c1",
            "ee3b69c2",
            "e3b69c22",
            "3b69c22c",
            "b69c22c1",
            "69c2",
            "9c22",
            "c22c",
            "22c1",
            "VpyhPa5k11UX6tMC",
            "pyhPa5k11UX6tMCY",
            "yhPa5k11UX6tMCYD",
            "hPa5k11UX6tMCYDW",
            "Pa5k11UX6tMC",
            "a5k11UX6tMCY",
            "5k11UX6tMCYD",
            "k11UX6tMCYDW",
            "11UX6tMC",
            "1UX6tMCY",
            "UX6tMCYD",
            "X6tMCYDW",
            "6tMC",
            "tMCY",
            "MCYD",
            "CYDW",
            "rFVptZ5YC9Y6LtC9",
            "FVptZ5YC9Y6LtC93",
            "VptZ5YC9Y6LtC93F",
            "ptZ5YC9Y6LtC93FG",
            "tZ5YC9Y6LtC9",
            "Z5YC9Y6LtC93",
            "5YC9Y6LtC93F",
            "YC9Y6LtC93FG",
            "C9Y6LtC9",
            "9Y6LtC93",
            "Y6LtC93F",
            "6LtC93FG",
            "LtC9",
            "tC93",
            "C93F",
            "93FG",
            "qZWKPRvt",
            "ZWKPRvtU",
            "WKPRvtUw",
            "KPRv",
            "PRvt",
            "RvtU",
            "vtUw",
            "xU5KTNhi",
            "U5KTNhi1",
            "5KTNhi10",
            "KTNh",
            "TNhi",
            "Nhi1",
            "hi10",
            "FcNKlC8C",
            "cNKlC8Ck",
            "NKlC8CkX",
            "KlC8",
            "lC8C",
            "C8Ck",
            "8CkX",
            "gsBKLw5R",
            "sBKLw5RI",
            "BKLw5RIn",
            "KLw5",
            "Lw5R",
            "w5RI",
            "5RIn",
            "XFsKftd6",
            "FsKftd6H",
            "sKftd6Hn",
            "Kftd",
            "ftd6",
            "td6H",
            "d6Hn",
            "Wj5KDxBu",
            "j5KDxBug",
            "5KDxBuga",
            "KDxB",
            "DxBu",
            "xBug",
            "Buga",
            "RLgKvXBR",
            "LgKvXBRF",
            "gKvXBRFX",
            "KvXB",
            "vXBR",
            "XBRF",
            "BRFX",
            "xxdKXWEV",
            "xdKXWEVI",
            "dKXWEVIW",
            "KXWE",
            "XWEV",
            "WEVI",
            "EVIW",
            "DtbK9Qe5",
            "tbK9Qe5v",
            "bK9Qe5vx",
            "K9Qe",
            "9Qe5",
            "Qe5v",
            "e5vx",
            "D09KkCH2",
            "09KkCH2F",
            "9KkCH2FJ",
            "KkCH",
            "kCH2",
            "CH2F",
            "H2FJ",
            "cPdK2Od0",
            "PdK2Od0V",
            "dK2Od0VI",
            "K2Od",
            "2Od0",
            "Od0V",
            "d0VI",
            "yKaKwbpY",
            "KaKwbpYc",
            "aKwbpYcV",
            "Kwbp",
            "wbpY",
            "bpYc",
            "pYcV",
            "RcsKyfhr",
            "csKyfhrR",
            "sKyfhrRO",
            "Kyfh",
            "yfhr",
            "fhrR",
            "hrRO",
            "vQhKJpW0",
            "QhKJpW07",
            "hKJpW07a",
            "KJpW",
            "JpW0",
            "pW07",
            "W07a",
            "xrrKSe2j",
            "rrKSe2jg",
            "rKSe2jgd",
            "KSe2",
            "Se2j",
            "e2jg",
            "2jgd",
            "m18KgOpA",
            "18KgOpAX",
            "8KgOpAX1",
            "KgOp",
            "gOpA",
            "OpAX",
            "pAX1",
            "PaddingM",
            "addingMo",
            "ddingMod",
            "dingMode",
            "ingM",
            "px4KaB8p",
            "x4KaB8pG",
            "4KaB8pGg",
            "KaB8",
            "aB8p",
            "B8pG",
            "8pGg",
            "w0lKA1Ow",
            "0lKA1Owu",
            "lKA1OwuY",
            "KA1O",
            "A1Ow",
            "1Owu",
            "OwuY",
            "eE0KoJKX",
            "E0KoJKXq",
            "0KoJKXqy",
            "KoJK",
            "oJKX",
            "JKXq",
            "KXqy",
            "QJMKbShm",
            "JMKbShmc",
            "MKbShmch",
            "KbSh",
            "bShm",
            "Shmc",
            "hmch",
            "M6SKitZI",
            "6SKitZIF",
            "SKitZIFF",
            "KitZ",
            "itZI",
            "tZIF",
            "ZIFF",
            "PL2Kd2ED",
            "L2Kd2EDs",
            "2Kd2EDs5",
            "Kd2E",
            "d2ED",
            "2EDs",
            "EDs5",
            "olvKMpST",
            "lvKMpST6",
            "vKMpST6L",
            "KMpS",
            "MpST",
            "pST6",
            "ST6L",
            "SS5KzU73",
            "S5KzU73o",
            "5KzU73oH",
            "KzU7",
            "zU73",
            "U73o",
            "73oH",
            "h3EUHD6s",
            "3EUHD6sn",
            "EUHD6snJ",
            "UHD6",
            "HD6s",
            "D6sn",
            "6snJ",
            "g43UEkj6",
            "43UEkj6W",
            "3UEkj6W6",
            "UEkj",
            "Ekj6",
            "kj6W",
            "j6W6",
            "evyU7ZuJ",
            "vyU7ZuJV",
            "yU7ZuJVm",
            "U7Zu",
            "7ZuJ",
            "ZuJV",
            "uJVm",
            "xRJUN4dO",
            "RJUN4dOi",
            "JUN4dOiH",
            "UN4d",
            "N4dO",
            "4dOi",
            "dOiH",
            "knoU6RZS",
            "noU6RZSg",
            "oU6RZSgm",
            "U6RZ",
            "6RZS",
            "RZSg",
            "ZSgm",
            "OOCUBtr2",
            "OCUBtr21",
            "CUBtr21p",
            "UBtr",
            "Btr2",
            "tr21",
            "r21p",
            "kuRUUgdf",
            "uRUUgdfI",
            "RUUgdfIM",
            "UUgd",
            "Ugdf",
            "gdfI",
            "dfIM",
            "CsJUTyPc",
            "sJUTyPcC",
            "JUTyPcCe",
            "UTyP",
            "TyPc",
            "yPcC",
            "PcCe",
            "XdUUPDjE",
            "dUUPDjEG",
            "UUPDjEGs",
            "UPDj",
            "PDjE",
            "DjEG",
            "jEGs",
            "gPZUlOnM",
            "PZUlOnMT",
            "ZUlOnMT4",
            "UlOn",
            "lOnM",
            "OnMT",
            "nMT4",
            "UAlULmsu",
            "AlULmsur",
            "lULmsurc",
            "ULms",
            "Lmsu",
            "msur",
            "surc",
            "FTeUfsej",
            "TeUfsejb",
            "eUfsejbQ",
            "Ufse",
            "fsej",
            "sejb",
            "ejbQ",
            "wR0UD89R",
            "R0UD89RC",
            "0UD89RCd",
            "UD89",
            "D89R",
            "89RC",
            "9RCd",
            "bjgUv2VQ",
            "jgUv2VQ7",
            "gUv2VQ7i",
            "Uv2V",
            "v2VQ",
            "2VQ7",
            "VQ7i",
            "CuoUXMDV",
            "uoUXMDV7",
            "oUXMDV7r",
            "UXMD",
            "XMDV",
            "MDV7",
            "DV7r",
            "DeOU9Hkx",
            "eOU9Hkxb",
            "OU9HkxbM",
            "U9Hk",
            "9Hkx",
            "Hkxb",
            "kxbM",
            "BoCUk6bq",
            "oCUk6bqB",
            "CUk6bqB9",
            "Uk6b",
            "k6bq",
            "6bqB",
            "bqB9",
            "zvNU26v8",
            "vNU26v89",
            "NU26v89R",
            "U26v",
            "26v8",
            "6v89",
            "v89R",
            "CLTUwaIx",
            "LTUwaIxn",
            "TUwaIxnQ",
            "UwaI",
            "waIx",
            "aIxn",
            "IxnQ",
            "eN4UyhCd",
            "N4UyhCdg",
            "4UyhCdgf",
            "UyhC",
            "yhCd",
            "hCdg",
            "Cdgf",
            "IypUJJjW",
            "ypUJJjWa",
            "pUJJjWaN",
            "UJJj",
            "JJjW",
            "JjWa",
            "jWaN",
            "KCmUScVx",
            "CmUScVxB",
            "mUScVxBh",
            "UScV",
            "ScVx",
            "cVxB",
            "VxBh",
            "pnJUgjOw",
            "nJUgjOwl",
            "JUgjOwlZ",
            "UgjO",
            "gjOw",
            "jOwl",
            "OwlZ",
            "K6FUaOTh",
            "6FUaOThw",
            "FUaOThwb",
            "UaOT",
            "aOTh",
            "OThw",
            "Thwb",
            "mRvUA5kZ",
            "RvUA5kZK",
            "vUA5kZKC",
            "UA5k",
            "A5kZ",
            "5kZK",
            "kZKC",
            "JxjUoUkK",
            "xjUoUkKg",
            "jUoUkKgF",
            "UoUk",
            "oUkK",
            "UkKg",
            "kKgF",
            "tILUbGYL",
            "ILUbGYLL",
            "LUbGYLLQ",
            "UbGY",
            "bGYL",
            "GYLL",
            "YLLQ",
            "SExUiIZv",
            "ExUiIZv4",
            "xUiIZv4q",
            "UiIZ",
            "iIZv",
            "IZv4",
            "Zv4q",
            "dZ9Udp2P",
            "Z9Udp2Ph",
            "9Udp2Ph8",
            "Udp2",
            "dp2P",
            "p2Ph",
            "2Ph8",
            "KIZUM1JF",
            "IZUM1JFs",
            "ZUM1JFsH",
            "UM1J",
            "M1JF",
            "1JFs",
            "JFsH",
            "hJvUzq3i",
            "JvUzq3ib",
            "vUzq3ibx",
            "Uzq3",
            "zq3i",
            "q3ib",
            "3ibx",
            "EHJrHKWf",
            "HJrHKWft",
            "JrHKWftl",
            "rHKW",
            "HKWf",
            "KWft",
            "Wftl",
            "obBrEfWn",
            "bBrEfWn0",
            "BrEfWn0J",
            "rEfW",
            "EfWn",
            "fWn0",
            "Wn0J",
            "n20r7QTe",
            "20r7QTex",
            "0r7QTexy",
            "r7QT",
            "7QTe",
            "QTex",
            "Texy",
            "Of7rNCiI",
            "f7rNCiIv",
            "7rNCiIvM",
            "rNCi",
            "NCiI",
            "CiIv",
            "iIvM",
            "Giir6unb",
            "iir6unb2",
            "ir6unb26",
            "r6un",
            "6unb",
            "unb2",
            "nb26",
            "yWWrBpEd",
            "WWrBpEdk",
            "WrBpEdkG",
            "rBpE",
            "BpEd",
            "pEdk",
            "EdkG",
            "A1HrUmdd",
            "1HrUmdd6",
            "HrUmdd6Q",
            "rUmd",
            "Umdd",
            "mdd6",
            "dd6Q",
            "JI4rTP5I",
            "I4rTP5IQ",
            "4rTP5IQ0",
            "rTP5",
            "TP5I",
            "P5IQ",
            "5IQ0",
            "GZdrPIha",
            "ZdrPIhaS",
            "drPIhaS3",
            "rPIh",
            "PIha",
            "IhaS",
            "haS3",
            "u4Jrl70r",
            "4Jrl70r6",
            "Jrl70r6u",
            "rl70",
            "l70r",
            "70r6",
            "0r6u",
            "nAtrLV7V",
            "AtrLV7Vv",
            "trLV7VvZ",
            "rLV7",
            "LV7V",
            "V7Vv",
            "7VvZ",
            "JjVrfWsd",
            "jVrfWsd2",
            "VrfWsd2D",
            "rfWs",
            "fWsd",
            "Wsd2",
            "sd2D",
            "uobrD8Kj",
            "obrD8KjE",
            "brD8KjEu",
            "rD8K",
            "D8Kj",
            "8KjE",
            "KjEu",
            "OrFrvpuB",
            "rFrvpuBE",
            "FrvpuBER",
            "rvpu",
            "vpuB",
            "puBE",
            "uBER",
            "TElrXkTC",
            "ElrXkTCa",
            "lrXkTCai",
            "rXkT",
            "XkTC",
            "kTCa",
            "TCai",
            "wdLr9ill",
            "dLr9illv",
            "Lr9illvs",
            "r9il",
            "9ill",
            "illv",
            "llvs",
            "NmmrkYrh",
            "mmrkYrh5",
            "mrkYrh5L",
            "rkYr",
            "kYrh",
            "Yrh5",
            "rh5L",
            "b2yr2b0Z",
            "2yr2b0Z8",
            "yr2b0Z8E",
            "r2b0",
            "2b0Z",
            "b0Z8",
            "0Z8E",
            "IUxrwHhO",
            "UxrwHhOA",
            "xrwHhOAo",
            "rwHh",
            "wHhO",
            "HhOA",
            "hOAo",
            "NoprydPx",
            "oprydPxB",
            "prydPxBq",
            "rydP",
            "ydPx",
            "dPxB",
            "PxBq",
            "kRbrJyOr",
            "RbrJyOrp",
            "brJyOrpZ",
            "rJyO",
            "JyOr",
            "yOrp",
            "OrpZ",
            "uDwrSyg0",
            "DwrSyg0D",
            "wrSyg0Dd",
            "rSyg",
            "Syg0",
            "yg0D",
            "g0Dd",
            "QMUrgmCw",
            "MUrgmCwX",
            "UrgmCwXd",
            "rgmC",
            "gmCw",
            "mCwX",
            "CwXd",
            "Cg1ra3IA",
            "g1ra3IAM",
            "1ra3IAMY",
            "ra3I",
            "a3IA",
            "3IAM",
            "IAMY",
            "xYZrA1Uw",
            "YZrA1Uw3",
            "ZrA1Uw32",
            "rA1U",
            "A1Uw",
            "1Uw3",
            "Uw32",
            "F9wro6CN",
            "9wro6CNG",
            "wro6CNG0",
            "ro6C",
            "o6CN",
            "6CNG",
            "CNG0",
            "MSgrbV6y",
            "SgrbV6ya",
            "grbV6yaE",
            "rbV6",
            "bV6y",
            "V6ya",
            "6yaE",
            "od0riK5t",
            "d0riK5tq",
            "0riK5tqi",
            "riK5",
            "iK5t",
            "K5tq",
            "5tqi",
            "h6srdQnA",
            "6srdQnAK",
            "srdQnAKC",
            "rdQn",
            "dQnA",
            "QnAK",
            "nAKC",
            "odXrMH1w",
            "dXrMH1wd",
            "XrMH1wdH",
            "rMH1",
            "MH1w",
            "H1wd",
            "1wdH",
            "AqRrzUbA",
            "qRrzUbAZ",
            "RrzUbAZI",
            "rzUb",
            "zUbA",
            "UbAZ",
            "bAZI",
            "Q3VTH1TE",
            "3VTH1TE6",
            "VTH1TE6K",
            "TH1T",
            "H1TE",
            "1TE6",
            "TE6K",
            "knOTEL4E",
            "nOTEL4Er",
            "OTEL4ErE",
            "TEL4",
            "EL4E",
            "L4Er",
            "4ErE",
            "GBTT7pvq",
            "BTT7pvq9",
            "TT7pvq9y",
            "T7pv",
            "7pvq",
            "pvq9",
            "vq9y",
            "L9hTNpje",
            "9hTNpje0",
            "hTNpje0R",
            "TNpj",
            "Npje",
            "pje0",
            "je0R",
            "ifyT6Tbl",
            "fyT6Tbl5",
            "yT6Tbl5Q",
            "T6Tb",
            "6Tbl",
            "Tbl5",
            "bl5Q",
            "tOfTB4qG",
            "OfTB4qGc",
            "fTB4qGcQ",
            "TB4q",
            "B4qG",
            "4qGc",
            "qGcQ",
            "SJjTU4Sr",
            "JjTU4SrD",
            "jTU4SrDe",
            "TU4S",
            "U4Sr",
            "4SrD",
            "SrDe",
            "CN4TTFri",
            "N4TTFriX",
            "4TTFriXY",
            "TTFr",
            "TFri",
            "FriX",
            "riXY",
            "La6TPBws",
            "a6TPBwsf",
            "6TPBwsft",
            "TPBw",
            "PBws",
            "Bwsf",
            "wsft",
            "CX7Tlfqy",
            "X7Tlfqye",
            "7Tlfqyes",
            "Tlfq",
            "lfqy",
            "fqye",
            "qyes",
            "SNoTL3PL",
            "NoTL3PLd",
            "oTL3PLdP",
            "TL3P",
            "L3PL",
            "3PLd",
            "PLdP",
            "xc9TfobJ",
            "c9TfobJr",
            "9TfobJr8",
            "Tfob",
            "fobJ",
            "obJr",
            "bJr8",
            "aQmTD3ss",
            "QmTD3ssU",
            "mTD3ssUQ",
            "TD3s",
            "D3ss",
            "3ssU",
            "ssUQ",
            "rS8TvVyv",
            "S8TvVyvk",
            "8TvVyvkX",
            "TvVy",
            "vVyv",
            "Vyvk",
            "yvkX",
            "X7uTXcTH",
            "7uTXcTHD",
            "uTXcTHDh",
            "TXcT",
            "XcTH",
            "cTHD",
            "THDh",
            "hBBT9uka",
            "BBT9ukaH",
            "BT9ukaHB",
            "T9uk",
            "9uka",
            "ukaH",
            "kaHB",
            "sDGTky5T",
            "DGTky5TQ",
            "GTky5TQh",
            "Tky5",
            "ky5T",
            "y5TQ",
            "5TQh",
            "xGRT2MGR",
            "GRT2MGRP",
            "RT2MGRPW",
            "T2MG",
            "2MGR",
            "MGRP",
            "GRPW",
            "R3rTwK11",
            "3rTwK117",
            "rTwK117h",
            "TwK1",
            "wK11",
            "K117",
            "117h",
            "LeUTyoqt",
            "eUTyoqtQ",
            "UTyoqtQm",
            "Tyoq",
            "yoqt",
            "oqtQ",
            "qtQm",
            "NMTTJV0Y",
            "MTTJV0Y0",
            "TTJV0Y0x",
            "TJV0",
            "JV0Y",
            "V0Y0",
            "0Y0x",
            "qRtTSSTK",
            "RtTSSTK8",
            "tTSSTK88",
            "TSST",
            "SSTK",
            "STK8",
            "TK88",
            "JVyTg9ic",
            "VyTg9icZ",
            "yTg9icZR",
            "Tg9i",
            "g9ic",
            "9icZ",
            "icZR",
            "WLaTau2P",
            "LaTau2P5",
            "aTau2P52",
            "Tau2",
            "au2P",
            "u2P5",
            "2P52",
            "ROFTALAV",
            "OFTALAVR",
            "FTALAVR0",
            "TALA",
            "ALAV",
            "LAVR",
            "AVR0",
            "CagToIC1",
            "agToIC1B",
            "gToIC1B7",
            "ToIC",
            "oIC1",
            "IC1B",
            "C1B7",
            "lcMTbCSR",
            "cMTbCSRk",
            "MTbCSRkd",
            "TbCS",
            "bCSR",
            "CSRk",
            "SRkd",
            "IZYTiIY3",
            "ZYTiIY3u",
            "YTiIY3uo",
            "TiIY",
            "iIY3",
            "IY3u",
            "Y3uo",
            "D0ZTdqaH",
            "0ZTdqaHt",
            "ZTdqaHt5",
            "Tdqa",
            "dqaH",
            "qaHt",
            "aHt5",
            "GKOTMEFc",
            "KOTMEFcV",
            "OTMEFcVW",
            "TMEF",
            "MEFc",
            "EFcV",
            "FcVW",
            "lODTz01o",
            "ODTz01oE",
            "DTz01oEg",
            "Tz01",
            "z01o",
            "01oE",
            "1oEg",
            "cOYeHy2q",
            "OYeHy2qU",
            "YeHy2qUi",
            "eHy2",
            "Hy2q",
            "y2qU",
            "2qUi",
            "V2YeE8BL",
            "2YeE8BLl",
            "YeE8BLls",
            "eE8B",
            "E8BL",
            "8BLl",
            "BLls",
            "Dppe7RNB",
            "ppe7RNBL",
            "pe7RNBLb",
            "e7RN",
            "7RNB",
            "RNBL",
            "NBLb",
            "hM1eNGGY",
            "M1eNGGYR",
            "1eNGGYRl",
            "eNGG",
            "NGGY",
            "GGYR",
            "GYRl",
            "OrSe6hIi",
            "rSe6hIiI",
            "Se6hIiIL",
            "e6hI",
            "6hIi",
            "hIiI",
            "IiIL",
            "QTYeBAQO",
            "TYeBAQOd",
            "YeBAQOd1",
            "eBAQ",
            "BAQO",
            "AQOd",
            "QOd1",
            "rNQeUXO3",
            "NQeUXO3Q",
            "QeUXO3Qn",
            "eUXO",
            "UXO3",
            "XO3Q",
            "O3Qn",
            "GHKeTUwH",
            "HKeTUwHE",
            "KeTUwHEh",
            "eTUw",
            "TUwH",
            "UwHE",
            "wHEh",
            "YPlePCt9",
            "PlePCt9J",
            "lePCt9JS",
            "ePCt",
            "PCt9",
            "Ct9J",
            "t9JS",
            "EqjeloKL",
            "qjeloKLG",
            "jeloKLGb",
            "eloK",
            "loKL",
            "oKLG",
            "KLGb",
            "vhGeLpn0",
            "hGeLpn0U",
            "GeLpn0UM",
            "eLpn",
            "Lpn0",
            "pn0U",
            "n0UM",
            "FHXefK6Z",
            "HXefK6Ze",
            "XefK6ZeB",
            "efK6",
            "fK6Z",
            "K6Ze",
            "6ZeB",
            "r6seDcy1",
            "6seDcy10",
            "seDcy10q",
            "eDcy",
            "Dcy1",
            "cy10",
            "y10q",
            "gZlevdHZ",
            "ZlevdHZy",
            "levdHZyA",
            "evdH",
            "vdHZ",
            "dHZy",
            "HZyA",
            "l4leXqKL",
            "4leXqKLZ",
            "leXqKLZ1",
            "eXqK",
            "XqKL",
            "qKLZ",
            "KLZ1",
            "D2xe9Yko",
            "2xe9Ykox",
            "xe9Ykoxq",
            "e9Yk",
            "9Yko",
            "Ykox",
            "koxq",
            "V6eek5g6",
            "6eek5g6J",
            "eek5g6J5",
            "ek5g",
            "k5g6",
            "5g6J",
            "g6J5",
            "r7Ie2ts7",
            "7Ie2ts7I",
            "Ie2ts7If",
            "e2ts",
            "2ts7",
            "ts7I",
            "s7If",
            "nsvewIf5",
            "svewIf5s",
            "vewIf5sG",
            "ewIf",
            "wIf5",
            "If5s",
            "f5sG",
            "gqseyjxF",
            "qseyjxFB",
            "seyjxFBO",
            "eyjx",
            "yjxF",
            "jxFB",
            "xFBO",
            "fgqeJFeF",
            "gqeJFeFf",
            "qeJFeFf7",
            "eJFe",
            "JFeF",
            "FeFf",
            "eFf7",
            "fameSKgb",
            "ameSKgbN",
            "meSKgbNH",
            "eSKg",
            "SKgb",
            "KgbN",
            "gbNH",
            "lb1eg47h",
            "b1eg47hd",
            "1eg47hdK",
            "eg47",
            "g47h",
            "47hd",
            "7hdK",
            "BeBeaowp",
            "eBeaowpm",
            "BeaowpmY",
            "eaow",
            "aowp",
            "owpm",
            "wpmY",
            "AJGeAqm3",
            "JGeAqm3e",
            "GeAqm3e4",
            "eAqm",
            "Aqm3",
            "qm3e",
            "m3e4",
            "cfXeoCcu",
            "fXeoCcuc",
            "XeoCcucn",
            "eoCc",
            "oCcu",
            "Ccuc",
            "cucn",
            "ARweb5AO",
            "Rweb5AOO",
            "web5AOOl",
            "eb5A",
            "b5AO",
            "5AOO",
            "AOOl",
            "e0BeiKqI",
            "0BeiKqIj",
            "BeiKqIjG",
            "eiKq",
            "iKqI",
            "KqIj",
            "qIjG",
            "shuedxlQ",
            "huedxlQk",
            "uedxlQkH",
            "edxl",
            "dxlQ",
            "xlQk",
            "lQkH",
            "FPGeMZ9G",
            "PGeMZ9Gm",
            "GeMZ9Gma",
            "eMZ9",
            "MZ9G",
            "Z9Gm",
            "9Gma",
            "m4Lezovd",
            "4Lezovdi",
            "LezovdiQ",
            "ezov",
            "zovd",
            "ovdi",
            "vdiQ",
            "DjKPHNSX",
            "jKPHNSXP",
            "KPHNSXPy",
            "PHNS",
            "HNSX",
            "NSXP",
            "SXPy",
            "LIfPE2fA",
            "IfPE2fA8",
            "fPE2fA84",
            "PE2f",
            "E2fA",
            "2fA8",
            "fA84",
            "DXqP7STU",
            "XqP7STUQ",
            "qP7STUQN",
            "P7ST",
            "7STU",
            "STUQ",
            "TUQN",
            "rqCPN6wJ",
            "qCPN6wJX",
            "CPN6wJXk",
            "PN6w",
            "N6wJ",
            "6wJX",
            "wJXk",
            "dDEP6es9",
            "DEP6es9k",
            "EP6es9kT",
            "P6es",
            "6es9",
            "es9k",
            "s9kT",
            "WuDPBgw2",
            "uDPBgw2j",
            "DPBgw2jC",
            "PBgw",
            "Bgw2",
            "gw2j",
            "w2jC",
            "TVWPU5vc",
            "VWPU5vcV",
            "WPU5vcV0",
            "PU5v",
            "U5vc",
            "5vcV",
            "vcV0",
            "gZ4PTijZ",
            "Z4PTijZK",
            "4PTijZKT",
            "PTij",
            "TijZ",
            "ijZK",
            "jZKT",
            "X3GPPSDH",
            "3GPPSDH0",
            "GPPSDH0M",
            "PPSD",
            "PSDH",
            "SDH0",
            "DH0M",
            "aQyPlp1k",
            "QyPlp1kM",
            "yPlp1kMr",
            "Plp1",
            "lp1k",
            "p1kM",
            "1kMr",
            "PpNPLVs8",
            "pNPLVs8e",
            "NPLVs8ew",
            "PLVs",
            "LVs8",
            "Vs8e",
            "s8ew",
            "BLiPf6BM",
            "LiPf6BM9",
            "iPf6BM9D",
            "Pf6B",
            "f6BM",
            "6BM9",
            "BM9D",
            "utsPD7vH",
            "tsPD7vHc",
            "sPD7vHcU",
            "PD7v",
            "D7vH",
            "7vHc",
            "vHcU",
            "sLPPv1UD",
            "LPPv1UDu",
            "PPv1UDuP",
            "Pv1U",
            "v1UD",
            "1UDu",
            "UDuP",
            "H7tPXrIw",
            "7tPXrIwr",
            "tPXrIwrF",
            "PXrI",
            "XrIw",
            "rIwr",
            "IwrF",
            "cssP9fQv",
            "ssP9fQvf",
            "sP9fQvfX",
            "P9fQ",
            "9fQv",
            "fQvf",
            "QvfX",
            "HmOPk1fk",
            "mOPk1fkU",
            "OPk1fkUp",
            "Pk1f",
            "k1fk",
            "1fkU",
            "fkUp",
            "BfMP2avV",
            "fMP2avVB",
            "MP2avVBg",
            "P2av",
            "2avV",
            "avVB",
            "vVBg",
            "xWtPwDuM",
            "WtPwDuMJ",
            "tPwDuMJ3",
            "PwDu",
            "wDuM",
            "DuMJ",
            "uMJ3",
            "KtcPykgw",
            "tcPykgw9",
            "cPykgw9A",
            "Pykg",
            "ykgw",
            "kgw9",
            "gw9A",
            "zc9PJxGB",
            "c9PJxGBB",
            "9PJxGBBN",
            "PJxG",
            "JxGB",
            "xGBB",
            "GBBN",
            "IIWPSs1k",
            "IWPSs1kU",
            "WPSs1kUA",
            "PSs1",
            "Ss1k",
            "s1kU",
            "1kUA",
            "XPHPgHX0",
            "PHPgHX0y",
            "HPgHX0yP",
            "PgHX",
            "gHX0",
            "HX0y",
            "X0yP",
            "ugaPapTK",
            "gaPapTKl",
            "aPapTKls",
            "PapT",
            "apTK",
            "pTKl",
            "TKls",
            "FnGPAxYG",
            "nGPAxYGM",
            "GPAxYGMm",
            "PAxY",
            "AxYG",
            "xYGM",
            "YGMm",
            "esRPoaHB",
            "sRPoaHBj",
            "RPoaHBj2",
            "PoaH",
            "oaHB",
            "aHBj",
            "HBj2",
            "XqWPbjHb",
            "qWPbjHbn",
            "WPbjHbnx",
            "PbjH",
            "bjHb",
            "jHbn",
            "Hbnx",
            "uSBPiGwO",
            "SBPiGwOx",
            "BPiGwOxi",
            "PiGw",
            "iGwO",
            "GwOx",
            "wOxi",
            "glaPdQrx",
            "laPdQrxK",
            "aPdQrxKy",
            "PdQr",
            "dQrx",
            "QrxK",
            "rxKy",
            "WuRPM0O3",
            "uRPM0O3C",
            "RPM0O3Cr",
            "PM0O",
            "M0O3",
            "0O3C",
            "O3Cr",
            "gxoPzJu0",
            "xoPzJu0I",
            "oPzJu0II",
            "PzJu",
            "zJu0",
            "Ju0I",
            "u0II",
            "C2iGHWQC",
            "2iGHWQCl",
            "iGHWQClH",
            "GHWQ",
            "HWQC",
            "WQCl",
            "QClH",
            "sX6GE42B",
            "X6GE42Bn",
            "6GE42BnR",
            "GE42",
            "E42B",
            "42Bn",
            "2BnR",
            "bMPG7FmK",
            "MPG7FmKN",
            "PG7FmKNv",
            "G7Fm",
            "7FmK",
            "FmKN",
            "mKNv",
            "vdrGNq7N",
            "drGNq7NZ",
            "rGNq7NZk",
            "GNq7",
            "Nq7N",
            "q7NZ",
            "7NZk",
            "bu1G6rYN",
            "u1G6rYN7",
            "1G6rYN7e",
            "G6rY",
            "6rYN",
            "rYN7",
            "YN7e",
            "nOGGBXB2",
            "OGGBXB2i",
            "GGBXB2i8",
            "GBXB",
            "BXB2",
            "XB2i",
            "B2i8",
            "g26GUjEZ",
            "26GUjEZ7",
            "6GUjEZ7a",
            "GUjE",
            "UjEZ",
            "jEZ7",
            "EZ7a",
            "DltGTYbq",
            "ltGTYbqN",
            "tGTYbqNj",
            "GTYb",
            "TYbq",
            "YbqN",
            "bqNj",
            "CEPGPG8T",
            "EPGPG8T8",
            "PGPG8T8D",
            "GPG8",
            "PG8T",
            "G8T8",
            "8T8D",
            "wj0Gl5i1",
            "j0Gl5i1R",
            "0Gl5i1RV",
            "Gl5i",
            "l5i1",
            "5i1R",
            "i1RV",
            "oJxGL56Q",
            "JxGL56Qu",
            "xGL56QuI",
            "GL56",
            "L56Q",
            "56Qu",
            "6QuI",
            "NOwGfc7V",
            "OwGfc7V6",
            "wGfc7V6w",
            "Gfc7",
            "fc7V",
            "c7V6",
            "7V6w",
            "c6vGDr1M",
            "6vGDr1MK",
            "vGDr1MKd",
            "GDr1",
            "Dr1M",
            "r1MK",
            "1MKd",
            "w5tGvDwf",
            "5tGvDwfy",
            "tGvDwfyh",
            "GvDw",
            "vDwf",
            "Dwfy",
            "wfyh",
            "upCGXF1U",
            "pCGXF1Ue",
            "CGXF1UeZ",
            "GXF1",
            "XF1U",
            "F1Ue",
            "1UeZ",
            "kBBG9rZ2",
            "BBG9rZ25",
            "BG9rZ25P",
            "G9rZ",
            "9rZ2",
            "rZ25",
            "Z25P",
            "tN0GkM27",
            "N0GkM27m",
            "0GkM27mD",
            "GkM2",
            "kM27",
            "M27m",
            "27mD",
            "guFG20co",
            "uFG20cox",
            "FG20coxS",
            "G20c",
            "20co",
            "0cox",
            "coxS",
            "U4QGwQlA",
            "4QGwQlA1",
            "QGwQlA1F",
            "GwQl",
            "wQlA",
            "QlA1",
            "lA1F",
            "eVtGyr5G",
            "VtGyr5GL",
            "tGyr5GLq",
            "Gyr5",
            "yr5G",
            "r5GL",
            "5GLq",
            "CTOGJIX3",
            "TOGJIX3Y",
            "OGJIX3Yh",
            "GJIX",
            "JIX3",
            "IX3Y",
            "X3Yh",
            "wYmGSpp6",
            "YmGSpp6x",
            "mGSpp6xn",
            "GSpp",
            "Spp6",
            "pp6x",
            "p6xn",
            "dAgGgTND",
            "AgGgTNDt",
            "gGgTNDtK",
            "GgTN",
            "gTND",
            "TNDt",
            "NDtK",
            "yt3GaqRx",
            "t3GaqRxA",
            "3GaqRxAE",
            "GaqR",
            "aqRx",
            "qRxA",
            "RxAE",
            "nuuGAK4X",
            "uuGAK4X5",
            "uGAK4X5M",
            "GAK4",
            "AK4X",
            "K4X5",
            "4X5M",
            "m7NGoZHE",
            "7NGoZHEm",
            "NGoZHEmj",
            "GoZH",
            "oZHE",
            "ZHEm",
            "HEmj",
            "LliGbGp8",
            "liGbGp8u",
            "iGbGp8uu",
            "GbGp",
            "bGp8",
            "Gp8u",
            "p8uu",
            "EM7GimN7",
            "M7GimN7M",
            "7GimN7MA",
            "GimN",
            "imN7",
            "mN7M",
            "N7MA",
            "QE7GdoSP",
            "E7GdoSP5",
            "7GdoSP56",
            "GdoS",
            "doSP",
            "oSP5",
            "SP56",
            "sTaGMbqc",
            "TaGMbqc7",
            "aGMbqc78",
            "GMbq",
            "Mbqc",
            "bqc7",
            "qc78",
            "GZEGzpNg",
            "ZEGzpNgC",
            "EGzpNgCf",
            "GzpN",
            "zpNg",
            "pNgC",
            "NgCf",
            "P4FlHEnD",
            "4FlHEnDO",
            "FlHEnDOB",
            "lHEn",
            "HEnD",
            "EnDO",
            "nDOB",
            "wawlEbJk",
            "awlEbJkL",
            "wlEbJkLI",
            "lEbJ",
            "EbJk",
            "bJkL",
            "JkLI",
            "zLdl7UgR",
            "Ldl7UgRg",
            "dl7UgRgB",
            "l7Ug",
            "7UgR",
            "UgRg",
            "gRgB",
            "xHklN7Ok",
            "HklN7Okg",
            "klN7Okga",
            "lN7O",
            "N7Ok",
            "7Okg",
            "Okga",
            "e5tl69g5",
            "5tl69g5D",
            "tl69g5Df",
            "l69g",
            "69g5",
            "9g5D",
            "g5Df",
            "qkglB9OM",
            "kglB9OMN",
            "glB9OMNf",
            "lB9O",
            "B9OM",
            "9OMN",
            "OMNf",
            "mTAlUUiQ",
            "TAlUUiQU",
            "AlUUiQU1",
            "lUUi",
            "UUiQ",
            "UiQU",
            "iQU1",
            "sY7lTbDc",
            "Y7lTbDcE",
            "7lTbDcEx",
            "lTbD",
            "TbDc",
            "bDcE",
            "DcEx",
            "IWSlP3d4",
            "WSlP3d4T",
            "SlP3d4Tb",
            "lP3d",
            "P3d4",
            "3d4T",
            "d4Tb",
            "OmSllseA",
            "mSllseAy",
            "SllseAyJ",
            "llse",
            "lseA",
            "seAy",
            "eAyJ",
            "mxmlLVwI",
            "xmlLVwI5",
            "mlLVwI5W",
            "lLVw",
            "LVwI",
            "VwI5",
            "wI5W",
            "pcclfrls",
            "cclfrlsk",
            "clfrlskY",
            "lfrl",
            "frls",
            "rlsk",
            "lskY",
            "hPOlDWVl",
            "POlDWVlu",
            "OlDWVluo",
            "lDWV",
            "DWVl",
            "WVlu",
            "Vluo",
            "qFmlv01F",
            "Fmlv01FD",
            "mlv01FDv",
            "lv01",
            "v01F",
            "01FD",
            "1FDv",
            "Kk8lXLO3",
            "k8lXLO32",
            "8lXLO329",
            "lXLO",
            "XLO3",
            "LO32",
            "O329",
            "gfnl95sp",
            "fnl95spN",
            "nl95spN8",
            "l95s",
            "95sp",
            "5spN",
            "spN8",
            "sAplkCA3",
            "AplkCA3S",
            "plkCA3SC",
            "lkCA",
            "kCA3",
            "CA3S",
            "A3SC",
            "jgAl2o0Y",
            "gAl2o0Y6",
            "Al2o0Y6T",
            "l2o0",
            "2o0Y",
            "o0Y6",
            "0Y6T",
            "InflwpE2",
            "nflwpE2p",
            "flwpE2p6",
            "lwpE",
            "wpE2",
            "pE2p",
            "E2p6",
            "t86lydKF",
            "86lydKFc",
            "6lydKFcc",
            "lydK",
            "ydKF",
            "dKFc",
            "KFcc",
            "mdolJfvY",
            "dolJfvYs",
            "olJfvYsK",
            "lJfv",
            "JfvY",
            "fvYs",
            "vYsK",
            "o7flSXKK",
            "7flSXKKy",
            "flSXKKy8",
            "lSXK",
            "SXKK",
            "XKKy",
            "KKy8",
            "sF9lgEvV",
            "F9lgEvVg",
            "9lgEvVgc",
            "lgEv",
            "gEvV",
            "EvVg",
            "vVgc",
            "QevlaMuK",
            "evlaMuKO",
            "vlaMuKOt",
            "laMu",
            "aMuK",
            "MuKO",
            "uKOt",
            "mhZlAkKA",
            "hZlAkKA5",
            "ZlAkKA5D",
            "lAkK",
            "AkKA",
            "kKA5",
            "KA5D",
            "abhloxhG",
            "bhloxhG4",
            "hloxhG4E",
            "loxh",
            "oxhG",
            "xhG4",
            "hG4E",
            "EBXlbtPV",
            "BXlbtPVt",
            "XlbtPVtM",
            "lbtP",
            "btPV",
            "tPVt",
            "PVtM",
            "vSdliTSK",
            "SdliTSKU",
            "dliTSKUi",
            "liTS",
            "iTSK",
            "TSKU",
            "SKUi",
            "Cs2ldNkQ",
            "s2ldNkQO",
            "2ldNkQOO",
            "ldNk",
            "dNkQ",
            "NkQO",
            "kQOO",
            "cgBlMrsW",
            "gBlMrsWY",
            "BlMrsWYe",
            "lMrs",
            "MrsW",
            "rsWY",
            "sWYe",
            "J3clzcCX",
            "3clzcCXY",
            "clzcCXYW",
            "lzcC",
            "zcCX",
            "cCXY",
            "CXYW",
            "vmuIH7Ot",
            "muIH7Otq",
            "uIH7Otqw",
            "IH7O",
            "H7Ot",
            "7Otq",
            "Otqw",
            "cjQIEj9b",
            "jQIEj9b3",
            "QIEj9b3v",
            "IEj9",
            "Ej9b",
            "j9b3",
            "9b3v",
            "MsJI78MJ",
            "sJI78MJL",
            "JI78MJLn",
            "I78M",
            "78MJ",
            "8MJL",
            "MJLn",
            "eJOIN3jO",
            "JOIN3jOp",
            "OIN3jOp1",
            "IN3j",
            "N3jO",
            "3jOp",
            "jOp1",
            "fWqI6Fts",
            "WqI6FtsE",
            "qI6FtsE3",
            "I6Ft",
            "6Fts",
            "FtsE",
            "tsE3",
            "lo1IBiwH",
            "o1IBiwHL",
            "1IBiwHL8",
            "IBiw",
            "BiwH",
            "iwHL",
            "wHL8",
            "TW2IU7w1",
            "W2IU7w1C",
            "2IU7w1Ci",
            "IU7w",
            "U7w1",
            "7w1C",
            "w1Ci",
            "KeIIT2Cx",
            "eIIT2CxO",
            "IIT2CxOy",
            "IT2C",
            "T2Cx",
            "2CxO",
            "CxOy",
            "DOhIPpGl",
            "OhIPpGl7",
            "hIPpGl7M",
            "IPpG",
            "PpGl",
            "pGl7",
            "Gl7M",
            "sm7IlS9o",
            "m7IlS9o6",
            "7IlS9o6g",
            "IlS9",
            "lS9o",
            "S9o6",
            "9o6g",
            "wo8ILspW",
            "o8ILspWJ",
            "8ILspWJU",
            "ILsp",
            "LspW",
            "spWJ",
            "pWJU",
            "Or6IfuZF",
            "r6IfuZFs",
            "6IfuZFs6",
            "IfuZ",
            "fuZF",
            "uZFs",
            "ZFs6",
            "CVEIDvyO",
            "VEIDvyOR",
            "EIDvyOR6",
            "IDvy",
            "DvyO",
            "vyOR",
            "yOR6",
            "KVcIv0ly",
            "VcIv0lyl",
            "cIv0lylr",
            "Iv0l",
            "v0ly",
            "0lyl",
            "lylr",
            "IRvIXAyS",
            "RvIXAySu",
            "vIXAySuy",
            "IXAy",
            "XAyS",
            "AySu",
            "ySuy",
            "YiwI9xFc",
            "iwI9xFcM",
            "wI9xFcMV",
            "I9xF",
            "9xFc",
            "xFcM",
            "FcMV",
            "rIQIkYJP",
            "IQIkYJPW",
            "QIkYJPWJ",
            "IkYJ",
            "kYJP",
            "YJPW",
            "JPWJ",
            "lwlI2WNy",
            "wlI2WNy8",
            "lI2WNy80",
            "I2WN",
            "2WNy",
            "WNy8",
            "Ny80",
            "mArIwGXC",
            "ArIwGXCE",
            "rIwGXCEm",
            "IwGX",
            "wGXC",
            "GXCE",
            "XCEm",
            "DYpIybNy",
            "YpIybNyH",
            "pIybNyHG",
            "IybN",
            "ybNy",
            "bNyH",
            "NyHG",
            "yZRIJoHC",
            "ZRIJoHCR",
            "RIJoHCRZ",
            "IJoH",
            "JoHC",
            "oHCR",
            "HCRZ",
            "O8NISWXk",
            "8NISWXkN",
            "NISWXkNt",
            "ISWX",
            "SWXk",
            "WXkN",
            "XkNt",
            "DOfIgguY",
            "OfIgguYl",
            "fIgguYln",
            "Iggu",
            "gguY",
            "guYl",
            "uYln",
            "cT7IaUlo",
            "T7IaUloe",
            "7IaUloeh",
            "IaUl",
            "aUlo",
            "Uloe",
            "loeh",
            "zhVIA6mj",
            "hVIA6mjX",
            "VIA6mjX1",
            "IA6m",
            "A6mj",
            "6mjX",
            "mjX1",
            "bpOIor3B",
            "pOIor3Bc",
            "OIor3Bcp",
            "Ior3",
            "or3B",
            "r3Bc",
            "3Bcp",
            "qsoIbaZ9",
            "soIbaZ9K",
            "oIbaZ9KL",
            "IbaZ",
            "baZ9",
            "aZ9K",
            "Z9KL",
            "DQUIiq4l",
            "QUIiq4lY",
            "UIiq4lYl",
            "Iiq4",
            "iq4l",
            "q4lY",
            "4lYl",
            "RCaIdf7F",
            "CaIdf7Fa",
            "aIdf7Fak",
            "Idf7",
            "df7F",
            "f7Fa",
            "7Fak",
            "iVjIM6TV",
            "VjIM6TVP",
            "jIM6TVPg",
            "IM6T",
            "M6TV",
            "6TVP",
            "TVPg",
            "RPvIzEfy",
            "PvIzEfyc",
            "vIzEfycd",
            "IzEf",
            "zEfy",
            "Efyc",
            "fycd",
            "QU9LHQnh",
            "U9LHQnhW",
            "9LHQnhWc",
            "LHQn",
            "HQnh",
            "QnhW",
            "nhWc",
            "Crea",
            "reat",
            "eate",
            "Padd",
            "addi",
            "ddin",
            "Load",
            "GetObjec",
            "etObject",
            "tObj",
            "ResolveT",
            "esolveTy",
            "solveTyp",
            "olveType",
            "lveT",
            "veTy",
            "ManifestModu",
            "anifestModul",
            "nifestModule",
            "ifestMod",
            "festModu",
            "estModul",
            "stModule",
            "tMod",
            "ResolveField",
            "esolveFi",
            "solveFie",
            "olveFiel",
            "lveField",
            "veFi",
            "eFie",
            "ResolveMembe",
            "esolveMember",
            "solveMem",
            "olveMemb",
            "lveMembe",
            "veMember",
            "eMem",
            "Memb",
            "embe",
            "mber",
            "GetMethodFromHan",
            "etMethodFromHand",
            "tMethodFromHandl",
            "MethodFromHandle",
            "ethodFromHan",
            "thodFromHand",
            "hodFromHandl",
            "odFromHandle",
            "dFromHan",
            "GetFieldFromHand",
            "etFieldFromHandl",
            "tFieldFromHandle",
            "FieldFromHan",
            "ieldFromHand",
            "eldFromHandl",
            "ldFromHandle",
            "IsBy",
            "sByR",
            "ByRe",
            "yRef",
            "GetElementTy",
            "etElementTyp",
            "tElementType",
            "ElementT",
            "lementTy",
            "ementTyp",
            "mentType",
            "entT",
            "ntTy",
            "eadB",
            "ReadInt6",
            "eadInt64",
            "ReadSing",
            "eadSingl",
            "adSingle",
            "dSin",
            "ReadDoub",
            "eadDoubl",
            "adDouble",
            "dDou",
            "GetUnderlyingTyp",
            "etUnderlyingType",
            "tUnderlyingT",
            "UnderlyingTy",
            "nderlyingTyp",
            "derlyingType",
            "erlyingT",
            "rlyingTy",
            "lyingTyp",
            "yingType",
            "IsEn",
            "sEnu",
            "ToObject",
            "oObj",
            "Explicit",
            "xpli",
            "plic",
            "lici",
            "icit",
            "ToUInt64",
            "oUIn",
            "ToUInt32",
            "FreeHGlo",
            "reeHGlob",
            "eeHGloba",
            "eHGlobal",
            "HGlo",
            "Glob",
            "loba",
            "obal",
            "InnerExcepti",
            "nnerExceptio",
            "nerException",
            "erExcept",
            "rExcepti",
            "FullName",
            "ullN",
            "llNa",
            "lNam",
            "IsAssignableFrom",
            "sAssignableF",
            "AssignableFr",
            "ssignableFro",
            "signableFrom",
            "ignableF",
            "gnableFr",
            "nableFro",
            "ableFrom",
            "bleF",
            "leFr",
            "eFro",
            "From",
            "AllocHGlobal",
            "llocHGlo",
            "locHGlob",
            "ocHGloba",
            "cHGlobal",
            "ResolveStrin",
            "esolveString",
            "solveStr",
            "olveStri",
            "lveStrin",
            "veString",
            "GetFunctionPoint",
            "etFunctionPointe",
            "tFunctionPointer",
            "BaseType",
            "aseT",
            "seTy",
            "tMethods",
            "hods",
            "GetBaseDefinitio",
            "etBaseDefinition",
            "tBaseDefinit",
            "BaseDefiniti",
            "aseDefinitio",
            "seDefinition",
            "eDefinit",
            "Definiti",
            "efinitio",
            "finition",
            "init",
            "niti",
            "IsNa",
            "sNaN",
            "IsInfini",
            "sInfinit",
            "Infinity",
            "nfin",
            "fini",
            "nity",
            "IsVirtua",
            "sVirtual",
            "Virt",
            "irtu",
            "rtua",
            "tual",
            "FormatterService",
            "ormatterServices",
            "rmatterServi",
            "matterServic",
            "atterService",
            "tterServices",
            "terServi",
            "Serializatio",
            "erialization",
            "rializat",
            "ializati",
            "GetUninitializedObje",
            "etUninitializedObjec",
            "tUninitializedObject",
            "UninitializedObj",
            "ninitializedObje",
            "initializedObjec",
            "nitializedObject",
            "itializedObj",
            "tializedObje",
            "ializedObjec",
            "alizedObject",
            "lizedObj",
            "izedObje",
            "zedObjec",
            "edObject",
            "dObj",
            "IsCl",
            "sCla",
            "Clas",
            "IsInterf",
            "sInterfa",
            "Interfac",
            "nterface",
            "terf",
            "erfa",
            "rfac",
            "face",
            "DeclareLocal",
            "eclareLo",
            "clareLoc",
            "lareLoca",
            "areLocal",
            "reLo",
            "eLoc",
            "Loca",
            "ocal",
            "EmitCall",
            "mitC",
            "itCa",
            "tCal",
            "LocalVariableInf",
            "ocalVariableInfo",
            "calVariableI",
            "alVariableIn",
            "lVariableInf",
            "VariableInfo",
            "ariableI",
            "riableIn",
            "iableInf",
            "ableInfo",
            "bleI",
            "leIn",
            "LocalTyp",
            "ocalType",
            "calT",
            "alTy",
            "lTyp",
            "ChangeTy",
            "hangeTyp",
            "angeType",
            "ngeT",
            "geTy",
            "CompareT",
            "ompareTo",
            "mpar",
            "pare",
            "areT",
            "reTo",
            "MakeGenericT",
            "akeGenericTy",
            "keGenericTyp",
            "eGenericType",
            "GenericT",
            "enericTy",
            "nericTyp",
            "ericType",
            "ricT",
            "icTy",
            "cTyp",
            "Appe",
            "ppen",
            "pend",
            "AppendFormat",
            "ppendFor",
            "pendForm",
            "endForma",
            "ndFormat",
            "dFor",
            "Form",
            "orma",
            "rmat",
            "CompilerGeneratedAttribu",
            "ompilerGeneratedAttribut",
            "mpilerGeneratedAttribute",
            "pilerGeneratedAttrib",
            "ilerGeneratedAttribu",
            "lerGeneratedAttribut",
            "erGeneratedAttribute",
            "rGeneratedAttrib",
            "GeneratedAttribu",
            "eneratedAttribut",
            "neratedAttribute",
            "eratedAttrib",
            "ratedAttribu",
            "atedAttribut",
            "tedAttribute",
            "AttributeUsageAttrib",
            "ttributeUsageAttribu",
            "tributeUsageAttribut",
            "ributeUsageAttribute",
            "ibuteUsageAttrib",
            "buteUsageAttribu",
            "uteUsageAttribut",
            "teUsageAttribute",
            "eUsageAttrib",
            "UsageAttribu",
            "sageAttribut",
            "ageAttribute",
            "geAttrib",
            "AttributeTargets",
            "ttributeTarg",
            "tributeTarge",
            "ributeTarget",
            "ibuteTargets",
            "buteTarg",
            "uteTarge",
            "teTarget",
            "eTargets",
            "Targ",
            "gets",
            "GeneratedCodeAttribu",
            "eneratedCodeAttribut",
            "neratedCodeAttribute",
            "eratedCodeAttrib",
            "ratedCodeAttribu",
            "atedCodeAttribut",
            "tedCodeAttribute",
            "edCodeAttrib",
            "dCodeAttribu",
            "CodeAttribut",
            "odeAttribute",
            "deAttrib",
            "odeD",
            "deDo",
            "eDom",
            "Compiler",
            "ompi",
            "mpil",
            "pile",
            "iler",
            "DebuggerNonUserCodeAttribute",
            "ebuggerNonUserCodeAttrib",
            "buggerNonUserCodeAttribu",
            "uggerNonUserCodeAttribut",
            "ggerNonUserCodeAttribute",
            "gerNonUserCodeAttrib",
            "erNonUserCodeAttribu",
            "rNonUserCodeAttribut",
            "NonUserCodeAttribute",
            "onUserCodeAttrib",
            "nUserCodeAttribu",
            "UserCodeAttribut",
            "serCodeAttribute",
            "erCodeAttrib",
            "rCodeAttribu",
            "EditorBrowsableAttribute",
            "ditorBrowsableAttrib",
            "itorBrowsableAttribu",
            "torBrowsableAttribut",
            "orBrowsableAttribute",
            "rBrowsableAttrib",
            "BrowsableAttribu",
            "rowsableAttribut",
            "owsableAttribute",
            "wsableAttrib",
            "sableAttribu",
            "ComponentMod",
            "omponentMode",
            "mponentModel",
            "ponentMo",
            "onentMod",
            "nentMode",
            "entModel",
            "ntMo",
            "odel",
            "EditorBrowsableState",
            "ditorBrowsableSt",
            "itorBrowsableSta",
            "torBrowsableStat",
            "orBrowsableState",
            "rBrowsableSt",
            "BrowsableSta",
            "rowsableStat",
            "owsableState",
            "wsableSt",
            "sableSta",
            "ableStat",
            "bleState",
            "leSt",
            "eSta",
            "tate",
            "UnmanagedFunctionPointerAttribut",
            "nmanagedFunctionPointerAttribute",
            "managedFunctionPointerAttrib",
            "anagedFunctionPointerAttribu",
            "nagedFunctionPointerAttribut",
            "agedFunctionPointerAttribute",
            "gedFunctionPointerAttrib",
            "edFunctionPointerAttribu",
            "dFunctionPointerAttribut",
            "FunctionPointerAttribute",
            "unctionPointerAttrib",
            "nctionPointerAttribu",
            "ctionPointerAttribut",
            "tionPointerAttribute",
            "ionPointerAttrib",
            "onPointerAttribu",
            "nPointerAttribut",
            "PointerAttribute",
            "ointerAttrib",
            "interAttribu",
            "nterAttribut",
            "terAttribute",
            "erAttrib",
            "rAttribu",
            "CallingConventio",
            "allingConvention",
            "llingConvent",
            "lingConventi",
            "ingConventio",
            "ngConvention",
            "gConvent",
            "Conventi",
            "onventio",
            "nvention",
            "vent",
            "enti",
            "ntio",
            "harS",
            "arSe",
            "rSet",
            "FlagsAttribu",
            "lagsAttribut",
            "agsAttribute",
            "gsAttrib",
            "VyybV3Hbk9BA0Kxy",
            "yybV3Hbk9BA0KxyM",
            "ybV3Hbk9BA0KxyMx",
            "bV3Hbk9BA0Kx",
            "V3Hbk9BA0Kxy",
            "3Hbk9BA0KxyM",
            "Hbk9BA0KxyMx",
            "bk9BA0Kx",
            "k9BA0Kxy",
            "9BA0KxyM",
            "BA0KxyMx",
            "A0Kx",
            "0Kxy",
            "KxyM",
            "xyMx",
            "0Vo8aGnLWYBq6AMF",
            "Vo8aGnLWYBq6AMFY",
            "o8aGnLWYBq6AMFYc",
            "8aGnLWYBq6AM",
            "aGnLWYBq6AMF",
            "GnLWYBq6AMFY",
            "nLWYBq6AMFYc",
            "LWYBq6AM",
            "WYBq6AMF",
            "YBq6AMFY",
            "Bq6AMFYc",
            "q6AM",
            "6AMF",
            "AMFY",
            "MFYc",
            "resource",
            "ekJCbABmLGs77U1b",
            "kJCbABmLGs77U1b9",
            "JCbABmLGs77U1b9R",
            "CbABmLGs77U1",
            "bABmLGs77U1b",
            "ABmLGs77U1b9",
            "BmLGs77U1b9R",
            "mLGs77U1",
            "LGs77U1b",
            "Gs77U1b9",
            "s77U1b9R",
            "77U1",
            "7U1b",
            "U1b9",
            "1b9R",
            "L8RUNjK99qgMXaV3",
            "8RUNjK99qgMXaV3U",
            "RUNjK99qgMXaV3Uo",
            "UNjK99qgMXaV",
            "NjK99qgMXaV3",
            "jK99qgMXaV3U",
            "K99qgMXaV3Uo",
            "99qgMXaV",
            "9qgMXaV3",
            "qgMXaV3U",
            "gMXaV3Uo",
            "MXaV",
            "XaV3",
            "aV3U",
            "V3Uo",
            "iTJg9l6IfQ2Tc5gk",
            "TJg9l6IfQ2Tc5gkY",
            "Jg9l6IfQ2Tc5gkYe",
            "g9l6IfQ2Tc5g",
            "9l6IfQ2Tc5gk",
            "l6IfQ2Tc5gkY",
            "6IfQ2Tc5gkYe",
            "IfQ2Tc5g",
            "fQ2Tc5gk",
            "Q2Tc5gkY",
            "2Tc5gkYe",
            "Tc5g",
            "c5gk",
            "5gkY",
            "gkYe",
            "4fA0eIhH69ZoXcl0",
            "fA0eIhH69ZoXcl0b",
            "A0eIhH69ZoXcl0by",
            "0eIhH69ZoXcl",
            "eIhH69ZoXcl0",
            "IhH69ZoXcl0b",
            "hH69ZoXcl0by",
            "H69ZoXcl",
            "69ZoXcl0",
            "9ZoXcl0b",
            "ZoXcl0by",
            "oXcl",
            "Xcl0",
            "cl0b",
            "l0by",
            "WrapNonExceptionThro",
            "rapNonExceptionThrow",
            "apNonExceptionThrows",
            "pNonExceptionThr",
            "NonExceptionThro",
            "onExceptionThrow",
            "nExceptionThrows",
            "ExceptionThr",
            "xceptionThro",
            "ceptionThrow",
            "eptionThrows",
            "ptionThr",
            "tionThro",
            "ionThrow",
            "onThrows",
            "nThr",
            "Thro",
            "hrow",
            "rows",
            "12016879",
            "2016",
            "0168",
            "1687",
            "6879",
            "2943",
            "468a",
            "b5e7",
            "eabdd91d8ee2",
            "abdd91d8",
            "bdd91d8e",
            "dd91d8ee",
            "d91d8ee2",
            "91d8",
            "1d8e",
            "d8ee",
            "8ee2",
            "NETFramework",
            "ETFramew",
            "TFramewo",
            "Framewor",
            "ramework",
            "amew",
            "mewo",
            "ewor",
            "work",
            "Version=",
            "ion=",
            "FrameworkDisplayName",
            "rameworkDisplayN",
            "ameworkDisplayNa",
            "meworkDisplayNam",
            "eworkDisplayName",
            "workDisplayN",
            "orkDisplayNa",
            "rkDisplayNam",
            "kDisplayName",
            "DisplayN",
            "isplayNa",
            "splayNam",
            "playName",
            "layN",
            "ayNa",
            "AllowMultipl",
            "llowMultiple",
            "lowMulti",
            "owMultip",
            "wMultipl",
            "Multiple",
            "ulti",
            "ltip",
            "tipl",
            "Inherite",
            "nherited",
            "heri",
            "erit",
            "ited",
            "3Sys",
            "Tool",
            "ools",
            "StronglyTypedResourceBuilder",
            "tronglyTypedResourceBuil",
            "ronglyTypedResourceBuild",
            "onglyTypedResourceBuilde",
            "nglyTypedResourceBuilder",
            "glyTypedResourceBuil",
            "lyTypedResourceBuild",
            "yTypedResourceBuilde",
            "TypedResourceBuilder",
            "ypedResourceBuil",
            "pedResourceBuild",
            "edResourceBuilde",
            "dResourceBuilder",
            "ResourceBuil",
            "esourceBuild",
            "sourceBuilde",
            "ourceBuilder",
            "urceBuil",
            "rceBuild",
            "ceBuilde",
            "eBuilder",
            "Culture=",
            "ure=",
            "neut",
            "eutr",
            "utra",
            "tral",
            "licKeyToken=",
            "eyToken=",
            "ken=",
            "b77a5c561934e089",
            "77a5c561934e",
            "7a5c561934e0",
            "a5c561934e08",
            "5c561934e089",
            "c561934e",
            "561934e0",
            "61934e08",
            "1934e089",
            "934e",
            "34e0",
            "4e08",
            "e089",
            "SUsSyste",
            "UsSystem",
            "sSys",
            "lSys",
            "ResourceRead",
            "esourceReade",
            "sourceReader",
            "ourceRea",
            "urceRead",
            "rceReade",
            "ceReader",
            "eRea",
            "RuntimeResourceS",
            "untimeResourceSe",
            "ntimeResourceSet",
            "timeResource",
            "imeResourceS",
            "meResourceSe",
            "eResourceSet",
            "esourceS",
            "sourceSe",
            "ourceSet",
            "rceS",
            "ceSe",
            "eSet",
            "PADP",
            "ADPA",
            "DPAD",
            "yr8x",
            "r8xt",
            "cGIZ",
            "Ymt7",
            "yhzU",
            "Ke7y",
            "9kQu",
            "JslM",
            "slMp",
            "3rsY",
            "PADPADPm",
            "ADPm",
            "1gpX",
            "SURc",
            "ifsC2kyW",
            "fsC2",
            "sC2k",
            "C2ky",
            "2kyW",
            "xZ9b",
            "upI2",
            "V3dA",
            "jZ0D",
            "Osa0",
            "sa0B",
            "6JXK",
            "PoDv",
            "oDvG",
            "A83d",
            "Hqey",
            "7Ai0",
            "Ai0k",
            "c1y5",
            "wQ26",
            "y0oP",
            "kE35",
            "E356",
            "nhA5",
            "m4nZ",
            "3AGO",
            "pNf5",
            "g8vu",
            "IaCT",
            "s3Yq",
            "nlzV",
            "tdaB",
            "JWkj",
            "Wkj7",
            "WElQ",
            "ZTTC",
            "d2Ef",
            "wb8Z",
            "KSmn",
            "e1tS",
            "hceo",
            "LIb5",
            "MrLn",
            "rLnz",
            "vmTQ",
            "mTQm",
            "2XgN",
            "XgNf",
            "Gk4a",
            "eGd8",
            "PQne",
            "QneN",
            "Y0ra",
            "hXou",
            "ssan",
            "Qu0T",
            "5bdK",
            "0BXR",
            "oND0",
            "quNV",
            "r70h",
            "70h3",
            "vr1u",
            "5q83",
            "91TR",
            "1TRM",
            "TRMj",
            "Nt9E",
            "r6PV",
            "R9ss",
            "8t6S",
            "KCwY",
            "itMu",
            "uWYk",
            "gPJU",
            "PJUw",
            "JUwf",
            "f1Ny",
            "oa3O",
            "Py9i",
            "PjGI",
            "XXBs",
            "XBsj",
            "RuXE",
            "uXE=",
            "ygbK",
            "ccll",
            "u5Sm",
            "wXpO",
            "XpOQ",
            "TFgy",
            "0do0",
            "6MZY",
            "MvvZ",
            "6L3Q",
            "ehOb",
            "hObR",
            "cfHt",
            "jqtX",
            "ipQE",
            "ApSU",
            "pSUL",
            "Ki49",
            "i49N",
            "YPuD",
            "qHAO",
            "INev",
            "eCcu",
            "UyhE",
            "MMrU",
            "TXlw",
            "eMEx",
            "mCEG",
            "LOYC",
            "LhNE",
            "hNEj",
            "rNzk",
            "NzkX",
            "E2UL",
            "2ULw",
            "Pzv0",
            "yE4k",
            "mW2y",
            "SfP9",
            "GBEr",
            "BEr3",
            "mDXy",
            "TIjZ",
            "D0ta",
            "YtMl",
            "z0OL",
            "cIDX",
            "i4rO",
            "4rOL",
            "sZ8F",
            "Z8F2",
            "vpho",
            "k4wU",
            "4rAE",
            "rAEC",
            "VpN5",
            "APNh",
            "PNhI",
            "NhIr",
            "8ngl",
            "mBBX",
            "2uS0",
            "uS0a",
            "9Vc0",
            "Vc0u",
            "adfn",
            "A5RI",
            "bqqt",
            "UX0j",
            "fO1r",
            "O1rP",
            "OgIp",
            "KjIF",
            "7HOw",
            "jK9w",
            "S2PY",
            "Ba7c",
            "erCK",
            "rCKC",
            "ay3c",
            "mGqb",
            "9LAL",
            "LALA",
            "dqej",
            "zZZU",
            "HVQ4",
            "NnJF",
            "i7L7",
            "QsV2",
            "Elll",
            "0fpR",
            "bhbl",
            "Epca",
            "TxOe",
            "nwwi",
            "0Ifm",
            "Ifmf",
            "KRh7",
            "aHKi",
            "k76y",
            "k9Ss",
            "9SsB",
            "x0Lb",
            "Omiq",
            "VnqR",
            "RnXB",
            "I2Hg",
            "4pBN",
            "8Qfa",
            "465G",
            "hNEr",
            "I1hl",
            "aYHj",
            "s63D",
            "z97p",
            "7KLW",
            "KLWg",
            "LWgJ",
            "UH0k",
            "H0kp",
            "0kpJ",
            "BYv4",
            "DQ5R",
            "A9Fs",
            "24Kp",
            "31Hq",
            "k7Y4",
            "7Y4y",
            "uBHM",
            "BHMM",
            "wUMX",
            "xsKJ",
            "hjAR",
            "ScOq",
            "C3AK",
            "3AK=",
            "M1qA",
            "LR1D",
            "R1DO",
            "1Igs",
            "5oyg",
            "oyg7",
            "1nHm",
            "XUPz",
            "UPz1",
            "Pz1K",
            "WY4O",
            "Y4ON",
            "hPXi",
            "rTzk",
            "MILD",
            "KEh9",
            "Eh9O",
            "h9O=",
            "ahxa",
            "LlNs",
            "2mWI",
            "mWIc",
            "29tk",
            "Ry6H",
            "4hME",
            "TDCr",
            "DCrL",
            "MCp9",
            "TRDh",
            "WuEj",
            "UCHH",
            "PP08",
            "LhdS",
            "yvPy",
            "vPyd",
            "VTK5",
            "EdFg",
            "cAbg",
            "y2Kn",
            "2Kn7",
            "Kn7v",
            "7oxW",
            "mwz1",
            "8B0=",
            "tzCi",
            "tSwi",
            "fxjF",
            "YsV=",
            "SEdN",
            "SseS",
            "QXJe",
            "A4NX",
            "ZNFH",
            "Zr25",
            "wFT6",
            "5Rxc",
            "5WfC",
            "R8H3",
            "mWI1",
            "A8my",
            "B1LU",
            "4C5s",
            "NFKS",
            "aqhk",
            "bIpE",
            "IpEi",
            "pEiH",
            "YRrA",
            "mo6K",
            "o6KX",
            "Lqzr",
            "ZVP9",
            "VP9=",
            "fFvI",
            "FvIO",
            "Pnwj",
            "nwjA",
            "V6fq",
            "HuJc",
            "uJc5",
            "DEKL",
            "v0CY",
            "disD",
            "ehRv",
            "Q61m",
            "APi=",
            "eYt=",
            "iThJ",
            "Rcd8",
            "QSnz",
            "LCeE",
            "b1AF",
            "z6cq",
            "cKmT",
            "dskD",
            "GDoo",
            "nZz4",
            "RbH5",
            "I6mh",
            "bdac",
            "4Zez",
            "RwLF",
            "Frfw",
            "8WKh",
            "WKhz",
            "kyJs",
            "Qlx4",
            "lx4H",
            "bytZ",
            "VgI2",
            "3OVi",
            "zW1C",
            "qy7=",
            "kpNP",
            "BI8U",
            "wsz9",
            "7zby",
            "aeur",
            "H9Wm",
            "bjbT",
            "jbTO",
            "bTOk",
            "fgGw",
            "P5GY",
            "nu4g",
            "Dv6u",
            "mQvi",
            "9iSF",
            "anuq",
            "u0zg",
            "iaBW",
            "TO1n",
            "pNfW",
            "x5Ka",
            "5KaA",
            "cZBv",
            "o3iR",
            "Zxen",
            "wby8",
            "by8c",
            "y8cl",
            "Mj0x",
            "VxiE",
            "HSnx",
            "ShvR",
            "fLvK",
            "tcL1",
            "BOuj",
            "vG6u",
            "G6uc",
            "RIMV",
            "IMVP",
            "9dMl",
            "1p8k",
            "OYfD",
            "YfDf",
            "fDfI",
            "FaGk",
            "aGkP",
            "K0gO",
            "Wv2e",
            "mnUt",
            "ucDx",
            "LwDd",
            "wDdQ",
            "boGD",
            "oGDV",
            "6DRj",
            "Wcna",
            "sAKw",
            "ghp3",
            "cQw2",
            "Qw2c",
            "1X6=",
            "u79K",
            "YpDP",
            "QVNV",
            "5I3a",
            "XW2J",
            "W2J1",
            "jHeA",
            "EjdP",
            "2rA3",
            "yHu=",
            "82OG",
            "1R2b",
            "IqCp",
            "quJx",
            "LsH4",
            "LLqI",
            "Kbe5",
            "EIdF",
            "Qejg",
            "eqYD",
            "KLZI",
            "2wJS",
            "mhK1",
            "Q9yu",
            "9yug",
            "UZxE",
            "EN6V",
            "N6VN",
            "ko7D",
            "D78C",
            "78Ct",
            "Z1Vo",
            "1VoM",
            "iUCH",
            "WKjI",
            "12L0",
            "VAs4",
            "x3I2",
            "v5jB",
            "5jBC",
            "hEWB",
            "kxMY",
            "pkmV",
            "BMxE",
            "MxE8",
            "xE89",
            "kK48",
            "K48=",
            "UdmP",
            "quMT",
            "tVj7",
            "qlw3",
            "dRK9",
            "W8ZQ",
            "DBus",
            "Ommj",
            "M1sC",
            "Lg6H",
            "yzKY",
            "9OTQ",
            "7S2b",
            "OQ1p",
            "KZyF",
            "yC7P",
            "C7PL",
            "AnVV",
            "DpXe",
            "fkRk",
            "aH6k",
            "H6k1",
            "6k1F",
            "DiYj",
            "upum",
            "fDjz",
            "Djzo",
            "JaeF",
            "2wxa",
            "Cy9b",
            "B4Wd",
            "qPMU",
            "YK5F",
            "ooWN",
            "2Pfx",
            "6h08",
            "6c9D",
            "LZwm",
            "Nwlg",
            "wlgr",
            "5v3V",
            "vgIa",
            "i6Lj",
            "Ubl3",
            "bl3w",
            "Paaq",
            "MOQR",
            "OQRZ",
            "QRZx",
            "sr3P",
            "pVNT",
            "vlnI",
            "8UJM",
            "IU5F",
            "wgAR",
            "nLRU",
            "LRUT",
            "RUTR",
            "9lWy",
            "yQQU",
            "BaFN",
            "452e",
            "kuoh",
            "WDyY",
            "Rbbv",
            "xi5G",
            "C6si",
            "3CqW",
            "CqWm",
            "qWmU",
            "IoS2",
            "hkWC",
            "ReN5",
            "FfXW",
            "2nT0",
            "FnBZ",
            "4OhC",
            "OhCJ",
            "Ge7t",
            "e7t2",
            "uEF=",
            "OrWn",
            "rWnA",
            "GwHZ",
            "kn3O",
            "n3Om",
            "qWuo",
            "Ga4P",
            "plLp",
            "U4tF",
            "gFrL",
            "gip5",
            "ip55",
            "Ib8b",
            "b8bL",
            "sCbh",
            "Cbha",
            "W9PM",
            "9PMk",
            "CFdq",
            "46Em",
            "leT8",
            "eT8L",
            "T8LY",
            "8LYS",
            "qAOT",
            "AOTU",
            "OTUh",
            "hLTv",
            "LTvX",
            "GBu9",
            "EzKU",
            "n7po",
            "k1Go",
            "1Goa",
            "HCb5",
            "81q7",
            "VLzv",
            "fXbt",
            "XbtR",
            "v0Cj",
            "CNR3",
            "NR3P",
            "W6cG",
            "6t6Z",
            "t6ZC",
            "E5o9",
            "5o94",
            "pJiE",
            "JiE4",
            "iE4p",
            "h6pt",
            "qbHO",
            "n21l",
            "gSPy",
            "XRoX",
            "iW0m",
            "W0mP",
            "YqxA",
            "yNAU",
            "BRA3",
            "RA3W",
            "qTOt",
            "XBeD",
            "cKWH",
            "aN3V",
            "N3Vi",
            "3Vig",
            "zdwY",
            "JdtD",
            "dtDJ",
            "tDJF",
            "jN1n",
            "N1nw",
            "in7u",
            "Qwpi",
            "5YT6",
            "Wnjm",
            "njmF",
            "P7eH",
            "R6Jd",
            "Yevl",
            "jFZC",
            "FZCv",
            "ZCva",
            "KejL",
            "1G5O",
            "G5Or",
            "5Or3",
            "cMRv",
            "Q8Qy",
            "8QyT",
            "yX0p",
            "WPsS",
            "lB3O",
            "B3Ol",
            "XuGd",
            "gBcc",
            "Bcc2",
            "Eo3J",
            "aZKR",
            "ydeE",
            "1i3h",
            "rBbb",
            "Bbb8",
            "bb8l",
            "b8la",
            "a57X",
            "iF2i",
            "1Rsd",
            "G9HX",
            "9HXk",
            "Civg",
            "ujAi",
            "r86S",
            "86Sr",
            "INe=",
            "WTAr",
            "TArw",
            "Jpcn",
            "2XYr",
            "rAj5",
            "8Aw=",
            "qVwR",
            "htOM",
            "JHEN",
            "HEN0",
            "6u9B",
            "VADC",
            "PEbI",
            "9cQ1",
            "hoqV",
            "5LwQ",
            "w2Le",
            "EIfY",
            "IfYo",
            "mUzl",
            "Uzlk",
            "ljXS",
            "DSLu",
            "0IGR",
            "6fU4",
            "fU4W",
            "Fcq5",
            "3UKk",
            "i0AX",
            "Patd",
            "atdR",
            "tdRz",
            "i4SA",
            "6BSg",
            "QYBh",
            "j29N",
            "pT1d",
            "wjwO",
            "jwO9",
            "wO9H",
            "DvDW",
            "sd4a",
            "z5uL",
            "0Zrm",
            "5bZ0",
            "bZ0i",
            "22Xs",
            "Ddz6",
            "ZLeB",
            "tzMm",
            "rjE2",
            "EXG7",
            "cAyH",
            "mAHc",
            "h4n8",
            "PHjG",
            "ZUap",
            "UapZ",
            "rN35",
            "Bwu2",
            "cJaU",
            "tXxy",
            "3qSq",
            "y3jh",
            "Pa8g",
            "Bsob",
            "L5iC",
            "5iC0",
            "pFTU",
            "7YG0",
            "YG0h",
            "G0h5",
            "0h5A",
            "RIq2",
            "TY74",
            "Y743",
            "7431",
            "l78L",
            "sGrk",
            "11ST",
            "NzW2",
            "bwqP",
            "cgKu",
            "rlrV",
            "jkWL",
            "lqdV",
            "WRhW",
            "nh66",
            "XHoq",
            "cm0W",
            "fdII",
            "dIIa",
            "IIa3",
            "acor",
            "Ufuz",
            "fuzu",
            "k9a7",
            "uVA5",
            "VA5X",
            "rx81",
            "FeaK",
            "eaKZ",
            "xCj5",
            "Cj5U",
            "wdCZ",
            "W8rn",
            "8rnh",
            "joPW",
            "Nwyz",
            "Wzmt",
            "zmti",
            "kQQB",
            "QQB=",
            "zssM",
            "ssMG",
            "QYsV",
            "kuxH",
            "GPwK",
            "RQ6o",
            "RyOU",
            "i3jX",
            "nM1P",
            "IhES",
            "L8PZ",
            "8Y7J",
            "QVXI",
            "j5GI",
            "6lh8",
            "lh8O",
            "Um7V",
            "m7VV",
            "uKqB",
            "iZtU",
            "Eif=",
            "2rkK",
            "rkKY",
            "Tbb7",
            "bb7j",
            "NxPL",
            "bhwyQoQL",
            "hwyQ",
            "wyQo",
            "yQoQ",
            "QoQL",
            "GyAa",
            "wqch",
            "Nuww",
            "uwwG",
            "wwGp",
            "lOv5",
            "BYJW",
            "SYOy",
            "Z5tp",
            "J2v0",
            "j0QW",
            "734Z",
            "XZ9H",
            "Z9Hs",
            "9Hsu",
            "gBLw",
            "pzdi",
            "nrEv",
            "DDPX",
            "ndzz",
            "Fu1i",
            "PTe0",
            "U3gA",
            "vkq4",
            "z3TD",
            "5yqk",
            "yqks",
            "qksf",
            "5FOs",
            "FOsJ",
            "DFw2",
            "NUNs",
            "UNsO",
            "1Gco",
            "R5UZ",
            "8ggJ",
            "mAYA",
            "BhjS",
            "negt",
            "clOl",
            "AQAk",
            "l7oL",
            "VSa0",
            "Sa0Y",
            "Sr29",
            "d2U7",
            "9WrD",
            "rOxX",
            "6JKs",
            "JKsu",
            "STZ=",
            "wuxP",
            "uxPD",
            "phn7",
            "P8dk",
            "jKiL",
            "G36H",
            "Y2HO",
            "2HOH",
            "M6OV",
            "XRtp",
            "4Uje",
            "xqX6",
            "vCxc",
            "H9MW",
            "Lrlh",
            "xtmu",
            "tmuy",
            "8ZwC",
            "MXFJ",
            "XFJJ",
            "UqO0",
            "pTSh",
            "TShz",
            "Qjbw",
            "LaK0",
            "0Rzf",
            "Rzf8",
            "ZKbw",
            "Eohj",
            "ohjo",
            "zbtN",
            "BK2P",
            "OSep",
            "c7QC",
            "Iv9t",
            "5Ksu",
            "Ksuu",
            "KZ5m",
            "gfe4",
            "XmnJ",
            "bfr2",
            "MmJN",
            "mJNC",
            "MXIq",
            "3n2o",
            "sgdB",
            "tStD",
            "JTHF",
            "0eYK",
            "tJL8",
            "ByHo",
            "2kSW",
            "uruA",
            "puLE",
            "iFc9",
            "epbB",
            "pbBn",
            "vupb",
            "upb8",
            "KDBi",
            "DBik",
            "Biki",
            "rrXC",
            "NI3g",
            "SH7F",
            "DyOg",
            "2lcS",
            "G4Em",
            "likh",
            "cOP=",
            "C8NE",
            "mTif",
            "KqLV",
            "kwpu",
            "V73r",
            "73rA",
            "nD7w",
            "D7w0",
            "dDwh",
            "oty3",
            "6DkW",
            "1K1m",
            "HxnJ",
            "V1Jb",
            "xMhl",
            "ZDC6",
            "DC6J",
            "On08",
            "WZXx",
            "ZXx0",
            "cIM9",
            "NGCQ",
            "0E2L",
            "E2LH",
            "2LH7",
            "abLj",
            "IL2a",
            "j5Gd",
            "m1d6",
            "1d6g",
            "rXXt",
            "XXtc",
            "fRSe",
            "JO6E",
            "tRI2",
            "RI2b",
            "xzvn",
            "wdmW",
            "i5Sq",
            "o4an",
            "4AS7",
            "vI4b",
            "b2XN",
            "fV9R",
            "2ff3",
            "dgIK",
            "SqF4",
            "Rfhn",
            "CorExeMa",
            "orExeMai",
            "rExeMain",
            "ExeM",
            "xeMa",
            "eMai",
            "Main",
            "msco",
            "core",
            "oree"
          ],
          "addresses": {
            "f": 256000,
            "fff": 603297
          }
        },
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsNET_EXE",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsPacked",
          "meta": {
            "description": "Entropy Check"
          },
          "strings": [],
          "addresses": {}
        },
        {
          "name": "Microsoft_Visual_Studio_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 603310
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 603310
          }
        },
        {
          "name": "Microsoft_Visual_C_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 603310
          }
        },
        {
          "name": "Microsoft_Visual_Studio_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 603310
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 603310
          }
        },
        {
          "name": "NET_executable_",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 603310
          }
        },
        {
          "name": "NET_executable",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 603310
          }
        }
      ],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T135D49E7776934E21C2890373C5DB4E4693B8A682B6E7F70E7145239614063EFEE0B267",
      "sha3_384": "d3af2d0aa192cdd5a36e7f139b3b2573ec55b6e9734b8c3a6bf056a59befbcba2144e46af4f5bf2f7c3587e44fc3c48d",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x000950ae",
        "ep_bytes": "ff250020400000000000000000000000",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x000a0256",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {
          "mscoree": {
            "dll": "mscoree.dll",
            "imports": [
              {
                "address": "0x402000",
                "name": "_CorExeMain"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x00095060",
            "size": "0x0000004b"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00096000",
            "size": "0x00000560"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00098000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00002000",
            "virtual_size": "0x00094000",
            "size_of_data": "0x00093200",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xe0000020",
            "entropy": "7.19"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00093600",
            "virtual_address": "0x00096000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "0.00"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00093600",
            "virtual_address": "0x00098000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.00"
          }
        ],
        "overlay": null,
        "resources": [],
        "versioninfo": [],
        "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
        "timestamp": "2052-03-03 01:23:11",
        "icon": null,
        "icon_hash": null,
        "icon_fuzzy": null,
        "icon_dhash": null,
        "imported_dll_count": 1
      },
      "data": null,
      "strings": [
        "mxyOjyU1eVaBCOKrsEc",
        "vSdliTSKUi",
        "O_\"Ab",
        "QQbv9Tf1oQWJwyPnwh8",
        "<\"28n,",
        "NF2*zM",
        "O5YJGXKOrMUjJNfi7UN",
        "gZlevdHZyA",
        "jfRlcSJNU",
        "8lc{1",
        "R^R][eq",
        "get_Location",
        "/H@MJ",
        "T0oXjDDARMKNwOLf5O",
        "m_e50d96f218d84613ba5bd9a617b3f4f0",
        "DeclareLocal",
        "#Strings",
        "wTP<x",
        "k1}lJ,U",
        "\\R8H3",
        "rHvhfZTjpD",
        "{#nH/",
        "i_0[L",
        "uqxhmmb8H3",
        "azO?i",
        "nD7w0",
        "eoLs3W8gkm",
        "SZk77awEaC",
        "kQQB=8",
        "m_dc920ac92a34434ca33472533bb2c45a",
        "^=/d8A",
        "lnpjfBHHitTcIbxkN7U",
        "K83Qmlh6gtXVsgJN91x",
        "rFRnruRitXWSO9BHQA1",
        "bRw6k0oNXo",
        "tk\\=c",
        "mr4(G",
        "dAgGgTNDtK",
        "t9ahuiBh1J",
        "fxXswTVar3",
        "Callvirt",
        "GEJkIQlhvkOsLULkyM1",
        "?gS(r",
        "XQoQ4NT3ih7kjOXsZWp",
        "OfL(n",
        "vG6uc",
        "V6eek5g6J5",
        "6\\bC'",
        "BGLhYJO1b0",
        "EN6VN",
        "?1\"~\"",
        "[quMT",
        "gLqAwmUqVtdQPLONg11",
        ":vO!p",
        "T'hy\"",
        "AssemblyTitleAttribute",
        "BRA3W",
        "dErCUhlOnPf5DaX2MhQ",
        "DLfg5xGCda1seJdhNxd",
        "HymhvB9Mu7",
        "_ouA$",
        "Dn4KyefZE1WYxQHobvT",
        "X''=z",
        "R6Jd\\",
        "KG4H67arIH",
        "3W&r+",
        "UIntPtr",
        "N|4J$",
        "OBw|]",
        "8\\3>w}",
        "($6!>",
        "72O%G",
        "j2IhntLStUmqMX05eHp",
        "T9OHYMnaySYkJY05nTu",
        "a?TWS",
        "jU<z8",
        "TJP64ilIkG",
        "($\\%R",
        "vz\\yv",
        "5?@r:",
        "zvNU26v89R",
        "jg7Gl1rm3VxOHZX3D4y",
        "E\"%mM",
        "mUzlk&",
        "ehObR",
        "BRgEOiGcwI",
        "D2xe9Ykoxq",
        "=RuXE=\\",
        "iadBYjR0io",
        "7aj$Q",
        "dZ$qdv",
        "m_073f39878b9445e680251b5873d423a3",
        "VTvh44VkNE",
        "CreateDelegate",
        "olvKMpST6L",
        "<O)'QH ",
        "J0=Zn",
        "hYMKsIKc9TVB7OhCBmh",
        "v0GXg0fd88pPxr0u6Er",
        "e0BeiKqIjG",
        "sTvnpWek2nfmDwFdfK",
        "DPPeoMTVmgG4WbymXT1",
        "m_099b6c92f24e435c8eb7a89478bacfef",
        "6fU4W",
        "E8.au",
        "m_5539c661ad0f4e7e99066094d4533489",
        "Vg*frA",
        "sX6GE42BnR",
        "m_537dc3ed79034ac59134387c9b881111",
        "w6_T;*f4_",
        "get_LocalType",
        "EXG7,",
        "XqWPbjHbnx",
        "#]*A5",
        "k#>+Rh",
        "GBTT7pvq9y",
        "XjXo,",
        "B1SEmhH1X9",
        "srf2836LgQlWsOltOhD",
        "FQ7pjNGmuGi3bJO5lDc",
        "Ldc_I4_1",
        "C#q1C",
        "Ra8zcVqHc",
        "($(#N",
        "lpName",
        "rNJ;4",
        "V73rA",
        "uqJTLbPnTk59Mk3Y3cO",
        "F9J(8",
        "px4KaB8pGg",
        "Z\\<K/",
        ">.xs^",
        "x}8v0",
        "2ah!>",
        "CrQ4JYn1DGJce8A2HOx",
        "QDev67L2YLdXVO5oKHX",
        "Y#qd5",
        "Mw,Nk",
        "`c];rx",
        "Reverse",
        "ResourceManager",
        "VbQBVFV0ep",
        "tvwltuLR9IuBHEKRLk7",
        "^u~|+`",
        "epbBn?",
        "J1u68pPW662xJcBNHxc",
        "LUPhqJEmhw",
        "Hashtable",
        "xvAQZ9K5ArSQPRjfSCC",
        "m_bd6c5065737c42c99bc694464bf154ae",
        "w21fV5LNgjFfcjOLH5X",
        "enFThnLfcve3i3iN7mZ",
        "yBn;j",
        "dwSize",
        "Tw7hcUoa7j",
        "get_Value",
        "m_540941d27d7841a683d84c5f658b672d",
        "MrLnz",
        "Ojq/0",
        "iINn56lFFgdWRQoJqSk",
        "JjVrfWsd2D",
        "BfMP2avVBg",
        "S1AH8NJWTY",
        "BiEuqO2WEUSBGMo",
        "FlagsAttribute",
        "#L}>|)*}}",
        "O32pEpUetR7rZqcTSuh",
        "get_Omitpg",
        "cHawEkK0OATIEU27soM",
        "bJelTmGFPRNlLmnEm92",
        "u4ry4fg3xj71WiHqe8",
        "KCFlcDdR6L",
        "'7J['",
        "uEAdobonp",
        "Ora}]",
        "16~S#",
        "z4JhzgW1Wd",
        "m18KgOpAX1",
        "0>O^ek0",
        "qcdTIIZ5PkcfxwSSghB",
        "i4cl1iPcJOewiCBXEmb",
        "=puLE",
        "m_76262de4fa2248c8a143c5df3d18b02c",
        "t*$Uc",
        "wWBHw78RpX",
        "GetType",
        "MLs45FZSTd2TiolYQe0",
        "D$%bQ^f",
        "KvAE5FBi7A",
        "djdBreD2nB",
        "2a2%R",
        "#3rsY",
        "Hi8dEi6RnPKsS0aaOc1",
        "le`R`",
        "dUrZP3wk7E",
        "fVVHe7v0FW",
        "{U2:>",
        "M53iVSRGDot6Bf2vwPp",
        "'2'.J['",
        "E5IsSaV6IQ",
        "YPlePCt9JS",
        "^W@DpXe",
        "22Xs(",
        "b:73w",
        "+-<`)",
        "DNmxNg5q878ibPLGTSr",
        "pP=A(",
        "'\"'/JL",
        "W}(Ma",
        "WZXx0",
        "YxD7LmiwFh",
        "IuSCx5LKPmw8UyqWatm",
        "afV7DbkibE",
        "YdBELiOTBx",
        "UuxKndGpUBFnrfYiT1H",
        "__StaticArrayInitTypeSize=24",
        "ni6_;",
        "Array",
        "?_bs1",
        "IntPtr",
        "nativeSizeOfCode",
        "'#J['",
        "W{^WY",
        "anatkoRSCX9syrsbhkB",
        "vqx3TflsRqkvooLSpGA",
        "zt`Wk",
        "QjaXJUTQD3K88Qy7PMk",
        "xZ9b\\",
        "IsAssignableFrom",
        " /Pkt",
        "NG(O+W",
        "koNpHqhHLE9NHTRIugd",
        "LocalBuilder",
        "LhdS&",
        "bgb85G6Jhf589wybmlZ",
        "\\>QZ h",
        "ii2YcUrRE5CcZXDVaSy",
        "+2T=0H",
        "flAllocationType",
        "CLTUwaIxnQ",
        "EBXlbtPVtM",
        "kytXZjrqtCSYiYSJKJL",
        "wY=F~vF",
        ".rsrc",
        "bJ3sjvLGYtJ2swQwob1",
        "HEp#k",
        "Exists",
        "GPDKfAe4CqRX7ZmkRi6",
        "f_P_r",
        "DDZnIGmGCs",
        "#Blob",
        "WhS4AhRpa4R0v7cJV6G",
        "Alloc",
        "rBXskrqsXq",
        "TaioR7TrmL5kx47wTI6",
        "oDfhe0G82DZFEbPJh6l",
        "SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "taS(F",
        "32.dll",
        "R6vHgpxKxw",
        "uBHMM@",
        "KZ5m{2",
        "lpNumberOfBytesWritten",
        "5;fJ6",
        "iGGB4SVBVT",
        "AIGeKAUYJMbwf7i1nb2",
        "BZF6nr8Yxv",
        "G<)1h",
        "bgh}IlV",
        "sTaGMbqc78",
        "gyMas2L12R17UtFQfsJ",
        "n9q3DSP0BPr7BAvqdnm",
        "licE3V4OMe",
        "Q.AZ5",
        "wawlEbJkLI",
        "MObfuAExT",
        "System.IO.Compression",
        "x87OP8RgSwaEOmlSOxK",
        "T}!<M",
        "PhrsCNf7UU5DC3Q6cy0",
        "m_fc96d90fd49d415e848087ac55c4557f",
        "System",
        "'_`3Mm",
        "Enumerator",
        ".;J.3J.+J.#J.",
        "NI3g\\",
        "m_072bfb4db7c24767846180ed9891d74a",
        "esRPoaHBj2",
        "F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
        "ReadDouble",
        "v,e2k",
        "bytZ.",
        "Bd06QiJeo7",
        "#}_>[\"",
        "hM1eNGGYRl",
        "sYDKpernMCMqfDpRTwE",
        "2a2\"H",
        "}~^.Ql!",
        "TryGetValue",
        "D2XTY9P1yycrVNidrMG",
        "System.IO",
        "'T's<",
        "m_c98a1b611d3d48d8a27df90e65f8c4cd",
        "@j,\"[N\\7",
        "v\"wgAR",
        "EIfYo",
        "=zbtN",
        "gi,S8@h/",
        "clNhp3XcJE",
        "StackFrame",
        "VqeHACljLH",
        "yBwoGGfJSKtgSNXwDIi",
        "BrM6eKbgbx",
        "C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
        "FCH/z8",
        "Ldc_I4_8",
        "aj\\,,J",
        "7zo}r",
        "5uk q",
        "jr.>o",
        "x}'c\\S",
        "yQ6Y3Mf3NEDaVijVdc7",
        "Ly7BoqAOkf",
        "m_b3952c5eaf90463aad06e57e66d22ad8",
        "%rN35",
        "2XgNf",
        "H:`lo",
        "UiRWkuT1WRoO6qvPCeb",
        "Mx1nLpOOyX",
        "xxdKXWEVIW",
        "LrXB1GI0QWLv9kLgH7Y",
        "8,]cOH",
        "FEwHLwORsI",
        "Qi${p",
        "ROFTALAVR0",
        "CNR3P",
        "=h& 1]",
        "zW{g~v",
        "P\\pxH",
        "ahxa.BPb",
        "lB3Ol",
        "kFhsUiInpNdcDrobBfi",
        "Concat",
        "GX8ZZZW9Ou",
        "OHWs1cIrF8VORxxd92c",
        "rIQIkYJPWJ",
        "YqxA^",
        "qAOTUh",
        "3_oa3O",
        "System.Runtime.Remoting",
        "@.reloc",
        "@u'/Q",
        "rhsnPNJKuP",
        "NoprydPxBq",
        "System.ComponentModel",
        "nA0Zl5nxqK",
        "LE0EUmU0Io8ro13fS4v",
        "GZdrPIhaS3",
        ";{PAs",
        "Q(~L9|",
        ";+r~v",
        "aVfBstI61o",
        "n0VnKI71Hj1Hfvpe72r",
        "d@|{iq",
        "UHROQNM8nJMyt7WhVU",
        "bDENPfPVxHreHxZdo0E",
        ".zTJ.Z",
        "sm7IlS9o6g",
        "=lq'Vt",
        "[)}jU@",
        "z|RXK",
        "!:sGx",
        "m_22eafa4717564f83b8fd543fa8bd19a6",
        "Cs2ldNkQOO",
        "P]6X@M",
        ",7z}f",
        "F\"Ki49N",
        "GetManifestResourceStream",
        "iJjG0UUQmwxMnpP7kmf",
        "ct5nWAijpG",
        "~B&?|B",
        "VaWSoBeyS",
        "yI7EaD7ci6",
        ">w>(z",
        "H7tPXrIwrF",
        "Ghwgc4LW7yD5E7lnkhj",
        "nxIdXJI5hrcSKZ39ODq",
        "wj0Gl5i1RV",
        "b8vZbufSroJXELW4RY7",
        "*[N=08",
        "x#;PU",
        "ESH427noWTPxXXDqfGF",
        "eZXK6pL6FSAUKMnJiOQ",
        "mLyZL9lD8I",
        "l`m'sz",
        "Pa8g-",
        "yioMiiTeHwXQ0Ym4Z7S",
        "bILQBvECiUe2MRnXdvC",
        "P2umuYGt6ReeNetbX8i",
        "\\X+av",
        "5FOsJ",
        "A`OLY",
        "u?G$ ",
        "GetValue",
        "x3m>p",
        "~Bwu2",
        "zF2hvyP8GkVDdZG9kvj",
        "Dictionary`2",
        "Crf22ZEG1SWCYGxb5hg",
        "K6FUaOThwb",
        "iUCH]",
        "W`]6i@",
        "XJ@_+t",
        "BCDUvLftRQp4Z7dwhOD",
        "pnJUgjOwlZ",
        "UjrBLSDjZb",
        "lf9Pa2TGtHLERbypKdk",
        "'9Aq;",
        "!d_2o",
        "yBNhBOxcof",
        "EmptyTypes",
        "\\mBBX",
        "g</M9^'",
        "MemoryStream",
        "]qbHO",
        "wxdKhURl9m6q2oNlwDT",
        "<mTif",
        "FnGPAxYGMm",
        "E2KEkM7PJI",
        "If0wWFTWq0OOBYHqU1O",
        "a <z'",
        "Ldc_I4_S",
        "Ldsflda",
        "Ufuzu}",
        "I&WiM",
        "sZeO0iRT9upBM1q67RS",
        "d@'[#[",
        "YDZZjH0tut",
        "ocL` Dy",
        "J:\\IjM",
        "^:Nio",
        "m_e30b53871c1043af98ae565556077eb7",
        "fgqeJFeFf7",
        "erCKC",
        "($ !>",
        "BindingFlags",
        "CuoUXMDV7r",
        "!)Kn<",
        "kd@Eh'",
        "e9wsOQsG6r",
        "k|#Kx",
        "\\;czo",
        "t86lydKFcc",
        "'zwl%!",
        "lerZreo2uB",
        "T2\\8y",
        "iEaZH5v9AX",
        "B}0#-",
        "Invoke",
        "-8U\"0",
        "$n4].P",
        "EM7GimN7MA",
        "yANnyhmG1exx1k1",
        "(#\"`^",
        "get_AllowOnlyFipsAlgorithms",
        "CharSet",
        "o9QbZ6lCGHIYeQI66Sf",
        "Q7dQ7d",
        "m_dded5a243bb54fed96bfc6bc474aa244",
        "pg!aZ;",
        "grjFKrRUpMTbGmDKCQM",
        "MakeByRefType",
        "9f<Yl[*f",
        "\\;)[+<t",
        "gq1EgOyXl2",
        "m08R8ifGeSPJJ2Vn5Lc",
        "C8GwpUKninAGEBNSL8V",
        "ASiHQYZ2gf",
        "T5RBv2ai19",
        "JLos1Dhorl",
        "m_ff38c5a6f63042468adb5dfd67d81732",
        "gEHrfEJaJ",
        "O4UBp22ybk",
        "ComputeHash",
        "0E2LH7",
        "mN/)1",
        "09O<`",
        "HXXkwC97v36mypeVYM",
        "{iP$*",
        "2a, +",
        "cHaZUFMjtx",
        "cPdK2Od0VI",
        "ymlgoaTKIRoiTar9WQ9",
        "u#ZLeB",
        "bfi-%",
        "U72H2JkfIP",
        "km4DQ5LVCSDvKgHw19h",
        ">mGqb/8",
        "7KLWgJ^u",
        "ReadBytes",
        "RLgKvXBRFX",
        "BeBeaowpmY",
        "pirkC5R2jl50EedKOnQ",
        "SS5KzU73oH",
        "p{E/{ac",
        "Int64",
        "riMsjsJASg",
        "Cg1ra3IAMY",
        "Microsoft.CodeAnalysis",
        "L5crm3IeNcRWUAXjKdy",
        "QG3SIDL72Z0LWjLswBe",
        "OfJPyYGGrEo3YWI763P",
        "D78Ct",
        "odXrMH1wdH",
        "GE8ZtClSpD",
        "JQDh1ZSgiw",
        "w0lKA1OwuY",
        "xCOBDubOPV",
        "($+\"H",
        "pb6Fry1gR",
        "$12016879-2943-468a-b5e7-eabdd91d8ee2",
        "nrEv>",
        "8WKhz",
        "D6iEcs6wqH",
        "Ke7y^",
        ")K_a>h",
        "\"ix,]",
        "J7AsuoIM2x",
        "zssMG",
        "/91TRMj",
        "U~YpD[C",
        "X([m{",
        "KKQmlLRwrFICLfdCMK2",
        "nc1sCSnvTC",
        "Vh5syBVEZf",
        "`{M-9W",
        "UV7af7r4xrZcCISZQcN",
        "List`1",
        "Ldobj",
        "gML6gjTQTC",
        "(1#!U",
        "-0IGR",
        "YZxE2QwFuG",
        "m_84d4198945cf4b2297c4cb602118ff7f",
        "M1IBmvpeLt",
        "GP4KXDUp154wYrFCtcJ",
        "Append",
        "d2Ef:U%",
        "TXE[B",
        "Yl-J;m_",
        "kw,X_",
        "](Kl;a",
        "idXdi7GOMKmnSq6MRZn",
        "wPuEp6SG26",
        "VLzv:x",
        "Ge7t2",
        "8-coN",
        "a@8Tg@~J",
        "xB0SDlIVE8M2TYqcsLX",
        "aA0HUYSuRT",
        "&n,3}XE\\",
        "IsNaN",
        "jSQHtyjMPQ",
        "P4FlHEnDOB",
        "qve6YiFZru",
        "7a^>x",
        "m_89a266a2ebd140cbae6c02dd044e0400",
        "Qv2Xx5rpEZgu0621hfp",
        "Ldc_I4_3",
        "uDwrSyg0Dd",
        "#Y=ghp3",
        "Assembly",
        "wDh&b",
        "'?d['5",
        "$=56N",
        "bdac{$",
        "nC3h0gFnc2",
        "==Upn\\",
        "GaKtxXIqMOGG7EiDT2i",
        "KkdPwXPukYfv2TcDLP3",
        "pg5BBDVWTr",
        "d}Q1H",
        "]l:`;",
        "[\"~f2l>",
        "MoveNext",
        "X0I]<",
        "L6TLLrLmbFjyDparSvM",
        "8_2|+",
        "dgIK,",
        "NUNsO",
        "lx0BPJp2On",
        "GetHashCode",
        "K3N7El22Fk",
        "tJYnUqlZju",
        "TVWPU5vcV0",
        "HrUWhteWbl0NpT7jnRJ",
        ",yU[T",
        "($Q$N",
        "f9DRwnZouqJtBI4o3P3",
        "vupb8",
        "m_2a03807fb3404a00ad218e9cd6bb1173",
        "tNADkJG4oxgDiHCIN35",
        "GftkiPRkXI4pTxK7RhO",
        "r\"D<%",
        "rb_ul",
        "S@GhR",
        "nwjHzAiqBL",
        "^tXxy",
        "s&WPsS",
        "set_Mode",
        "fKl6q01cNL",
        "j@\\L#",
        "lqN2G0KExuMfavIZHCA",
        "m7NGoZHEmj",
        "wgqN7OLem4FLQAnhJU8",
        "Uh^@\"L",
        "6{_G:p",
        "WuDPBgw2jC",
        "EsyClrLwFvPXZ9RcZgC",
        "PPooX7eh6TNC2EmFUP2",
        "P[P9s+",
        "s8PEqMWuIp",
        "$<,\"R",
        "7Ai0k",
        "AhyhHEUFryR0ueeHfCw",
        "Ldind_Ref",
        "KDBiki",
        "<uAq-",
        "H,tdaB",
        "System.Security.Cryptography",
        "m_99917951f7534bbe81016c5d053fec11",
        "A7{#!",
        "'.J['",
        "GetName",
        "ysCBgulQLVV3QIyevRs",
        "iTJg9l6IfQ2Tc5gkYe.4fA0eIhH69ZoXcl0by",
        "hf/1nHm",
        ",x]#@",
        "sF9lgEvVgc",
        "\\}>>J^N",
        "cCOtsJX1l",
        "zLdl7UgRgB",
        "kE356",
        "x_gcr",
        "DtbK9Qe5vx",
        "3Ng&:",
        "2a[$N",
        "MakeGenericType",
        ">jK9w",
        "ih;M!c",
        "<>9__12_0",
        "WY4ON",
        "get_ParameterType",
        "BMxE89",
        "c7jEJDfueeGxILg6cHG",
        "U7F8A4rYqJ2ZQdh1NMl",
        "fn0QUuURGMUER1peMoI",
        "JdtDJF\"",
        "YI37l5uBR4",
        "DaCfjQnpytIxMfeQonv",
        "hQI&Q",
        "B1RsZufXixBEOhsfgvL",
        "e%\"{x",
        "CipherMode",
        "System.Reflection",
        "m_c3c3ae08b0dd411799d3d0f8cdaeb9d1",
        "Uc_J%:",
        "slwhbguM8j",
        "paramters",
        "ox12UJUZM3aWAF2tFW7",
        "KedTgyFC3",
        "<}>7F",
        "J'rDZ",
        "T7MhRDMcvi",
        "NyGrs0RYV89gQQZ0x9D",
        "Z:tYy&9",
        "Au,OE,",
        "LR1DO",
        "YnRBqZa3he",
        "_MI1.",
        "dmDnN8YWjS",
        "Q4m4WxwqHJLsZ0ZV1p",
        ":$sgdB",
        "xrrKSe2jgd",
        "J&E5o94,",
        "$Lqzr*",
        "]!1DE",
        "c9oUswf8SMtC3unmyAM",
        ",R7Q@",
        "o]yn]",
        "m_05e0ee85c1c04918b6940ed1408a6fea",
        "2at$N",
        "A1wRc4LBZ9ynMaRvHC4",
        "ekJCbABmLGs77U1b9R.L8RUNjK99qgMXaV3Uo",
        "_+,\"G",
        "MSgrbV6yaE",
        "8f_PVb*",
        "j9f1IGGYUVFCg4S9GSp",
        "DynamicMethod",
        "RP6scyejX1ere9FRY8R",
        "EeKPRjl1pYCAALtqNll",
        "V*fFvIO",
        ";7}#v",
        "typemdt",
        "I)xt$",
        ":')t~a",
        "bWM7bsLCP7",
        "tMWn59TXkN",
        "49+Cl+",
        "'b:b.",
        "WTArw",
        "Attribute",
        "Tg8aMofgCCGdyI8pNlK",
        "m4ovJkZyiaePCH9Samm",
        "ffS)T",
        "lL'_Mz",
        "ComVisibleAttribute",
        "EditorBrowsableState",
        "/_'`\\",
        "InitializeArray",
        "cKWH*",
        "OOCUBtr21p",
        "'8d['",
        "OfE1sLUj2HEEDN6KYll",
        "e0llrHRLD8SAj5dlaN6",
        "Y9V3X8qiTW",
        "[9#,$",
        "sScvjfLuJw12gB6qPcj",
        "r6seDcy10q",
        "GetTypeFromHandle",
        "Version",
        "ValueType",
        "th17fCEJ0X",
        "DUqHSrIZhB",
        "sDGTky5TQh",
        "PXZV8kecy9bmaFd3ywu",
        "hJrTdRKUCJfQy5ih3wd",
        "MsnSRlR0keyCJpfgus1",
        "s*>WEb",
        "EANnJx5j0h",
        "qs379u1oS7",
        "JI4rTP5IQ0",
        "D09KkCH2FJ",
        "MD5CryptoServiceProvider",
        "H3QhMGjsan",
        "mArIwGXCEm",
        "CC?RwLF",
        "DebuggableAttribute",
        "EditorBrowsableAttribute",
        "lETua8KVGFTFNnuiEw4",
        "__StaticArrayInitTypeSize=12",
        "zaJLmWfVI73pdmBSrtP",
        "b7ZHI2euo13rvdM2kvn",
        "MulticastDelegate",
        "Monitor",
        "A,CgK",
        "g26GUjEZ7a",
        "#|<3D$4Gh",
        "U3gA+",
        "wm5qBthe7PWiyp6QwXj",
        "qGt063r5GJBrTW4faq6",
        "GetGenericArguments",
        "&6@Hs[j",
        "m_bc46424e3e2a414b87d3ded325ca4037",
        "Euex6WUnqFCfZEDVkRp",
        "2ft w",
        "--(\\e~q",
        "XDbBE6I08m",
        "set_Position",
        "La6TPBwsft",
        "S5CS3I6iRaAlKeCbfkZ",
        "\\{q/E,",
        "VVK7IMB5JY",
        "nJssqXHRXp",
        "Upln4Zf2uWmJ2tgBYGA",
        "Od!gf",
        "Tf-MiP",
        "If{pS",
        "TY7431+f",
        "R:2ff3",
        "Osa0B*",
        "#F[7H",
        "(^Y0ra",
        "V\\0u-",
        "{f(/x",
        "PFYBuqfIsR",
        "L4L6Ck62Zh",
        "Xt]1OO",
        "4H#@AfA",
        "FlushFinalBlock",
        "2fl-Z",
        "xU5KTNhi10",
        "rDTgcQnXdoapjb3orKB",
        "cgBlMrsWYe",
        "tMXBbPjCts",
        "qVwR]",
        "?_ds5",
        "wVSHaqPFXWFq3notQ9F",
        "jN1nw",
        "oA2Fk1eFYgwisMxb4Pi",
        ".ZDC6J",
        "xQRBGtrfvf",
        "('8n0",
        "@FaGkP L",
        "AX1MdQZclsPF6DlecJ9",
        "MOQRZx",
        "m_5510e1b68fd64436ac14e0e45af4efab",
        "cPqEG7IsYReEGbm4AHL",
        "jWj6NkcuGN",
        "D8cnT3ltIB3GCJ9DmGV",
        "vQhKJpW07a",
        "Y<cfq",
        "lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet",
        "Int32",
        "VTXBeTND2P",
        "_CorExeMain",
        "fO1rP",
        "S1OhraoyV6",
        "RPvIzEfycd",
        "splZUgP4vy8SEQ4Wxb",
        "YoEAByBzxC0wcOeTM5A",
        "heWZVe2ETX",
        "Htdzey.g.resources",
        "-6h08#",
        "#1fM\"B",
        "HEb6RbPRSUGn76dfTuw",
        "GeneratedCodeAttribute",
        "pUd6Du5msl",
        "eyu8ygfwydFLBRBGXbt",
        "Py86vwY8GI",
        "Object",
        "get_IsStatic",
        "t?89;]",
        "vn0jxqy33",
        "7XSpTyut5BQOT7ANvD",
        "M0AU4uUWNxhN671dmjH",
        "ResolveMember",
        "cZj$9",
        "doT)@",
        "a+zg%3",
        ".)-o/",
        "[(D!D",
        "XngvpjlRNdh7QtUBINZ",
        "2aU#N",
        "vVGPKJ7HJILhLkXU7lr",
        "zTCSeZKrw5PThQ9kuxF",
        "rS8TvVyvkX",
        "PatdRz",
        "b1J;C",
        "($l#N",
        "xGRT2MGRPW",
        "unQhUhSGiG",
        "uCq%/",
        "ILGenerator",
        "}/tl>@!`",
        "[KjIF",
        "yAG W",
        "BZunCuLTO55KqLQPc8v",
        "tctyWiRzQVUZN2pYnX7",
        "Cxxy82TIyVYRnK7jGeL",
        "2aq .",
        "Nt9E{",
        "\"x5KaA",
        "m_f10c8a0658784fe1b3493271f1ffbe90",
        "m_50b85bf61bef4152bb276fe221a04353",
        "}X)Ty",
        "sY7lTbDcEx",
        ";TO1n",
        "R3x*Pih",
        "Q3V7nGW3Fp",
        "]0'7GQ",
        "<PrivateImplementationDetails>{987D5E06-59D6-4C51-9ADF-C3C0AE4FC498}",
        "m_41436c7bab6e414e8e9fc07a40cf1cc3",
        "E[n=p",
        "Protect",
        "kp0pmofeErPQbEGMeIu",
        "-ufL$",
        "XNr'MM",
        "InvalidOperationException",
        "Nj>mU",
        "6u\\\"Y^ ",
        "6JKsu",
        "SU1gC5Tp0jnRwUXnV2V",
        "2aw#N",
        "QBEhjhneCg",
        "L*VsF",
        "VgI2.O",
        "m_02de2f24483e4f9381a5b4c4ff288a4c",
        "GXVZMTfbeF",
        "set_Item",
        "result",
        "glaPdQrxKy",
        "U4tF{",
        "cOYeHy2qUi",
        "Hv#/CFdq",
        "GetMethod",
        "i7GZRmlBmN",
        "G\\KLz",
        "L4Y7c5dJRb",
        "qTIZ4MyksM",
        "4T`a%",
        ".k~-sn~",
        "RnNZwTywDV",
        "-hd$C",
        "kernel ",
        "eJOIN3jOp1",
        ".%P ~'n",
        "@SqF4",
        "GHKeTUwHEh",
        "<Module>{b8bddd2a-a952-4523-8049-3c5b3829d6dc}",
        "Ldarg_1",
        "cT7IaUloeh",
        "p1C ]u;2rkKY",
        "3<;w/_(T'S\"",
        "i%Cm,",
        "ArgumentException",
        "m1d6g",
        "tOfTB4qGcQ",
        ",FfXW",
        "DbJM2EGrhNfPjSpxjqd",
        "RuntimeFieldHandle",
        "ChangeType",
        "\"tzMm*v5}",
        "MethodInfo",
        "Ldsfld",
        "Ldc_I4_2",
        "GetUninitializedObject",
        "PVV4LRGKkvJ9P1cApvr",
        "841F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
        "!l`B7",
        "=3-!8Aw=L'",
        "&zLU(",
        "m_37077beea53c4f9785a43d0d0613adb5",
        "OmSllseAyJ",
        "abhloxhG4E",
        "iVjIM6TVPg",
        "sqN7NaZ6AvxHnT9qCBr",
        "m_8b1e919bddc64c51abc011e9a7fd1682",
        "_vFy|",
        "boGDV",
        "IEnumerable`1",
        "i_!L;",
        "?&o1d",
        "CG8qinEt9LQI1QtKt",
        "'2d['",
        "Phvd14fT3x6nDuvbSyi",
        "VMTmrElmIvEjhC5FuTB",
        "abYAC8fI7T7gBvo2b9Y",
        "e^+kh.",
        "d.]f^+",
        "op_Equality",
        "4lH@}",
        "ca4IjWrCbTOwqvLoQRy",
        "cS96BjCIZ6",
        "'*d['",
        "y0fHrL9SOV",
        "y;FlW/",
        "&2Pfx",
        "xc9TfobJr8",
        "Ldflda",
        "flProtect",
        "}mQvi",
        "__StaticArrayInitTypeSize=32",
        "GH9gG7PGLKFQPpInTTL",
        "System.Text",
        "DeOU9HkxbM",
        "P4{)*",
        "R9ss-",
        "Q9h:\\",
        "hXssQo5Vw6",
        "j/zC=",
        "Qa3EFsRxnc",
        "x3s6Eqs8uY",
        "WDtdbmRI7UkcjQja7ax",
        "RhsJSoI1EVdnAeAScnx",
        "ayMHD9QEgo",
        "lnpvpoeKwkyLN3t5Wox",
        "#|c\\0",
        "l<=fM7",
        "Ak%Pb",
        "R&ES/",
        "}Ew>G",
        "Ht5sJUqeNm",
        "Ubl3w",
        "SJjTU4SrDe",
        "get_Position",
        "x[+;,",
        ".o 9]%u",
        "g47BWrCWLV",
        "cCP^K",
        "4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
        "callback",
        "9LALA",
        "Or6IfuZFs6",
        "xNRQwKUtFnYYN8ds6Rv",
        "hPOlDWVluo",
        "ihA6wVTQD1",
        "WuRPM0O3Cr",
        "qDaefPetNZYvvwgVpCP",
        "m_64bc0d950f994adfac79a0cf7dcd0307",
        "jHMZUB7PSB8BFaPtMWe",
        "GbW68qRytHwLwsOhW60",
        "<Module>",
        "GZEGzpNgCf",
        "j3cHN6JMun",
        "QY86bPQ0cv",
        "TFxEzOYU99",
        "Nwlgr",
        "Cw`?p",
        "du9curL8hdgUrEbGZUr",
        "MsJI78MJLn",
        "WLaTau2P52",
        "Ldc_I4_4",
        "V>,%mLC#_v",
        "W,w|'",
        "FEJOEGeIrT9K7pfuK57",
        "SKJNgtKIXnVETvnXa68",
        "^}o#Y",
        "LoiZ9D2pZk",
        "v8x+[",
        "uT:,Z",
        "phkZCOMtHg",
        "7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
        "gZ4PTijZKT",
        "CX7Tlfqyes",
        "IWSlP3d4Tb",
        "@^B4P",
        "bMPG7FmKNv",
        "Handle",
        "]X|Ul",
        "GetMethods",
        "gxoPzJu0II",
        "ksp6SUFXkx",
        "SNoTL3PLdP",
        "v4.0.30319",
        ".{>[\\",
        "m_7168cb2bdb644ae0a076c3dddf999620",
        "ag<M<F",
        "set_Culture",
        "kNhhKC2n6L",
        "m_8394028c75be407da3d985eee62ffdc1",
        "mRvUA5kZKC",
        "wdLr9illvs",
        "get_BaseType",
        "w)3V>t\\",
        "get_Assembly",
        "Hn;^E",
        "usD7NY16cp",
        "m39UMWfp4sd384et0SF",
        "7#Akm\\",
        "Cv5RkZUrIhrNK9QIPrw",
        "`9iSF",
        "`R<* p",
        "ftZYkqex9qHgslRKkUB",
        "sgZ\\I",
        "RMC7gT9JDL",
        "vdrGNq7NZk",
        "dv|yc",
        "qFmlv01FDv",
        "sJEs9xmIwE",
        "zefdOA7k6NVlTE0XMr4",
        "M@9!R",
        "mX\"^d",
        "YsV=8",
        "5bZ0i",
        "<X:og",
        "IDw74Xy5Pe",
        "Be[-H",
        "f%*9W",
        "KeIIT2CxOy",
        "9K,oo",
        "WcoHMZvxIU",
        "<]_\"8",
        "4*YRrA_",
        "=WW+{",
        "__StaticArrayInitTypeSize=256",
        "j5?Tu",
        "XZ9Hsu\"{",
        "q;0[g",
        "OrSe6hIiIL",
        "rNzkX",
        "@eAU*",
        "MWc!dS",
        "bInheritHandle",
        "M*/(q",
        "bIfEDVRvLp",
        "t8x7usIGdRAoo5mQpmp",
        "get_DeclaringType",
        "XDLoffr8R4EK7XwJJpn",
        "_hW+y",
        "UlOfakPKb29XMN2qBnN",
        "uDLh3unYbe",
        "RQ6o >",
        "GaVZDTARiX",
        "XPHPgHX0yP",
        "WRA48bfoT7rXhMhs9Cc",
        "|[dU0",
        "`i4rOL",
        "Comparison`1",
        "Unbox_Any",
        "7i{ 3\"",
        "wtZZbHtifZ",
        "wvCt1semMHYMxJdfrq2",
        "tY}GTZ,",
        "59058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
        "WrapNonExceptionThrows",
        "IZYTiIY3uo",
        "bJyANdL4JXOj8CDZ4vq",
        "tL<Yr",
        "NullReferenceException",
        "LLIO3xfkL54xFuh0pVg",
        "NOSvdaP6M",
        "ResolveType",
        "f%jO9",
        "target",
        "%a+Hr",
        "hBBT9ukaHB",
        "fWHKHCBMk8RmiVZU7K3",
        "'=J['",
        "QT?'J",
        "Ni'K3:",
        "CsWkun6A9Is4RyqD9vJ",
        "LPvUcef4WnCZklKmyAY",
        "AssemblyProductAttribute",
        "ReadUInt32",
        "edDYLYZdyGOpcxZ21y1",
        "'=-{<",
        "B4Wd:R",
        "wJL)ne",
        "|AQ>y",
        "Write ",
        "k9SsB",
        "{Zhu} ",
        "'Q)C\\",
        "CreateInstance",
        "SZN\\{+!",
        "w:U\\p",
        "?_cs1",
        "F9wro6CNG0",
        "et%w(l",
        "J+uQd",
        "yvPyd",
        "Jb3e19n0IDVhGdJFPrM",
        "aANZIXAJ3V",
        "FileShare",
        "c^vlnI",
        "qFBhwiUIpY2WrSKd1o7",
        "m8DE78A63BFBEA70",
        "aNrno9BxSZ9C94I99VC",
        "OpCodes",
        "RcsKyfhrRO",
        "shuedxlQkH",
        "mhZlAkKA5D",
        "\\#Twj",
        "byv7AMsX9u",
        "1~|3ZF",
        "MILD # Qd",
        "CVEIDvyOR6",
        "LtWHvWZdeP",
        "yeSSUMRC2gLxa8gJ7Vs",
        "Fb<MY",
        "W8rnh",
        "^z~Mj0x",
        "kgTH7kXOjo",
        "flags",
        "Z,x_C",
        "A4HaU4Kut45feEMPExx",
        "get_Module",
        "z:_v['",
        "GetElementType",
        "i0XQl9UoSkFPZs8HTp",
        "3Yc.Z",
        "lj7eyIKt3ZTs1VmjDww",
        "Omitpg",
        "Single",
        "KaJ|>",
        "NotImplementedException",
        "gZm6WvfsFF5a2BuXFDR",
        "W$:}2",
        "TYMBMAK68Q9Tq6wWS7y",
        "rpDt8NRApEWJxLBWuLX",
        "2a> -",
        "D5&>F",
        "Im8E0cL5BO",
        "zMVsAseQ9X",
        "xG2h9dJcHa",
        "aoqbZJfnq7ir5nPJAwW",
        "n-UF\\",
        "{,PA<",
        "ResolveString",
        "Gd=zG",
        "@F\\vu",
        "&N/i|",
        "value__",
        "FGU6ZQRuZe",
        ";.CJC",
        "Unbox",
        "Kju633fVaA",
        "f>uiA-",
        "rOjCZorAEL2T0AfbFR",
        "6ih#3",
        "n5NrBXTcyrXpLmNoDlP",
        "Vd82gml0O47Dy4IsvoH",
        "}hB6!",
        "AfwAnfTshDlpXhODVEb",
        "u|k9F",
        "i*QB>(/",
        "gPJUwf",
        ");9Y~",
        "AttributeUsageAttribute",
        "Nm}<I",
        "j\\4Y#",
        "B!=,O",
        "!Bm+_",
        "x%mw,m<Q^)",
        "QnNhV435K3",
        "Htdzey",
        "!\"9sy",
        "hp4DYyh7viWR6qKnohl",
        "m_901a84b0d1e143deb562fd17ceebf571",
        "h3EUHD6snJ",
        "W9PMk",
        "yEKEIT9iwd",
        "^%m,\\",
        "6:`A@",
        "_6N vY",
        "hgMHd2o4ca",
        "/=46o",
        "X&XcM",
        "rvOOPCRFTAD8gsFqFOa",
        "wS^,[4",
        "GetProcAddress",
        "CreateDecryptor",
        "ImrC1SRMY0YOHZ9naWw",
        "CEPGPG8T8D",
        "EmbeddedAttribute",
        "'9d['",
        "XwTspJKEdZ",
        "s5iCBZeZv7JBKB3ZW9y",
        "m_59e0f2643f9144f487a3ec082abe60cf",
        "kernel32",
        ".nhA5",
        "L\"gu#",
        "6t6ZC",
        "i1v2PZm0J",
        "nwFBfCVmok",
        "]quNV",
        "geImdmhnnVeAf1JOWiO",
        "nIa[n",
        "/G.@|",
        "%\"sx%",
        "qgVXSPLhIl5ci7ZHZAB",
        "rufZBX3sPp",
        "m_0703956e92e24d799e36cb1bbf898ddc",
        "Jk-3P",
        "eKTKftR1erKf0Ocm7yJ",
        "@a57X\\",
        "m_0c4de8d8af714262b1a19f804407e32e",
        "C5S-v|",
        "ajZZkZ3NSZ",
        "EfhnhGaBQq",
        "3UKk}9",
        "YC$ex",
        "qTOt/!",
        "Gr0s0jcpV9",
        "Y0pHusBnt0",
        "rFVptZ5YC9Y6LtC93FG",
        "WLKHoQEM3N",
        "Marshal",
        "81k\\s",
        "W9.)Vb",
        "FormatterServices",
        "sZ8F2",
        "dxNXlPTqkgOYCTVwn2o",
        "Dppe7RNBLb",
        "]C:.&>",
        "@!YaS",
        "#3n2o",
        "AqRrzUbAZI",
        "MXMN61lpbcTboB84aa5",
        "DVYlSkenBubjFM0x0R2",
        "qkglB9OMNf",
        "unsUCmPYWk9J44dNuch",
        "Ldarg_2",
        "__StaticArrayInitTypeSize=30",
        "G/K>1DF",
        "RQUuV0PhR65FVLDNOHp",
        "e5tl69g5Df",
        "bHJ|X",
        "di(I&(",
        "m_0b67444dd74b4ac8a27c124c8240277f",
        "<Module>{1F4B02DF-696E-486A-8B35-F56CCA1C23C6}",
        "f4u7BoF1Db",
        "FvkZzI2gUJ",
        "w<\"r1",
        "jdYAy3IjjXrJE8SlxTY",
        "1A[$\"*R;",
        "2z{B~H",
        "N8qgDAPCkMR6kecLFQX",
        "nb3nyl2puH",
        "Ldc_I4_7",
        "c6vGDr1MKd",
        "z97p+t",
        "{e)Z9",
        "?>@>A",
        "y?jv0@",
        "UZxE]",
        "FieldInfo",
        "FileMode",
        "m_03bdda1abd0d4f0b9529f23045710b71",
        "I9YGd0UupLOvr6Pa4gA",
        "o+<ICJ",
        "L`?) m",
        "DbpBI6NxEp",
        "ap[%Q",
        "*|gyD.N\\t",
        "XN5BNJT4IGjydrv3T9n",
        "Wj5KDxBuga",
        "+Jvl}",
        "D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
        "ObjectHandle",
        "V?!R$",
        "fZWrWaKqtwaBqdVF0b4",
        "Stream",
        "m_a08cf5257c9540ffacf5c7f96fb6bf31",
        "get_HasValue",
        "qG50RmhhqnDRufSqkKj",
        "Nullable",
        ":N:tD",
        "+i0AX",
        "'='3J['",
        "Encoding",
        "0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
        "I,1#)",
        "o7flSXKKy8",
        "m_74534355f0e94cdba9309ed01533095d",
        "^KLZI",
        "xtmuy",
        "MhDBNAuxeb",
        "Mt1Veh78BubfcaBLG1Y",
        "X7uTXcTHDh",
        "bIpEiH",
        ",9?Hc",
        "<ZTTC",
        "HxyYwdy1J",
        "BrtpQQanV",
        "UZ[s>",
        "ooWN!",
        "pP*w!4U",
        "evyU7ZuJVm",
        "y5PjCFfiA5UAgJgffR7",
        "\\TgN*",
        "YLm76ERvQR",
        "A>DXq",
        "Exception",
        "AXjK2DPeCtjdlGyd44C",
        ">Z<RM",
        "ySxIiOfFdrQJxGkdyGk",
        "eTuEXb5iy9",
        "P`Sdy",
        "'k4\"u",
        "$8>9i",
        "kye^r",
        "_]MVV",
        "System.Runtime.Versioning",
        "!This program cannot be run in DOS mode.",
        "TransformBlock",
        "U?y2Kn7v#C",
        "G0PLweZFUarMcHkd2Ij",
        "(${!>",
        ">'k8+s",
        "'aeur",
        "{{T_.",
        "_?tBF",
        "System.Reflection.Emit",
        "%``{i05",
        "LliGbGp8uu",
        "nyJosAerrOmKAqOIpxU",
        "f^XF,",
        "JuiOVhRKbrpT5boaJx2",
        "Stind_Ref",
        "CompareTo",
        "#?z?M",
        "JVPoERU3E474DndoDDV",
        "&3't/",
        "jFZCva",
        "{cm0W",
        "cssP9fQvfX",
        "GetProperty",
        "tyXBRPk22r",
        "SRTESUHnMlWtoUBmlCn.lnpjfBHHitTcIbxkN7U+CrQ4JYn1DGJce8A2HOx+NCMGydn9EkFcY1lRG7A`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]",
        "VkDEJGwi0O",
        "%dqt/kf",
        "ToString",
        "qgn){",
        "Ldarg_S",
        "m_86bce48724d64269bb2956c77d2c9ada",
        "UInt32",
        "Cb['=",
        "\"\\\"Zee",
        "3`HkN{",
        "qZWKPRvtUw",
        "N%9&,",
        "Kd_}=",
        "PaddingMode",
        "ResourceA",
        "GetBaseDefinition",
        "`cAbg",
        "]>wF`",
        "TnyXn6LPMbe3JXo01P9",
        "vdR6mpgjMP",
        "Int16",
        "KpfnyiRtrsFp8WC0FXA",
        "g5CxwOIRP8Ijn7K4xC7",
        "ra1Z2SSq3u",
        "Kk8lXLO329",
        "VSa0Y",
        "TSwuArZxMcJgGs7nO94",
        "=o`Oec",
        "UH0kpJ",
        "Um7VV",
        "\\S<BF\"",
        "m_16fbc231e6324a0f95e337cd94956537",
        "M5jXTAGZ1CKe4rPOhZ6",
        "yZRIJoHCRZ",
        "OrFrvpuBER",
        "te3hTD4B7F",
        "b2yr2b0Z8E",
        "]JWkj7",
        ");nu4g",
        "ResolveField",
        "System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "DCG7RyqXEF",
        "DOhIPpGl7M",
        "I8chQAHsa4",
        "oB/sS",
        "lTVB6VghP8",
        "9/la ",
        "OO+?F",
        "KSArKIG3UhgndsSlqRC",
        "N8V6O1X4yx",
        "m_d7d5e8a982a44cc59856a41cf2422189",
        "F#KCwY",
        "sabcst",
        "sAplkCA3SC",
        "NdkEIQrrFMdB5jH183Q",
        "InflwpE2p6",
        "i-c&i",
        "P f&c",
        "Giir6unb26",
        "KDh>~",
        "LoadLibrary",
        "M6SKitZIFF",
        "<lQ<]{L",
        "Ms1hkNwyvm",
        "4wG-4",
        "(1G5Or3",
        "6~G.RK",
        "|NuwwGp",
        "set_IV",
        "sIwALYGul5cr8lUycv2",
        "g5862uKrZU",
        "\"$E>/}",
        "HuJc5|",
        "LQ}eK",
        "tFWHKlMJC2",
        "o4unxurZc2gToNadJSp",
        "TTTHTNb0Qc",
        "AKmwfje5nOjm9Tc5AlY",
        "B8EIqjGIQdIdklFWgWm",
        "od0riK5tqi",
        "BY)LM",
        "lfIBXkFaTA",
        "@*L\\pE0",
        "ugaPapTKls",
        "get_Name",
        "vp97XCnjgR",
        "YBBhxGLlpEnafpQkSTU",
        "RAq0UolWatajXeQCgxx",
        "bowB0X2fZ8",
        "Bp\"6X",
        "yK06gIKxRqHBFoeErjs",
        "XYBnwsrukPqdYQ3Kso6",
        "`[6lJ/_Zs'",
        ".cctor",
        "dtZVs5ct0qm2aZmw5X",
        "IsbCYAGjWjB0hqJhXDM",
        "get_ManifestModule",
        "X3GPPSDH0M",
        "hME$WV",
        "n3'/q",
        "2uS0a",
        "RhQHJAlsHJ",
        "3R\"Ez",
        "@D:*U",
        "get_MetadataToken",
        "Acg5EHnkSubsx4ilADa",
        "pO'h;",
        "Efyfqp.Properties.Resources.resources",
        "J\"hqo",
        "p{fy#",
        "BO8\\6U",
        "'@I\\Oa5",
        "Zu;*5",
        "GetILGenerator",
        "GKOTMEFcVW",
        "QTsnRpOcjM",
        "nfFAF8ZGYCpLmKaAggM",
        "EHJrHKWftl",
        "flNewProtect",
        "sjqhZjJjU0",
        "?ljXS",
        "QTYeBAQOd1",
        "AssemblyDescriptionAttribute",
        "g%#?Q",
        "+3x<gs[",
        "uNMnnK2Mlt",
        "H]SkP",
        "IENXlST0s5B0UrfCHYU",
        "nativeEntry",
        "rs-u3",
        "Kyc7luP4MleWGXSUebt",
        "stuCEPhCA",
        "leYBgoeqMB",
        "nsvewIf5sG",
        "VaY@-",
        "\".Q|3",
        ".NETFramework,Version=v4.0",
        "oe#+L",
        "B9#e]",
        "Gj8VpfIW09A9aX7h4VI",
        "AnVV-",
        "AssemblyCopyrightAttribute",
        "tuxhZQpTUPCAnstw77QT4",
        "EfW,L",
        "!;Bgc",
        "hFPEQ07XSj",
        "set_Key",
        "P7nER3EMBI",
        "get_MethodHandle",
        "EqjeloKLGb",
        "DOfIgguYln",
        "&xt:|",
        "|P4`_",
        "YwRHxgSn6O",
        "bIQOJ9r0bVEdbDZ17Fg",
        "m_2554099822f34631a849e9761bb1acd5",
        "XFCZAARaOx",
        "'$J['",
        "TUvWurRJB28x4ZfS27A",
        "wpQEiiYlqT",
        "TargetInvocationException",
        "Ldarg_0",
        ")CsG@8",
        "SZNZW5LIdc",
        "J3clzcCXYW",
        "WdnHhygSfN",
        "oJOHP2wcRw",
        "WElQ/",
        "op_Inequality",
        "FhN@RnXB",
        "8 .hw",
        "5Y]|X2",
        "2a{%U",
        "hx^OM",
        "Auk7ritvh5",
        "FreeHGlobal",
        "zc9PJxGBBN",
        "'|!_y",
        "oHcJNARoFTZEF2KBdHo",
        "zfIWo4nuC0pOPpQHcdU",
        "g91b9c41d2ff549a58f4d9ee3b69c22c1",
        "CGJ,i}Ja",
        "]*%$b6",
        "3$H}[",
        "UWm:c",
        "GN9QpVTFScoA66S7L9U",
        "cinM6yUs7DXpxV2uwyl",
        "[S-}P:",
        "JHEN0",
        "OpCode",
        "\\b$2AG",
        "LwDdQ",
        "fbq\"_*",
        "QnkZewauUA",
        "IIA&8T?",
        "Close ",
        "2aK%R",
        "fDjzo]",
        "<:lD}",
        "UnmanagedFunctionPointerAttribute",
        "t#Y%~",
        "get_Size",
        ";\\RD xI",
        "'7d['",
        "cCG7wYqfqk",
        "Aw9fCUfOLiRLKUT7HgC",
        "B5vQMnPjZfcLE4HQM8V",
        "mxmlLVwI5W",
        "obBrEfWn0J",
        "ApSUL",
        "2ag\"H",
        "mR}MS",
        "cH)H#%",
        "no@Tu",
        "JxjUoUkKgF",
        "eq57rCeGLZISo9e9pPd",
        "zlI<&8*",
        "O&b&BgA",
        "/Dcu,N",
        "AllocHGlobal",
        "Clear",
        "=Y*x(",
        "41l<J",
        "MaEExkZNQc",
        "utsPD7vHcU",
        ":M6OV",
        "^N0%A",
        "EmitCall",
        "FcNKlC8CkX",
        "ReadInt32",
        "CompilationRelaxationsAttribute",
        "?sr3P",
        "vhqn7ygbUg",
        "HMrEfTTD1e",
        "asj72wZeEA",
        "9>^DLF",
        "gJ0A6Se8034Ok5lKd6w",
        "yAaWHAPs5945x8KpjIO",
        "N4GijkrF7fZCtH9QtSi",
        "gXcnTPfYjj",
        "lo1IBiwHL8",
        "ToBase64String",
        "kXc7DLIQKMlO07BR7Jw",
        "L20T6L6IcLaXIrANR3F",
        "AssemblyCompanyAttribute",
        "NUGstKq96L",
        "r86Sr:",
        "lfP6tUgvXg",
        "GetDelegateForFunctionPointer",
        "/m^?d",
        "Yf9fvaRnbKHZkv3J7C0",
        "/lvM;",
        "]+C<s",
        "vmgZirA7Yw",
        "jjtomNIZ57cv4IuVidb",
        "wuRNBUfKU2",
        "m_6eb9e478e2194f1aa7429f8b122121f4",
        "Tbb7j",
        "U#dDwh",
        "LDlZvh9qGQ",
        "sY#=WeJ",
        "JPRBkZ3Xiq",
        "Oil5WELv2NkrlEnYWol",
        "iJaSADTmjoNPme1yI63",
        "| =%W",
        "get_IsInterface",
        "Udm5NzuzB5OUMpAe1",
        "loIVacIC5ap44CAMaSA",
        ")>DQ5R<`2",
        "qhflmHKNKhLXQsnMMMV",
        ".G\"e8",
        "Q0ywkXK70Gc3cl8X68X",
        " N!\"q",
        ",EQc}h",
        "-d&.>",
        ".NET Framework 4",
        "tRI2b",
        "ErZ/i",
        "AssemblyFileVersionAttribute",
        "bfFCfXKBIs1QCilSt37",
        "ConstructorInfo",
        "x%tpp",
        "r7Ie2ts7If",
        "IUvfMWl8lDbtFWrFxpG",
        "?Y0Y,U",
        "m_24d93d9841994e91b187681af280e75d",
        "KIZUM1JFsH",
        "Ldloc_S",
        "V[_-g?",
        "geFyeTPOxoA61re6QaR",
        "E^sAKw",
        "ZI<]M",
        "0Rzf8",
        "get_EntryPoint",
        "($l .",
        "#jD\\D",
        "TargetFrameworkAttribute",
        "m_9b77a2f3ca2c4c0bb444196b41a00a53",
        "gudHFgNWAS",
        "wcA69wyjtp",
        "m_a8a5d1bec6754eb3afcba066aba16cda",
        "GetEnumerator",
        "s0j50xL9rMfdMgtoDS3",
        "kn3Om",
        "RuntimeHelpers",
        "xCj5U",
        "Wzmti",
        "NMOMPMQMRMSMTMUMVMWMXM",
        "g4ORuTeOEcrqgbwmJ8f",
        "i2]g:.",
        "rBbb8la",
        "cQIyjqrOy0LwdNNximd",
        "BinaryReader",
        "PQneN&",
        "nZz4 ",
        "2 yX0p\"4",
        "EuY66BxL5n",
        "DQ2hiqeFgI",
        "m_f490530347ef42d185a76a667f571c89",
        "M#cZBv",
        "iuuvmeLDJVN4Sa8fXIT",
        "neoWA0K3k6wIGyMdXfa",
        "m_bcfb5d8e041243b6a80dca6dc1de1aef",
        "V*aw[",
        "EYZVM3K4Ltpo7YmHYmg",
        "QsV2#",
        "$m+Qk{i",
        "m_a60203533ed947458fcd418c6faee8a6",
        "gBcc2+g",
        "XBRkn5RRtBrxOhp6HQB",
        " Oz,y",
        "KU-bIR",
        "t 5Q:zR",
        "H62;:",
        "m_ab4742156ed3431e90df3d90c0b8d12e",
        "(h$g%U",
        "lcMTbCSRkd",
        "AGx73NKHt2bss6LfASM",
        "AJGeAqm3e4",
        "CompilerGeneratedAttribute",
        "System.Resources",
        "RijndaelManaged",
        "PQch5BK6bF",
        "9kk<\"",
        "28]k-",
        "PropertyInfo",
        "jCJ3M2PtN61gdiVFPMn",
        "|lC9,",
        "A`O_JA",
        "B;Ux&",
        "System.Collections.Generic",
        "i\\'!xzB",
        "SymmetricAlgorithm",
        "Xiq52tbU0K",
        "8)!N9",
        "OUGxxQrhibuv2px9Xn9",
        "p\\mAYA",
        "03DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
        "TDCrL",
        "ArithmeticException",
        "IIWPSs1kUA",
        "mwa7VWeEMW",
        "3)-op&G<",
        "kRbrJyOrpZ",
        "Y|Nq]",
        "P1vbF7fhcIGmMK0ujGg",
        "1H(l+,",
        "64~uYB",
        "lpflOldProtect",
        "n0qdBOIhGIuEqvpUrZC",
        "ToInt64",
        "S)XHoq",
        "CLICrcPQpuoOCxjDCLy",
        "TElrXkTCai",
        "RSACryptoServiceProvider",
        "n5P60kE8pO",
        "($A\"H",
        "QevlaMuKOt",
        "faGmLsTYcS0iQ5eJZii",
        "}0VF]}K",
        "Bx'>aW",
        "xRJUN4dOiH",
        "m_7d9b0d8a7456498d83122816cf925b6c",
        "CwrnicIa9T",
        "uSBPiGwOxi",
        "KVcIv0lylr",
        "yHu=2",
        "M^Iq!|",
        "oawGFYrem2HVnZPnUr9",
        "tt66jR72oJ",
        "M_U/.{",
        "^L0g,",
        "x)6Z{",
        "LhNEj",
        "M,#*cIDX",
        "JmFCPwPpD7IXqabb1yN",
        "HmyY5OlxVgfsu2kS2CL",
        "VByZhnuMnS",
        "Ag<|9{6",
        "<jm$.lj",
        " XmnJ",
        "GetString",
        "pdjHZAAwrH",
        "XUPz1K",
        "m_f2388ebc7a4f480f88350d91845094cb",
        "\\Str.",
        "3 H_d",
        "SyP<e",
        "guFG20coxS",
        "FHT6p2X8uq",
        "|W)M-0",
        "wE$aM",
        "lCx+L",
        "sLPPv1UDuP",
        "SP06PQSfAZ",
        "Ldloc",
        "l4leXqKLZ1",
        "|c7QC~",
        "m_58d57f6bc0a44d858087a68eb81766d7",
        "&`mn/",
        "DU2BJK3orI",
        "')Jw?A",
        "j!lmA&\\,",
        "yQwEDGl3FBkoNK7YxVV",
        "Q*(n ",
        "2a3#N",
        "IaVBMLUGU3u26AYmpG8",
        "PoDvG%",
        "DnSsNGFbsF",
        "mSf/u",
        "bKQ6GvoSYH",
        "8B0=<",
        "hEWB\\B",
        "mFLHbjlKYn",
        "DkVZN0Y5Hv",
        "mMCszqJ5tC",
        "m_a7bbe6fc6cd544e49dda0d4391772313",
        "KCmUScVxBh",
        "wYmGSpp6xn",
        "<<quJx`",
        "X`>9`",
        "Uivddewbijc",
        "k87bpRRNCEDLpvU4pOT",
        "MhTNhe2e58",
        "R7oU3AeC4iPfwq1nnLr",
        "7~M@G|",
        "file:///",
        "($3$N",
        "T[9c2",
        "\"f N'2",
        "<Uy=2Q",
        "nH>$\\",
        "omOQJrKemiAP7Z2xyMT",
        "|/B/L^",
        "!INe=d",
        "5Ksuu'",
        "w`xT,",
        "^Cv}\"jUy",
        "Y4rZ7NJCyW",
        "hp\\&dbd",
        "w2Le\\o",
        "MUoWTRKCaqM1BJ334qD",
        "lwlI2WNy80",
        "4C>/P",
        "sA_I0",
        "K98BgbRfXjXuTgsoJyQ",
        "P`(Gs!",
        "+8}dP,",
        "5+:e^",
        "jetMm3IuCme2GmBPiXS",
        "hModule",
        "2a>$N",
        "E2sVHZrcUHugAlwAxSj",
        "tkEP9AlZBnRnCBiRaPv",
        "System.Core",
        "m_b48b124274464683b60fda75027ce738",
        "d['8&",
        "H=|`y|",
        "5~}>[",
        "-\\\\?q",
        "u>+]{",
        "f:vJl",
        "0Jz '",
        "Eo3J[",
        "0Ifmf)f:P",
        "BSDBlxe8cU",
        "mAJGWwK8TArvLw8P4qN",
        "-O9|g",
        "# u{v",
        "'9'7J['*&",
        "\"mP;W(m",
        "N&=#hil",
        "eIeBtnyaQU",
        "MTKhFJDdj4",
        "mo6KX",
        ">OQ1p%",
        "){!Fp",
        "'<d['2&",
        "PnwjA",
        "YXQ7aQDY0r",
        "pV^S[",
        "E}2Z,p",
        "/Q9yug",
        ",0do0",
        "BDL78LG0of0B29htwRd",
        "nlhBMRfyBAHEwlTwV6s",
        "STPEKkIYbBrs8sKw0ws",
        "OverflowException",
        "qxk4p1aRp",
        "lODTz01oEg",
        "z+n`3",
        "742EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
        "XXBsj",
        "d`he8",
        "mNFneJqGSM",
        "AC3Hj7QdXb",
        "S.CfB}(Ze",
        "l7oL+",
        "aQmTD3ssUQ",
        "'-d['",
        "-B|Qzz>Q[MN,G",
        "d,\"93",
        "amqH33Tnrd",
        "m_2b6568ccadc84e259d04a7c00d87fcae",
        "[7/((",
        "OFDNmpIIJoZAJTvWdRl",
        "xsG/1DF",
        "get_IsClass",
        "m_fd438ea62820497088a0fcb4a7f1a581",
        "DltGTYbqNj",
        "oRqAkK7ypJcSrOOSrXq",
        "yt3GaqRxAE",
        "%KT:y",
        "BMj5uUm6e7",
        "gqH6hyhEC5",
        "GetParameters",
        "*tWH\"",
        "vI&5]",
        "`NnJF/2",
        "8VzxrAHah1WNhcqU0zm8",
        "BoCUk6bqB9",
        ":^?KwT",
        "/(Op!",
        ".Q zML]",
        "7Gx[3",
        "!XW2J1|",
        "o3iR^",
        ";pE.i",
        "-JO6E",
        "eE0XOJHVq436cEbmG3S",
        "SuGi1JRPyecpelLFILJ",
        "QMUrgmCwXd",
        "vH'*b",
        "TPu0LOI8S2oC0LlgUfd",
        "zhVIA6mjX1",
        "~P5GY",
        "kBBG9rZ25P",
        "d1m*`",
        "W;SC8",
        "GRwleQfHRSYMHjXEWs7",
        "dwD5BFlVSbcEVTZJmYb",
        "tPqB2CUZtI",
        "Jq^G}",
        "<>9__71_0",
        "WJ88isUhykuSdAqrKQM",
        "IAsyncResult",
        "lbUHysDLtM",
        "FwrX5yPtqhsabjCgRnP",
        "iW0mP[",
        "kbW68RARgr",
        "X{yXe",
        "WlHe7CeVLyK2Z25REb2",
        "tF1]t",
        "grz^&",
        "EM`ul",
        "object",
        "3]R[<",
        "QwA_!>",
        "DebuggingModes",
        "VyybV3Hbk9BA0KxyMx.0Vo8aGnLWYBq6AMFYc",
        "CreateEncryptor",
        "OHJLigBRe",
        ")hjAR",
        "OLL>\\J",
        "'0d['",
        "m_4ff35862067841adab04b1bfccbb1f34",
        "'9J['",
        "__StaticArrayInitTypeSize=18",
        "0\\dSi",
        "IDisposable",
        "m_e386099634664e97bbbe0a993593a654",
        "F:$V[",
        "GT/c*k",
        "StringBuilder",
        "tN0GkM27mD",
        "lVx1hTRHxIewqobb3GJ",
        ">C{\\6Ho",
        "_KEh9O=",
        "EaGAeoesYA61v43dKoY",
        "(N4; ",
        "ICesYN0ibX",
        "GetPublicKeyToken",
        "mdolJfvYsK",
        "QU9LHQnhWc",
        "RuntimeCompatibilityAttribute",
        "AEjd30Kj4CsNeWXvGOU",
        "VnqR\\",
        "GZc6HkOrbL",
        "IaCT o",
        "GINs83idwj",
        "NmmrkYrh5L",
        "nLRUTR",
        "cQhhxhKABq",
        "eCg6VLWHTB",
        "d2wIUbBCeWqr2Nlb5Kj",
        "Ldc_I4_0",
        "ku~, ^",
        "FileAccess",
        "TMt\\4",
        "get_Current",
        "wVfqVNEyRMnxw8G9kM4",
        "get_Culture",
        "\"?&K#",
        "LocalVariableInfo",
        "xh8cGIIFxILlC8ZLXgE",
        "]REb':",
        "R&.C`~",
        "PADPADPm",
        "hmWhN8R9gAtgqyLGJuX",
        "BtiBwAxn3L",
        "nbJ5186MtH3CYq0E07W",
        "tILUbGYLLQ",
        "gip55&",
        "beDwP3lKXmAFqmYwSMk",
        "QxQkYJeQZahyQBjaIvS",
        "uXmBySeIvF",
        "St!GUE",
        " Oh:v3[d9",
        "xHklN7Okga",
        "($B%R",
        "3|%kx",
        "*BSJB",
        "iuEEPwl5teTI37uFq9f",
        "DIuyfJRr0SJmN9lSsg0",
        "4vAjnxhZLLQynjFLi",
        "'#d['",
        "__StaticArrayInitTypeSize=22",
        "__StaticArrayInitTypeSize=34",
        "<`<\\U",
        "PbT7LWlucWjBsHBRcgg",
        "aH6k1F",
        "QTKhS2t6rA",
        "Glj&H)y",
        "x5v4fA6xpPhpJ8vXmpS",
        "AyT5WCnQZ0uUPe6CspV",
        "<_L*_",
        "m_a8b24676f4a740a0b538d3b7e51e27f2",
        "|l+'hceo",
        "2aN!>",
        "get_FullName",
        "z2y!bB",
        "R.b&Y",
        "wE]ta",
        "CFUiBYhPp",
        "HMV*t",
        "d['*&",
        "($]!>",
        "62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
        "jLxnB7Tj4qGrU6wXegR",
        "l-)F+",
        "?N?A_",
        "T9'*WO",
        "R3rTwK117h",
        "l=;bwqP",
        "5a!WN",
        "d8t9gOLUQmJjnhk5h6F",
        "BitConverter",
        "hProcess",
        "dgh,,=",
        "m4OymgIp6ttwtu4beZa",
        ".@VxiE",
        "L1sarQ6c4x9u6QhDS59",
        "IlphE0RdBsfEaejtbN5",
        "j!vJa%",
        "m_23302c9ec60546d88321a7fb1d16a3f4",
        "mu/BpW",
        "WWPsMcPPeh",
        "/ppa~",
        ")0BXR#S ",
        "Nullable`1",
        "a}'^c",
        "LU/|vW",
        "cWpHaXn810",
        "'+'?JL",
        "m_2d6fd91821e74bb780f96b5b33bb26fb",
        "rqCPN6wJXk",
        "VE*iz",
        "Eif=_",
        "D#DyOg",
        "lpAddress",
        "LuLZUIuxdUHc2aJ3gr",
        "ops6KpLds2",
        "m_54dda453b94b4b8da0dd9680c199351e",
        "gsBKLw5RIn",
        "`$!uy:w&",
        "Jbec75Prpe3Eo9UgxSd",
        "aYfE7JGnaqa8C6xE6C9",
        "p40nKo8NC6",
        "Qx637W6ah8UZQlaYELv",
        "[\"yi]Bc0",
        "$>ZNFH",
        "\\;}hwh",
        "likh*",
        "T6tMbZfYnCORrPnmvKM",
        "^pR`Z",
        "LIfPE2fA84",
        "Empty",
        "v0lkGsrW6YIFE0BbLGy",
        "Enter",
        "'?d['",
        "GetBytes",
        "mTYLjCZOmYjchmLtAmE",
        "U@px+",
        "bu60Qkl4Ya3sLo7FKeY",
        "m_1d96bec8186b425a8cde007fccb865a4",
        "pjjWgofru8HbBCo4ulZ",
        ":4rAEC",
        "}d d)F",
        "PGv*O",
        "7^hpQ",
        "__StaticArrayInitTypeSize=64",
        "DSw'R",
        "mTPU8deqrh4oeEXWP5q",
        "*bp\\f",
        "#GUID",
        "bjbTOk",
        "@xWh{",
        ",U'2|",
        "xF!o ",
        "ThoE9v6oqu",
        "m_1eadf726b4764fd98a7c4ec89080a252",
        "w+96a",
        "TDQRQvfBqqGmbpaHqWQ",
        "!x0Lb",
        "get_TypeHandle",
        "a%(KO-",
        "aQm7owUqeP",
        "FB{bL",
        "ae4H5bupex",
        "m_b4d63e7d9e4b435aac056bcae361cf8a",
        "SByte",
        "RV1ruxlj87A58hy4W1p",
        "`(Z1VoM",
        "CompressionMode",
        "U;Rk`",
        "get_IsValueType",
        "m_93e2abdd886c49d3aa4ce224317dbf55",
        "Q8QyT",
        "NMTTJV0Y0x",
        "Ldc_I4_M1",
        "Newobj",
        "cfXeoCcucn",
        ")}G':",
        "f;`ji",
        "LVXAsVt2Q",
        "__StaticArrayInitTypeSize=40",
        "jUqHWer1gE",
        "RuntimeMethodHandle",
        "vhGeLpn0UM",
        "n3!*g",
        "System.Runtime.Serialization",
        "=R+Ta",
        "N4xEtEjM3I",
        "FeaKZ",
        "xJXEMLKWNieklTtVreD",
        "Ldelem_Ref",
        "S56PIgr1MjKFkcRXdfT",
        "=_4wN",
        "KcTBZtUP5P",
        "Open ",
        "N337h3njPh",
        "UBAhgc9f77",
        "5)y3jh",
        "BjRnEgf49u",
        "DJ\\Hl",
        "GetFields",
        "#vCxc",
        "Process ",
        "Xl5mwNmfl",
        "ztd~X",
        "':d['",
        "`W#5}'\\",
        "xWtPwDuMJ3",
        "TW2IU7w1Ci",
        "4pBN:",
        "($*%R",
        "',d['",
        "Vh\\S*",
        "Z:NwC",
        "m_4a614a8b163d4f0ea438914f5a28ce51",
        "\\.J8w",
        "w4S,8",
        "gm0KLlfAjjF630L2b82",
        "Rfhn M",
        "qx4TvRLroRiXFfNsGWe",
        "lWa3HO70qA",
        "*\\RIMVP",
        "M$8,s`",
        "F4xHcRwoaQ",
        ">\"y&<MG",
        "SetValue",
        "%qn`C<Q",
        "refYt5U8I3WJrRHawOw",
        "SFObT7BdNQx3OBmwrfj",
        "w+`+AI6",
        "m_7872215e9cc440f390d079c7867a1d5b",
        "-Fu1i",
        "wEOnBBf5wl",
        "_jT-W",
        "2aZ .",
        "YK5F@q",
        "System.Runtime.CompilerServices",
        "ToUInt64",
        "buffer",
        "D0ZTdqaHt5",
        "BLiPf6BM9D",
        "I8,aB",
        "Wr/`7",
        ")KejL",
        ">zZZU",
        "3b\\{\"",
        "yeShaO43Nb",
        "$N  C",
        "get_FieldType",
        "nuuGAK4X5M",
        "FH;ju",
        "FPGeMZ9Gma",
        "System.Globalization",
        "VDlyUjRWJVtYu98aSP4",
        "7qA|J",
        "yf=}]",
        "UAP4vtZaVfLr8cXyuGU",
        "kK48=",
        "~K,f1W",
        "I7YhDMQrHp",
        "W>5J|",
        "XFp\\[?>[b",
        "MsQG8DP5LBX0PaaSxvQ",
        "ToUInt32",
        "G9HXk@",
        "x4.<%",
        "GcI',",
        "FxEZiWeY0pr796hvnmi",
        "X1BpsBPmJJn7vO3PBsc",
        "tnAn34G0AN",
        "($_\"H",
        "Hhybt",
        "KCmIX67URdY8wTxHcRk",
        "z9{fj",
        "m_4e6967a467d0492c8460b5b56ec82e35",
        "q810l36us",
        "qj}jU",
        " 6<QyH",
        "lo9ZK5nsrH",
        "m_37ed1789cdf1452e91f3b74b6a25ab1d",
        "?C$pZ",
        "GTE[3",
        "''@a^",
        "m4LezovdiQ",
        "HBFpu2Gq03TxRIS4bxt",
        "J[':&",
        "get_BaseStream",
        "cqsBUcltjJ",
        "Unwrap",
        "DjKPHNSXPy",
        "pTShz",
        "knoU6RZSgm",
        ")Q71QDAQPQQPYQPaQPiQPqQPyQP",
        "fH~0yH",
        "M-x={7",
        "2aw\"H",
        "AOeQetU5paa7atWrL1J",
        "kIUGVuP3UTjKmsElshE",
        ":c7N|",
        "IjVnv013ev",
        "k7Y4y+$",
        "M7JsoiRsXv6SGMtTXCd",
        "R4*WuEj",
        ",N2#$\\",
        " .^!D",
        "WodSNrrtAbUWlXv4fJy",
        ")$15*",
        "Mf)^g",
        "M;Q}7YA",
        "fdIIa3",
        "s5%Os",
        "+UW,6",
        "3^#pR",
        "vvMZlMGRfHGUoMwLqgd",
        "k-v%J",
        "YiwI9xFcMV",
        "eEYiepZEYQFERSI9cNe",
        "[8t6S",
        "'onk,",
        "PL2Kd2EDs5",
        "WyFsCTLJ5QqUnPiIYfI",
        "get_ResourceManager",
        "/=bnf",
        "tG07OUxhEl",
        "AesCryptoServiceProvider",
        "gfnl95spN8",
        "<bM T",
        "gqseyjxFBO",
        "get_IsByRef",
        "get_IsVirtual",
        "n3ysxsmH7M",
        "jgAl2o0Y6T",
        "KxqEwUvgsI",
        "wsz9*{_",
        "AllowMultiple",
        "C2iGHWQClH",
        "AZLBTSq3Vl",
        "SvqBH78aJq",
        "kuRUUgdfIM",
        "K0x}F",
        "ewmu3dPI0Z9MPFd8lsn",
        "S,%<m",
        "Ug#wf",
        " q_#/",
        "uE;G]n",
        "Delegate",
        "hJvUzq3ibx",
        "Fw1a1wIrn",
        "w~~90",
        "\\d\\v]",
        "%I:?x",
        "ER`]U",
        "'5d['",
        "vs[P&eqYD",
        "heNJpU6uwphP8kwISlf",
        "'3d['",
        "L+Ws>b",
        "FromBase64String",
        "get_Unicode",
        "uOXHqyhIaS",
        "wQRsdbQPV0",
        "H4B64Afcp0XZA5SWGvn",
        "hl\"Q3",
        "mSSB53fPwo",
        "LO4JCjfUTOcfy6YJKXX",
        "B4'3o",
        "U4QGwQlA1F",
        "Virtual ",
        "JVyTg9icZR",
        ":A,$^",
        "4_.CBO",
        "upCGXF1UeZ",
        "c&S`R",
        "idWBjJDCF2",
        "my+0fpR:",
        "R2prmkROheqS2uM99YC",
        "';d['",
        "aCX]WD",
        "YkgmEkTOSM6lHn7wlhh",
        "PJ4HiQKuhW",
        "hqcEA8ltn2",
        ":KH5$",
        "k<).uN",
        "1.0.0.0",
        "Find ",
        "Ldloca_S",
        "m_f6b6684a3f3a49d49b9234e4f37f3bd1",
        "ToArray",
        "6:WnjmF",
        "APi=(y",
        "wH$~H",
        "AssemblyTrademarkAttribute",
        "ICryptoTransform",
        "C3AK=r",
        "+\"Qb#iThJ-",
        "Ck@y @*{g?",
        "?f\\='",
        "\\W+L=",
        "8 =ye?",
        "oL&s'",
        ")9+cV",
        "M1sC@}&",
        "U*d3?'",
        "o4an&Vl",
        "AsyncCallback",
        "yr8xt",
        "~}Ubf",
        "gC^n~",
        "YxEBnOxUtY",
        "GetFunctionPointer",
        "DOHsbuiQLT",
        "hU1HREL8fC",
        "m_e161d821e7c841cd801d289b5b42077d",
        "f6`a5",
        "&>;PO?",
        "ao}$zX",
        "ak7@B",
        "bFEOiGWlx",
        "m_543225697b084a078a721cb481490088",
        "\"^~b#U",
        "ARweb5AOOl",
        "APNhIr",
        "FrameworkDisplayName",
        "=`'AR",
        "uobrD8KjEu",
        "q6jB1p1xdK",
        "AM`k!M",
        "3tFTgck0hSHq8EgaWTBvVI",
        "m_df1d0724ab1943888cd9d60d6581c1ab",
        "Inherited",
        "MekYHmfL0ucHoWo58Ns",
        "w8QP5wKQRuXLC69apo5",
        "+Bq~Q",
        "!B'}.",
        "Bs3BQwG1EQ",
        "W>*C1M",
        "s_]-M/",
        "2mWIc",
        "wA'r70h3",
        "mi7VRtlYALtt23nvaw3",
        "get_Length",
        "wvUfIFEu29WgjAMb7Eb",
        "INaBag4EjB",
        "ePVsLTtaIp",
        "y([?*",
        "u4Jrl70r6u",
        "IUxrwHhOAo",
        "QVdshlTCgluF8YV2Iks",
        "GLhQduRj1hfPl829fQk",
        "kIiH1IDCpe",
        "vmuIH7Otqw",
        "3System.Resources.Tools.StronglyTypedResourceBuilder",
        "17.0.0.0",
        "w5tGvDwfyh",
        "hLTvX",
        "H=6Xn",
        "LADLQYReYsFOfSIW9fb",
        "Location",
        "mN1EYt05pb",
        "fH0bPqiqZ",
        "z_K%K",
        "QE7GdoSP56",
        "m_3c5a944466c44077b7e1a6ac6f30b03f",
        "=!TMl",
        "RemoveAt",
        "KCGHlhtQFi",
        "m_b6f22ed232a2441da1350ead2b5b7d97",
        "{@tSwi",
        "2aL\"H",
        "gtOrT97pB7YK24CQDXF",
        "9Vc0u",
        "l'QME",
        "WWEZ82AZFO",
        "bhwyQoQL",
        "m_e53253682c7a4a11b47ddf23c682759e",
        "mV5sgs6fOJQtReSuV6I",
        "XLt-K",
        "Lb$=v",
        "HNWxt9e1nrXkd73hFLb",
        "m_cc8cfff1b6e44e8583f824f322c8ef27",
        "R)`+[",
        "vor6WVylsr",
        "H0JEVJlGodu0emACvyW",
        "Of7rNCiIvM",
        "m_68e4f24cfb8147c289ec646a0a7a0834",
        "fypgVBThttn1bCNFqJd",
        "0v+*1",
        "5oyg7",
        "{8A|L",
        "UInt64",
        "]n>WX",
        "m_d396ac4327504576ac4495334d894fd8",
        "m_348b346f247e4242a9955206ffe865e5",
        "b~;^0",
        "u_%wN",
        "-MXIq",
        "h~Eyk",
        "A_m-OX",
        "FF60YneeLnPm01pwPlX",
        "NotSupportedException",
        "EndInvoke",
        "Vj+nl",
        "GL3MMPfNg6Z4IX4Aban",
        "GetFieldFromHandle",
        "Ldc_I4_6",
        "cXp9cRGeZP9Vhq5FFkZ",
        "eCCquBx9xKIlDNsOcK",
        "M4NnsRQqmh",
        "Porkb",
        "iNCh2OilSm",
        "ALvHsFHmlO",
        "MCYdB9RVO7JM1IMcCPc",
        "fN|Wcna",
        "%c'Ei",
        "RnoySOfl0uahvQxy988",
        "='d.2",
        "#Zr25",
        "YaI:H",
        "wby8cl",
        "B$uH7",
        "osO70miFS3",
        "get_FieldHandle",
        ". <O/",
        "cp/zO",
        "CsJUTyPcCe",
        "IsInfinity",
        "i,xr\"j:",
        "CryptoStream",
        "Ly^-:[",
        "ml}AU&g",
        "XF@:e",
        "get_ReturnType",
        "n20r7QTexy",
        "L9hTNpje0R",
        "op_Explicit",
        "+j0QW",
        "YfLs2e7Jcm",
        "mbqZTFZTS3",
        "knOTEL4ErE",
        "bmM6T56ud9",
        "set_UseMachineKeyStore",
        "Ldc_I4",
        "97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
        "xYZrA1Uw32",
        "OwdNTvIxTfNWQ0X1QMa",
        "kXpEMRiviV",
        "Close",
        "pcclfrlskY",
        "bYgJ0a5jH",
        "T&_ks",
        ";[a3=",
        "RefSafetyRulesAttribute",
        "snntaJPxmwMkW8lvC2e",
        "gA}jo",
        "UOsYX6nqjBtcgwV3oIb",
        "p s>t[DC",
        "7a&6E",
        "u*{E5",
        "2a'!>",
        "UXgEdxr6Jl",
        "jX9scqBAfQ",
        "RAECwXKsB5PKXan6HHG",
        "$#th_v",
        "{*E:F",
        "v8^}i",
        "nOGGBXB2i8",
        "2a>!>",
        "W[%A%",
        "Q3VTH1TE6K",
        "+!+w#",
        "H^s8W",
        " k1Goa",
        "}V:K;;9K",
        "!(<D+h",
        ",C,2aH",
        "3?/X{",
        "&e$K^",
        ".ctor",
        "])$(q",
        "aHz`N'<",
        "pSVgTnG1gcQV8MWtc8V",
        "BjJUDAlq2JGIDsvc72g",
        "lev_m",
        "Bi5mGYlr07gqnsiE53i",
        "APTGwrQuf",
        "V2YeE8BLls",
        ">G\\ojN",
        "D19VvtfPW7AhNYOqV2k",
        "set_Padding",
        "d9qAAwGxM3GTCU8lf2X",
        "wo8ILspWJU",
        "])s]Mo$",
        "HashAlgorithm",
        "YUVyRYfqWhxeFGosDPl",
        "g43UEkj6W6",
        "sgvsLfKpUSFAHYp6q8Z",
        "AssemblyName",
        "VBC61esXNp",
        "m_6b3bca204be341f38b750153c4202232",
        "Cf<[_",
        "CuFB35NGPq",
        "oa07YFxQ8V",
        "LNPBhmgr1m",
        "SURc%S",
        "UNDBKvWkyn",
        "wR0UD89RCd",
        "ToInt32",
        "2@7<w2",
        "Replace",
        "xk}^VH",
        "ra]dx0",
        "tggHYhTg7s",
        "nIMZ0PNc0D",
        "tDKL4enANllmAtMd0VX",
        "'*J['",
        "sCbha",
        "_$dF^",
        "pJiE4p",
        "m_9c5c5395f84a459e8804115137a9ba5e",
        "R2ql6MfWLd0sQ8QWKNs",
        "U5+B.P",
        "ifyT6Tbl5Q",
        "bpOIor3Bcp",
        "fXbtR%",
        "\\IhES",
        "Ldnull",
        "AssemblyConfigurationAttribute",
        "7YG0h5A",
        "!T5v&V",
        "UrehJHGDDd",
        "SExUiIZv4q",
        "7}F1I",
        "Efyfqp.Properties.Resources",
        "}{_+D",
        "\\/bsD",
        "D7\\hX=",
        "Activator",
        ";/\\JX2!n",
        ">[@61",
        "6 G1G",
        "4OhCJ",
        "Ib8bL",
        "\"GyAa",
        "ov0tIjnOV1ClMWQ4Bl4",
        "a43An57s4QboQnkDlGU",
        "HNRi13I4pEK8xLZJeGP",
        "O6 |Ze",
        "k0-i?f=",
        "lpType",
        "$r+z<",
        "HNp67RpZLA",
        "qW(6B$",
        "eb1ZmpRK4W",
        "rNQeUXO3Qn",
        "r3$zo*",
        "sUIhsvMVcG",
        "yWWrBpEdkG",
        "tw2+4",
        "CcQiZEGhKA0KusZN3oi",
        "HAG7mg48T1",
        "SRTESUHnMlWtoUBmlCn",
        "Vr2g8sRQO29gutCxapB",
        "f`?zD",
        "_)MQ^",
        "AVubQcGskkT78yRfscQ",
        "Process",
        "=ED>v",
        "m~5y&",
        "m_96c496e3c3a54fbb848ee060f8c4f355",
        "B*_5v",
        "get_InnerException",
        ")ifsC2kyW_C",
        "d8V:_",
        "Ehs6p1nwKvc2VUcNBI0",
        "m_5589baeb081d49aaaed217379920801b",
        "yXi1UpUxlQChMtTnBpN",
        "mhK1:",
        "CUKBcwvyKi",
        "w+}KL",
        "LD*DI",
        "lb1eg47hdK",
        "/{}-0",
        "eA(|V",
        "XdUUPDjEGs",
        "P0YsgYUm6k73rZ2gkOp",
        "KsRkatKmW4f39LXKCr4",
        "I)2/'",
        "5S(eQ",
        "J`FOk",
        "PPvnHZNLvB",
        "AvEDTJFhPfGhcysv",
        "<g+.2",
        "h`\"0|",
        "j,<)HN",
        "q4eR9bZppH8OXQ5mmyJ",
        ":[@5!",
        "G438qkrVcUO7yndhnWy",
        "t7@X#",
        "djulbdGcbroIlHx8oQ6",
        "}~/=j",
        "\"b1AF",
        "x*{)$y",
        "Cljdkwhzks",
        "XephoqhdFO",
        "G`Uod",
        "mbiEj4eqrO",
        "g-(AcR",
        "bQDhCp9J3N",
        "dwProcessId",
        "CryptoStreamMode",
        "$:7e9",
        ";>:$J",
        "oJxGL56QuI",
        "nfgl7KnFiyOHldD5pVk",
        "L~bRI",
        "w0N\\Q",
        "LNwnl0wTGA",
        "=6lh8O",
        "m_21b9eec55517423db0eec64055879702",
        "UdmP_",
        "SwOhpFrxEgCFQvyaVxN",
        "Write",
        "V8mIk0KF0B35LNuSY1K",
        "lpBaseAddress",
        " )C5@|d",
        "f @+O]rY",
        "Hw8qiGGQU58JxMnuSTj",
        "TmwnGV6HMm",
        "CdvAc0f9Bs7xio6NYm4",
        "wpfYGDlIeTMVrcQeEQX",
        "EIrnZN0mHB",
        "PpNPLVs8ew",
        "eZ7HfWmjwO",
        "TripleDES",
        "p+[4C",
        "`S}ky",
        "MethodBase",
        "Tailcall",
        "~>~amN",
        "mIFd86fEgt2W73h2BCV",
        "hObnmDtXbI",
        "A6WHpW5lsW",
        "rEY7iYUCJkiqFAhTiEU",
        "FHXefK6ZeB",
        ">D'}]<",
        "2(+gO-5(T",
        "O1q2liP6LGPIEYifLAe`1",
        "+<}dK",
        "CagToIC1B7",
        "EY S4M.",
        "vmTQm",
        "leT8LYS",
        "UInt16",
        "CdZpBvUKmPxZsqJrraj",
        "r96fPGTRePHnhtjhbMw",
        "uKC\\T)t2/",
        "String",
        "Create",
        "t|KQj",
        "HEy5wMGuJY",
        "classthis",
        ")!wjwO9H",
        "{11ST",
        "OGhZY2CYb5",
        "uVA5X",
        "ts1IdQ75ae4NyEyiite",
        "Be}2@q",
        "wiFyHgwrh",
        "zj6}64v",
        "GuidAttribute",
        "pI>w0",
        "upum ",
        "@`x\\;",
        "m_5358c8960e734a34a38df267da584b15",
        "Ng5m6WeR8nOr2KqrsDI",
        "Q$`j7",
        "qJI7GnC10n",
        "IiBEvZKmGD",
        "sydFPef0ZCZNIcmhJVf",
        "R!XO9",
        "C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
        "a~KQ$",
        "l71HkhvEGF",
        "m_401ed9364ae24df3876c785c56839617",
        "bO9(vXP",
        "($P .",
        "4Zez$",
        "FileStream",
        "b6>an",
        "OngmyOItRKm97bXZHgZ",
        "UPrBiy1cOZ",
        "m_d4979c2f76ee48ee9958d9f46617db1a",
        ">,ik:",
        "ResolveMethod",
        "PmgkF37Z800GqTmab72",
        "yqZ3kdLAi",
        "it,=U",
        "3CqWmU",
        "ijkEoThw7F",
        "qr4BF91BiI",
        "CN4TTFriXY",
        "cQw2c",
        "X7T7u5bRhC",
        "Ldarg_3",
        "u6cYu0Rb0XOr5tkG74G",
        "Ux67KNybrS",
        "'('*J['",
        "Efyfqp.Properties",
        "ReadSingle",
        "0t<DSLu",
        "qWuo|",
        "Y)gxz'",
        "fvwhuEfaVNKY1dkLYCu",
        "IypUJJjWaN",
        "q>1i3h",
        "wsaE1IbsqY",
        "iul7F0IEkG",
        "@@\\DC6",
        "y8MCqVT8qUUEH6TLb2t",
        "tjPn6KrMBE",
        "kv7Z3FA0m4",
        "&Z[/O",
        "Wd^zdwY",
        "m_64105168130e48268432a0ff140d0222",
        "CultureInfo",
        "m_0e7dab93662a4859bdd9bed4abbe4b2e",
        "L5iC0",
        "YagRTL7Jna4qy3bWErY",
        "get_IsEnum",
        "aYHj#u",
        "IAJnrSjXXP",
        "xGIXpoe0PPQj01VUK83",
        "AppendFormat",
        "m_260d05322d1841a6a194d93139fa35ce",
        "IXsCIgGWaVa0OLyDQ7A",
        ";I|g]",
        "Y2HOH",
        "nO5W8RPZyyXMMyApc4y",
        "fWqI6FtsE3",
        "ZVP9=*",
        "Qlx4H",
        "VSy2nCrj3cmCJ131FiF",
        "o'TMR",
        "__StaticArrayInitTypeSize=16",
        "VgEQt3R8AxmmssoW9lA",
        "9FW/\"s",
        "eN4UyhCdgf",
        "[BYJW",
        "BFvNDsrQwbUCIUjVCO4",
        ".text",
        "Castclass",
        "=kc-J",
        "\"MXFJJ",
        "2a&$N",
        "pct2HeTuuji49o5Exko",
        " ~~0y",
        "W~|eGd8*",
        "RZTI4UOpm",
        "(PP08\\",
        "jQYWXQKYAPerw4WfdCs",
        "dZ9Udp2Ph8",
        "}uK.W",
        ".\\3Gs",
        "qb9UbhlnMajOf4naEms",
        "`1N8+",
        "mTAlUUiQU1",
        "=M?;C",
        "k0ghA5dXha",
        "DwheO273r7o3I1Drmny",
        "Stloc",
        "/=M|^",
        "zCj3NhIcSpm63hKKGHP",
        "YoNhwU3wpo",
        "SZoht2amg7",
        "m_2a40c26cc43e4f488c79dd860f94ceca",
        "j[y{]",
        "dqej-",
        "U^Y7M",
        "z2G8uZKG117QRUpGhTC",
        "LoynDEMwDo",
        "g_@9/",
        "($m$N",
        ",-v?>b5",
        "yC3H4NwwIj",
        "bymMwAfK5E6akKNQLRT",
        "sHNnVFfrgq",
        "`k+\"&l=&:!",
        "SNbHB5n5hx",
        "}L*9Kf",
        "DJLEibRuXugTK14pFFN",
        "+~NGCQ",
        "Ur5OdQRqPDlO3G6deHZ",
        "tJL8|",
        "ParameterInfo",
        "Vp:ynp",
        "($F#N",
        "'#E*01M",
        "YfvXSQ6FAg8ViQL9M29`1",
        "2f'%yk",
        "'6d['",
        "XFsKftd6Hn",
        "olaA1xUVZAC5WHf2a1g",
        "m_2a5ff35f7d1540119bc819a4be1976f8",
        "![VMp",
        "pjSE86wvvN",
        "c,B0~",
        "RB(eP",
        "m_6aef7c42e7964a5fab0b05b79f5a8a5c",
        "GJ97qXw25C",
        "+5U\\^+",
        "kkO1N0ZQrNkfq0Qvngq",
        "Sg>?i",
        "XQpm33KhUJadrxqZSIm",
        "Eohjo.e5",
        "E9Pso3Upyl",
        "#&PDH",
        "AGJngIyrbt",
        "M]y;o>D",
        "./5yqksf",
        "IRvIXAySuy",
        "(r xy",
        "m_ad102987b2a34a21928edb663ee9cdc6",
        "'kxMY",
        "3-u\\^",
        "OwO?Zt",
        "rAmSjYrI5jfBVhyYvR1",
        "m_61d9bc5401d34f5690dfcde994cb91f2",
        "6iS&@h",
        "cjQIEj9b3v",
        ",qy7=",
        "mqnyYHrG4oPf70DgbFZ",
        "URaq3Nr3LpFTL3if2mP",
        "m_738bb41767ff4255a01b4fc82e79ba53",
        ":+)PwR",
        "mED3msLIoCOXmqNHjyV",
        " DEKL",
        "kTfHCFJWYa",
        "ToObject",
        "UwkItgGV0VG6GHV3YmW",
        "X<\\A9Fs",
        "HmOPk1fkUp",
        "aaLtLCK1KPASf3CMEXv",
        "QObh8ANBtU",
        "e27eL3TnVhQTcYvwdI3",
        "k]^ZO)-C",
        "LGhZs1a9FW",
        "aQyPlp1kMr",
        "gPZUlOnMT4",
        "+KZyF",
        "aq2[|",
        "{~hNEr",
        "KtcPykgw9A",
        "pq6E4dNibH",
        "hEX6UxUADL",
        "ReadInt64",
        "xVvsaQXwHc",
        "Q`W&&$",
        "|\\m`53",
        "m_5167f2f3020c4e0fa8a7a656e771b6df",
        "IF865HO2C9",
        "GetMethodFromHandle",
        "5P$;ZoS'",
        ">oay)xW",
        "4|K?SC",
        "1X6='E",
        "DYpIybNyHG",
        "6rK,h",
        "veHBSOQQSU",
        "*A%Jpcn",
        "JslMp,",
        "cxBRXyIOWoB8S8j0bKC",
        "Vn4PLCKKlgZ3yAnV01U",
        "i69EbM53Og",
        "5`2!&",
        "lUl'<",
        ").*=8",
        "nL7D4glc6yKQOfVjqmI",
        "MmJNC?+",
        "neRr2IU43cQl3tIvw32",
        "CJ4HEjQV77",
        "EPcRDIG5jwsv4KSuX7X",
        "m_cce8e0cf85b04df38df95bf0befa5be3",
        "f{K0gO",
        "GBEr3",
        "m_9e19f153f45d46198b1c97ed081d980d",
        "m_b100b3aedbe24061ba9b1413dc641f58",
        "!Fcq5!E-",
        "phFESeB4L3",
        "sb8sgtcIuI",
        "lDQ6XUdUqd",
        "InvalidCastException",
        "A1HrUmdd6Q",
        "eVtGyr5GLq",
        "m_e0734db648774bd89db6758c0cce08c7",
        "O8NISWXkNt",
        "SortedList",
        "Be7'r",
        "jMB6sDUqea",
        "A;=_x",
        "ZUapZ",
        "F|wXpOQ",
        "m_0bdfe8a4b5ee4823ba8f5fab173fe7ea",
        "GZ@+j-",
        "ggghL4UO435ugSPhLMx",
        "m_96ced60073ee4c2a9539624d536917a9",
        "{5o{P",
        "yIanYXFt9g",
        "?'IM ",
        "UqO0`R",
        "Q|A1H",
        "@>M,N8<",
        "g\"]W=",
        "P2|Wd",
        "Raf7W2D3hB",
        "CallingConvention",
        "G3mnSLIkus",
        "WIjj7aqHV2iiX19koS",
        "j:=RyOU]",
        "siCDZoI3RQ7xrHgj0nZ",
        "ReadByte",
        "UAlULmsurc",
        "9/US?",
        "get_Count",
        "A@!nq<",
        "Hc{.0",
        "Convert",
        "N34n4fCneO",
        "m_c93ab64aeb16472da89f1ccb114e96b2",
        "rvd7TY9IfL",
        "vX^UU",
        "PEKuIAZgrySKtMEn5G6",
        "vyeAVIIKBRitfYnFmgd",
        "bu1G6rYN7e",
        "LeUTyoqtQm",
        "lNd5sJleolUwKn7bnw3",
        "Iq[w|>|",
        "m_090d88bfc897461994e985d70ffcfde0",
        "RuntimeTypeHandle",
        "@'[LWA",
        "Q^I:V",
        "System.Security.Cryptography.AesCryptoServiceProvider",
        "cAcB74eGtY",
        "DI~3Y",
        "E2ULw",
        "t@\\12",
        "Double",
        "DXqP7STUQN",
        "DebuggerNonUserCodeAttribute",
        "|I`r;",
        "'=d['",
        ")^d21",
        "SdiMiHLLOak1HqlLTtt",
        "m_9bee1f78b8d148829ce9836e6aa0ec09",
        ">{HxnJ",
        "c}QXJe",
        "MV,q_J",
        "rXXtc",
        "GetObject",
        "n&AR(E",
        "\\]`~?D",
        "yVd~v",
        "k6dH0Cgvnf",
        "NaDHe8RaFfe1PqDCSQk",
        "KnO4xW6yxlPT8AbtoAJ",
        "2a~ /",
        "m_4163e908fb484acebc656613fcc69fd3",
        "OrWnA",
        "BeginInvoke",
        "XmOZJhvtB0",
        "%31()\"",
        "mscoree.dll",
        "jn8oA1Tx84gsY8YIYsr",
        "m_07c03aad43a64d128e9a6913deb9de0e",
        "IQjHORJY1k",
        "UH(yC7PL",
        "Module",
        "IFormatProvider",
        "SqrpvNep4jtdgMYlixY",
        "r9upeGL5Tgy331CTClf",
        "zJFZ1PvO9v",
        "SlK)$",
        "Q+PTe0",
        "Boolean",
        "sNnYPeRxaRBL8h2stdp",
        "($r%R",
        "get_Item",
        "QvDZqlfG52",
        "NR,%*ic",
        "bjgUv2VQ7i",
        "1&~Vi",
        "GetValueOrDefault",
        "kl5;f$",
        "~-a]T",
        "z6cq)",
        "cvBncy6oEJ",
        "System.CodeDom.Compiler",
        "\"\"K\"[h6pt]",
        "@29tk",
        ">hS&':",
        "m_a56e3e5bd8c84978a7ca398598673f64",
        "cm^X.",
        "rrCn8HJ5Ox",
        "y2k93xnjUjuUCBxYtnq",
        "CTOGJIX3Yh",
        "EZmZXI2aSN",
        "hII3SMnbqMu9tUfGLB8",
        "@v5jBC",
        "QJMKbShmch",
        "qxMLGBUcJuYFUOYoeMo",
        "AddRange",
        "My^cJ",
        "joPW\"",
        "BgTr2I7SqG3SuYLiiru",
        "6|&2p!",
        "xwo04vR3s5BGjVT9oHe",
        "dwDesiredAccess",
        "x02p2kRciWX33ZUcPSG",
        "dDEP6es9kT",
        "%1;*_@",
        "rIy #",
        "sDikMOWKE",
        "c.wKX",
        "N<Y-^",
        "pFDhdFQG2f",
        "t\\UwS}",
        "nWq@C",
        "+]xu-B$6g-",
        "I B,_",
        "Equals",
        "esLhyDoWNv",
        "L3M6rc0PcQ",
        "zBX`f",
        "/h{OB",
        "CP2HmQ3MH6",
        "_iX_;",
        "Memory",
        "System.Diagnostics",
        "WbV1PATmN",
        "ssLT1kTZbHlweTgQUoY",
        "get_CodeBase",
        "dnSjoeLsUv7PHNPWDZY",
        "MemberInfo",
        "Dispose",
        "\\hn3[",
        "N&()p",
        "NOwGfc7V6w",
        "IB4H9OS8e0",
        "kMU6oBdYns",
        "GetReferencedAssemblies",
        "ByHo|",
        "9|j#4",
        "%6\\#Sui",
        "PADPADP",
        "aN2CxCElA79vSjFL3ET",
        "Ldc_I4_5",
        "L8PZ)",
        "h0bUwqLXt3dCfBCsVFy",
        "h2Y.'v",
        "kP3KFAe3iBWHUJ44KTN",
        "[b2XN",
        "dwahOq06JD",
        "S6dsFUvgQT",
        "pP{!I",
        "8ZwC|",
        "dTWHXgNNWQ",
        "<Q[CP",
        "mscorlib",
        "XyUFl4T5r0OsPTuqU91",
        "Nugnaeqeq",
        "EGTlr4f6cbuXAPUXc8s",
        "fameSKgbNH",
        "m_1d05a4eb01b941bf99f91100acaa2e4c",
        "OYfDfI",
        "zh+fR",
        "h6srdQnAKC",
        "qRtTSSTK88",
        "Al\\Q#",
        ",D_O[A",
        "NCMGydn9EkFcY1lRG7A`1",
        "EdSpWlKRhBJMWAXPeuC",
        "V5D5djrsaThPDZj8Tau",
        "Y>C<,",
        "S<r?U",
        "RISZfVfpm9",
        "PeQZu0uMYb",
        "aN3Vig:",
        "2ac%R",
        "System.Collections",
        "Lg6H:b",
        "734Z+",
        "z-aTF",
        "yKaKwbpYcV",
        "hCm7eHqoiE",
        "rmUY2vTtK6S8GOD7Eku",
        "&TZ`&",
        "ccAyUVKZOeYYLG2lnDX",
        "|-sU.PS",
        "Stelem_Ref",
        "AttributeTargets",
        ".cZ.[J.SJ.KJ.s",
        "zv=wV7",
        "DQUIiq4lYl",
        "wuxPD",
        "m_b67cb763f0104298a66947ad71ac7e95",
        "qsoIbaZ9KL",
        "System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "nAtrLV7VvZ",
        "`XaZ dO7",
        "[=^^o$1",
        "Q7$Q7",
        ">>5pc",
        "128605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
        "s4p6lFH45E",
        ".=dVK",
        "aoIZn8Fyjy",
        "CryptoConfig",
        "HIZsI9SZ52",
        "EL[Ay",
        "sOaxBdrKbf0RWYM2ssw",
        "BrkJ4r57MWGuhsWsFt",
        "FnliVyhWbQ3uQ7d3AgS",
        "BDond8Imd8OgN3KyZWh",
        "5&5J\"(|ga",
        ")x=e|",
        ";zm/-",
        "Ce M$",
        "eE0KoJKXqy",
        "System.Threading",
        "W=E}r",
        "KqxnfEMdST",
        "RCaIdf7Fak",
        "YwYhton2JWdYfiYUkpb",
        "#5d4^y",
        "lgYB8MHOo2",
        "Htdzey.exe",
        "GZipStream",
        "GK@zB",
        "VpyhPa5k11UX6tMCYDW",
        "\"#^(Lmc",
        "FTeUfsejbQ",
        "UR/+5y",
        ".=.6@2",
        "rkksivkdJg",
        "3_itMu",
        "m_df61349e2fb145dab8f6fd4c3e6ed676",
        "Sizeof",
        "s3iMX6PqEdpucpo3kju",
        "`S$d>",
        "w)]Jh4",
        "dbF7vHQDkw",
        "lm%P ",
        "System.Runtime.InteropServices",
        "JI6hXc6SZU",
        "YAd, ",
        "T`*Xe",
        "Gl6--u",
        "gR;uX",
        "T4;>glk[",
        "aO83AL6Fau",
        "fkRk%) ",
        "GetUnderlyingType",
        "')d['"
      ],
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 1,
      "cape_type": "",
      "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
      "process_name": "87053d0ad81ac3367ef5.exe",
      "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
      "pid": 4920
    }
  ],
  "dropped": [
    {
      "name": [
        "f01b4d95cf55d32a.automaticDestinations-ms"
      ],
      "path": "/opt/CAPEv2/storage/analyses/9/files/b044f900caf7f7ed584fc54b10c2839616f27ba3e8230343e3727246e9620597",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
      ],
      "size": 7168,
      "crc32": "2E7C851E",
      "md5": "f6315d12deb103f8cb25b962ff929a0c",
      "sha1": "eb8effdd815574fccf7044d6f1b2cc49db0fabdf",
      "sha256": "b044f900caf7f7ed584fc54b10c2839616f27ba3e8230343e3727246e9620597",
      "sha512": "9d4b2ef6205b3d9b2d2bd4c5c48924d06241f8e2d214b7ff62744371f92c1e19298a1eebbf1b40333f78794d2fad1144f15b48e177d7bc32f4cbee59ede98a6a",
      "rh_hash": null,
      "ssdeep": "48:rQlvy9XUUKKJ80QxUzJN1uz3QxUnJuuXS62JW4fuo2T+tbIadRLN4wAlr+eipJBm:MKuZ0FMGEcaTpgW48qdRB4BylbdrI",
      "type": "Composite Document File V2 Document, Cannot read section info",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T176E1EC127ED299BBE09C41728E1FE6518710BE935D47BB5FBCCA728E6D7108408CD52C",
      "sha3_384": "c514c123945dd5d2a78d5486d046a4b6ef95a5efda31068ff8f51cdce71ada7dd29dd0893958a2a060a0d8adaa7729e4",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": null,
      "strings": [
        "2knownfolder:{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "2knownfolder:{33E28130-4E1E-4676-835A-98395C3BC3BB}",
        "C:\\Users\\cape\\Documents",
        "2knownfolder:{4BD8D571-6D19-48D3-BE97-422220080E43}",
        "C:\\Users\\cape\\Desktop",
        "DestList",
        "2knownfolder:{FDD39AD0-238F-46AF-ADB4-6C85480369C7}",
        "Windows",
        "1SPSU(L",
        "Root Entry",
        "C:\\Users\\cape\\Downloads",
        "C:\\Users\\cape\\Pictures",
        "C:\\Users\\cape\\Music",
        "desktop-pc01",
        "33s@c",
        "2knownfolder:{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
        "2knownfolder:{374DE290-123F-4565-9164-39C4925E467B}",
        "C:\\Users\\cape\\Videos"
      ],
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 6224
    },
    {
      "name": [
        "5f7b5f1e01b83767.automaticDestinations-ms"
      ],
      "path": "/opt/CAPEv2/storage/analyses/9/files/07aceb40c46fd8c7c36ff46f79c1063a632588fedc69bdc7e61994a91555eda7",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
      ],
      "size": 1536,
      "crc32": "61B9F4E1",
      "md5": "d92650d094e34e7e4febcef3fb9d0f90",
      "sha1": "74fba3cd80d506d4b32e3c7d93498013ee8fcf85",
      "sha256": "07aceb40c46fd8c7c36ff46f79c1063a632588fedc69bdc7e61994a91555eda7",
      "sha512": "7e8b6e6d4f1e5c6db3cab2bb9f653e86a9966362b504b123185d93b71003ca0ec817230484efc5cb1b27a1a20ab0b35722685e046d244a047a14e7bfc765992b",
      "rh_hash": null,
      "ssdeep": "3:YmsalTlLPltl2N81HRQjlORGt7R1t//la1ul2oi5yP//W1XR9//3R9//:rl912N0xs+CFf/lOul15XCB9Xh9X",
      "type": "Composite Document File V2 Document, Cannot read section info",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T107319B417124E617C1582E778D01D5C4C7657D10DD14E10B31DA774F0A714E0D824651",
      "sha3_384": "98919eed19a02334aa8642458183ff779a923c7073b849afc7bd42cf60fef67c4ff6c47b38b9030aaefc28119e5613fb",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": null,
      "strings": [
        "Root Entry",
        "DestList"
      ],
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 6224
    }
  ],
  "CAPE": {
    "payloads": [
      {
        "name": "1418cd079560e4f80be6d45ff9d81ae35a49daff118cecad4c66766f7fa4fa0e",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/1418cd079560e4f80be6d45ff9d81ae35a49daff118cecad4c66766f7fa4fa0e",
        "guest_paths": "8;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?0x07C40000;?",
        "size": 662528,
        "crc32": "DDDECB3B",
        "md5": "a9387419c8ee8b6a078d23175472934e",
        "sha1": "efa10917ab4a108807a97db9f4153fbca5711540",
        "sha256": "1418cd079560e4f80be6d45ff9d81ae35a49daff118cecad4c66766f7fa4fa0e",
        "sha512": "a4523b6e53aff842209dce19d5866f48ca29e150ba7b2c967521789c044cabc7d5ce9f5b0b584ba5a9a4606d63cd0d106bd7abe4ab2bc434c3bb71449342e679",
        "rh_hash": null,
        "ssdeep": "6144:7kfDB98fm4ALPop/iOACxcsnDHMkqGWTo9hCisYraSf99lCsHKl6tdQr4whg83U/:7k9+lByLSBCeKl6tCi83Epb9Viy",
        "type": "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
        "yara": [
          {
            "name": "COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24",
            "meta": {
              "description": "Detects indicators of .NET Reactors managed obfuscation. Reactor is a commercial obfuscation solution, pirated versions are often abused by threat actors.",
              "author": "Jonathan Peters",
              "id": "8dc07bbd-cbeb-5214-a27a-555a0d396197",
              "date": "2024-01-09",
              "modified": "2024-01-12",
              "reference": "https://www.eziriz.com/dotnet_reactor.htm",
              "source_url": "https://github.com/cod3nym/detection-rules//blob/86a04c4594cb48895192aad4af164f21f568c136/yara/dotnet/obf_net_reactor.yar#L18-L34",
              "license_url": "https://github.com/cod3nym/detection-rules//blob/86a04c4594cb48895192aad4af164f21f568c136/LICENSE.md",
              "hash": "be842a9de19cfbf42ea5a94e3143d58390a1abd1e72ebfec5deeb8107dddf038",
              "logic_hash": "40a03eb487e2c02a032c4bfb51580dbb764e0a49ceee5ae92c54a5ee3ede9696",
              "score": 65,
              "quality": 80,
              "tags": "FILE"
            },
            "strings": [
              "<PrivateImplementationDetails>{2694970F-33C0-4F3D-8460-AEC6CCD3E65D}",
              "<Module>{81ADDF81-2A2A-4D67-B614-83D63B9A2005}",
              "<Module>{1d590a57-0001-4721-86b5-87b20d253506}"
            ],
            "addresses": {
              "": 531975
            }
          },
          {
            "name": "IsPE32",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsNET_DLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsDLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsConsole",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "Microsoft_Visual_Studio_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 660766
            }
          },
          {
            "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 660766
            }
          },
          {
            "name": "Microsoft_Visual_C_Basic_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 660766
            }
          },
          {
            "name": "Microsoft_Visual_Studio_NET_additional",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 660766
            }
          },
          {
            "name": "Microsoft_Visual_C_v70_Basic_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 660766
            }
          },
          {
            "name": "NET_executable_",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 660766
            }
          },
          {
            "name": "NET_executable",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 660766
            }
          }
        ],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T102E4F706B7AAEE61C1644333E2FA4D0087B0E486B733F76F7AD4176819073968E46797",
        "sha3_384": "0216b836163db9e99445b264c31ed4bc1221db83d2f74cb5fe63f5894e3e5b3e18f19d31e64b5c5518a35a5bbf634d09",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "pe": {
          "guest_signers": {
            "aux_sha1": null,
            "aux_timestamp": null,
            "aux_valid": false,
            "aux_error": true,
            "aux_error_desc": "No signature found.",
            "aux_signers": []
          },
          "digital_signers": [],
          "imagebase": "0x00400000",
          "entrypoint": "0x000a331e",
          "ep_bytes": "ff250020400000000000000000000000",
          "peid_signatures": null,
          "reported_checksum": "0x00000000",
          "actual_checksum": "0x000a5e70",
          "osversion": "4.0",
          "machine_type": "IMAGE_FILE_MACHINE_I386",
          "pdbpath": null,
          "imports": {
            "mscoree": {
              "dll": "mscoree.dll",
              "imports": [
                {
                  "address": "0x402000",
                  "name": "_CorDllMain"
                }
              ]
            }
          },
          "exported_dll_name": null,
          "exports": [],
          "dirents": [
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
              "virtual_address": "0x000a32d0",
              "size": "0x0000004b"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
              "virtual_address": "0x000a4000",
              "size": "0x0000035c"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
              "virtual_address": "0x000a6000",
              "size": "0x0000000c"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_TLS",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IAT",
              "virtual_address": "0x00002000",
              "size": "0x00000008"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
              "virtual_address": "0x00002008",
              "size": "0x00000048"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            }
          ],
          "sections": [
            {
              "name": ".text",
              "raw_address": "0x00000200",
              "virtual_address": "0x00002000",
              "virtual_size": "0x000a1324",
              "size_of_data": "0x000a1400",
              "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x60000020",
              "entropy": "5.80"
            },
            {
              "name": ".rsrc",
              "raw_address": "0x000a1600",
              "virtual_address": "0x000a4000",
              "virtual_size": "0x0000035c",
              "size_of_data": "0x00000400",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x40000040",
              "entropy": "2.82"
            },
            {
              "name": ".reloc",
              "raw_address": "0x000a1a00",
              "virtual_address": "0x000a6000",
              "virtual_size": "0x0000000c",
              "size_of_data": "0x00000200",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x42000040",
              "entropy": "0.10"
            }
          ],
          "overlay": null,
          "resources": [
            {
              "name": "RT_VERSION",
              "offset": "0x000a4058",
              "size": "0x00000302",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "3.36"
            }
          ],
          "versioninfo": [
            {
              "name": "Translation",
              "value": "0x0000 0x04b0"
            },
            {
              "name": "Comments",
              "value": ""
            },
            {
              "name": "CompanyName",
              "value": ""
            },
            {
              "name": "FileDescription",
              "value": ""
            },
            {
              "name": "FileVersion",
              "value": "1.0.9557.39421"
            },
            {
              "name": "InternalName",
              "value": "Gnrtupo.dll"
            },
            {
              "name": "LegalCopyright",
              "value": ""
            },
            {
              "name": "LegalTrademarks",
              "value": ""
            },
            {
              "name": "OriginalFilename",
              "value": "Gnrtupo.dll"
            },
            {
              "name": "ProductName",
              "value": ""
            },
            {
              "name": "ProductVersion",
              "value": "1.0.9557.39421"
            },
            {
              "name": "Assembly Version",
              "value": "1.0.9557.39421"
            }
          ],
          "imphash": "dae02f32a21e03ce65412f6e56942daa",
          "timestamp": "2026-03-02 18:54:04",
          "icon": null,
          "icon_hash": null,
          "icon_fuzzy": null,
          "icon_dhash": null,
          "imported_dll_count": 1
        },
        "data": null,
        "strings": [
          "CNM.4",
          "arrayType",
          "set_BeforeSerialize",
          "GetEnumMap",
          "eBNSsWc6b0",
          "#Strings",
          "'F2Rs38kEYwQL7s8nVMf.EVJaZgkRq8CCrjfVAxC",
          "Invalid wire-type; this usually means you have over-written a file without truncating or setting the length; see https://stackoverflow.com/q/2152978/23354",
          "G98TaQfEeJoUBlQoywI",
          "DateTimeKind",
          "Ldarga_S",
          "'hdFmLLRpkND2xkcxX9w.vLVYG8RsXNJIdEN9Mvv",
          "SetOption",
          "MOcMDAxJKja35EthJQZ",
          "f6qE7PQCBE",
          "_reference",
          "IPkVd410xC",
          "typeFixed",
          "NOf3nuOxDe",
          "Fil3jsQraI",
          "HLZti1JjRpMlOgijjmw",
          "XauWPaaFF0",
          "FrameworkName",
          "b pE(;a}",
          "Value&",
          "get_Surrogate",
          "Pmk8KsPHEDQM01AV0jFpt1",
          "WTda5qnA2t",
          "h5ZsgPeSfP",
          "GumAv119fZ",
          "Recycle",
          "?_b`U8A",
          "dNYjw7JnrI",
          "MBtCaPNmYL",
          "GetHostAddresses",
          "GoFe0WNoo0",
          "HdH0cqCVB7",
          "<KeyFormat>k__BackingField",
          "AIyPgZJS7j85G8qr4pA",
          "get_CurrentThread",
          "TValue",
          "k%_&E",
          "get_LocalType",
          "WaitCallback",
          "DRh37dhJMk",
          "get_AsReferenceDefault",
          "lpName",
          "GgBjZAfNSn",
          "mGUTEXEy2g",
          "KnownTypes_Hashtable",
          "set_UseShellExecute",
          "gaEP3ddZMfZMham6nOu",
          "Reverse",
          "m_70eb0f9e223c46e2b1cbe0ac93fc38d8",
          "AttributeFamily",
          "DefineDynamicModule",
          "afterSerialize",
          "InRoraY3dL",
          "yalexR5wWc",
          "get_IsAlive",
          "dwSize",
          "System.Security.Cryptography.X509Certificates",
          "DirectReadLittleEndianInt32",
          "%<%U%j%",
          "KCFlcDdR6L",
          "bwVuE5xAXnsEBZZlWYv",
          "ZpV1MmZurrESezx",
          "It was not possible to prepare a serializer for: ",
          "Data of this type has inbuilt behaviour, and cannot be added to a model in this way: ",
          "GetTypes",
          "u2ehBf4V7lAK8ml9QTJ",
          "internStrings",
          "YdJWWMaBEN",
          "BZnB9diE56",
          "WriteString",
          "IDictionary",
          "set_MetaDataVersion",
          "AfterApplyDefaultBehaviour",
          "t# NG",
          "e1BsyjN8G1",
          "LockContended",
          "rsELJWKCKXMj2c7sMG3",
          "dGCk9bx3mp",
          "model",
          "FH3L0YluY",
          "IntPtr",
          "b*s]A7",
          "KO6CfesiJwFGa5VJgMn",
          "get_SuppressIList",
          "WriteFieldHandler",
          "flAllocationType",
          "Ldelem_I8",
          "<>3__tag",
          "AppendExtensionField",
          "ReleaseLock",
          "IsGroup",
          "x1yR0tr8Hy",
          "get_Callbacks",
          "Alloc",
          "count",
          "Type is not expected, and no contract can be inferred: ",
          "BranchIfGreater",
          " GnT? ",
          "ret9kkFME",
          "Rt3BUvqbqn",
          "JNPNExC5Eg",
          "I4T1avaKx5okFZbQVrM",
          "FXU6SVfBcN",
          "import \"protobuf-net/protogen.proto\"; // custom protobuf-net options",
          "System",
          "WriteGuid",
          "set_AsReferenceHasValue",
          "Y7G10VS8CXf1OiVOkEt",
          "m_3475b0f879bf4577be146a64cad5ae39",
          "subTypes",
          "eaNiIqJOc4jYFJbRt6Z",
          "LoadSerializationContext",
          "OPTIONS_PrivateOnApi",
          "DGuNUynITa",
          "Ldc_I4_8",
          "peR6R2oxuk",
          "XGdeMYwkIc",
          "rcp;F",
          "Ldelem_U4",
          "PISYmZDDgK",
          "ienumeratorType",
          "M8GZDWhk8x",
          "Combine",
          "Concat",
          ",pe A",
          "get_WritePacked",
          "EE1s4rn7PZ",
          "Cfm32Hr4m8",
          "TJty9BJIVcuamo7TqB8",
          "v11rq9daE4U1Tv5hhB8",
          "Accessibility",
          "itemType",
          "addWithContractOnly",
          "KOgRflNlrd",
          "*-*7*L*Z*a*x*",
          "StreamingContextStates",
          "System.Collections.Generic.IEnumerator<System.Type>.get_Current",
          "F5usZGaeNs",
          "hnkp4654aK",
          "Unable to resolve type: ",
          "vbKlv5puSX",
          "VX0E4f0daO",
          "TypeAttributes",
          "get_ItemType",
          "'cNVcleptHukee3bm7dY.OB2eJVpfc9kq7FMvX4X",
          "YBnV7ZADylbRDonukep",
          "TryDeserializeWithLengthPrefix",
          "nrxpBHddDf",
          "snAN16qIHQ",
          "Distinct",
          "StreamingContext",
          "zBa~'",
          "RonWDMfaEN6V07pqgux",
          "b*b]A@",
          "nvlytYU3DbsoJwyMFWS",
          "Dictionary`2",
          "'ydEh2uNv7U1OSIN9rpk.CiTPM6NHTKVRMGbbNrq",
          "iB1NRN4vHQ",
          "Jhiov3AJpU",
          "MemoryStream",
          "AddValue",
          "stringKeys",
          "HxFEpx8FoL",
          "Ldc_I4_S",
          "encoding",
          "get_Type",
          "BindingFlags",
          "bHx9LLxLMfWxjNHdVeV",
          "memberNames",
          "WriteInt64",
          "WT6T752YpO3tJ7uTJW2",
          "DEBUG",
          "throwIfFrozen",
          "ProtocolType",
          "ajxej0YkSS",
          "Known type cannot be blank",
          "MDcWo5rgb9",
          "GwhVGmTuod",
          "`;vrRx",
          "yceQy3LDH5",
          "Ok9ANLGZw8",
          "get_AssemblyProductVersion",
          "callbacks",
          "uQs6l62ADXc7uNyy3rm",
          "JASkbiAcVf",
          "m_ffa2b4aecb3241ba96f217c93f8b6b0c",
          "<GetExtendedValues>d__0`1",
          "S1IQ3UkCAI",
          "fromTail",
          "ComputeHash",
          "DhvkmqWUhM",
          "set_ImplicitFields",
          "PPpldMaya2",
          "get_Kind",
          "AK8kALqZGt",
          "BDR0UMs060xt0a4EnJE",
          "Timestamp",
          "BG9mzNjOTc",
          "TypeAddedEventArgs",
          "TryFlushOrResize",
          "ROjjOr2LB0wbGeg21V3",
          "EywSlwll9p",
          "FlYVjJEZJq",
          "TestEnumerableListPatterns",
          "<>3__type",
          "The serialization-context cannot be changed once it is in use",
          "LLF69fjdP6",
          "MemberName",
          "AssemblyBuilder",
          "KhkWGUamVY",
          "OPOpimkPZX",
          "lLENC0KgWs",
          "C7Z3MgS6nfPuCU0hexd",
          "Hh8YxJhdlw",
          "fieldNumbers",
          "includeLocalCallback",
          "mappedMembers",
          "drspLF1Dxc",
          "AllowInternal",
          "Append",
          "allowContract",
          "fBUQiida29",
          "TrySerializeAuxiliaryType",
          "TRACE",
          ",),;,@,K,",
          "[|a~'",
          "first",
          "KRgVTByuSq2QiiiRJd",
          "WeGujK6OXLNnmcJ2Bjj",
          "FhBsoEuvgY",
          "Binder",
          "IPAddress",
          "IOException",
          "Sub-types can only be added to non-sealed classes",
          "mpvxG9Ki7ZTTe45RSIZ",
          "Q4MlFilWb7",
          "get_ConstructType",
          "ParamArrayAttribute",
          "Invalid callback signature in ",
          "dataRemaining64",
          "B2kBvEBGOVOWiH5TpyQ",
          "Action`1",
          "castListForAdd",
          "ePJ<N",
          "u6Q48tfVcG",
          "CL3ZFDDDB2",
          "BufferPool",
          "vFhjqatOQiL40DIZLHb",
          "The type cannot be changed once a serializer has been generated",
          "ReadFieldHeader",
          "gCDgEBJYRIRIR2W2bgf",
          "UInt32Serializer",
          "forType",
          "TryDeserializeAuxiliaryType",
          "AYs6gt3htb",
          "'DPQNsnlh9or4sKQGaLb.XZcji1lrDQPTdballjw",
          "a4xCAYd2AA",
          "MakeGenericType",
          "ofmRAJxbZNUwiDeeug1",
          " b;&\"e ",
          "pWbedTMbGxXSRl6tKcW",
          "ProtoBuf.Serializers.IProtoSerializer.EmitRead",
          "get_ApplyDefaultBehaviour",
          "JRHlGGdb7OWvgwOBvTS",
          "Brtrue_S",
          "inSlR2ULLo",
          "System.Drawing",
          "LS5BwGtwCMrfi2K1cby",
          "set_FileName",
          "B70ZqtGNsJ",
          "Me8WqS3gE2",
          "z9ke1OtXyu",
          "GetManifestResourceNames",
          "MinValue",
          "p*r(N",
          "N0FRMg4pWc",
          "Value\"",
          "ProtoBuf.Serializers.IProtoSerializer.Read",
          "WriteSerializers",
          "`=DX d",
          "DynamicMethod",
          "LQUM5mMfoS",
          "Ifv3ywJhEJGoaqUwe6l",
          "Tuple",
          "get_MetaDataVersion",
          "M1uZin7rMx8DAvqkUnw",
          "U5NjIRxo2j",
          "EnumPassthru",
          "ProtoBuf.ProtoEnumAttribute",
          "get_IsGenericType",
          "<>2__current",
          "Lm2cnTAniwoWo2xD7Ou",
          "ComVisibleAttribute",
          "b*s]A;",
          "GVIVRirCZJ",
          "Options",
          "C4SYrKinjc",
          "ImageFormat",
          "q93VBGPT5t",
          " v'jge m",
          "Conv_Ovf_U1",
          "No suitable constructor found for ",
          "teM29ZJe1W3Gn0AtACL",
          "CikAEcpQ5D",
          "get_MapValueFormat",
          "GwVaCFa7JJ",
          "concreteType",
          "LY7oeC5ufJ",
          "ProtoBuf.IProtoOutput<System.IO.Stream>.Serialize",
          "KCTTDv6kCf",
          "xkXAoW9S00",
          "iyRlGZD1mB",
          "GetGenericArguments",
          "'axHTpsZJb2Xog7wyhVR.AIGuwdZxNj40mDctUme",
          "Not all keys are covered by values",
          "set_Position",
          "Measure",
          "DateTime",
          "FieldTimeSpanValue",
          "ui8jqVJQrl37iAWF8t5",
          "IXgPPHNoPM8d9t6xHRS",
          "cs5l6WY8INho4lDdXPb",
          "p*rjN",
          "ymwVIjXvaO",
          "3)4G4~4",
          "YG1Myt7X6W",
          "CompareOrdinal",
          "shadowSetter",
          "uhoMXdJ75t",
          "W1BErPPix8",
          "DeflateStream",
          "HZypdavXjh",
          "ReadTimeSpanTicks",
          "WtbRGXCktj",
          "IncludeDateTimeKind",
          "get_Is64BitOperatingSystem",
          "GetIndexerSetter",
          "get_IsPacked",
          "Object",
          "BDs4nCuFeB",
          "get_IsStatic",
          "yGVeq2bieo",
          "Unexpected sub-type: ",
          "set_ValueFormat",
          "GetRawEnumValue",
          "WriteDateTimeImpl",
          "PrepareSerializer",
          "HPSIyW7ubBEmuofeMNi",
          "lPmRa8Kdk9RasOflyGd",
          "knownTypesCategory",
          "ONgNTaTJ3n",
          "ToLower",
          "frYeI0kuxM",
          "rLOAFJ1pOH",
          "LpHNjSKOhx",
          "message",
          "wprBKsKkQbVY6Rt9mIX",
          "InvalidOperationException",
          "N2LOfkJLXOlxOhNL55G",
          "ResetKeyCache",
          "ProtoPartialMemberAttribute",
          "WriteDecimal",
          "JICEDDds1G",
          "TryReadUInt64VariantWithoutMoving",
          "jLhs2EYZdN",
          "RJejS5wO1N",
          "get_DerivedType",
          "m_4c5ed8e668a7449f8b6dfeeb82a6a95e",
          "KJuTteBeIk",
          "immTgjtciZ",
          "kernel ",
          "associatedType",
          " level(s)): ",
          " SiO$t",
          "helperType",
          "jXrlZSq570",
          "VrsREwyFgj",
          "beHRHVoy5f",
          "tms8T8JGcgJqYqp2Y2K",
          "ATh4keDxof",
          "MethodInfo",
          "Ldsfld",
          "System.Threading.Tasks",
          "I42p8NJ9pNkSlOC91rG",
          "SkipField",
          "resolver",
          "'oSUavHasoKnU459nuZi.GVu4WnaeNqpLYOUGib8",
          "field",
          "DirectoryInfo",
          "f8tVRwogb0veGQ0rkQY",
          "VKDyypB7MD8Iw2K8F8N",
          "E3k2BXS1vK3H5fFkVSn",
          "System.Runtime.Serialization.DataMemberAttribute",
          "nyuIy4JveW30vxM9TJn",
          "IndexOfReference",
          "U2psuB0AY4euB4msdxw",
          "YDl6Bs318C",
          "flProtect",
          "'HGgD2URTnSR47wjZ3I6.rWnOFARm2k0hweFK6Uy",
          "QXvNVOUQIT",
          "ProtoBuf.ProtoBeforeDeserializationAttribute",
          "AssertValidFieldNumber",
          "Y9Ya~'",
          "4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B",
          "callback",
          "Freeze",
          "POOL_SIZE",
          "Apojm2cLKp",
          "pNGR90pbAY",
          "InternalsVisibleToAttribute",
          "get_NonPublic",
          "'f2VfWCEftlOWUsAD3R9.kwjFpFEKqWcpg1Rp3Ki",
          "Cannot read from stream",
          "RemoteCertificateValidationCallback",
          "KhEsGYxxq876HeidMYI",
          "$*u[ u",
          "newObjectKey",
          "zNoVYscQhf",
          "No parameterless constructor found for ",
          "gB9mg47Y9IsBNTvjyQV",
          "DateTime was unexpectedly too big for DiscriminatedUnion128Object",
          "isExtensible",
          "Point",
          "wRD0fKeY8A",
          "rELBuuav16KVF4kZQdd",
          "H9mBZffpvYTie2HGwjE",
          "; please see https://stackoverflow.com/q/14436606/23354",
          "v4.0.30319",
          "yQhBIZWfZMX20NegHOm",
          "G6JMQrE8o1rVhdtMD2Q",
          "SeekOrigin",
          "I1wjYaym7c",
          "System.Security.Principal",
          "SslPolicyErrors",
          "WriteEnumValue",
          "ProtoAfterDeserializationAttribute",
          "DppXCylIfGnFNnXJY5q",
          "dWbfXtd8FQoE6gGwU7w",
          "AddOption",
          "m_3a36d3c51b17480c9e37d744f0634560",
          "ownerStackTrace",
          "?LHItd?",
          "addEvenIfAutoDisabled",
          "bInheritHandle",
          "nfGktRSUH3",
          "Om4LedCUTfTSYQAPwgn",
          "DefaultValue",
          "NewLine",
          "pM5wyFM158FJygXnHeD",
          "Ldelem_I2",
          "Incorrect type",
          "rbakCjqMpJ",
          "m_34333edf3eb94369aa8b6495f25f891e",
          "get_IsPublic",
          "m_3c3da8d06c9d40fdad3401eea4f021e7",
          "ProtoBuf",
          "IProtoSerializer",
          "59058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074",
          "ProtoBuf.IExtension.BeginAppend",
          "NullReferenceException",
          "nYl(J",
          "ResolveType",
          "GeneratedMessage`2",
          "TargetFrameworkDisplayName",
          "onYBS6R4Id",
          "AssemblyProductAttribute",
          "cLISoem5dx",
          "oZaYJWSILk",
          "Write ",
          "Graphics",
          "z7qCROUFH7Ls7NxQxlN",
          "get_Target",
          "OJx7tdNR6Q",
          "OpCodes",
          "IdA6CPOl5R",
          "U82RNpwiKC",
          "valueFrom",
          "CheckFullyConsumed",
          "sogtnGgB1",
          "ProtoBinaryField",
          "GetElementType",
          "Proto2",
          "GetWindowText",
          "get_AssemblyCompanyName",
          "OY0mwbjuPK",
          "discriminator",
          "sfixed64",
          "value__",
          "keyType",
          "G27o3eTvqM",
          "defaultType",
          "get_IncludeDateTimeKind",
          "PK6ksgjMQ9",
          "recursionCheck",
          "kY6R3rXSnj",
          "1}6=B8",
          "SqtsAJpcCM",
          "Ep5Ym4KloXj7ZimZoN0",
          "Gnrtupo.dll",
          "FromTicks",
          "ByteArray",
          "o8bobiXCg1",
          "set_WriteTimeout",
          "GetProcAddress",
          "ProtoBuf.Serializers.IProtoSerializer.EmitWrite",
          "Vqxk4Daoj1",
          "lfvUAvKxHdImeedOCT1",
          "gOLSBApUlE",
          "endpoint",
          "mvR0mFkfyt",
          " data has been written",
          "OJ6LOKdcWAinbrw5CgZ",
          "ojvszMKyZV",
          "position64",
          "oV2gLrp6O",
          "J6ITPkGYTc",
          "CurrentUser",
          "wZkRtP7yOn",
          "set_Version",
          "expectedType",
          "SocketShutdown",
          "ProtoDeserializer",
          ".google.protobuf.Timestamp",
          "vATMKKGW5T",
          "UWT6NbvgqH",
          "ContainsKey",
          "JgR6ERE9Vx",
          "jh3mXU0ndfWrwUmec3F",
          "OGt4tjKxNK",
          "Rfga4Xl44p",
          "FormatterServices",
          "WriteNetObject",
          "aTGft72Pj6WypkMSGgh",
          "'EyuncIEwwd4qKZMpxGN.G6JMQrE8o1rVhdtMD2Q",
          "a2fZS5UDCv",
          "ISerializable",
          "kcEBrjkxYl",
          "lm7lmRxQLY",
          "Non-public type cannot be used with full dll compilation: ",
          "L9Q4cPSOpR",
          "User32.dll",
          "System.Collections.Generic.IEnumerator<System.Object>.get_Current",
          "Ldc_I4_7",
          "asListItem",
          "ReadTypedObject",
          "TuTBT6xGgKaubaRMhwk",
          "FileMode",
          "gOqrqJJ2EXoPtGrw3MX",
          "NetworkStream",
          "Conv_Ovf_U4",
          "p96AAmCgq7",
          "ysTYVmKK2Y",
          "QJamobu0v8",
          "Duration",
          "DiscardValue",
          "GXSB1JoaAe",
          "System.Runtime.Serialization.OnSerializedAttribute",
          "get_HasValue",
          "MY6MbMRhqbCpj5Pk1SM",
          "NbPM55SCn8fWCR4yMbB",
          "QNcEyENvg7",
          "xNkpQdrtOn",
          "ReadDuration",
          "gBrYnjo7vw",
          "GetSubtypes",
          "ConvertToInt32",
          "UgCdcEc7oPKAsAPaHtl",
          "ManagementObjectCollection",
          "IFormatter",
          "verifyObjectName",
          "S3qpNQKHku9L1EOtja0",
          "MemberType",
          "q0xQdCShpe",
          "TimeSpan was unexpectedly too big for DiscriminatedUnion128",
          "QOp7UPyAs0",
          "DirectReadVarintInt32",
          "System.Runtime.Versioning",
          "!This program cannot be run in DOS mode.",
          "I0PQrjRGWX",
          "ienumerable",
          "Conv_I4",
          "Bgt_S",
          "uAfs8XJOn5",
          "wqkNDENTfQ",
          "GxZm5ggDs0",
          "@X (S",
          "get_EnumPassthru",
          "GetLength",
          "MakeGenericMethod",
          "gFMNpd251J",
          "deserialize",
          "ReadTimestamp",
          "p2rklNNOHj",
          "'lUqpmmpbGaP87EZ2T6r.n6Abdqp1JNiK4YUSDV3",
          "z92ePpqClD",
          "kRvCWdfXIH",
          "Using",
          "htUaqZl65afr6uuNKxC",
          "ztDa~'",
          "FirstOrDefault",
          ".6.l.",
          "LKXAU5dRG5Upvbk1g7C",
          "setSpecified",
          "yRaTub0G0Y",
          "etFYtRtT2X",
          "get_Discriminator",
          "KIDUvBdGrfbDCCZn7ms",
          "typeName",
          "TargetFrameworkName",
          "TdwE2oSIpZs0OhlKm4g",
          "EmitWriteArrayLoop",
          "parentType",
          "TypeSerializer",
          "OORoStQLQhFwt7dvENI",
          "BeforeSerialize",
          "J2smAGAwy4KLRQwqu2J",
          "Ldelem_U2",
          "MULxoolWpCXtpZCBwOp",
          "userState",
          "BYhemMFccG",
          "MarkLabel",
          "OnBeforeApplyDefaultBehaviour",
          "AFvlMTSEpP",
          "wkO6y1tU5J",
          "get_MetadataToken",
          "WritePackedPrefix",
          "DataMemberOffset",
          "U2i0XeJjZl",
          "yRyqiDmywfpsJShnR6c",
          "DdHZI9tNg7",
          "n18QJ0bGbv",
          "GetExtensionObject",
          "HasCallbacks",
          "GetILGenerator",
          "<GetAllGenericArguments>d__104",
          "'DDMiCgjLAfNQ3lQuNlY.jJh133jbENtLAAkDe6I",
          "O2Emt9KQMS",
          "FbmEofG54c",
          "TryReadUInt32Variant",
          "flNewProtect",
          "Cyclic inheritance of '",
          "FieldObject",
          "CanSerializeContractType",
          "sn63Oldsr6d6dCC3kxO",
          "SerializeCore",
          "m_b1484997e0754815ad64fbb0498859ab",
          "ajvEthfFjV",
          "es3NPB2ZGVp1HbwIrrq",
          "GetKeyedObject",
          "EVJaZgkRq8CCrjfVAxC",
          "get_FieldNumber",
          "property",
          "No serializer defined for type: ",
          "lwsZyH3i1h",
          "nt4aJMavnU",
          "zwHTprbWyr",
          "aoZF9YV7Jimd1fUEqrv",
          "NetCache",
          "assemblyName",
          "op_Inequality",
          "tEyEJ4Zauh",
          "zf4Yy9JwHKNsxDT09Nv",
          "FRH2XkCkls4w03teJcD",
          "rSp4nQsklpFECHZRIkk",
          "AutoCompile",
          "ParentType",
          "FlushPool",
          "knownUntrustedAssemblies",
          "get_OverwriteList",
          "jvF6vaHqHx",
          "M51pGI0RJD",
          "Contains",
          "@~x'1",
          "iElAPKW2l8",
          "InferTagFromNameHasValue",
          "methodPairs",
          "b*q_ D",
          "default = ",
          "VkeQHwwfrf",
          "I12V1BofTW",
          "fLTSJM9Gtx",
          "ProtoBuf.Serializers.IProtoSerializer.get_RequiresOldValue",
          "J AXyOa~'",
          "DQmWwmwN0T",
          "Are you mixing protobuf-net and protobuf-csharp-port? See https://stackoverflow.com/q/11564914/23354; type: ",
          "Callback",
          "Jf961ykNeG",
          "set_Name",
          "hDu9AvK8tZErv0mkreQ",
          "DeserializeItemsIterator",
          "EndQuery",
          "CreateSerializer",
          "b*Q]!?",
          "FmgBLax22wvcis4L0A6",
          "Hkw6DPCwwL",
          "mLlMBhNyj8",
          "dhE7EWd0aQ6ViIo5Wm0",
          "get_EnumPassthruHasValue",
          "get_Data",
          "BeforeDeserialize",
          "U1ZAohdnJvvvM5VirD5",
          "indent",
          "Rectangle",
          "HasSubValue",
          "'Ps96EnWsDfhWktl2e2o.LZLAHiWeNs9DsexDyrU",
          "Ldloc_S",
          "BclHelpers",
          "MaxValue",
          "Unexpected boolean value",
          "h67oo3xBdN",
          "writeValue",
          "System.Windows.Forms",
          "Deserialize",
          "GetEnumerator",
          "ACsQVJJg4i",
          "Bo765YRjko",
          "lx6iTICcE",
          "VgRVnWfabF",
          "InternalsVisible",
          "CreateType",
          "Ldloc_3",
          "get_Address",
          "backingMember",
          "aTIB4UPWFi",
          "Gnrtupo",
          "b*b]`F",
          "iwxCGL2oeR",
          "PropertyInfo",
          "z9a5Kcf2B01Vpl0B2i9",
          "SymmetricAlgorithm",
          "aEVRklupQL",
          "CanSerialize",
          "Ih2eWq8aXY",
          "<>7__wrap1",
          "Uvg00pYYuy",
          "UiERSBeiYmd2vjHUVS2",
          "W91LXdmLXVimSMte18Y",
          "RSACryptoServiceProvider",
          "ExtensionAttribute",
          "csbTLwW6rA",
          "OPTIONS_DynamicType",
          "Image",
          "ProtoBeforeDeserializationAttribute",
          "CopyPixelOperation",
          "xv7wEYkzxJXWpKMKlMI",
          "Invalid pattern for setting member-specified",
          "f69SE0JMa3TdpqEChTT",
          "GetMember",
          "F0Zdpy2FIXf7VeFrT4P",
          "GlQYMW40ja",
          "Hgop6JT6iJ",
          "Interlocked",
          "HfrMjh0TGP",
          "caJeHH95jZ",
          "Ldloc",
          "l7:hi",
          "WaitOnLock",
          "SFgpwUrPB",
          "PFwpFwPNoS",
          "YN7WSupcIw",
          "GetConstructor",
          "opaqueToken",
          "n4q43SydRw",
          "Fu3AIL50uS",
          "OriginalString",
          "get_PropertyType",
          "Invalid serialization operation with wire-type ",
          "c>+qc!",
          "set_IsPacked",
          "beforeDeserialize",
          "InterpolationMode",
          "YZ4RovFcTn",
          "nGoCpXwH02",
          "ignore",
          "Formatter",
          "jRDCuhadFk",
          "storage",
          "Value tail should return a value",
          "QR6j4glUUD",
          "CascadeDependents",
          "sUJMES09qe",
          "DynamicType",
          "psa~'",
          "MPH9NQdrt59fv4p9DVo",
          "objectKeys",
          "OPTIONS_IsGroup",
          "Dictionary",
          "G2iOuAtSvDjyECcGl1U",
          "P1Qq3MfNDvB5RjPjHnI",
          "GetProto",
          "FixedSize",
          "KZe3fDVJeR",
          "v8hfPofGgH8EJ4L39yo",
          "surrogate",
          "MItjEByChr",
          "writer",
          "ipxpJojxkI",
          "EncoderParameter",
          "m_deb3703a2427499ea7ae5937fe1ea283",
          "Cannot serialize sub-objects unless a model is provided",
          "getSpecified",
          "BOB0zgPcxB",
          "IsNullOrEmpty",
          "frozen",
          "XV87eemPS8",
          "get_Param",
          "System.ComponentModel.DefaultValueAttribute",
          "UAlMCmQ6DO",
          "BeforeApplyDefaultBehaviour",
          "IDisposable",
          "cphWvERncSxLQCKMBCI",
          "VEvlxw7rcb",
          "SrbmSfVVZy",
          "r1YapH81BN",
          "MapDecorator`3",
          "GetPublicKeyToken",
          "D8cQPJPpUa",
          "JJmKvb2QhwYUX5gpmkX",
          "ReflectionAttributeMap",
          "IsValidSubType",
          "attrib",
          "get_UseImplicitZeroDefaults",
          "fromValue",
          "KjlZ6hufdd",
          "ModuleBuilder",
          "ThTYjsfR4B",
          "<extn>5__2",
          " H _ ",
          "No root object assigned",
          "DeserializeItems",
          "TypeModel",
          "set_AssemblyTrademark",
          "'OGZHiAkIqvpCLHhBIql.S8w5ZDkLlS7RYpDGhuG",
          "Kyq01k4M3x",
          "OwkT0dknI2",
          "AllowParseableTypes",
          "C7J4ZjxTZ5JuqWRGwyd",
          "BufferExtension",
          "i7MDTYxX6HGryE7TZJB",
          "bsxFsrJnw1DIWOsbpMS",
          "a4JomL7wiT",
          "rbPWDgJr0cAZfgRlfkf",
          "GetInstanceFieldsAndProperties",
          "set_KeyFormat",
          "ydEh2uNv7U1OSIN9rpk",
          "factory",
          "62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9",
          "GjwwK5dKdnimlj8ac2G",
          "m_e34f39acee5843aa8ffca4cf94c273b8",
          "required",
          "BitConverter",
          "m_dcf2600f71c345dca02630b44bd11174",
          "get_IsTerminating",
          "Qm2AogxmWpBBiAvbwd6",
          "SYbVNxyOLy",
          "b*b]AE",
          "tQikOltL2QCeuc6KNEx",
          "<AssemblyCompanyName>k__BackingField",
          "QL73Bqw7Bv",
          "rWnT6Lurvw",
          "YD1m2RwWiU",
          "packedFieldNumber",
          "cKGpYHvZoo",
          "Q8N0HpNiOK",
          "<AssemblyProductVersion>k__BackingField",
          "GetPathRoot",
          "ConstructType",
          "NfktkwmhO5wwvucQ2AX",
          "ienumerableType",
          "MetaTypeFinderImpl",
          "pBC4rZtIcaeq8MyclwE",
          "pAFjc5b0ER",
          "sUvCXdq17W",
          "Stloc_S",
          "b*b] H",
          "FieldNumber",
          "get_Accessibility",
          "Qa hFL",
          "k14mHKccH3",
          "ReadUInt32Variant",
          "u2ooA7cley",
          "style",
          "eOUjqVltdi",
          " (you can use the TypeModel.DynamicTypeFormatting event to provide a custom mapping)",
          "ProtoBuf.ProtoAfterSerializationAttribute",
          "ProtoWriter",
          "ISerializerProxy",
          "IProtoInput`1",
          "QkMEqZMGL6",
          "op_Addition",
          "get_UseProtoMembersOnly",
          "get_Binder",
          "Q6cl5swbmF",
          "Mn7VLPoCkC",
          "Substring",
          "JNXhMbx4Xy0viqsVkY5",
          "aCKN3CcJeb",
          "Qi72PW0hfcl4rr33bbO",
          "DDMiCgjLAfNQ3lQuNlY",
          "parameterTypes",
          "PropertyDecorator",
          "EnumPassthruHasValue",
          "demand",
          "DefaultMemberAttribute",
          "9;.W@",
          "AddressFamily",
          "Milliseconds",
          "System.ServiceModel.Configuration",
          "iAlBwCdjbV",
          "DispatchOperation",
          "ReadByteOrThrow",
          "Faf633M3ix",
          "FieldDecorator",
          "JsPR082XucXt1EQyBYk",
          "get_InputValue",
          "System.Collections.ObjectModel",
          "KnownTypeName",
          "Ldfld",
          "Repeated data (a list, collection, etc) has inbuilt behaviour and cannot be used as a subclass",
          "m_7559a422cfce4b3db3cb316024c98ae5",
          "System.Runtime.CompilerServices",
          "N4lCqG00JM",
          "buffer",
          "u5qN7EwHXv",
          "tag={0}; wire-type={1}; offset={2}; depth={3}",
          "Minutes",
          "Target",
          "IsPacked",
          "gg4NKcxHBb",
          "TryReadFieldHeader",
          "get_FieldType",
          "ArrayList",
          "Gus4wA2igH",
          "h8eslkq4mB",
          "HHUWAN7TGG3ORqnsEvA",
          "System.Globalization",
          "000004b0",
          "Uecc3kJ0hEnqQPkh0AD",
          "RboZYhhQyA",
          "gwGmEc3pOR",
          "V_77a",
          "EndsWith",
          "get_HasSubtypes",
          "ToDurationSeconds",
          "get_CanSeek",
          "BnTjT2Zk0q",
          "set_MapValueFormat",
          "'EvVFDyRS7xbfJEFRtBR.mlSxOVRYpYgZmJ33ufe",
          "FvflOMY9E4jEvIfSHEQ",
          "SerializeDateTimeKind",
          "The root object cannot be reassigned",
          "QauZigf3CDmsFcDHcXe",
          "OOxBavZaD3",
          "Ysk7m5ydAS",
          "yZpAK3EAtW",
          "`=DX ",
          "SerializationInfoEnumerator",
          "Predicate`1",
          "enumType",
          "beHWVMC7Y8",
          "label",
          "get_RequiresOldValue",
          "DerivedType",
          "System.NonSerializedAttribute",
          "X7ga~'",
          "IEqualityComparer`1",
          "lBruNIJChu61Zf4n4BJ",
          "b3A4mH4xdw",
          "FromBase64String",
          "Decimal",
          "ProductName",
          "m_6afded02960948669ad230d338ef7ea9",
          "set_AssemblyTitle",
          "m_ddf16bf767384bbcb52a658ed0f3c1ea",
          "tgkRgM4CVU",
          "CodeLabel",
          "IsPrepared",
          "zuruQgTZNJlj1ZyUpL8",
          "FsvTyH2B6g",
          "qgkVTaa9Je",
          "Q~=18G",
          "Find ",
          "AIGuwdZxNj40mDctUme",
          "state",
          "KNnYelbop",
          "b*Q]@I",
          "AsyncCallback",
          "Cannot write a ",
          "set_Value",
          "RUDZUWaioS",
          "AutoAddMissingTypes",
          "Xv4ZaHIcuc",
          "m_e2e159cb1ade4c2797dbdeef4ed9d54f",
          "Count",
          "Inherited",
          "System.ServiceModel.Description.IEndpointBehavior.AddBindingParameters",
          "TTdAkwa1sX",
          "Meta-key not found",
          "TimeSpan was unexpectedly too big for DiscriminatedUnion64",
          "InferTagFromName",
          "Comments",
          "qbDNwUQuyo",
          "itWQhXAeCH",
          "zNiaoFZKiG",
          "gYENypohMl",
          "Int32Msb",
          "OPTIONS_AsReferenceDefault",
          " value = 1;",
          "AsReference cannot be used with value-types",
          "B9AkaxPdRm",
          "FXtEsbVZZE",
          "khmHJnaUD",
          "'ItRO4AWtK5ol5suWSM7.yQhBIZWfZMX20NegHOm",
          "oYaW50YPIl",
          "Enumerable",
          "<AssemblyTrademark>k__BackingField",
          "BeginFinally",
          "DefineVersionInfoResource",
          "PpO3obEwdJ",
          "FlKo2rTkG7",
          "movaqYelESyX7ErWXC4",
          "AppendExtensionData",
          "lWSdNEmMP",
          "CanWrite",
          "CryptoStream",
          "IKQRDR6Rpf",
          "AppendBytes",
          "SpD7jpmiwc",
          "yiPBi2CoE8xdXMxJrJh",
          "Qz@#Xp",
          "WriteInt32ToBuffer",
          "WZZ4I8Z1pFoN3uX3GUA",
          "Seconds",
          "&(Ka~'",
          "Close",
          "ListDecorator",
          "get_IsNestedFamORAssem",
          "InputValue",
          "GHbYsrWeBp",
          "Ta0yjoxCDfk8MeNLrSu",
          "hdFmLLRpkND2xkcxX9w",
          "IKt8BDfelIgcia8sjdJ",
          "q2BByriAgK",
          "SoOLD6JdnKHlC0RvGDR",
          "commit",
          "oe80Q1YrgD",
          "NFLAA3YDn7fFQTBP4A1",
          "FTcCwhvfuD",
          "yyGs3x1ZqB",
          "returnList",
          ")da~'",
          "GetFieldName",
          "c276fPZpus",
          "kkYpqHOMQg",
          "binder",
          "RemoveLastWithMutate",
          "BeginQuery",
          "o0FNzOf6Tl",
          "BUFFER_LENGTH",
          "keyTail",
          " // default value could not be applied: ",
          ".bcl.Decimal",
          "NgmEnqdg7fYb2sF0ExT",
          "TJfTndA1HM",
          "HHAYfHuatN",
          "'UYkhBxZlAGX87SB883n.YDYFGqZ7XIBY86WpVvY",
          "System.IDisposable.Dispose",
          "get_AutoAddProtoContractTypesOnly",
          "AssemblyConfigurationAttribute",
          "ManagementObjectSearcher",
          "lastReader",
          "IEndpointBehavior",
          "ReadStartElement",
          "jv}1:u",
          "Qh0sN287G3",
          "ilist",
          "ProtoSyntax",
          "modelKey",
          "ByteSerializer",
          "set_SkipConstructor",
          "IProducerConsumerCollection`1",
          "Yb7Rv183a7",
          "AqXJgboGy71fKZ58QCC",
          "dPasqBORCN",
          "% jxdl ",
          "HMxlVi0kkT",
          "a5i6wbPNxP",
          "AuthenticateAsClient",
          "OPTIONS_IsPacked",
          "j6BEV9cjgF",
          "PrepareDeserialize",
          "Dynamic type is not a contract-type: ",
          "vldZrRdFqC",
          "TryCreate",
          "bRGYZYSQ4GhD834tkQv",
          "cXu3rZGmBo",
          "dwProcessId",
          "AddTicks",
          "m_dace2b1dc6974542a69610b651543776",
          "CryptoStreamMode",
          "l93W0dEmKR",
          "BWw3IAl4n3",
          "MutableList",
          "XmlDictionaryReader",
          "'rRBaB9jrb6XYbIDkQhT.FkgtuOjPOjcITGDgfHk",
          "IProtoOutput`1",
          "AssemblyProductVersion",
          "jpw7U4atGUFGg68UEq",
          "System.Xml.Serialization",
          "System.Collections.Generic.IEnumerable<System.Type>.GetEnumerator",
          "ManagementClass",
          "UuCljYvcRh",
          "Stloc_3",
          "FieldDecimalSignScale",
          "lgR0vat55m",
          "ReadNullCheckedTail",
          "zy3j2O6kfK",
          "shLju7K2moGfAuL7wOm",
          "Newarr",
          "System.ServiceModel.Description.IOperationBehavior.AddBindingParameters",
          "GVu4WnaeNqpLYOUGib8",
          "qhg7x9AsPT",
          "<AssemblyCopyright>k__BackingField",
          "HowCS74Ppc",
          "get_IsSealed",
          "wtOwAcZ565WYcbFykav",
          "CreateArray",
          "allowBasic",
          "NetObjectCache",
          "DynamicTypeFormatting",
          "eMVjxjKV291HYkvHETE",
          "set_FormattedName",
          "QVOpekT8pl",
          "get_MemberType",
          "GetBits",
          "set_DataFormat",
          "ImplicitFields",
          "pYj0Mbi0l5",
          "KElb9TUQqxpRABiTxKa",
          "IKp7u6kFye1e7rGP6xv",
          "AuQBumGEGw",
          "Sub-message not read entirely; expected {0}, was {1}",
          "MaPNewZyj3",
          "#Da~'",
          "Umi0oc4m0U",
          "Nv2bPvK5tYsyn6JR21R",
          "HSAAXBeXTS",
          "Wire-type cannot be encoded as packed: ",
          "'cEpGUg4OdynGrmPtRQu.edsdZn4v1UQvfros6qr",
          "TimerCallback",
          "mfvWOhiGlN",
          "nt5aRp2aQHSLhEwG0dE",
          "AppendExtendValue",
          "eE6Y3Zpblu",
          "__StaticArrayInitTypeSize=16",
          "D+ENEVEnE",
          "nBFrPNef5KttKky0S4",
          ".text",
          "set_CreateNoWindow",
          "Castclass",
          "WL7CH2TMPd",
          "m_6f79d3cfcb6d4eb38939028b8e14771b",
          "System.Data.Entity.DynamicProxies.",
          "import \"google/protobuf/duration.proto\";",
          "jEN3xH2pII",
          "tr8WjIR5ic",
          "\\GH<T#",
          "?/@=@j@}@",
          "<>c__DisplayClass18_0",
          "kgudlBK9bnid7KtqZg8",
          "get_ReturnList",
          "n13eCTydxC",
          "ahuRC2OVCb",
          "inNYvHyDhW",
          "SetProcessDPIAware",
          "JOgBZIkLsw",
          "Collection`1",
          "cArlUXlGj3",
          "// this is a composite/flags enumeration",
          "b*Q]A8",
          "yMMnvXfYnhAeU4M4Iyr",
          "get_IsRequired",
          "serialize",
          "valueTail",
          "SupportNull",
          "get_IsNestedAssembly",
          "ProtoConverterAttribute",
          "m_a06f6b86cbc74d44a3fe83401355d1d8",
          "J6ooBnxAHx",
          "qaT7FWO42q",
          "G0Gl2wFWEs",
          "Yvl(J",
          "m_32beff834f3f48ee9246a2eba4a7be83",
          "Remove",
          "WriteDouble",
          "BeginAppend",
          "ARejWCE1rr",
          "GetBuffer",
          "GetExtendedValues",
          "hHXouktGhZ",
          "o99Jh7JmiFj2UhJP8X7",
          "OPTIONS_AutoCompile",
          "hhmM46FM88",
          "IsRequired",
          "SortedList",
          "m_73afbefd20b848aba1e307695a41b4e4",
          "RpWowJJUpe",
          "DS9mAbjS0n",
          "CopyValue",
          "get_ManagedThreadId",
          "surrogateType",
          "cv53CTeYqi",
          "G6WETaZVbefZnL4MhbV",
          "kLjw4iIsCLsZtxc4lksN0j",
          "EGc7Z6Zj6X",
          "us6ohDKOj4FeaP8Ft9p",
          "UTF8Encoding",
          "zWW4jk0ieBpxMXyKNUK",
          "UseImplicitZeroDefaults",
          "get_Array",
          "DateTime was unexpectedly too big for DiscriminatedUnion64Object",
          "System.Security.Cryptography.AesCryptoServiceProvider",
          "allowDefinedTag",
          "Double",
          "bTmgCoW25E8VQE5kuNr",
          "FieldDecimalHigh",
          "kRnXWtKEJOym3VAo3ZJ",
          "1fLtpsLWNCwClzC4fP",
          "qcx7JKC8ZZ",
          "set_AfterDeserialize",
          "BlobSerializer",
          "BranchIfTrue",
          "set_MapKeyFormat",
          "existing",
          "m_2b28af1f8899474091fb6ea3223bc6bf",
          "ix3JVvd6wI1qytT6fj8",
          "set_MaxItemsInObjectGraph",
          "WriteAssemblyAttributes",
          "mscoree.dll",
          "ccm7B0J8xt",
          "zdJTqqbxjI",
          "jKv79qkYLr",
          "Module",
          "Boolean",
          "elementType",
          "JhcCVbTbOP",
          "set_AfterSerialize",
          "get_Item",
          "GetValueOrDefault",
          "Q4 ,P",
          "PopRecursionStack",
          "b*s]@H",
          "ProtoBuf.Serializers.IProtoSerializer.RequiresOldValue",
          "D8sjtNrPVV",
          "ProtoBuf.Serializers.IProtoSerializer.Write",
          "XCPkPi3VWi",
          "gPTYY9ECTT",
          "TB3eoqAWk4",
          "% OGeE",
          "OPTIONS_SuppressIList",
          "m_3c1d5233330049a29ae06276c653bc9d",
          "JIqYgKOX7c",
          "Pending",
          "GetFieldNumber",
          "XmlDictionaryString",
          "iLdTY3K7aWmhTuIj0Av",
          "TOutput",
          "sgI7aCSwUoqagiE34V1",
          "ProtoBuf.IExtension.EndQuery",
          "dPMY7nv0Du",
          "axHTpsZJb2Xog7wyhVR",
          "GetReferencedAssemblies",
          "Random",
          "Ldc_I4_5",
          "ufB22SK0OnMnZBUqhvH",
          "Split",
          "tFX6hC7Sr1",
          "oRcXGw49PS2Hnu66Efq",
          "yB8nN921keoE8li5wsQ",
          "normalizedAttribute",
          "HElPLte7rqolj2Z7MGn",
          "f Z/8}a}S",
          "MetaKey",
          "WuyYPENxda",
          "IwFQEPN3Hq",
          "Rp2SXSoSS",
          "jMUluFOHNB",
          "edsdZn4v1UQvfros6qr",
          "m_0d67f2143d0a46d08060b22b3087e0f0",
          "System.ServiceModel.Description.IOperationBehavior.ApplyDispatchBehavior",
          "t4GQYpovpM",
          "128605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83",
          "toTail",
          "VVPCfLh8WX",
          "juENZ7x66U",
          "fQ19MxdmtdUxunkHpDf",
          "CgvedIEjNv",
          "K4mNsDd77xHccfr8bWN",
          "BU2v6vf4BSBwmfSJ7uV",
          "System.Threading",
          "HasFlag",
          "GetCallingAssembly",
          "group ",
          "OfoTxYatlX",
          "zVBMiGvpkS",
          "OMEp3T1lwM",
          "get_KnownTypeName",
          "HXG2RYxSVSrDpDORUEE",
          "X?a~'",
          "H58XF52fYo7l1jhZ8tN",
          "dynamicType",
          " is not a valid sub-type of ",
          "WindowsBuiltInRole",
          "get_Hours",
          "YXJsG8lq6X",
          "EieCxbHed5",
          "dSnREuKrhAhaYmTvNsp",
          "get_Location",
          "ClientOperation",
          "EUBTSKAd85",
          "Blt_S",
          "'MXMjcBscTQdcMKHXaIM.r51pThsUyaS2TBGgse5",
          "Multiple dictionary interfaces implemented by type: ",
          "CBLaw5W4aZ",
          "'lHTGxGsvQy88vl807c6.y3Nk6EsH3kcuLbD7Faq",
          "WvQMecP8gK",
          "Bu2e6FTxKO",
          "asReference",
          "Func`2",
          "pZE42D7uQf",
          "get_IsMap",
          "Callvirt",
          "<Key>k__BackingField",
          "ThrowEnumException",
          "MUttb7SPvCwt1U3qnX9",
          "TypeCode",
          "DfFVDhR6nv",
          "GEu3Eg3Z5h",
          "Yk1PS67EkFdDrdC2AlJ",
          "get_Tag",
          "isInsideList",
          "ReadLongLengthPrefix",
          "IncludeSerializerMethod",
          "set_UseImplicitZeroDefaults",
          "WriteSByte",
          "XXj3yfrrdH",
          "Field mismatch during packed encoding; expected ",
          "XmlDictionaryWriter",
          ";H;o;",
          "<AppendToCollection>k__BackingField",
          "Cannot treat arrays as lists",
          "Increment",
          "BranchIfEqual",
          "OT8CeoEiHu",
          "VQQan3ff1L4muRKmGy2",
          "get_Options",
          "nyVBddOed4",
          "MtglDNm3cy",
          "System.Collections.Generic.IEnumerator<TValue>.get_Current",
          "DemandSpace",
          "m_65c1198f913d4c0092ccfa4858210583",
          "ypvBCS4Dtt",
          "Invalid date/time kind: ",
          "Assembly Version",
          "X1kT9axjPI",
          "BoxedSerializer ",
          "deserializer",
          "get_BeforeSerialize",
          "add_UnhandledException",
          "FlagsAttribute",
          "RequiresOldValue",
          "Packed encodings cannot support null values",
          "kNFpxhdPjP3eJofLV1o",
          "h0tayfmJ1X",
          "Fields",
          "Unable to resolve a suitable Add method for ",
          "m_c99477921396468cb6cc6dc03336018f",
          "hcR3toAtuf",
          "uZPWFh8VoE",
          "TryCast",
          "fyKoyG1iMa",
          "!/m;0",
          "JPlease use ProtoWriter.Create; this API may be removed in a future version",
          "'gVEPcG0e9uEYnGkcxSU.V8i7ns0atLAf7wuQPmj",
          "stream",
          "System.Collections.Generic.IEnumerable<T>.GetEnumerator",
          "L7lCyEok3d",
          "Array",
          "MItVme7eHQ",
          "UGS3eBAj18",
          "nativeSizeOfCode",
          "`.rsrc",
          "tu0FlmdTe61OMgCMnyb",
          "IsAssignableFrom",
          "m5C3Gr03cL",
          "LocalBuilder",
          "nhmpXASgxI",
          "jOe89gKTgxik2VawPdU",
          "SHx4gosT5cBGMK6uvtZ",
          "StringFileInfo",
          "Gw0mKHtyNH",
          "vr5QUgU7sv",
          "VEt3hsdIvKi964g69fK",
          "WriteSingle",
          "GetInstanceMethod",
          "Return",
          "#Blob",
          "pbo3TXXDRh",
          "<AssemblyDescription>k__BackingField",
          "IsAlive",
          "PYNTUXCdIn",
          "XmlWriter",
          "S2FMVU1W9I",
          "IOperationBehavior",
          "LegalTrademarks",
          "vJYmcfexns",
          "u5fSxeaoMC",
          "get_CanRead",
          "BsA7zk13ua",
          "AddContention",
          "GetStaticMethod",
          "zeroIfNull",
          "System.IO.Compression",
          "mvcRdf0LAH",
          "AddObjectKey",
          "moveNext",
          "Value$",
          "neIZWpUKJ2",
          "get_FormatID",
          "F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348",
          "ReadDouble",
          "TryReadUInt64Variant",
          "TimeSpan",
          "IEnumerator",
          "ParseDefaultValue",
          "vs7__",
          "StackFrame",
          "dGimMRArbQ",
          "XB12sJfdoCcIyrqHJq6",
          "!@@;&",
          "uint32Overflow",
          "OrLShmJgdQ8SadFqMfb",
          "Nb3khLOPHA",
          "hjWEXejivI",
          "get_MapKeyFormat",
          "oy560eP5WC",
          "GetAsReferenceDefault",
          "'HPSIyW7ubBEmuofeMNi.VPyXug7imZYFrayDpBT",
          "CallbackSet",
          "tXSRvvUlG6eiUyHraCu",
          " at position ",
          "OIOVzaZemT",
          "<>3__format",
          "`Tr@O",
          "E.F<F",
          "GetEnumeratorInfo",
          "GetGenericTypeDefinition",
          "AssemblyTrademark",
          "kernel32.dll",
          "WQt35KHx6T",
          "KgORmwURmkv0gy9qI4d",
          "tails",
          "jumpTable",
          "NqeMOAAHgLw1j0rhDrF",
          "NOtIEZduUknStsfscNW",
          "stm7Pc2uwF",
          "ubNCdaICsR",
          "BhUEN2wlU4",
          "A type must be provided unless base-128 prefixing is being used in combination with a resolver",
          "q2vaL3Ts417hj5BqgiC",
          "duTMqulTOy",
          "im0u5Hf7QMVb2FXVvfQ",
          "A reference-tracked object changed reference during deserialization",
          "actual",
          "EmptyTypes",
          "WrGjOt2Bxp",
          "sD4B1lKWEDhE2mWGFr5",
          "Ldstr",
          "ParseEnum",
          "dispatchOperation",
          "AO16VNll0l1WMOb7BPh",
          "BooleanSerializer",
          "ProtoBuf.ProtoAfterDeserializationAttribute",
          "set_AsReference",
          "GetSerializer",
          "TFqEkMHNle",
          "Tags must be positive integers",
          "width",
          "'HVbhuCQA109GrgLcwnV.nvPOyWQBmIDcTnEIKWx",
          "vAaC4g6KhB",
          "get_AllowOnlyFipsAlgorithms",
          "UV50gcF9tr",
          "CheckRecursionStackAndPush",
          "GLMY4jxgIn",
          "Fqr7yM2uYYwMQjoQ8Ll",
          "yupmmx7fK0",
          "Microsoft.Win32",
          "set_WindowStyle",
          "get_BehaviorType",
          "get_MetadataVersion",
          "ReadObject",
          "H?IPI_IgI",
          "&I'^'",
          "m8DE78A6392FBD7E",
          "-C$sEi",
          "'n5BLd97h3uZpEdcRg6h.M1uZin7rMx8DAvqkUnw",
          "gEHrfEJaJ",
          "FieldNewTypeKey",
          "get_TypeName",
          "trapStartIndex",
          "DecimalSerializer",
          "IsDefined",
          "xix4icddfC",
          "System.Net.Security",
          "Microsoft.CodeAnalysis",
          "tUbEcEem83",
          "TjZAdsrVXD",
          "SerializationBinder",
          "DLIZF3fSdXTocgYa1aR",
          "m_5e381ba9072849718c417b9d66f88cc4",
          "N00ZQ0VSb1",
          "SkipConstructor",
          "oklWJXmfGK",
          "ql4NO1AG17",
          "RegistryKey",
          "GetValues",
          "OPTIONS_DoNotInternStrings",
          "List`1",
          "nuMAmAKjVieUFZGI6S6",
          "YZ5k8V2ZRE",
          "yTa~'",
          "Cannot create a TypeSerializer for nullable types",
          "Override",
          "get_NetCache",
          "NHibernate.Proxy.INHibernateProxy",
          "ResolveProxies",
          "'OORoStQLQhFwt7dvENI.LxnQB2QbFX8FqGil0pb",
          "get_SupportNull",
          "The model cannot be changed once frozen",
          "Assembly",
          "System.Collections.Generic.IEnumerator<System.Object>.Current",
          "Unknown list variant: ",
          "oSUavHasoKnU459nuZi",
          "k2koNowjGY",
          "DefineDefaultConstructor",
          "qQj6tVdTvC",
          "OPTIONS_Pending",
          "lcqQlyprgq",
          "cLH6Teg6ug",
          "gIll9XJOVq",
          "GetHashCode",
          "EmitCreateIfNull",
          "Stsfld",
          "CanUsePackedPrefix",
          "yKAjI1BXtDd4n6i0Na0",
          "Rrq4YPudpx",
          "System.Collections.IEnumerator.get_Current",
          "wYFCvPofOB",
          "uw7A7CqFWB",
          "`K[I@",
          "get_MaxItemsInObjectGraph",
          "l?o]+",
          "Group",
          "/Da}D",
          "Mm2qCwM0QkQYZwMkRXQ",
          "GetCustomAttributes",
          "AUITY4HnBD",
          "De6MmAHXh7",
          "ReturnsValue",
          "huWaqZGmcj",
          "m_f3f743f045a54ccfae65e1072df7cebf",
          "get_ReflectedType",
          "Ldc_R8",
          "get_Exists",
          "Fajgwy2IIVKdZDkFobM",
          "(null)",
          "JTD9LEfMO7xJOpYqFK6",
          "Value!",
          "CipherMode",
          "BuildDeserializer",
          "isField",
          "R69e2nObDW",
          "MethodBuilder",
          "Ffv4S1Sdt5",
          "c8cmlE4KUe",
          "qaBkSSjBG1",
          "UKvNiWvTgf",
          "KZF9lWJoksJ5JUoOWoi",
          "'ifn8rXssqXGK5CA1c68.ydJOo4se0d8W6LntXnj",
          "Conv_U8",
          "_fieldNumber",
          "f ~.6",
          "hasInheritance",
          "PgYLIH2GDrum4fiIHVK",
          "I3i44P7PsY",
          "GAq0lyKGud",
          "Attribute",
          "Parallel",
          "BindingParameterCollection",
          "ProtoBuf.IProtoInput<System.IO.Stream>.Deserialize",
          "ReleaseBufferToPool",
          "m_c0e91e58886648feaad844acc9c74a86",
          "NetObjectOptions",
          "Guid was unexpectedly too big for DiscriminatedUnion128",
          "ResolveIReadOnlyCollection",
          "'nmFIOa68uJI8nR6K6A6.WeGujK6OXLNnmcJ2Bjj",
          "System.ServiceModel.Description.IEndpointBehavior.Validate",
          "AssemblyInformationalVersionAttribute",
          "ujKbD\"",
          "CastToObject",
          "GetTypeFromHandle",
          "ValueType",
          "Y7e6mA4X8t",
          "LAu7A0WBef",
          "id8gPvQsssmvxBlI259",
          "iE5qkG2imwv4IZCb7AC",
          "ProtoContractAttribute",
          "CheckCompilerAvailable",
          "oetMReLSGr",
          "m_9573b81d4beb49e9bea01a9fa64a7e7c",
          "SystemTypeSerializer",
          "dataFormat",
          "<ImplicitFields>k__BackingField",
          "Key tail should not require the old value",
          "NyceTEe198",
          "T1TX6qE1VsqcYDcKHTr",
          "get_IsStrict",
          "DirectReadBytes",
          "g1fRe19rV7",
          "LSBo8uJY19",
          "ReadNetObject",
          "TInput",
          "ProtoBuf.IExtensible.GetExtensionObject",
          "GDu7nsfmysRPLYwK6ir",
          "s$w\\K",
          "CFBMALftYK",
          "ProtoBuf.Meta",
          "HsgaZ7C6RI",
          "SetCallbacks",
          "qt8lgqpYON",
          "juXYBIHvn9",
          "Int32",
          "kfjs9BNBar",
          "kHEplYEMO2",
          "TryGet",
          "ProtoBuf.Serializers.IProtoTypeSerializer.Callback",
          "s6QctwJym2FMNqGND0E",
          "s88mRn5pPs",
          "BvUolSjvdi",
          "dEwDb66ZldgilLjOhDF",
          "zr7N4dOOQj",
          "GetLongPosition",
          "v4pC8fHYkR",
          "aXcVSP2EQUeQhjEMsCl",
          "proto",
          "PO1eF7GQ13",
          "mAWMS9xU18",
          "set_IgnoreListHandling",
          "ILGenerator",
          "A6klP3obZF",
          "(.protobuf_net.fieldopt).asRef = true",
          "No .proto map found for: ",
          "i2kqqHKcGSjcPHtvqE9",
          "m_2f90c3017e054fda9ce4509b4905a3ee",
          " on: ",
          "EKZYlRmWaNX6s0OWXp3",
          "set_Item",
          "get_ImplicitFields",
          "UjkAZUfKSq",
          "<Size>k__BackingField",
          "GetMethod",
          "allowComplexTypes",
          "System.Net",
          "FjH6zSc5wk",
          "Ht7M83sih7",
          "DebuggerHiddenAttribute",
          "X509Certificate",
          "cZDRKKYeQB",
          "HuZ9jvALllk2YJ2KF6d",
          "9)a~'",
          "set_AssemblyCopyright",
          "CMKJknfov4fASQbsbyj",
          "Ldc_I4_2",
          "Encoder",
          "SetSpecified",
          "m_62c3869ec38247c98e333135d1c770ae",
          "841F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C",
          "ProtoMapAttribute",
          "FileInfo",
          "cEpGUg4OdynGrmPtRQu",
          "LkTjvdvswR",
          "IsClass",
          "Ut7Sfx2Occp0aQCkxVu",
          "WgWa}J",
          "wC5NP06cFs",
          "Sub-message not read correctly",
          "ofy0EYHRgl",
          "Ldlen",
          "ProtoEnumAttribute",
          "Starg_S",
          "WriteSerializeDeserialize",
          "<Discriminator>k__BackingField",
          "__StaticArrayInitTypeSize=32",
          "RtwcMYp1M",
          "SblNgERMo4",
          "dxZeE1GR8d",
          "System.Text",
          "% Qe_",
          "YDYFGqZ7XIBY86WpVvY",
          "q9vE3xUJ4l",
          "set_Accessibility",
          "get_Port",
          "zkS8bIdf81gYVED0KW4",
          "s7jns7mjyhcG4aeTN3e",
          "JTpkd7OgBI",
          "xcmRR17bVJ",
          "get_Position",
          "get_PrimaryScreen",
          "ToBinary",
          "NTdTTn2WEx",
          "Callback type not supported: ",
          "get_ImageRuntimeVersion",
          "QbcCXdVk6DBXWKPbiBI",
          "gqnoLvxeNMGl2ankm4X",
          "Invalid length: ",
          "G543heB2Xl",
          "NetObjectSerializer",
          "LRJTOr11mE",
          "* K;7da~'",
          "sHMA1ofFA12G9dgdyia",
          "faEfAlS9dx8LvPWt1jw",
          "YofTM8AMJg",
          "% W]:",
          "Internal",
          "oaG30D57Ga",
          "7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378",
          "ThrowUnexpectedSubtype",
          "method",
          "uMN9EYjf9slVYODB8Ua",
          "GetMethods",
          "WireType",
          "bs9VW1KWJF",
          "toFitAtLeastBytes",
          "lHTGxGsvQy88vl807c6",
          "KGeQcyW18HyIy2KsFv9",
          "b3w0RH4fuP",
          "ivtidpxf5cLl9Gnklor",
          "v8TEB0sYBg",
          "shxm1KH4gv",
          "The type cannot be changed once a serializer has been generated for ",
          "CreateBehavior",
          "m_c3693da7471a41ddba093fdd6964170c",
          "ManagementObject",
          "iType",
          "'gHPIjvRyMgIefkIAGH0.MY6MbMRhqbCpj5Pk1SM",
          "UlX7a5FBT6",
          "hT84aFf6TX",
          ">@ja~'",
          "__StaticArrayInitTypeSize=256",
          "p14VS9xTAA",
          "Leave",
          "i3vmVWWopX",
          "IxhprLIrfT",
          "get_DeclaringType",
          "BC5CMgWF9f",
          "XeMjivtn9m",
          "nNx3ZGPhQs",
          "rootTail",
          "caBVsrUYjn",
          "Q22msTNSXJ",
          "IuMMaDRWoTQEn6cGr1K",
          "KeyedByTypeCollection`1",
          "ImqW7Lph90",
          "m_243c8348c24a426999e3a0b53132f170",
          "Range",
          "P5kWBrDnPy",
          "proto_",
          "set_MemberName",
          "get_BeforeDeserialize",
          "iNc8RvkDL37eJ5OwhDb",
          "Cs7NBmAsiC",
          "kfcK4hJkDKqRD8nDt2U",
          "iY875CQfFB",
          "ProtoBeforeSerializationAttribute",
          "CO0kcPcKp7",
          "GetWindowTextLength",
          "oMwwkqRQ5QavfPH4Hhb",
          "knownTrustedAssemblies",
          "HnrR47Nu2H",
          "System.Management",
          "V8gZQJlGJsXSGw27tT",
          "IMeasuredProtoOutput`1",
          "xYVskUsCgJwpCxhWb9f",
          "No suitable equality operator found for default-values of type: ",
          "Local",
          "b*Q]@F",
          "%E#rpW?mT",
          "DebuggerBrowsableState",
          "flags",
          "Duplicate ",
          "c6E67VtTm9",
          "set_BackingMember",
          "Action`2",
          "CanCreateInstance",
          "EndSubItem",
          "get_FormattedName",
          "NotImplementedException",
          "isDefault",
          "lO0MGvlRN2",
          "wGuSABSyHdZysaOauSi",
          "djfNigV0I1jpuPsMRli",
          "OPTIONS_InferTagFromNameHasValue",
          "Unbox",
          "'u2ehBf4V7lAK8ml9QTJ.R2iuk44MPD14AuPNfv4",
          "h84p0sK1yP4i1N7mYKs",
          "KOGcOwKJgR5mimWEgWv",
          "SGv0VXSwos",
          "pqNahcKMRhGwZ8S2xZ0",
          "AttributeUsageAttribute",
          "AcIZceQSTJ",
          "? A`l",
          "BpnopAo1IDiUVLqD5Q5",
          "SetDefaultFactory",
          "dL6AjkDMRc",
          "v8SEzcRNeA",
          "GetInstances",
          "'gKBahmjRXR5VWTerMCo.KpWonkjjhhXmgA7LtI3",
          "WindowsPrincipal",
          "vgTIWlJbrS0yxikgi76",
          "NVg3VMuZCg",
          "UG29rpEjAtpAotJEVTZ",
          "NMyBQDMFAL",
          "CompareExchange",
          "jBMeLP8HPW",
          "set_InferTagFromName",
          "MD7otw0LRcmWfk5cGF5",
          "EmitReadList",
          "Sa9iPa2bgCfEqpW4Vev",
          "mapKeyFormat",
          "blockEnd64",
          "WipRLTyMV1",
          "EmbeddedAttribute",
          "<AssemblyProductName>k__BackingField",
          "subType",
          "kernel32",
          "WcGTVMJfef",
          "WPflQfxBp2",
          "MemberSpecifiedDecorator",
          "FieldExistingTypeKey",
          "IUFTJQ6qqF",
          "uto4TlM7iy",
          "applyNetObjectProxy",
          "=;a~'",
          "d8XaiGZ8Te",
          "UZNBipvTQs",
          "KKKmdF85OQ",
          "sint32",
          "SetFlag",
          "DirectReadBigEndianInt32",
          "UriHostNameType",
          "Int64Serializer",
          "set_TargetFrameworkDisplayName",
          "d43kHEutWB",
          "c1qXMI2JuOapvW9MJXD",
          "Ldarg_2",
          "StoreValue",
          "OPTIONS_AutoAddMissingTypes",
          "b*r^@B",
          "EnumToWire",
          "Parse",
          "Xft3N6AII0",
          "WtXCObkf6V",
          "double",
          "OgOVryJ4Ma",
          "Sb0ohB6QG2",
          "F9Awv7fBcb9XRHUvkw1",
          "NfMbWY2zSSdXbaTKpoq",
          "UInt64Serializer",
          "XCNWij4Hsu",
          "xJ238hDyAD",
          "ObjectHandle",
          "get_InferTagFromNameHasValue",
          "'XMAsC8WbNBALpZyCa2y.KGeQcyW18HyIy2KsFv9",
          "m_b24892c05d8242baa81bbcd55915a58b",
          "yYYV8R6Nm2",
          "WriteStartObject",
          "oyrC6xF3Tm",
          "WriteHeaderCore",
          "entity",
          "JqI1G1KZVvCrQC8Bo3b",
          "StartSubItem",
          "ReadInt16",
          "UsingBlock",
          "W> ;!",
          "Exception",
          "rFW0KRLcEl",
          "mn3fAho76",
          "Assert",
          "x1pR6vVFxB",
          "RkS6HYLULL",
          "?_b`U8",
          "BAL73afTbl40DFSHLHk",
          "CompareTo",
          "A2JCQKdAon",
          "VPyXug7imZYFrayDpBT",
          "sghEe1m0OY",
          "get_Guid",
          "Sdp3y2KtI7k2mkdrCKT",
          "PrefixStyle",
          "Int16",
          "dybBbgg4y8",
          "VhetFC41pBvUcOA2oXP",
          "%\\Y^3=",
          "valueWireType",
          "AkiocHn8Eo",
          "Extensible",
          "bKUQCji0Wj",
          "originalMember",
          "jQZMu1JxKH",
          "ReadGuid",
          "dtu3JylkaS",
          "lMLAQeM24X",
          "AWlMMwKuO1",
          "lZtgyEShZQ4TWlgornq",
          "$:LXz",
          "PbCZtJMsRj",
          "imageRuntimeVersion",
          "m_6b42746fecda4718be11ba1b19cc9798",
          "rRZZvjut3T",
          "Conv_Ovf_U2",
          "get_MetadataTimeoutMilliseconds",
          "WpdpH5kMeQwSb7Bt3Ax",
          "dNmTCQuvdM",
          "gL45bA295A3kk6uwMil",
          "get_Name",
          "MBNcAuMF8S0vc5BOJ4e",
          "YY5KZkoFd8HJUQiEj4J",
          "</=k=",
          "pD0pp8JxBUls3FaTnrW",
          "ngwBni37XL",
          ".cctor",
          "HWog700y3GneEDwPbGb",
          "oRypmJfmKI",
          "q29WLOXO9s",
          "get_ManifestModule",
          "Unable to close stream in an incomplete state",
          "uNtp5N3PXD",
          "<MemberName>k__BackingField",
          "EnumPair",
          "pi0S0JKqFR",
          "mYpVFo4SRR",
          "'QFVVDaESFFU4Gfy8VH6.vCKHNfEYbwv6nvABiVF",
          "CV5V3ZlfXM",
          "eedaEfBZGO",
          "AssemblyDescriptionAttribute",
          "pNjvFcx3qt6Gu22uXpG",
          "DBrlzVMqyO",
          "m_862511472cb64b5badc57d452fb5128e",
          "set_ApplyDefaultBehaviour",
          "geZvt6xhiyc8PGei6Z5",
          "get_AppendToCollection",
          "OB2eJVpfc9kq7FMvX4X",
          "message ",
          "BranchIfFalse",
          "l\"G6K",
          "No wire-value is mapped to the enum ",
          "VWfMY3RR7g",
          "yb2DVWdwk2c6kxbdiRP",
          "First",
          "AwSrL1K4ZSCcVYP1win",
          "copyValue",
          "'movaqYelESyX7ErWXC4.HElPLte7rqolj2Z7MGn",
          "P8H4WQGdRZ",
          "format",
          "MGcmPsaOpr",
          "nPIe9oBaeW",
          "LateSet",
          "gHPIjvRyMgIefkIAGH0",
          "Close ",
          "get_Size",
          "CreateListInstance",
          "Go4ecCx7yW",
          "ProtoPartialIgnoreAttribute",
          "nauBJOcYrb",
          "geNazYDAaC",
          "h5O7lDBDy4",
          "fA7WILaTmV",
          "m_da1db25f1fa340b5ae6f7eadc8a333dd",
          "wjVJH6Z4ASGsYsH6YgO",
          "EmitCall",
          "set_DynamicType",
          "QYdpOdRIbv",
          "EnVekuB9wx",
          "SetCustomAttribute",
          "serializers",
          "PXeotAPCDH",
          "KnownTypes_ArrayCutoff",
          "TimestampEpoch",
          "ToBase64String",
          "SiTV9vbeg9",
          "Single character expected: \"",
          "EventArgs",
          "GetDelegateForFunctionPointer",
          "njPRr02y41",
          "LUnE6KQGeG",
          "RW9rR34bYOK1tkiNmYP",
          "YIKjsadiSAk9P6NuLqe",
          "OGZHiAkIqvpCLHhBIql",
          "vAlp25gSyx",
          "hBUnOb2jgMd14VbFc9i",
          "Int32Serializer",
          "mETB41SbarBE9DgpJbd",
          "DrawImage",
          "GOGagLgCw4",
          "Flush",
          "vIPT2by40x",
          "AssemblyFileVersionAttribute",
          "<Tag>k__BackingField",
          "SubType",
          "Value%",
          "publicOnly",
          "set_Options",
          "ProtoBuf.ProtoIncludeAttribute",
          "jQqECTOPMy",
          "wcaMWbdlJH",
          "RuntimeHelpers",
          "3.5.119.9565",
          "tGskfRwx9P",
          "set_Pending",
          "get_Seconds",
          "DVjVO5H1UE",
          "BinaryReader",
          "HwnVZKfI55",
          "fQ29ahKNj9xbVhTERNu",
          "hOlQkEiR0r",
          "Length",
          "IsSubclassOf",
          "trapCount",
          "ProtoAfterSerializationAttribute",
          "ccrQyIYHkwO7tOZR5ib",
          "traceName",
          "RandomNumberGenerator",
          "keyWireType",
          "'p55SJNpa26GJtTiNCsi.n5sbMRpNg9Q4YPb2fW8",
          "ProtoBuf.DataFormat",
          "XYfAu6k8rM",
          "declaringType",
          "GwI64C4ghS",
          "LkoNMdQJT0",
          "rWGRcfLdgD",
          "<>c__DisplayClass1_0",
          "cp161lJJQmq4AGZIMXc",
          "yH3lHjHv9q",
          "nsLjBVWDuO",
          "03DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7",
          "lpflOldProtect",
          "zsgYkL5N3Z",
          "ImmutableObjectAttribute",
          "ProtoBehaviorExtension",
          "ipMaBapUIx",
          "wKdlT1O3Gd",
          "bdHonNAcvKblPDVLNxa",
          "ObsoleteAttribute",
          "GetDateTimeWireType",
          "Ui2aSiSm0s",
          "WireValue",
          "DQ5A55cuBS",
          "t0FQOncLwL",
          "nooJEUxH8cR24qEmBj2",
          "AttributeMap",
          "WritePacked",
          "mv4mBVmjN4",
          "GetString",
          "P3g0NuqDDP",
          "WriteUInt32",
          "o9D6dLutBQ",
          "CompilerOptions",
          "GpPuQTSOoiHipa1N8mO",
          "kgtMF1d2dPDayHtZaV7",
          "token",
          "LongPosition",
          "Ld5KslfKnWN3p5w4m2J",
          "xFlY2QLt6I",
          "m_db7415d23c4742f98a79c7b79ade5e6a",
          "Value#",
          "OPTIONS_EnumPassThru",
          "NUX3QE1KtH",
          "rWnOFARm2k0hweFK6Uy",
          "syntax",
          "e2djhiPJXm",
          "EwC6M7pdx7",
          "GetTypeKey",
          "GhUYaSj0le",
          "sV66pwh4hK",
          "ic1AWEMuQB",
          "wCr47WACUC",
          "g6iprm2wHZax9VJhV5R",
          "inferTagByName",
          "ACpa89wptH",
          "zBgQ6pc88X",
          "DefineTypeInitializer",
          "c@.l;",
          "m_fb52509ae6c1420eafe5bbde417920dd",
          "jkrlkJhEea",
          "Stloc_2",
          "FromBinary",
          "XDH0wu1LGB",
          "C2nhFU2C0HKstcRfEPA",
          "XmlNodeType",
          "MeasureState`1",
          "HasValue",
          "get_OutputPath",
          "tTTHSK2BkKtGc4Ti687",
          "Sy9TijM8Yh",
          "rQePEpd98PtnYwAN2sU",
          "AT4p9YKFoxY4ebXsHVE",
          "Singleton",
          "mnxYEepauM",
          "HMeQ8M68Y9",
          "m_3bfa77d6665f494d80c4041acf25e347",
          "dKtqVjxvcV7fPletlB4",
          "C2XeGdlEVv",
          "D3n7Ljr96I",
          "TrapNextObject",
          "742EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F",
          "Rebase",
          "bvu0U71ERb",
          "option allow_alias = true;",
          "b*b]`I",
          "InternalName",
          "FieldNewObjectKey",
          "op_Implicit",
          "GJipWlXNZU",
          "GetParameters",
          "NfFep1KyhJ",
          "GetMoreSpecificSerializer",
          "OMMsL6EtIt",
          "listType",
          "fixed64",
          "get_State",
          "IAsyncResult",
          "R1LjpvdEZ7nawkljNkc",
          "get_Attributes",
          "SearchOption",
          "EmitDedicatedMethod",
          "aHEETbyjbb",
          "gVEPcG0e9uEYnGkcxSU",
          "System.ServiceModel.Description.IEndpointBehavior.ApplyClientBehavior",
          "FxcXUexcVbRLybkxV09",
          "object",
          "A factory-method must be static",
          "=NqB5",
          "ItRO4AWtK5ol5suWSM7",
          "Dqh7OX9IaW",
          "XHXle9gPGf",
          "iIPu3xZFs",
          "CreateEncryptor",
          "U4OkTMmcKe",
          "liNSAFDB9G",
          "MapValueFormat",
          "'c4mHqFNFMGXQ1OaLmns.N6U3uHZzpsPpYFUYj7Q",
          "xLHswqB8aG",
          "KukaU9fKHv",
          "AsCopy",
          "c1Vmrg5E2y",
          "LZLAHiWeNs9DsexDyrU",
          "aq2XsOYLuEyCINlSpAs",
          "RuntimeCompatibilityAttribute",
          "GetCachedBuffer",
          "ProtoIncludeAttribute",
          "qZDV5ccBDL",
          "LhHxO8aV13xk9sCJpew",
          "SubItemToken",
          "sNDZaxZBOu2OOk6vQNU",
          "LocalVariableInfo",
          "protoSource",
          "uZystFN04j",
          "Alr8Ml3A7",
          "dX7LbJdoBDYYpbJhBrh",
          "'JMSnIvsu9S4kTJsCjMw.KO6CfesiJwFGa5VJgMn",
          "__StaticArrayInitTypeSize=22",
          "get_AssemblyName",
          "dT1E94M2be5NmcAufJA",
          "YytoHYlKVm",
          "NewGuid",
          "TraceWriteLine",
          "hProcess",
          "oA90XrJHO9ZCmVTiefL",
          "ReleaseToPool",
          "Exchange",
          "aaW4l71Noo",
          "No Model instance has been assigned to the ProtoOperationBehavior",
          "YLDNXY4oi6",
          "position",
          "OPTIONS_EnumPassthru",
          "CreateBuilder",
          "mfUg8k2vnPKM9KaKpnS",
          "m_216d6be0f9a74caea6e02f60af312a26",
          "m_5dde50d0f1844b44af1b0ea8c7848a71",
          "ProtoBuf.Serializers",
          "System.Linq",
          "Empty",
          "kwTmfPPDwO",
          "X8lWQadtjstFl7vkq0p",
          "FecoWDbo0OIA18ADax",
          "Enter",
          "GetLocalWithValue",
          "PKs4ZYE5jUhebHF2LOP",
          "<PrivateImplementationDetails>{2694970F-33C0-4F3D-8460-AEC6CCD3E65D}",
          "WaitHandle",
          "eAB6UXS16j",
          "jE9xePAyhY64Zt16nvb",
          "S8w5ZDkLlS7RYpDGhuG",
          "get_ASCII",
          "UriDecorator",
          "get_IsValueType",
          "D7DKD",
          "EmitBasicRead",
          "OCAbOvdvWFxql1V8qmU",
          "}d~@O {@/",
          "__StaticArrayInitTypeSize=40",
          "G6L4NfJQAd",
          "<DataFormat>k__BackingField",
          "ReferenceComparer",
          "SuppressIList",
          "pgiNrhAf3L",
          "YESNQrQhkaIbXFojRn",
          "get_Contract",
          "Y3S4iUKf9oUJ7j0SsWJ",
          "wn6mxfJElnGMyrJQjsB",
          "DefineMethodOverride",
          "Process ",
          "m_fe98d2eade9f4f7d810b2275081ec34c",
          "%r&v&",
          "cwPe4VtY0j",
          "Rfhn M",
          "sOdVUljNR6",
          "RemoveLast",
          "'RJ7bqsjkY2TrNQB1iyq.xo9iu8j6WSiYelVFa9g",
          "SMFWT3EppY",
          "set_Binder",
          "b*s] >",
          "vLBM3B2NjW",
          "set_Arguments",
          "PMkNAH5bOH",
          "GetTypeCode",
          "wpHQScmiWa",
          "R+ALC",
          "UfsWySJse9",
          "rOyjSkojQNT6VbnOXpj",
          "Gsi6x7MxI1",
          "pS6N5v77Jf",
          ".f}a~'",
          "Serialize",
          "Key could not be mapped: ",
          "CreateContext",
          "hl-\\2.",
          "fwhCrvGsil",
          "Internal error; a key mismatch occurred",
          "N1q6tXlLEZ2N9s1VB08",
          "AllPublic",
          "YteAahB6en",
          "7Aa~'",
          "LYuB2IR4t1",
          "zs0DP2xao",
          "Serializer",
          "DPQNsnlh9or4sKQGaLb",
          "E9XYwrD2oS",
          "'djfNigV0I1jpuPsMRli.QbcCXdVk6DBXWKPbiBI",
          "mKTAm5yQkZ",
          "Unwrap",
          "RT2aQa2e3q",
          "m_009b92264f5648e2b9d6ac487ec3671a",
          "?U+96qP",
          "A89Y0b7Hoa",
          "OArQcI6FJF",
          "Ensure",
          "qeeBNZvm87",
          "Ldloc_1",
          "KTB6l2Dea5",
          "Queue",
          "KnownTypes_Dictionary",
          "AesCryptoServiceProvider",
          "tKCsSTfjhc6fyPrUjJc",
          "System.Collections.Generic.IEnumerator<System.Type>.Current",
          "ve1lOHSDXkeVOUQxMop",
          "AVb4U7ghBG",
          "'htUaqZl65afr6uuNKxC.AO16VNll0l1WMOb7BPh",
          "AllowMultiple",
          "get_Width",
          "Hours",
          "WriteEndObject",
          "qMkG3omCgRTkET5OLav",
          "isOsV7L7Yn",
          "knownTypes",
          "AbandonedMutexException",
          "Delegate",
          "IsSealed",
          "f0TjGZDffM",
          "P6xSRudM11lrT2TDIme",
          "YBVLoJdkMw60swTBVl9",
          "package ",
          "m_36f2a91b351646ceb0350d7156c940be",
          "get_Unicode",
          "gQa}.",
          "apIVc1nhaI",
          "OY8l210Bel4Tnt8vnnv",
          "xB9kjUtGrj",
          "eILCSk27tBcUXjkZSJj",
          "r1leDd690u",
          "l9eRVw7Uwy",
          "vtj3zeUpyt",
          "operationDescription",
          "oGa09GeGhI",
          "z5NLO02qdAv7llccvKy",
          "PORCKbGCfE",
          "=ia~'",
          "pHYi5v0jGD8XPX2sEch",
          "Ldloca_S",
          "t1jErJUViL7AGqHxWMZ",
          "AssemblyTrademarkAttribute",
          "gygMNp43VU",
          "EncoderParameters",
          "wQHpU4IAut",
          "FromMinutes",
          "get_Offset",
          "NOgB3704No",
          "xQCaSLJq7AVc36i48kw",
          "xstafqp4ow",
          "m_456be79a17524130982e3a6d88957788",
          "P8PHFtoMnDJqvA8bE4K",
          "QL7r71x5APv20HpoNXd",
          "X3W4FFxKYC",
          "System.Collections.Generic.IEqualityComparer<System.Object>.Equals",
          "FrameworkDisplayName",
          "'WpdpH5kMeQwSb7Bt3Ax.IKp7u6kFye1e7rGP6xv",
          "get_KeyFormat",
          "m_ead7600bce5d4022b1846cbc9581e312",
          "IExtensible is not supported in structs or classes with inheritance",
          "uJiEZBk7pn",
          "Environment",
          "zkC4dVi7qP",
          "lrd96O7kyg7TH5t4HVH",
          "IdentifyImmutable",
          "FVIhdD24DA3fRP2lsoe",
          "Uxy4Atwdp1",
          "OpenSubKey",
          ".bcl.NetObjectProxy",
          "The type is fixed and cannot be changed",
          "BEAkiTJTfeScmlQNN9P",
          "OPTIONS_IsDefaultModel",
          "TLknI",
          "WH7yQbJs77f2G2VPt25",
          "parent",
          "Ohd34mBfKmoOckasLcV",
          "CheckCallbackParameters",
          "VAoN8fZUr6",
          "SerializeImpl ",
          "compiled",
          "GetPosition",
          "m_d41c8ae8a10a42d1b341c37d8ca47e1f",
          "VtvNSdDjDi",
          "UInt64",
          "gy3BguJUfh",
          "createIfMissing",
          "Unable to resolve MapDecorator constructor",
          "NotSupportedException",
          "Wg4vvYAUhYusi7ThbLt",
          "GSmsIXRdEW",
          "IsEnum",
          "GLdNnk9gik",
          "LHY318olHd",
          "Ldc_I4_6",
          "get_AsReference",
          "oAxOPLdUAagbejE1gyD",
          "5va~'",
          "n2ksWRcFxc",
          "StartsWith",
          "m_a9fecfc24dea45ecaa4b1752ce4c96a5",
          "bZ9lGWdyBlkCkihSvee",
          ".da}4",
          "KeyValuePair`2",
          "O3elCiiLum",
          "MXMjcBscTQdcMKHXaIM",
          "JveZO2htWP",
          "ott3Wtcsbl",
          "E5LagjfP7NDPAfi1I1N",
          "fkR0t7BNsg",
          "GetLastInputInfo",
          "fPpNlpP8bX",
          "yNNnY7c7H",
          "get_MemberName",
          "j9WArHXk1e",
          "Cannot write to stream",
          "x28joUqdaa",
          "xdRT5t9vjo",
          "nLkQxH2npOBXssoQvke",
          "Order",
          "TryReadUInt32VariantWithoutMoving",
          "GdqEQLEVnR",
          "g4Z4J1ecDQ",
          "System.Runtime.Versioning.TargetFrameworkAttribute",
          "U1paGuYFFB",
          "get_AssemblyVersion",
          "fields",
          "AssemblyName",
          "applyDefaultBehaviour",
          "q9EvT0eVFxXGrTRgGnI",
          "vJcG8otnwFNgHc7SJER",
          "OL4wCSMkCAlLTUWqy7U",
          "suMZbnxFNX",
          "GetNextFieldNumber",
          "b*b]!7",
          "overwriteList",
          "TypeResolver",
          "tjGlc0Xryi",
          "mePpF4SUAnwFt7otJg9",
          "proxy",
          "ICollection",
          "inRjQthsYY",
          "ApplyFieldOffset",
          "Activator",
          "MetaDataVersion",
          "ur1exYJX0yCxkhDDf8B",
          "Isinst",
          "h5gsQ33tIy",
          "dACTjteO2P",
          "Fw4VygtOTW",
          "GetFolderPath",
          "WriteBasicTypeModel",
          "get_IsLiteral",
          "get_InnerException",
          "set_SupportNull",
          "e22mk8opLC",
          "U5Ihqcrhu",
          "Ldelem_I4",
          "JFfCZVEDJi",
          "Ldloc_0",
          "Unable to resolve indexer for map",
          "clientRuntime",
          "L5JBemRk1r",
          "get_Member",
          "tO27b15cBt",
          "ProtoBuf.ProtoContractAttribute",
          "continue",
          "default = \"",
          "gBH7LmKg1WE3yKCoYxk",
          "uint64",
          "StartGroup",
          "eobISTKyvunnhWVKoIk",
          "WriteUInt16",
          "YnBibVdYsyswchvrjuK",
          "e GK7",
          "Write",
          "Pic8i6TQ6EQPj0Ie8bw",
          "L34B8OMIyM",
          "Hhlt18Y1ZSshEeISQeC`1",
          "seconds",
          "-+-a-x-",
          "xNpNIKJ0Ii",
          "UInt16",
          "DiscriminatedUnion64",
          "BehaviorType",
          "lowC79091D",
          "pJZ0pH26SGdf22MSpKg",
          "m28S7OKKWJ8o9lJMcox",
          "JBlmJsnTh8",
          "TFrom",
          "get_OwnerStackTrace",
          "z4bkeS8oIy",
          "parse",
          "eYtpIIAhuZNMMnelQH8",
          "WriteFieldHeader",
          "C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6",
          "ILVersion",
          "wWhRIa2cb5NYwdbehVL",
          "qUgVoMoFuf",
          "packed = false",
          "instance",
          "qh63g06cFs",
          "EeAVHbjKDI",
          "TChWavVPw1",
          "Ldarg_3",
          "D5bCPHjVPK",
          "ReadSingle",
          "syntax = \"proto3\";",
          "PkR6L5DIdF",
          "oc6bhS70eqZkejPtuEs",
          "Va6SewFh0Y",
          "CultureInfo",
          "znLjx99ZKk",
          "SDlA4X5St8",
          ") :BR",
          "CopyFromScreen",
          "get_IsEmptyElement",
          "set_InterpolationMode",
          "handler",
          "Gg2VJrfQjC44tn87CRe",
          "timeSpan",
          "RFSj5WA99Y",
          "2;nEI",
          "Multiple enums with deserialized-value ",
          "eDUCi0hblG",
          "ReadAllBytes",
          "edCRJZE281",
          "pWCW70CBRaFivd66rx0",
          "DtBHlKjF9VK2WpdDC7e",
          "MnoTBAJJ79",
          "MWBu5UHtlb3Jd8CC6qF",
          "F4hfMy3FTBiR6hGeRBb",
          "v5c6InPkAh",
          "GetImageDecoders",
          "'BU6lfNeuqneIdPx9NVK.UiERSBeiYmd2vjHUVS2",
          "set_InternStrings",
          "ywD0UZMc0Z2vduYqh0c",
          "System.ServiceModel.Description.IOperationBehavior.Validate",
          "valueType",
          "#j]:@",
          "NormalizeProtoMember",
          "WriteTimestamp",
          "Em5sPSlVqd",
          "WL70F7w2p0",
          "m2ioXywQLk",
          "xWqNWrMxxB",
          "CompiledSerializer",
          "X10Hj8dLVEW2b0hDkLn",
          "knownType",
          "PZ48nUKnqqLhtTZHdUB",
          "U5nCTTCpZT",
          "ImmutableSet",
          "AoRkh62h2LWMuFpylSY",
          "KbCrmwCcP0Tssb0g2mH",
          "np8NqKaG9W",
          "lTgm8RbSiH",
          "CiTPM6NHTKVRMGbbNrq",
          "get_UTF8",
          "zv7Cj45gSA",
          "eYQ@F[",
          "c U[QkX 6:",
          "LHMElQZXrk",
          "UbJaP3NrTc",
          "m_089ba182479c45c6ba72827055850cdb",
          "ProtoMemberAttribute",
          "length",
          "NeedsHint",
          "Y2WWcf1qR1",
          "bVD4b2KBFhgB2uPPRVh",
          "ClientRuntime",
          "aRUCIHUZ4r5cJCgwwu0",
          "ConditionalAttribute",
          "QVPsRVRaZZ",
          "dictionaryType",
          "J91Mwf0ngo",
          "m_88c6b7ea3853447381192f48e3dfd045",
          "yv6Vg9MW6r",
          "get_TotalMilliseconds",
          "ruJ5nqmiZOAbDOeQ7VK",
          "GetContention",
          "KZgmcgKaiCPceUHOOyB",
          "uKsQ2Rbo1B",
          "RfgaNHutCw",
          "TK7KVit9f7jfy2QItBS",
          "ubOWkv4wYb",
          "f3SQmgu6cG",
          "<KnownTypeName>k__BackingField",
          "r1jWCuDRVX",
          "bytes",
          "YgOU6aYhQ",
          "SetFactory",
          "Invalid pattern for checking member-specified",
          "EmitCallbackIfNeeded",
          "RckaRBKvCRIw335JZUE",
          "waMaZ2VpMdpqaNBJgLf",
          "DefineType",
          "pxMkvhH1Dr",
          "P2SmqkxbCM",
          "ParameterModifier",
          "NDOI4sOfT",
          "hBaK8pxt429uCU1mB7X",
          "X8K34m0baTTI2p8DyZN",
          "BeginInvoke",
          "EmitCallback",
          "uRWXxK2gObkbJMjIKEo",
          "gQa}$",
          "'T1TX6qE1VsqcYDcKHTr.PKs4ZYE5jUhebHF2LOP",
          "set_StartInfo",
          "System.CodeDom.Compiler",
          "uQsk9GmcG",
          "IsNullOrWhiteSpace",
          "VPpaA1RfOk",
          "dwDesiredAccess",
          "System.IComparable.CompareTo",
          "AmgpytpRmd",
          "af z^",
          "minSize",
          "GEuCF1PLYO",
          "iTN6uYpyb7",
          "get_CodeBase",
          "'aOZxrxeNuZg8lhdDC8g.MRAIWOeZaH9lYJra0he",
          "Bv6WQvKDTQ",
          "x9SZiY7i3T",
          "GetSchema",
          "ilVersion",
          "ReadContentAsBase64",
          "Dispose",
          "TryAdd",
          "memberType",
          "CastFromObject",
          "o9QEifDwfF",
          "Kdglwg001n",
          "Ih5QwTn2dp",
          "Ldloca",
          "vYeRPwTZE4",
          "MoveToContent",
          "nIGe5SNf6W",
          "LEtEgiwA0O",
          "RecogniseCommonTypes",
          "BjHCt13RTZ",
          "GetAttribute",
          "IsImplicitDefault",
          "WF$Jb",
          "<reader>5__4",
          "UgN7oLcm2e",
          "LockContentedEventHandler",
          "YI2anTLpAN",
          "bVhjVVM3AJ",
          "kuDTk5OpWe",
          "ApplyDefaultBehaviour",
          "set_Surrogate",
          "System.Collections",
          "zHjVEP8nLS",
          "targetFrameworkName",
          "iextensible",
          "oneof ",
          "CD0AG4ssOl",
          "System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
          "BranchIfLess",
          "Leave_S",
          "DiscriminatedUnion64Object",
          "CryptoConfig",
          ":}[JX`~",
          "3KfUin3d6yESonppgV.tb10LWCXRU51CIZMwN",
          "p55SJNpa26GJtTiNCsi",
          "ctxR5439x8",
          "X509Certificate2",
          "VWmA7aSXu2JRvtyTEbp",
          "get_IsInitOnly",
          "xpWahPVZRt",
          "BackingMember",
          "get_DataFormat",
          "WriteAssemblyInfoAttributes",
          "nextLabel",
          "WB64BkTAA2",
          "InferTagFromNameDefault",
          "AutoAddProtoContractTypesOnly",
          "OgVsxKSUV3",
          "BcFsB4h9Gk",
          "qMHoVQH9LN",
          "qPLKhVJKptpnsriYqYj",
          "SerializationInfo",
          "TryDeserializeList",
          "Types cannot be merged unless a type-model has been specified",
          "dvHQGhqrBh",
          "Fixed64",
          "set_AssemblyProductName",
          "DeclareLocal",
          "l6]a~'",
          "FaHyC8d5hiQZj7iPUUK",
          "RecursionCheckDepth",
          "ss8jsDcgYV",
          "ft80qU5JNR",
          "SkrA17FmP7",
          "AfKoADBVywsxuMZJkfA",
          "TYgpkYMr7iSKytJyu6Q",
          "nOjCwmdHU9yJ8VNVBMd",
          "J5r6iR3x7j",
          "tst5bw2s4o4smxiUjng",
          "BlockCopy",
          "RuntimeTypeModel",
          "GetField",
          "X6Mjae2rRRD1e8uTLn9",
          "effkYPaKx7",
          "AssemblyTitleAttribute",
          "NEh3aSJmly",
          "set_MetadataTimeoutMilliseconds",
          ",\\)[;^",
          "HasCast",
          "ExtensibleUtil",
          "xhxoBodjLJ62pY6V91w",
          "gdCSpkKSjM",
          "CreateDelegate",
          "WriteGetKeyImpl",
          "zpEZ9NT4cN",
          "ProtoBuf.Serializers.IProtoSerializer.get_ReturnsValue",
          "ND3ZH2nyvw",
          "L2Njz7HUqd",
          "beforeSerialize",
          "mVWVtKiFED",
          "ReadSByte",
          "TJ1aY12KS3",
          "SQU2qvJfeXZaLNa2MEb",
          "Hashtable",
          "Expected field ",
          "StringComparison",
          "get_Value",
          "UvmHs6KDZeJDRNenuOL",
          "p54oZuGwIm",
          "GPKKpK3MJdBnLjRqjnN",
          "Type '",
          "UhdJRZSqmjL7gtb1D66",
          "jQxPPTC0c9AU63pjqBn",
          "OjRSmYAjUt",
          "iJQi9PmgsBuNYoFxT6t",
          "yf6mFo7uL9",
          "LoadAddress",
          "uSLQXRa33p",
          "XYRNghAbktKdxe3j6Jw",
          ">da~'",
          "get_Depth",
          "EmitBeq",
          "GetListItemType",
          "xfMjHsixmc",
          "j] @B",
          "set_AssemblyProductVersion",
          "get_CanHaveInheritance",
          "RIeWpnxQ38",
          "uI5T4NVwrM",
          "T2LELOKebVAw8Qq038V",
          "Only simple data-types can use packed encoding",
          "`\\Wju",
          "System.Xml.Serialization.XmlArrayAttribute",
          "__StaticArrayInitTypeSize=24",
          "GetFileNameWithoutExtension",
          "get_Namespace",
          "GQj2R1l47Rkub8yq0l8",
          "dBeZL574Iq",
          "'LhHxO8aV13xk9sCJpew.tKx5ceaMlx9sZpyiKnA",
          "DJGwbNdpwQ1iRcXKYZe",
          "evenIfClass",
          "AsReference",
          "Exists",
          "FLKBmt4bau",
          "m_401bae2f18124f00beb812db006d23f1",
          "ToImmutable",
          "m2wm3phMay",
          "qTukxJsu0K",
          "m_8f6b92860fad4690ba73ffedaad0da01",
          "32.dll",
          "lpNumberOfBytesWritten",
          "DisableMap",
          "C9Fk0Fdwhy",
          "System.Runtime.Serialization.OnDeserializingAttribute",
          "o8ba7t31xB",
          "% T*Wm A",
          "syntax = \"proto2\";",
          "underlyingList",
          "LockContentedEventArgs",
          "gG5WHuc8m8",
          "m_b09e259e2ad54a7a8b793ed879f83a52",
          "T5IYQoOdq6",
          " H!m!",
          "System.IO",
          "CNITfH6EjC",
          "ProcessWindowStyle",
          "FtTWnenge2",
          "CtwaTXEQl3",
          "C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18",
          "CmvBzxTsnM",
          "get_NodeType",
          "MPuZpiy3A7",
          "KKJIi4xz6rHCdBKbklF",
          "get_TargetFrameworkDisplayName",
          "0#0}0",
          "a 1mx",
          "GetRootType",
          "NuyEUgDP0Q",
          "DeserializeItemsIterator`1",
          "outputPath",
          "set_FieldNumber",
          "set_SurrogateSelector",
          "endpointDispatcher",
          "'iV6hSwe3GMVL8Dt6MVW.q9EvT0eVFxXGrTRgGnI",
          "p*r@N",
          "CgSYWN1qrj",
          "BeginFinallyBlock",
          "ThrowIfFrozen",
          "predicate",
          "c $cg",
          "System.ComponentModel",
          "isFixedLength",
          "L} &EF",
          "eZL76NBc1W",
          "VUap8oLMDQ",
          "default",
          "source",
          "ResolveKnownType",
          "types",
          "GetManifestResourceStream",
          "bX37qABE4Q",
          "NullDecorator",
          "UaB6DQSktwhBTXWh1DA",
          "pDFatf5FfO",
          "set_AutoAddMissingTypes",
          "JnhOPvJzPs0JJqGgmDO",
          "NJ8H00flU3WckQOwtR8",
          "o4iAfvW5MV",
          "KnownType",
          "Ta9ViR5URg",
          "KW2pCq5RFL",
          "ArraySegment`1",
          "GetValue",
          "u2dmeAQvyc",
          "SanityCheckCallback",
          "MinMax",
          "cnAeYdHASi",
          "SetBaseType",
          "System.ServiceModel.Description.IEndpointBehavior.ApplyDispatchBehavior",
          "BrowsableAttribute",
          "oAooOUTOX2",
          "ZsU>y",
          "QQENtGH3TP",
          "Up96aBWgpj",
          "rRBaB9jrb6XYbIDkQhT",
          "'Yk1PS67EkFdDrdC2AlJ.oIgQRL7RoNQw4qHZTo3",
          "SerializerPair",
          "DeserializeBody",
          "ProtoDecoratorBase",
          "Invoke",
          "L6mCbRhl45",
          "MakeByRefType",
          "HCPZk3Ej3d",
          "Mmg8UZxRK6PbQ9IOsNw",
          "PNuTZ9xYcS7eGHG4Luf",
          "|[ N9i.a~'",
          "qAB24PKu8hQSEr1TFdd",
          "NQHNaJfK4H",
          "IsEmpty",
          "'RW9rR34bYOK1tkiNmYP.VhetFC41pBvUcOA2oXP",
          "`Tr$O",
          "ksPo3PSidAsI7XEs0uU",
          "0D1X1n1",
          "TypedValue",
          "ServiceEndpoint",
          "yCgsnTiiyj",
          "x20osEPp41",
          "set_TargetFrameworkName",
          "vCKHNfEYbwv6nvABiVF",
          "XHG6LwxKcKFDECt1v53",
          "rootObject",
          "ReadBytes",
          "GetAllGenericArguments",
          "Int64",
          ".ImmutableHashSet",
          "get_KnownType",
          "WcmamoejIT",
          "Index",
          "ThreadStaticAttribute",
          "qLm7NgUuTG",
          "Sleep",
          "m_9ebfde44ecf04135b0285c337c02c68f",
          "m_54f95b2d4d644710b512f8baa895418a",
          "ledeMgSMyYmqgMjAuTL",
          "Connect",
          "Ldobj",
          "Conflicting item/add type",
          "fwU4Ib0tuS",
          "vHxZhfpkpI",
          "qlWA0d7fkF",
          "UseConstructor",
          "ISurrogateSelector",
          "qVfe8SkupM",
          "m_bc730fbe6e6d4095839a740e871e00d6",
          "TDikJe4poi",
          "pTM3SyHxAO",
          "r9t46HmjD5",
          "apploX4eKs",
          "EndGroup",
          "No suitable method found for: ",
          "a3aDQXdeHxi1AE13WTZ",
          "WriteDateTimeWithKind",
          "Ldc_I4_3",
          "GetIntWireType",
          "skipOtherFields",
          "OPTIONS_Frozen",
          "attribute",
          "JPlease use ProtoReader.Create; this API may be removed in a future version",
          "ayVfvsY51Qod9jMYtNw",
          "ValueMember",
          "DeserializeImpl ",
          "q7Q6GsPfMi",
          "ClearPackedField",
          "M20WXWpNpq",
          "SM0BEVmXEAg0chcJCS",
          "SubItemSerializer",
          "KRHQ76fqZ9",
          "m_e852936e65cf430abc2e9104a20d1211",
          "vuQC1OVSYm",
          "OKJdUWpvvaUgfXQRFQm",
          "Duplicate type",
          "Yca~'",
          "WireToEnum",
          "9Ja~'",
          "uvP7nTQbjN",
          "System.Security.Cryptography",
          "zymx7kx80P6KTr8a5Wx",
          "VQIkX5LhNH",
          "CallbackType",
          "DefineDynamicAssembly",
          "JclACe5fOA",
          "UcSsdZorEM",
          "Default behaviour must be observed for certain types with special handling; ",
          "GetCurrentProcess",
          "umdZ29Lahf",
          "'jQxPPTC0c9AU63pjqBn.FRH2XkCkls4w03teJcD",
          "(unknown)",
          "=Q>q>",
          "Protogen",
          "\\!eTC",
          "Constrain",
          "set_BeforeDeserialize",
          "s1AQf0g69d",
          "9qF,Vc",
          "GetAssembly",
          "System.Reflection",
          "($)B)U)p)",
          "enumValue",
          "R+8L#",
          "mduA3KROrB",
          "TlK4f5agEo",
          "c4mHqFNFMGXQ1OaLmns",
          "'KbCrmwCcP0Tssb0g2mH.Om4LedCUTfTSYQAPwgn",
          "OGmisCx1uVYTXesElmZ",
          "QB75dTZ0FU3lpKopWt.Xjk5TCNw5s4Hlq3GlE",
          "RegisterTrappedObject",
          "GetKey",
          "Multi-dimensional arrays are not supported",
          "m9ngxtxVVX3nUFODe6Y",
          "Alds7K746O",
          "WrleU0Om24",
          "DiscriminatedUnion32Object",
          "5Qa~'",
          "zeNWNWUNU6uQPL86B8i",
          "typemdt",
          "Unable to determine member: ",
          "dTSlarQeEonCTV1sVNq",
          "Stloc_0",
          "<Name>k__BackingField",
          "eZVZsaIMLg",
          "'hXG2mZWK10m8Yt9FcBJ.bTmgCoW25E8VQE5kuNr",
          "set_OutputPath",
          "hwEaxtKYkP",
          "i6Rk3W8Rlw",
          "MemberTypes",
          "NyZQqwEC6N",
          "EditorBrowsableState",
          "qu1QjOplAi",
          "b0Vw3tJpjgyVT5Nongj",
          "A4AHA`AsA",
          "OwxAlBR2ct",
          "tOVj7XMasX",
          "K&Aa~'",
          "jOUuuStX5FtgObUaJpn",
          "Er'a~'",
          "__StaticArrayInitTypeSize=12",
          "MulticastDelegate",
          "Monitor",
          "getBaseKey",
          "set_DataMemberOffset",
          "CachedBuffer",
          "get_Chars",
          "X1km6V4aVh",
          "KNe6J4WRdm",
          "hZe02XIbPG",
          "DeepClone",
          "targetType",
          "ReleaseMutex",
          "EndPoint",
          "default = true",
          "xoqNfx11yk",
          "TryGetBasicTypeSerializer",
          "ylul1au4Mn",
          "inputType",
          "JuNPRP2Y5",
          "Ldloc_2",
          "pMU0OpTXwh",
          " items = 1;",
          "N04THW8uW8",
          "sint64",
          "tB87CqtDr6",
          "ebHH6MdFxbqeELKI1aP",
          "OSsABneAkoEm9U7pvQG",
          "U5q7fFV0PG",
          "set_IncludeDateTimeKind",
          "ObjectDisposedException",
          "IsStartObject",
          "@F##^",
          "<null>",
          "FAQkrZGwgh",
          "IJST41xF2xgjMq7kFYJ",
          "lTX72NBkbr",
          "Te4kwFAvyT",
          "R3XQtnrIRV",
          "OWhBFCMxiq",
          "SslProtocols",
          "Member",
          "b*s]`@",
          "XYy3Ae4jDK",
          "values",
          "result",
          "MapType",
          "0ja~'",
          "SJ2A6biLrv",
          "No serializer available for ",
          "X1G0GkxIRB",
          "Ldc_I8",
          "KnownTypes_Array",
          "NextBytes",
          "l9IjXtmmuo",
          "o'a~'",
          "BeginTry",
          "jxONjIeBPQ0ZuXUbST9",
          "RuntimeFieldHandle",
          "ChangeType",
          "CheckForCallback",
          "GetUninitializedObject",
          "ProtoBuf.Serializers.IProtoSerializer.get_ExpectedType",
          "<ApplyDefaultBehaviour>k__BackingField",
          "c8C0JVKxKa",
          "pTQCIkjYCF",
          "No suitable conversion operator found for surrogate: ",
          "Branch",
          "IEnumerable`1",
          "mnIjlKNHEr",
          "D163qwKsDy",
          "'wjVJH6Z4ASGsYsH6YgO.NYrcUoZEg0I3egSEtAw",
          "'oMwwkqRQ5QavfPH4Hhb.IuMMaDRWoTQEn6cGr1K",
          "fullName",
          "LoadNullRef",
          "EndAppend",
          "int64",
          "iV6hSwe3GMVL8Dt6MVW",
          "nmFIOa68uJI8nR6K6A6",
          "SetKeyedObject",
          "VuhYYPkKP9lNpqZGL1v",
          "RifkN5TD7Y",
          "Stloc_1",
          "rgs0xneq92",
          "get_NeedsHint",
          "IsStrict",
          "DtX7GoXmOo",
          "defaultWireType",
          "ImageRuntimeVersion",
          "Ldc_I4_4",
          "IsVolatile",
          "EmitReadAndAddItem",
          "IrDCgy4QrX",
          "hBAGLLUMwVZrQrsP6HY",
          "oMcYTF4gj5IvjHrbg5C",
          "Handle",
          "set_ImageRuntimeVersion",
          "get_AutoCompile",
          "Tcx4ETuaaP",
          "d4D4Ktq4VK",
          "get_BaseType",
          "IXmlSerializable",
          "get_Assembly",
          "pBiWvM9L00",
          "ReadEndElement",
          "Fbk3XL5o0t",
          "get_Default",
          "cbr7giW0qu",
          "swD0Wsf9q6",
          "SizeOf",
          "ProtoOperationBehavior",
          "System.Runtime.Serialization.OnSerializingAttribute",
          "Registry",
          "<AssemblyTitle>k__BackingField",
          "PGIeh422VK",
          "get_ExpectedType",
          "WriteByte",
          "y0erKMd4AqcuoWrp3gm",
          "AZ1BvP4oG5",
          "K2UezaU9ts",
          "IbjBuG2oXoI1ryi7RoP",
          "Wrong group was ended",
          "IList",
          "N8K3HSAj7H",
          "Brfalse_S",
          "surrogateSelector",
          "DbXkTsSnlwvDH4mYNNi",
          "ForEach",
          ".bcl.TimeSpan",
          "EGfebmYsjw",
          "target",
          "import \"protobuf-net/bcl.proto\"; // schema for protobuf-net's handling of core .NET types",
          "B&C-C",
          "System.Collections.IEnumerator.Reset",
          "implicitFirstTag",
          "ArgumentNullException",
          "xiMMojECvS",
          "Qx6RFP22pU",
          "ProtoBuf.IExtension.EndAppend",
          "offset",
          "EndExceptionBlock",
          "ba4WZAIUEl",
          "set_IncludeSerializerMethod",
          "H0h4ZutYNC",
          "packet",
          "IlW6rsRNGq",
          "QCVaXgIGub",
          "DiscriminatedUnion32",
          "TWl4HhMnJo",
          "get_Module",
          "GetRawConstantValue",
          "lXKaFaD3hw",
          "uqwlBvt800eYnDjHPBM",
          "FwxpZmJ8DiqcxXajwMs",
          "m_ddced2a40c9e45ef808e0e0787d4b513",
          "yxjNLtwlkj",
          "aVTfkDxdmO40siQqHKt",
          "EvEpwfSLSqk5MZyS2rM",
          "EStQ1jwmOB",
          "tIjV4bLcQ3",
          "ResizeAndFlushLeft",
          "Incorrect number of bytes consumed",
          "ELX1Yv1jnDfoSiPwcw",
          "expectedField",
          "CreateDecryptor",
          "Ldelema",
          "condition",
          "QhwZIN05H6yEoi9mFbu",
          "ProtoBuf.ServiceModel",
          "m_caa3b1279747485fa9efd36245f1f915",
          "XiGNYoVhPW",
          "System.Data.Linq.EntitySet`1[[",
          "VW6VKssVW4",
          "attributes",
          "MethodAttributes",
          "LRMQ9JGoiS",
          "EWEYuudNPF",
          "m_8548f774bed043d3940cb4fb1d118680",
          "RegistryValueKind",
          "mUM6KMJ351JVZ3mmc4U",
          "EmitRead",
          "$rxa~'",
          "accessibility",
          "KdkJs4KpWiUqybIDn7j",
          "Ua7qDkRwN",
          "serializer",
          "TMLWEu3YLO",
          "__StaticArrayInitTypeSize=30",
          "LP0o4r2HiyK1ijmUecA",
          "OriginalFilename",
          "tx6phwnNNK",
          "'LOJ0vqsY2Bdcc7Feset.SHx4gosT5cBGMK6uvtZ",
          "'G6WETaZVbefZnL4MhbV.dlfC4dZMQ4kVN62ckvp",
          "FindWithoutAdd",
          "FieldInfo",
          "LeBjnwdb0k",
          "GetCurrent",
          "Encoding",
          "string",
          "xvCs6dceEj",
          "CloseOption",
          "IsMap",
          "mmKQ0Dn4aY",
          "r1ZerIQFic1SNOEINcI",
          "ziggedValue",
          "JTFevHRa24",
          "bhXCnSM5R1",
          "Discriminator",
          "mYHpxMdQb8",
          "WriteNullCheckedTail",
          "OcL4eeJctwbfeZvC8UO",
          "TransformBlock",
          "OPTIONS_ReturnList",
          "GetRecycled",
          "oNxQNE8GWn",
          "yP8EOts1pM",
          "Bibp0MVXa5",
          "xAiQTZTgyS",
          "m_9c7f378324cd4a4d8e8097bacf6a146e",
          "index",
          "m_94b82d7d147a4a7ab4ef6a9f1828077a",
          "faa}#",
          "Ldarg_S",
          "oVvmZ9Iuy1",
          "dxKlsxw7sb",
          "DefineMethod",
          "AL6PpsJiPHWDhuPqMik",
          "GruYSwaeOE",
          "RegistryKeyPermissionCheck",
          "Sy8qDTmnhUFfPAHEB2L",
          "ip47Wus2pq",
          "ioBuffer",
          "EmitWrite",
          "Ec33pp1Sq8",
          "VerifyFactory",
          "dSe4zKjLDR",
          "m_cf4a53d9861a496cafc8704c20fa3329",
          "JNB6konCod",
          "OPTIONS_SkipConstructor",
          "'VuhYYPkKP9lNpqZGL1v.TawB6ok2XNJGs5KOT5a",
          "AJO3kKGM6N",
          "VarFileInfo",
          "PROTO_ELEMENT",
          "skVYdWrDSy",
          "get_AssemblyDescription",
          "QuHA8FrUS1",
          "LoadLibrary",
          "GetFieldBoolean",
          "C43o0jRU1y",
          "ProtoBuf.ProtoBeforeSerializationAttribute",
          "set_IV",
          "isWriter",
          "CreateWireTypeException",
          "The factory-method must return object",
          "Pe8oJKAbhM",
          "ENUoAA2djAMykHN2dk3",
          "fK4nf6dq0g6We6v9tmR",
          "l9G5eCKPrm8kukIaevX",
          "GetExtension",
          "CheckDepthFlushlock",
          "LsWjChjkNG",
          "yYXpw7556Y",
          "OlkCsQK27n",
          "SetPackedField",
          "b*Q]!G",
          "zRd7DFyYkY",
          "qrKl38VB0Z",
          "gUHlpJDJER",
          "description",
          "includeKind",
          "IExtensible",
          "mfhZX7kALU",
          "b*b]`G",
          "nativeEntry",
          "The supplied default implementation cannot be created: ",
          " header until the ",
          "OPTIONS_AsReference",
          "h5pBlmfvym",
          "Jl8M^",
          "qA6DwKTekUcyec8GOYc",
          "ReadUInt64",
          "m_621031db75344828a4cd70588d244413",
          "GetDirectories",
          "J$`@Z0k",
          "MgwodTHp4C",
          "TargetInvocationException",
          "sender",
          "XmlReader",
          "VaD3lLIAL8",
          "qheBjjhyf6",
          "tU5TbB0s5M",
          "ParseableSerializer",
          "ReadUInt16",
          "'LwqKGVZANe34JZuNUoV.sNDZaxZBOu2OOk6vQNU",
          "xdVWD52N4jInoDvgua8",
          "import \"google/protobuf/timestamp.proto\";",
          "sSmjKamvw6MVbAFGcr6",
          "NonGeneric",
          "ElementName",
          "8x$~q",
          "FieldTimeSpanKind",
          "OpCode",
          "qEdZ3AOeeq",
          "WDRQZrri3U",
          "mSu4dZSj0TVdtygONJ2",
          "xhhR21BtyJ",
          "System.Drawing.Imaging",
          "IndexOf",
          "get_AttributeType",
          "#*#>#*)6)9)f)",
          "writePacked",
          "set_DisableMap",
          "NodeEnumerator",
          "RTYoQacGJd",
          "ProtoIgnoreAttribute",
          "m_ec26fece987f49ebb27e13c0082e310a",
          "y5PGWxKhHHCD2R4b2sH",
          "LknkUr9OES",
          "rRYWRxEL8O",
          "set_ReadTimeout",
          "NICEErAKoN",
          "deserializeBody",
          "/B)3q",
          "VlU4QKJnTS",
          "YnONf8RiWdgeSFvZMqs",
          "m_cd6f5a3ffc7341fca96efe8e023e5bd1",
          "$>$Q$m$",
          "Reference-tracked objects cannot change reference",
          "ProtoEndpointBehavior",
          "set_IsGroup",
          "Ee7AgcSr4J",
          "XMAsC8WbNBALpZyCa2y",
          "System.Security.Authentication",
          "Unconsumed data left in the buffer; this suggests corrupt input",
          "ConstructorInfo",
          "hxJBAjxPix",
          "EA7BonZ4ot",
          "AttributeType",
          "FktodpUC9Be6HFctQ3t",
          "TargetFrameworkAttribute",
          "Position",
          "get_BackingMember",
          "Start",
          "OPTIONS_AutoAddProtoContractTypesOnly",
          "kwjFpFEKqWcpg1Rp3Ki",
          "DiscriminatedUnion128Object",
          "ntWEA8d0i9",
          "Dbpjgik8TC",
          "BU6lfNeuqneIdPx9NVK",
          "ProtoException",
          "oAoT8sKQJI9dHPeSKon",
          "oODNmn5fT8",
          "wellKnown",
          "% `sq% G",
          "InbuiltType",
          "meI36LBHT9",
          "lex3q6xi8ITHC0Qwg1K",
          "packedWireType",
          "za14oknYjq",
          "GetDomain",
          "DCR=)&",
          "CompilerGeneratedAttribute",
          "DiscriminatedUnionObject",
          "ECR85kSHKtmpTFOBUd7",
          "RijndaelManaged",
          "DlySNJn9iZ",
          "LoadLength",
          "stringInterner",
          "Invalid wire-type: ",
          "RequireAdd",
          "yNueKKN5OM",
          "ToList",
          "dmm4e4vKqW",
          "Jb8WMOnf9G",
          "sERB6KM7uD",
          "System.Collections.Generic.IEnumerator<TValue>.Current",
          "CopyRawFromStream",
          "dLm6XO0qAE",
          "yGjApcS4Zi",
          "ProtoBuf.Serializers.IProtoTypeSerializer.HasCallbacks",
          "rIBQxEdKu6",
          "set_InferTagFromNameDefault",
          "ConvertFromInt32",
          "get_IsArray",
          "get_DisableMap",
          "copyFromIndex",
          "DeserializeWithLengthPrefix",
          "EyuncIEwwd4qKZMpxGN",
          "WriteSecondsNanos",
          "SerializeBody",
          "BGFBDkl7ZS",
          "etr4xayOoF",
          "ntnvPIdJNgJ2eaWgage",
          "Variant",
          "FormattedName",
          "set_IsStrict",
          "ThreadPool",
          "xTw4q6Qoi5",
          "Public",
          "V4k5AYCzpP4TQrvuRNY",
          "Cannot load the address of the head of the stack",
          "optional ",
          "hasConstructor",
          "p*rLN",
          "Y4M6832mba9ofxvSvMW",
          "hModule",
          "imports",
          "zLgkq8K33qybfujQrJF",
          "klZZwjkvem",
          "oYF6bn4I2w",
          "get_InferTagFromName",
          "KnownTypeKey",
          "Bj8yotJtr1bL7n4GigY",
          "FieldBuilder",
          "BkJTcISKQC",
          "System.Collections.IEnumerator.Current",
          "get_HasCallbacks",
          "xRaUcU0rCXMQD2VEa4D",
          "get_UserName",
          "fixed32",
          "graph",
          "i7Z0P1YCfi",
          "quIBNjk4g",
          "Invalid field in source data: ",
          "BasicType",
          "Model",
          "get_IsClass",
          "Validate",
          "HasSubtypes",
          "de2a1kJRRGxN5TTxQhN",
          "wtU5xDSGPsdJapaUXGH",
          "a Eqf",
          "M5qZ8AbNFl",
          "OPTIONS_InferTagFromName",
          "'I4T1avaKx5okFZbQVrM.gSfDYga272po4KcVwEw",
          "IComparable`1",
          "n7V0IjoFOK",
          "OPTIONS_IsStrict",
          "OGpsVQdWrU0JM9ouGKJ",
          "nvhQtrf0lgGpPm1OsoH",
          "MapKeyFormat",
          "rg9Q8o28rmd2FGETtqh",
          "OKga0GqTAq",
          "ResolveListTypes",
          "__StaticArrayInitTypeSize=18",
          "De3oxZCMpB",
          "GetIndexParameters",
          "x8aF2MoYZ3huDWxSZmt",
          "lxgSR2Z9iq",
          "ManagementObjectEnumerator",
          "AZj3i48TMQ",
          "F2FpEhcMtK",
          "OperationDescriptionCollection",
          "FileAccess",
          "get_Current",
          "declaredType",
          "GetAssemblies",
          "np7AsbnyFF",
          "BEa~'",
          "Compile",
          "methodName",
          "IdjPWNS3AIUPE2vHQAO",
          "H1oGiE2U96n0d4DFDna",
          "wDTsOPAGoP",
          "Cannot serialize property without a get accessor",
          "__StaticArrayInitTypeSize=34",
          "LJT03afJT3f3T5ke4Sa",
          "SetThreadExecutionState",
          "UseProtoMembersOnly",
          "XKF6VR4mCT",
          "reader",
          "Reset",
          "wHREhFibsu",
          "qvqfVZsjT7v8Eh9VZqm",
          "buytOSoTjH0qA0gceIj",
          "IsReadOnlyAttribute",
          "717U7p7",
          "AgjVaqG9Xu",
          "uR00DjsT9V",
          "W 7^y9a~'",
          "Nullable`1",
          "HVbhuCQA109GrgLcwnV",
          "elementCount",
          ")1e W",
          "EpochOrigin",
          "qFnNNnSEZl",
          "ContractDescription",
          "DefineField",
          "FbIaN42lHdnccF7hGTk",
          "MapMetaKeyToCompiledKey",
          "knownKeys",
          "zS 6m",
          "BHico1RT46",
          "IHK0ZIYbotlHgtmGB56",
          "d942oYoK1vYfSgs8AfZ",
          "__StaticArrayInitTypeSize=64",
          "GetBaseType",
          "System.ServiceModel",
          "hNeThg5j13",
          "Rk7Kp3mbEDfk8wxGnCk",
          "get_ParentType",
          "LegalCopyright",
          "piw6AkI3cL",
          "Yb hH)va~'",
          "SrRkqJCiqg",
          "CompressionMode",
          "TIN1TmmpdftXDdTpGOv",
          "FileVersion",
          "NZVj9JE1AH",
          "inputValue",
          "InitLocal",
          "g7lVuuqrKl",
          "get_IsGenericMethodDefinition",
          "gSfDYga272po4KcVwEw",
          "b*Q]!E",
          "array",
          "IPEndPoint",
          "bB5TvgEllS",
          "PWi5KfKIwUE5jXSF2DZ",
          "Ldelem_Ref",
          "bkxdcgfkKnR8Z5OVnkS",
          "ProtoBuf.ProtoIgnoreAttribute",
          "GetFields",
          "F3EkyHuwUU",
          "Int16Serializer",
          "SetFrameworkOptions",
          "aOZxrxeNuZg8lhdDC8g",
          "F4iBRXT80M",
          "haveObject",
          "uint32",
          "SetValue",
          "FieldGuidLow",
          "Dta33a3eEL",
          "tGKY1CJ54fnxb8qnc1Q",
          "get_CanWrite",
          "EmitBranchIfDefaultValue",
          "'MULxoolWpCXtpZCBwOp.GQj2R1l47Rkub8yq0l8",
          "$30545ba6-8efa-4270-b297-09bd573a60a2",
          "UanlZgUp0sKDkGcf9Of",
          "ApplyDispatchBehavior",
          "AssemblyDescription",
          "opcode",
          "Default value is of incorrect type",
          "Vfbl7tmjGs",
          "Proto3",
          "MemberSerializationOptions",
          "ztNTXHHpKG",
          "forppQEUXV",
          "OZKibBKgsonsKBsI45",
          "YvKkn5lSLY",
          "wWb6o0Ii7J",
          "o7m6W99UNG",
          "O5SFWVxu1pEcXCeTbHP",
          "'rELBuuav16KVF4kZQdd.eIrKVUaHDIThVjfOaGd",
          "nJBMOfeAHe",
          "jAoW45jD5u",
          "short",
          "m_7f01255d76534fd5aa4f52c17342a9bb",
          "required ",
          "STgRcoKY2iBvThHAILp",
          "FindOrAddAuto",
          "get_MetaType",
          "R4icS8JZrUfEJHQg3Ov",
          "WeHssvuiI",
          "AssemblyTitle",
          "SaTELRK6Om",
          "get_BaseStream",
          "insideList",
          "get_List",
          "n5BLd97h3uZpEdcRg6h",
          "teuyigxUupriGhWSyFs",
          "IsSame",
          "EegNhSnC3I",
          "Items",
          "get_ReturnsValue",
          "IReadOnlyCollection`",
          "IsDefaultOrEmpty",
          "wireValue",
          "KLZavnAziJ92ZUwllRU",
          "WriteObject",
          "ImplicitFirstTag",
          "get_InvariantCulture",
          "ImmutableCollectionDecorator",
          "ArgumentOutOfRangeException",
          "<>m__Finally1",
          "ManagementBaseObject",
          "D!a~'",
          "metaType",
          "oh5igEdSfhfhhcHeBhI",
          "LM0ExLSrY1fPxIx9TTq",
          "lI7yFJKSgdMgh3mxsqn",
          "Virtual ",
          "set_Type",
          "HDSQ3QMhRWKy2FO5LdB",
          "NHibernate.Proxy.DynamicProxy.IProxy",
          "baseType",
          "Initobj",
          "v5VCC9TYnA",
          "Callbacks cannot be static",
          "ydGkGC9MJ3",
          "f7yV2U4IiC",
          "ICryptoTransform",
          "UY0sXbgxPU",
          "TryGetCoreSerializer",
          "IsList",
          "iislBhELAI",
          "ExpectedType",
          "WfAYp7wQa9",
          "methodInfo",
          "OPTIONS_IncludeDateTimeKind",
          "UYkhBxZlAGX87SB883n",
          "gThVBboWh3O4Sbb84SE",
          "m_bb692ece4b464104badcdcee30cc9fe3",
          "XWh7dW77rG",
          "zrxdAVdXTRkoLkUYgVJ",
          "H7OMTXFYkE",
          "S5nYhtoP6cnANjBH11U",
          "GetIgnore",
          "Key tail should return a value",
          "allowLists",
          "EnumSerializer",
          "i6f5a05e86eca446087059170c4e4c6fa",
          "get_Length",
          "Ticks",
          "i8K4hJeEZY",
          "Quality",
          "% `sq% ",
          "F5UA2kdXAB",
          "m_6b8c39700a914318be2950f5f86d6041",
          "parentListOrType",
          "extensionObject",
          "jG366El9ur",
          "c (_@",
          "get_IsList",
          "m_d98efb81076e48c9b63deec1079aa4f0",
          "fsKrIUxEeir0Pewx7dj",
          "MOGesNeIUU",
          "lvpW97aycf",
          "QO0bA6S5Y25GJwcNA9E",
          "sx5eXKk5ey",
          "CanHaveInheritance",
          "EndInvoke",
          "Guid was unexpectedly too big for DiscriminatedUnion128Object",
          "get_DefaultType",
          "get_FileName",
          "qtW05jddrYXbbS8O2nP",
          "zvY77cJV49",
          "r1oozfpBx1",
          "ioIndex",
          "OwnerStackTrace",
          "NJaSSvxwiVSxgES6FQ3",
          "NXdBaN2KB6IE15Qkrt7",
          "IsInfinity",
          "lXu071fIAb",
          "BuildAllSerializers",
          "m_0d6fa55ad78b47a1a287f3f5504949eb",
          "hasConflictingEnumValue",
          "LOJ0vqsY2Bdcc7Feset",
          "'OSsABneAkoEm9U7pvQG.jxONjIeBPQ0ZuXUbST9",
          "Okp09CAqHg9FW42NewA",
          "FileSystemInfo",
          "'AncxHG7vPGvsKtmy9v4.BPKw7M7HmkhKie7bjGU",
          "dlfC4dZMQ4kVN62ckvp",
          "uohVCthSdR",
          "get_AfterDeserialize",
          "lUqpmmpbGaP87EZ2T6r",
          "local",
          "TupleSerializer",
          "HjckiOoyHR",
          "ReadType",
          "z18WAtaBlu",
          "EHoVXEjulm",
          "m_63f6df3e1b55410bad662206b3fb1e9f",
          "oIgQRL7RoNQw4qHZTo3",
          "WriteDuration",
          "bwHsSU9eBI",
          "memberName",
          "HZJbey2DyjiCGsB0hiJ",
          "Fixed32BigEndian",
          "TBok5GdVQJJi48iaS0n",
          "WeakReference",
          "M0y39dSgFuaUxGXRd88",
          "Nerdbank.GitVersioning.Tasks",
          "Cannot apply field-offset to an enum",
          "Wr9RoEJPq175VPVMcO5",
          "DefaultValueAttribute",
          "qFvmITYzNYd5ExhTPQ7",
          "AEepsXulCQ",
          "b*b]a8",
          "isA4yZ5adg",
          "IsValidMapKeyType",
          "vj00p3LKGg",
          "Wi%Rlb",
          "lpType",
          "SetRootObject",
          "parentList",
          "AfterDeserialize",
          "fGE7KVvVMQ",
          "[Qj]22!M",
          "StringSerializer",
          "PXqZGWcq8L",
          "Z8z7<",
          "DateTime was unexpectedly too big for DiscriminatedUnion64",
          "m_f6c2b77901be49e783baecafbe7788e4",
          "YoIBEdZdoN",
          "System.Drawing.Drawing2D",
          "yOWpZoSP9i",
          "Process",
          "get_AfterSerialize",
          "KTvnnYzRDdWi0OMgmP",
          "CZRM6WeSQc",
          "CWxGu82ySoTFaf7uwRj",
          "Tc4AMGCpvh",
          "GetEnvironmentVariable",
          "readOptionsWriteValue",
          "'BDR0UMs060xt0a4EnJE.rSp4nQsklpFECHZRIkk",
          "Object key in input stream, but reference-tracking was not expected",
          "UriKind",
          "FtMV6myP62",
          "ValueFormat",
          "mhaE9B5VEB",
          "mxXYU4KGqblySqS9PAc",
          "AGH4HAfAmi4mben4jGZ",
          "VSKAebKcfQ",
          "<ValueFormat>k__BackingField",
          "XnxmNSQgjU",
          "ProtoBuf.Serializers.IProtoSerializer.ReturnsValue",
          "FromSeconds",
          "MHLBq6fpsY",
          "HasFamily",
          "mijEmiDj2x",
          "option",
          "eYSIJXSVX3HwtSaR4OR",
          "cl90Vp25hNr2wBtFyhX",
          "SByteSerializer",
          "MethodBase",
          "hnKQgaF9hw",
          " \",}>X ",
          "CnWsbmumnl",
          "Tailcall",
          "Gbtp9dkFf6",
          "get_UserDomainName",
          "htRHLmKsCf7Jneur0bP",
          "get_IgnoreListHandling",
          "CreateInvalidCallbackSignature",
          "EmitInvokeCallback",
          "Create",
          "classthis",
          "bytesRead",
          "SIxsaIVmIe",
          "DateTime was unexpectedly too big for DiscriminatedUnion128",
          "c67eyH9Agk",
          "GuidAttribute",
          "m_a617bd352b854143a19fb930e34abc9d",
          "ItemType",
          "OPTIONS_IsRequired",
          "<Module>{81ADDF81-2A2A-4D67-B614-83D63B9A2005}",
          "]Please use RuntimeTypeModel.Default.InferTagFromNameDefault instead (or on a per-model basis)",
          "VS_VERSION_INFO",
          "yLO04KKVCb",
          "IsAutoTuple",
          "QkTEdHboiq",
          "FileStream",
          "Label",
          "n8KlOLMH0L",
          "CmPmujQ9ju",
          "ProtoBuf.ProtoPartialMemberAttribute",
          "get_InternStrings",
          "MergeWithLengthPrefix",
          "rXsYK84SrC",
          "R8nNuWjrLS",
          "Timer",
          "Coalesce",
          "iM6pMMsLBr",
          "get_IsEnum",
          "WqmNW2dCvpiI3REBEBH",
          "get_IsGenericParameter",
          "DebugAssert",
          "IgnoreListHandling",
          "rTCRuBV7Vl",
          "YeMC9R6hAQ",
          "VFg7VuSI9a",
          "FuqpndIVty",
          "HiY4jsbijT",
          "rqeVfN5xrB",
          "Conv_Ovf_I4",
          "aRDkocjaI6",
          "nanos",
          "m_1b1e2148aeb84ae8b796b61047707155",
          "partialMembers",
          "Q9pGtZ20tekSJMHBcYX",
          "Deserialization changed the instance; cannot succeed.",
          "MbqVJLET5L",
          "TxXTzFO1sU",
          "Merge",
          "BGd3sZPm38",
          "jJh133jbENtLAAkDe6I",
          "6e9j9",
          "Collect",
          "TraceCompile",
          "DVxejyKwKr4wKEnZS1h",
          "XZcji1lrDQPTdballjw",
          "z0e6T0JuDMbGemWkU95",
          "TakeLock",
          "clientOperation",
          "ConvertToInt32 not implemented for: ",
          "get_AsReferenceHasValue",
          "MfiW4KJ4DnN601tCxKf",
          "OWWq1pKbqFJld1bLZP9",
          "lCh0dMyBFg",
          "SpecialFolder",
          "<arg>5__4",
          "y8T3YOs2UR",
          "dataMemberOffset",
          "1.0.9557.39421",
          "DeserializeCore",
          "<>c__DisplayClass1_1",
          "EmitCtor",
          "ReadInt64",
          "p0wsDSrw6M",
          "m_cae550cff57f48a883ef4f5744315e44",
          "m_5fa3ef58dd4243168bef82ba33f8fe4b",
          "// this enumeration will be passed as a raw value",
          "rPQEFj",
          "TDmenbl1Nv",
          "[Nx6T",
          "ProductVersion",
          "expected",
          "u1xNdpI9aQ",
          "lO4Y6IjB8h",
          "VJZMt3i9WX",
          "Lv3MLXscHI",
          "supportNull",
          "x5qVQ0epOS",
          "'xv7wEYkzxJXWpKMKlMI.iNc8RvkDL37eJ5OwhDb",
          "finish",
          "Ks8RZr0fAP",
          "CallingConvention",
          "KpWonkjjhhXmgA7LtI3",
          "GetPropertyValue",
          "hb5m01KLAx",
          "OnAfterApplyDefaultBehaviour",
          "uKnT8RdEHC",
          "baseCtorCallbacks",
          "Ws4Wuu8JEY",
          "b*b]A?",
          "get_Count",
          "'qvqfVZsjT7v8Eh9VZqm.xYVskUsCgJwpCxhWb9f",
          "mvf3LDSsvN",
          "mXI8bBScw6SvGPno1P4",
          "Attempt to mutate struct on the head of the stack; changes would be lost",
          "m_01cc201bc4de47bfa7b40135b8ff1943",
          "Socket",
          "vLVYG8RsXNJIdEN9Mvv",
          "Edo3YJSvnfj4NwEDRVw",
          "fdJo6Z1RHn",
          "Unknown min/max value: ",
          "DpDOfZc6HqMXX9okfrH",
          "x3Z6HvKX2PcO2hXV42T",
          "+I+|+",
          "netCache",
          "AncxHG7vPGvsKtmy9v4",
          "yoyGHBBTp8iqMK1qghH",
          "ZzWoPR",
          "K6mQRGt9ID",
          "set_ReceiveBufferSize",
          "<>1__state",
          "P1GYOOFGwD",
          "<>l__initialThreadId",
          "msslqqpHr8HqomEgGpT",
          "nMmYU5CQJ9",
          "f5RZjP5Pp3",
          "BasicTypeFinder",
          "AssemblyVersion",
          "ToByteArray",
          "System.Collections.Generic.IEqualityComparer<System.Object>.GetHashCode",
          "set_DefaultValue",
          "dU3uWyU7BrsLV0r2Vj7",
          "kF63dujXxn",
          "ProtoBuf.Serializers.IProtoTypeSerializer.CanCreateInstance",
          "lGF7M3NlJc",
          "J-a~'",
          "Memory",
          "GuidSerializer",
          "Current",
          "r865j4N0vLgWfCxSALd",
          "ulwoEhb5Zn",
          "derivedType",
          "Dcb7Q44Do0",
          "MyPsPYtziVcj3smZJmF",
          "J.a~'",
          "sOnBLEqcdq",
          "MetadataTimeoutMilliseconds",
          "JHcdMLd3vfJO1qv2fIk",
          "mscorlib",
          "ToLowerInvariant",
          "(.protobuf_net.fieldopt).dynamicType = true",
          "PY2VPDguu6",
          "Ifg4uJHdhd",
          "SurrogateSerializer",
          "WriteInt32",
          "M5tkkn7DQp",
          "AttributeTargets",
          "System.ServiceModel.Description",
          "Unable to resolve map type for type: ",
          "dl3sMsmiFC",
          "VXHUXlKqoA8mGjHIfXr",
          "mU0lfQHDJy",
          "get_Ticks",
          "IsqpR8G5nw",
          "Ldc_R4",
          "set_UseProtoMembersOnly",
          "mXk7XLDHYB",
          "wf9l80dqhD",
          "xQ1EPfvxWR",
          "GZipStream",
          "MetadataVersion",
          "subtype",
          "set_EnumPassthru",
          "AutoTuple",
          "BKlVbFfU3IxbFbQvrlZ",
          "bAej8WacIr",
          "Repeated data (a list, collection, etc) has inbuilt behaviour and cannot be subclassed",
          "Translation",
          "Directory",
          "znaQIDH8l3",
          "XeYa1HwuGV",
          "GetKeyImpl",
          "f0IpTcAQjX",
          "Bjg3PIN0pC",
          "GetSurrogateOrSelf",
          "jqR3wUfVR0mTMksbmEi",
          "DebugWriteLine",
          "u4PaRr0TqB",
          "set_AssemblyDescription",
          "Nested or jagged lists and arrays are not supported: ",
          "OexQvq9Lry",
          "m_709ed25145d349b0a809de86d85d81a3",
          "Ldelem_R4",
          "OdiSaOLNbB",
          "Oqy7wN7p2I",
          "System.Runtime.Serialization.OnDeserializedAttribute",
          "get_DynamicType",
          "U0PpjeAaCc",
          "RJ7bqsjkY2TrNQB1iyq",
          "I8DW8MhLeF",
          "GetObjectData",
          "bindingParameters",
          "sbHYcM2yQG",
          "Uvx9wx7oBN0Dnw9ead",
          "NufEasxDbw",
          "Bitmap",
          "iQhYIo1qk9",
          "hasValue",
          "OPTIONS_OverwriteList",
          "SerializeType",
          "GetSurrogateOrBaseOrSelf",
          "get_Pending",
          "System.Xml.Serialization.XmlTypeAttribute",
          "IJ0kQLwswJ",
          "OPTIONS_UseImplicitZeroDefaults",
          "TWyRwxlnxu",
          "Ldc_I4_1",
          "metadataTimeoutMilliseconds",
          "a4MopmSaAy",
          "N2DVbtr496",
          "fMZWmBjuL5",
          "WriteUInt64",
          "Repeated data (a list, collection, etc) has inbuilt behaviour and cannot be used as a surrogate",
          "UIker2uUwfAjpE5urvk",
          "get_IsFamilyOrAssembly",
          "PQoQoPvMbX",
          "d6SMJYWkEi",
          "OperationDescription",
          "<DataMemberOffset>k__BackingField",
          "I6d46e2teEZSJmy9Lwx",
          "GcjChEcGBf",
          "H01ssH2eqUd0S2q1KLw",
          "NFpHmmm7i5uO2J1u9Il",
          "GetType",
          "DiscriminatedUnion128",
          "ReturnList",
          "GetOption",
          "'gB9mg47Y9IsBNTvjyQV.HHUWAN7TGG3ORqnsEvA",
          "cU0MfhV2wW",
          "Ps96EnWsDfhWktl2e2o",
          "GetByteCount",
          "fwrBBaxmev",
          "IsObject",
          "Ft0YZmOsLA",
          "GetConversion",
          "qEKX29tiA0P5LVp6jOP",
          "HdKV0",
          "IpHa3xtZy5",
          "get_RemoteEndPoint",
          "IExtension",
          "YtIC2YBY6f",
          "S71jdeHLJh",
          "cKYVUCfZPhq6D7HUJut",
          "Fixed32",
          "SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
          "CCUckWhor9",
          "yEpRbbMNCU",
          "swXeRGfW6CujHw3p0AO",
          "TO_EOF",
          "kOZHrfdhl0RwEmq1J3X",
          "'G7IuqcNGJEdSRmX00vr.RNNrS8NcsT6y5KILIuG",
          "Deserialize ",
          "dCHMpGDbaD",
          "Na4d2iQMVmCgWM5Upjw",
          "oF1305KUBwFevf7l7HP",
          "A0cEu1E6VE",
          "*CVf\\=t",
          "E7vZCGoH4U",
          "ResolveListAdd",
          "' can only participate in one inheritance hierarchy",
          "m_18e7baa500dd48be8a6482ea2e182510",
          "get_SkipConstructor",
          "Enumerator",
          "rAHfl1JaIK715ON1Lqr",
          "ld43RhlMt6",
          "oJpWlsGohV",
          "MetaType",
          "TryGetValue",
          "attribs",
          "add_ResourceResolve",
          "XmlSerializer",
          "Ldelem_I1",
          "PsxEGITVgE",
          "HM38Xoo5qWE0mabUoVR",
          "get_Message",
          "TlIKxZdOUh5HFXksTTM",
          "set_TypeName",
          "xXE5xmtu1eA87CgyZwV",
          "ydJOo4se0d8W6LntXnj",
          "PkdoxlJ6cuUPXdFMBpf",
          "System.ServiceModel.Channels",
          "repeated ",
          "System.Runtime.Remoting",
          "@.reloc",
          "stfM7a9kCW",
          "djxkZklqGC",
          "JHGCdnftB7JQlDBbT7U",
          "TawB6ok2XNJGs5KOT5a",
          "bS83UQ8nt0",
          "<MetaType>k__BackingField",
          "incoming",
          "get_WireType",
          "WriteDateTime",
          "CanSerializeBasicType",
          "C0lT7YRkrT",
          ".bcl.DateTime",
          "tKx5ceaMlx9sZpyiKnA",
          "'Na4d2iQMVmCgWM5Upjw.r1ZerIQFic1SNOEINcI",
          "EndFinally",
          "GetCustomToString",
          "IncrementedAndReset",
          "wxGacHHmST",
          "IComparable",
          "WriteUInt64Variant",
          "set_Context",
          "Ycj3u7n5MD",
          "tVxtYOxPam47O1xsJx3",
          "Brfalse",
          "Ldelem_U1",
          "CLnExE11aw",
          "ParallelLoopResult",
          "\"Please use RuntimeTypeModel.Create",
          "Rd=o@<M^!",
          "lBnASOMi2d",
          "_discriminator",
          "FromImage",
          "FromMilliseconds",
          "pAnMHCISBR",
          "m_149439d1132e4179af37764f06a7e2eb",
          "TimeSpan was unexpectedly too big for DiscriminatedUnion128Object",
          "'WZZ4I8Z1pFoN3uX3GUA.wtOwAcZ565WYcbFykav",
          "kwV6vwdQmFeI4gWRmTq",
          "exception",
          "Brx2XAxNhaRfJROD7nd",
          "chDMIyn0T1",
          "mtCvrdxCi",
          "rB7aDxhT0E",
          "CharSet",
          "get_NonTrivial",
          "current",
          "CyXopuemb",
          "w0nc0iX6jZ",
          "TPrMxj5SFG",
          "get_AssemblyTitle",
          "System.Collections.Generic.IEnumerable<TValue>.GetEnumerator",
          "Thread",
          "EeCAiQUeYT",
          "Non-public member cannot be used with full dll compilation: ",
          "m_6e2defa7de334a609d4b7809ad5ef152",
          "m_aeead6f9436f450594dbc1ee4bcc368c",
          "Surrogate",
          "k87cURmOrn7lNGcgY0Q",
          "naUAxarYot",
          "BuildSerializer",
          "FOi4RWSxtC",
          "AppendValue",
          "FieldTimeSpanScale",
          "pYloapH3eW",
          "m_b03ef0e540f445f6a185b6d542b5c204",
          "R+JLc",
          "Gksab7EXba",
          "uTu6xG2qgV5naxmeMt",
          "Conv_I8",
          "wm6TwTF2wk",
          "The default model cannot be frozen",
          "Timeout while inspecting metadata; this may indicate a deadlock. This can often be avoided by preparing necessary serializers during application initialization, rather than allowing multiple threads to perform the initial metadata inspection; please also see the LockContended event",
          "IComparer",
          "Lw1QzWYmkR",
          "Required",
          "i?h1|",
          "EqnjUf9Gn8",
          "rdyVxdewI7",
          "ulidaExNP8jPHNwg9N",
          "<>3__model",
          "SetName",
          "'OKJdUWpvvaUgfXQRFQm.msslqqpHr8HqomEgGpT",
          "NonTrivial",
          "b*b]!;",
          "IList`1",
          "isRootType",
          "jxtN6RVJ3M",
          "OverwriteList",
          "Tv!kZ",
          "get_TickCount",
          "WriteUInt32Variant",
          "ga $V",
          "ProtoBuf.IProtoInput<System.ArraySegment<System.Byte>>.Deserialize",
          "Mutex",
          "GWJ74sVs6Y",
          "allowInternal",
          "EndpointDispatcher",
          "AppDomain",
          "copyBytes",
          "metaKey",
          "Aolq7HmQZXl3xvJlBHS",
          "WriteBoolean",
          "LKOYTLBLeb",
          "MoveNext",
          "O4dpkmZARY",
          "GetWireType",
          "IsInRole",
          "m_07a3e26d65b54bb0983c4bd0e00c6566",
          "CompileInPlace",
          "zlpJU3KR34agrAVHng0",
          "set_Mode",
          "SerializeWithLengthPrefix",
          "QdDXqgxIkO0ffgZ788U",
          "DirectReadString",
          "EndTry",
          "BasicList",
          "m_1c46d7a245244f71919e5dfe634f851f",
          "OnApplyDefaultBehaviour",
          "AddField",
          "GetName",
          "untyped",
          "wfqef9pV3U",
          "m_4a814c08c6c74e68b8be81b5c5cfa9c6",
          "or1FUTfc4144K3mpnd8",
          "GetContiguousGroups",
          "TxtE6A22PeLtDnvbZYW",
          "R2iuk44MPD14AuPNfv4",
          "Y2kshv932w",
          "RNNrS8NcsT6y5KILIuG",
          "get_Minutes",
          "The writer is in an incomplete state",
          "get_ParameterType",
          "GetSetMethod",
          "hasOption",
          "Jofon49IaI",
          "X0TmDxL47S",
          "WuNB5rnLeX",
          "yByRxGh5id",
          "get_Height",
          "x0P3cV5VmD",
          "LpOl0XtQge",
          "ZERO = 0; // proto3 requires a zero value as the first item (it can be named anything)",
          "bC7ad3xuc4",
          "uJAeae475l",
          "TA24CW6J0G",
          ".google.protobuf.Duration",
          "CTvakv1y7I",
          "sfixed32",
          "Vg9ZPiWw3I",
          "ljB3qid1cKS81ax7WnZ",
          "ConstructorBuilder",
          "mG13DKvtE3",
          "Conv_U4",
          "CreateSubKey",
          "ApplyClientBehavior",
          "Pva~'",
          "Helpers",
          "GWEarU3F6s",
          "zkZCmmDlxN",
          "<>3__singleton",
          "m_94900dc41b654cc2abf86bd0c30aeb6f",
          "f2VfWCEftlOWUsAD3R9",
          "m_16cde44ba5b14ee08b2770e9e89ff7b3",
          "VsElAS5PJZ",
          "SPWZegY60w",
          "SingleSerializer",
          "vCTJjhN0O",
          "A deferred key does not have a value yet",
          "LxnQB2QbFX8FqGil0pb",
          "nNWT0jxy4wpAZodaZoc",
          "ProtoBuf.Compiler",
          "ReadString",
          "InitializeArray",
          "dOmoUHV7a8",
          "eSRcVetvQ2GJiFNJkHL",
          "operation",
          "Version",
          "targetFrameworkDisplayName",
          "FieldGuidHigh",
          "TimeSpanScale",
          "OEqlM2JDSk34xdQyQe3",
          "CanPack",
          "bqLNQPrdWJ",
          "MD5CryptoServiceProvider",
          "GhTABZNENf",
          "DebuggableAttribute",
          "EditorBrowsableAttribute",
          "set_State",
          "FuV9hOxnPRNUjSFVHep",
          "ImageCodecInfo",
          "ProtoBuf.IExtension.GetLength",
          "extension",
          "RIVjeKt8iK",
          "System.ServiceModel.Dispatcher",
          "Tx7LTKdxGDsRDBXMSK6",
          "OIipcisVFR",
          "fYDN2nl46A",
          "<Surrogate>k__BackingField",
          "xEslb3I7ul",
          "get_LocalIndex",
          "A8fRIEjQCh",
          "set_AllowParseableTypes",
          "gr2j00H4R9",
          "FlushFinalBlock",
          "ReplaceDataContractSerializerOperationBehavior",
          "isEnum",
          "get_Serializer",
          "owYZggyfKt",
          "ejNEpLxOH87RApK4Abx",
          "HRVlJ7kIME",
          "'gnnfEQ0YkTkkoVFpWg2.b4oWkV0T0olshsdvV9x",
          "<stream>5__3",
          "<GetExtendedValues>d__1",
          "Cannot deserialize sub-objects unless a model is provided",
          "NP7oi2PU5b",
          "LHW4DaxLdh",
          "Q6WZTQ7SYI",
          "get_DataMemberOffset",
          "GeneratedCodeAttribute",
          "Unknown timescale: ",
          "WriteRecursionSafeObject",
          "N6lmUOiOtN",
          "get_Context",
          "DebuggerBrowsableAttribute",
          "Round",
          "%ef +",
          "SetSurrogate",
          "m_0544153992b545748b90e50e0bb7ffbe",
          "Screen",
          "get_AssemblyTrademark",
          "BaseKey",
          "Protect",
          "DateTimeSerializer",
          "OVB6R7jKBWocXCFxKRw",
          "p1boINxOxN",
          "tfUE3Q0CqklyM74lwKU",
          "Gt6Mahvd0S",
          "QFVVDaESFFU4Gfy8VH6",
          "PTkBth7Iej",
          "Value",
          "IEnumerator`1",
          "ProcessStartInfo",
          "VrQEnWaSUx",
          ">dc9%",
          "Ldarg_1",
          "get_Key",
          "ArgumentException",
          "h1Y4XTH4Tv",
          "ReadDateTime",
          "<Module>{1d590a57-0001-4721-86b5-87b20d253506}",
          "CallingConventions",
          "callbackType",
          "I+:2P*]A",
          "op_Equality",
          "defaultValue",
          "WvyuRQJBSr4O32LxSyG",
          "ReadLengthPrefix",
          "9Pa~'",
          "tfuEysBKHN5X2VrDH0c",
          "Dyc0kW2EEE",
          "m_1f68c97fd446479a912379bd8476d3bd",
          "metaDataVersion",
          "typeCode",
          "depth",
          "RSLHjg2puNwLF4W12gU",
          "uPBE*",
          "NwJ23ABPbUTqWMX3uIY",
          "Ts8UEmfCy0HT53QaysH",
          "isList",
          "baseClass",
          "SgQLmmfs082l0m5c7EU",
          "get_IsAutoTuple",
          "W8OWx53f9f",
          "FgEAAgfRodbf1cTsm7M",
          "RBXBHB0rPU",
          "LoadValue",
          "<Module>",
          "gKBahmjRXR5VWTerMCo",
          "CheckIsIReadOnlyCollectionExactly",
          "GG6NJ8OvKe",
          "zM9SmtJA8XWxuvIsEXb",
          "^euV'",
          "UKE2E1JFo7AaPIdFiko",
          "j11QOCfxaGaNPoG7K1m",
          "ApplyDefaultBehaviourImpl",
          "Conv_Ovf_I1",
          "qu9kBQ2RuKxVo81dMPL",
          "OPTIONS_WritePacked",
          "Yjmk18sgbw",
          "IsValueType",
          "FieldDecimalLow",
          "zUmWdyoWES",
          "fQoEI6lWKd",
          "get_CallingConvention",
          "ResolveMapTypes",
          "Conv_Ovf_I2",
          "r4DTmGRk1l",
          "KmjBc91Dds",
          "YqHCkmtDRPdNvKFfbP3",
          "NYrcUoZEg0I3egSEtAw",
          "e7hp75KVut",
          "ThrowUnexpectedType",
          "iiZkVwFftx",
          "Brtrue",
          "NonPublic",
          "get_SurrogateSelector",
          "EPMYGK5JSV",
          "pg1CDWK1GM",
          "CheckHostName",
          "Unbox_Any",
          "available",
          "WrapNonExceptionThrows",
          "WriteAssemblyInfoAttribute",
          "icFRAy0XdW",
          "t9GtqQJVgNXnGalsVjo",
          " but received ",
          "rqMAJHGIfK",
          "CompanyName",
          "tWNxAfxr3LTSLUOL5SK",
          "ReadUInt32",
          "System.Collections.Generic.IEnumerable<System.Object>.GetEnumerator",
          "GetConstructors",
          "IVOZm9Lj4s",
          "Floor",
          "fRPB0rYQVk",
          "CreateInstance",
          "MEykpbZwXj",
          "FileShare",
          "GlobalOptions",
          "ypON9v0Au2",
          "packed = true",
          "evuspCIcLW",
          "gs0Mvxcve3",
          "xPSFbmYXR3taEicPebB",
          "get_Bounds",
          "oBcweDNp3",
          "'IXgPPHNoPM8d9t6xHRS.r865j4N0vLgWfCxSALd",
          "default = false",
          "wCbQWUyOPp",
          "rAEVh8PqQN",
          "WriteSchema",
          "System.Xml.Serialization.XmlIgnoreAttribute",
          "Single",
          "kN6WhL9hXZ",
          "AkMsKcibcl",
          "IComparer`1",
          "knownTypesLookupType",
          "RcHdcIJ1gW0jQrGpMF2",
          "CommonImports",
          "weiWN8Hbr6",
          "S2Stab2TQup132OnsKK",
          "TryEnter",
          "ToUpper",
          "get_IsAbstract",
          "podsFB8jkd",
          "AtG0BZSuWY9BJmto4ZX",
          "HFGAObunRK",
          "jmkBWpXZdl",
          "nIK6cZLuaN",
          "GaIGEEo4d1vjLGiHoY8",
          "CreateNestedListsNotSupported",
          "ctMTS5t5H",
          "CheckAccessibility",
          "5U}o.",
          "ThrowCannotCreateInstance",
          "enum ",
          "iEblSHvGHW",
          "ZigZag",
          "Q%a~'",
          "DoubleSerializer",
          "Comparer",
          "wTiYFTPT2H",
          "I3f6q00ce1",
          "baseKey",
          "Marshal",
          "fX1MDMUwHa",
          "OPTIONS_IsList",
          "The default model must allow missing types",
          "PC1WrwjIoE",
          "<AssemblyVersion>k__BackingField",
          "addRange",
          "NkFpIeCdDp",
          "NHibernate.Intercept.IFieldInterceptorAccessor",
          "cF3MsfMUKuhVdOPvAdq",
          "hWGWgwZZ1A",
          "ProtoBuf.ProtoMemberAttribute",
          "v60pAiSqSm",
          "OPTIONS_SupportNull",
          "Q3djAg0j6a",
          "Subtract",
          "PHY0Z0K1Ev",
          "TypeFormatEventHandler",
          "IEnumerable",
          "\\rY )",
          "D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5",
          "jxUGIxBMw5o7nBlS4vj",
          "UseShortForm",
          "Stream",
          "Nullable",
          "O3imXmqOvh",
          "oNjQDR6Mu7",
          "S2DsEeBis1",
          "dTFEH92xh2",
          "GetDataFormat",
          "0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A",
          "DwoQa2lZqh",
          "dByjp728Vb",
          "allowFixed",
          "DMflKFqLbn",
          "FieldTypeName",
          "'GPKKpK3MJdBnLjRqjnN.F4hfMy3FTBiR6hGeRBb",
          "MRAIWOeZaH9lYJra0he",
          "nbDk5tU55o",
          "Ajo8onERhUsB2ayiBak",
          "BPKw7M7HmkhKie7bjGU",
          "mJ0fVeRzEW6L2xo4EN9",
          "The type specified is not a contract-type",
          "'oc6bhS70eqZkejPtuEs.lrd96O7kyg7TH5t4HVH",
          "cHONECxakvDO7FmNWEv",
          "get_Fields",
          "System.Reflection.Emit",
          "WellKnown",
          "lNKQKV1AhG",
          "6BSV6TMGTVWAaPJIi7.MYqri7Vat1GcACN1si",
          "Unknown member type: ",
          "ThICJoxOKD",
          "get_IsAssembly",
          "J01BhBQoYT",
          "bxWw5USF6vFKE2pByJw",
          "ICollection`1",
          "g4rBeb4sYKtiK2qB0Ja",
          "GetProperty",
          "ToString",
          "WriteBytes",
          "UInt32",
          "I3R6JNJWT1gNubHSOid",
          "ResourceA",
          "PacRU0lLSy",
          "_/rhL",
          "hiRBkUL3HN",
          "GetContractFamily",
          "WriteEndElement",
          "m5PVvDQMjW",
          "System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
          "VA4etqTMp4",
          "mBYG3GATpG0A8dke4Sa",
          "oULCrYxjQtrqH2GNkQV",
          "sLr0ZY2kmBiJalCVkj5",
          "vWLZfU68Xm",
          "EmitCreateInstance",
          "X9kZungpEr",
          "FkgtuOjPOjcITGDgfHk",
          "AssemblyCopyright",
          "zEi7plA1w0",
          "Duplicate field-number detected; ",
          "Internal error; a missing key occurred",
          "ODWlaVBkZe",
          "rmZpzrU69q",
          "okfRqRGefB",
          "builder",
          "System.",
          "WindowsIdentity",
          "FileDescription",
          "CsF0sX2ep7",
          "HMERXA8Ioj",
          "ProtoBuf.Serializers.IProtoTypeSerializer.EmitCreateInstance",
          "QywZRn0Zaq",
          "options",
          "Context",
          "EventHandler`1",
          "XmlProtoSerializer",
          "ProtoBuf.Serializers.IProtoSerializer.ExpectedType",
          "d38ST21yHX",
          "b*s]a?",
          "TPa~'",
          "<>c__DisplayClass2_0",
          "b*s]aE",
          "qo2vyfBI6o0KuLhQfOl",
          "esZkuKljm3",
          "NeEk6pnfKZ",
          "Constrained",
          "DD96nhZoiU",
          "formattedName",
          "OPTIONS_EnumPassthruHasValue",
          "LlPYAKVx8G",
          "Uv1okXTaJ7",
          "Ldelem_R8",
          "vWJ4rDGSq9",
          "Ldtoken",
          "Type cannot be represented as a default value: ",
          "TbJlXLY4HZ",
          "hGDeOm6Uvt",
          "<>3__allowDefinedTag",
          "recursionStack",
          "get_IsNestedPublic",
          ".NETFramework,Version=v4.0",
          "ProtoTypeCode",
          "BCHkWYSjaG",
          "AssemblyCopyrightAttribute",
          "Possible recursion detected (offset: ",
          "FaCeJqQTVr",
          "set_Key",
          "DefaultKey",
          "Unable to resolve sub-type of: ",
          "Callbacks",
          "'Ajo8onERhUsB2ayiBak.UG29rpEjAtpAotJEVTZ",
          "The formatted-name is fixed and cannot be changed",
          "DefaultType",
          "syTYhBv5A1",
          "Ldarg_0",
          "SanityCheck",
          "n5sbMRpNg9Q4YPb2fW8",
          "GetDedicatedMethod",
          "kmTKy2oCb80q0WQyuYH",
          "ProtoBuf.ProtoPartialIgnoreAttribute",
          "b*s]!5",
          "IEnumerable[<T>] data cannot be used as a meta-type unless an Add method can be resolved",
          "UnmanagedFunctionPointerAttribute",
          "BYuaWapwcL",
          "k5qZKNa503",
          "IsLittleEndian",
          "ppeoSlFLyu",
          "X509Chain",
          "Clear",
          "rbV3m5lo9p",
          ">xp[p",
          "TypeFormatEventArgs",
          "G4TARi0PZ2",
          "XTxQppRmEW",
          "SQA08q4Nad",
          "ReadInt32",
          "kSiMsoXb14",
          "CompilationRelaxationsAttribute",
          "s\"$zj",
          "pxousnl9qJiy0nsEEzHI",
          "set_Model",
          "AssemblyCompanyAttribute",
          "frEbjRKmqAlDKulU8eZ",
          "A@A,B",
          "AddErrorData",
          "OlslYkFmRn",
          "indexerSet",
          "xscegl65IO",
          "ar640MYq3tPGGNQcWIA",
          "aBhVwGHEVV",
          "set_SendBufferSize",
          "b*Q]!@",
          "GetProperties",
          "GetMemberType",
          "get_IsInterface",
          "State",
          ".NET Framework 4",
          "get_Buffer",
          "SurrogateSelector",
          "contentionCounter",
          "e9RVAC4p86",
          "set_AsReferenceDefault",
          "g5eRaSL0bx",
          "f15NxkwJt1",
          "vNa~'",
          "GGQ05pJUoYJOKvcLspE",
          "OPTIONS_AutoTuple",
          "HYrx232M8X8aWuwsgWp",
          "xo9iu8j6WSiYelVFa9g",
          "UInt16Serializer",
          "NumberStyles",
          "get_EntryPoint",
          "m_2b81cf6f43744823a94b19971bfcfb51",
          "innerException",
          "ReadTimeSpan",
          "*+^Vl",
          "AssemblyBuilderAccess",
          "other",
          "System.Runtime.Serialization.ISerializable.GetObjectData",
          "\"\\a~'",
          "destination",
          "OJANk2BDj6",
          "get_Hash",
          ".Dna~'",
          "v4uROYA9bw",
          "OPTIONS_IsMap",
          "GetGetMethod",
          "LLTW6muIls",
          "effectiveType",
          "EmitBasicWrite",
          " wa~'",
          "DEBUG_COMPILE",
          "System.Collections.Generic",
          "set_OverwriteList",
          "uB3NsW06og",
          "get_AssemblyQualifiedName",
          "tkXWUbK9GU",
          "ResolveEventHandler",
          "MLSaLxxjSn",
          "x3b7Igl8AV",
          "get_ImplicitFirstTag",
          "nonPublic",
          "System.Collections.Concurrent.IProducerConsumerCollection`1",
          "bZDEv0bk4x",
          "XmZDZFo9cvtbInSMbUn",
          "'oRcXGw49PS2Hnu66Efq.oMcYTF4gj5IvjHrbg5C",
          "CnUE27SMEe",
          "SS0SYZXsoW",
          "InternStrings",
          "m_21563ab6e0f84663804d572236b61aca",
          "MmOsfteuq6",
          "m_65031b85b0174d14a33270d58db55b8c",
          "Hch3KqedRG",
          "vZsToxNHfW",
          "fieldNumber",
          "ProtoBuf.Serializers.ISerializerProxy.Serializer",
          "BehaviorExtensionElement",
          "strict",
          "yniA9MqtIx",
          "ILwYlpx1GR",
          "G1HSSsAmLj",
          "Eds03StMU",
          "sExAt6AYX1Up4ib6ZOH",
          "v2WE0QUAqf",
          "WriteTimeSpan",
          "sXJlnX4CSs",
          "file:///",
          "f4X3O28RYf",
          "fk46YoAwGx",
          "SerializationEntry",
          "LlJQ5XD8mZ",
          "F6ZHby2S1SpebI4yPBv",
          "yGB4GLd25Q",
          "DefaultValueDecorator",
          "jp5j3Lyek0",
          "cUC40fCZt8",
          "AsReferenceDefault",
          "builderFactory",
          "C7asr3cMYE",
          "int32",
          "T7yRjGS3n3",
          "ProtoBuf.IExtension.BeginQuery",
          "F2Rs38kEYwQL7s8nVMf",
          "System.Core",
          "Sgr0uhJ7eixklID9KHF",
          "?[FhuI&",
          "Conv_Ovf_I4_Un",
          "dxtBOL9BDh",
          "b*a^ B",
          "QFATNexnaD",
          "WriteTimeSpanImpl",
          "ArrayDecorator",
          "OverflowException",
          "OyELUIxqmRvF1RWqJdj",
          "cNVcleptHukee3bm7dY",
          "hlRliA2X51",
          "wireType",
          "'VZIXy2EFYppeogrKTZA.mJ0fVeRzEW6L2xo4EN9",
          "get_DefaultValue",
          "SjPCQh4p7230VL0hDP9",
          "family",
          "dANQ47JLGI",
          "LFyM9Cq08m",
          "oya~'",
          "N6U3uHZzpsPpYFUYj7Q",
          "BasicTypeFinderImpl",
          "r51pThsUyaS2TBGgse5",
          "RUuNbLQbNG",
          "GetMembers",
          "m_5c4d490718ce4bff99fae4e2b2a6b92d",
          "Unknown",
          "WriteObjectContent",
          "RoS6P5K1qC",
          "mapValueFormat",
          "V8i7ns0atLAf7wuQPmj",
          "U2JYCGOF9D",
          "DefineLabel",
          "DebuggingModes",
          "RpNauGjSxv",
          "nlNC3HXuo5",
          "DataContractSerialier",
          "mJIG08DUG",
          "get_CurrentDomain",
          "'pHYi5v0jGD8XPX2sEch.tfUE3Q0CqklyM74lwKU",
          "StringBuilder",
          "P8a~'",
          "FromDurationSeconds",
          "lKXpDgsfYn",
          "oCl71mj7de",
          "JdkVMHWyIg",
          "m_fe5d01cdfd264d62a7eae417080d8fd0",
          "Value ",
          "Multi-dimension arrays are supported",
          "Repeated data (a list, collection, etc) has inbuilt behaviour and cannot use a surrogate",
          "xZwkOETbo1",
          "Ldc_I4_0",
          "Cannot apply changes to property ",
          "O3Few2rgfg",
          "J2mRl0om2y",
          "W @d@'a~'",
          "RBplqvNtIV",
          "get_OriginalString",
          "EmitBoxedSerializer",
          "FRPmIEC8DR",
          "SignedVariant",
          "set_IsMap",
          "N3rXVOm9uaRlurA02Wo",
          "context",
          "H00lNLPKxK",
          "IDictionary`2",
          "oY1tb3SWpAaWeSEO8wg",
          "iPcTTgtqvjXof9rO5RY",
          "members",
          "get_FullName",
          "bTkmaeFvvg",
          "set_AutoAddProtoContractTypesOnly",
          "xrejy3SLds",
          "asuri5XXo",
          "WOIMnwQOha",
          "knownTypeName",
          " callbacks on ",
          "constructType",
          "' is not allowed",
          "sWEsJA0Y4E",
          "XMBajAkFOM",
          "lpAddress",
          "LoadReaderWriter",
          "FormatException",
          "L276sOH9yB",
          "Gsjja9X6RC",
          "K0K@KUK}K",
          "get_Model",
          "op_Subtraction",
          "KyEZZYFAsw",
          "GetBytes",
          "[(a~'",
          "tB0lyrhy6g",
          "MT74Pa2to3",
          "#GUID",
          "set_UseConstructor",
          "`TrtO",
          "MatchPredicate",
          "jNAic1tbJmaJOPmpo45",
          "ResolveEventArgs",
          "SByte",
          "_CorDllMain",
          "lM6gE8KAj7PKRnAd7b5",
          "sRlp8qtgndXtENQHo8r",
          "chromium",
          "AddSubType",
          "cIDS7RXDNX",
          "Ldc_I4_M1",
          "Newobj",
          "System.Net.Sockets",
          "GgUsmk9qdI",
          "System.Runtime.Serialization",
          "TagIsPinned",
          "v4bo7slVj6",
          "value64",
          "eIrKVUaHDIThVjfOaGd",
          "Open ",
          "'SjPCQh4p7230VL0hDP9.g4rBeb4sYKtiK2qB0Ja",
          "EOxaaYqElP",
          "GetShadowSetter",
          "set_Length",
          "OPTIONS_IgnoreListHandling",
          "zIYpgQgKhi",
          "CreateFormatter",
          "AssemblyCompanyName",
          "VnoRBVMQTt",
          "ifn8rXssqXGK5CA1c68",
          "'uMN9EYjf9slVYODB8Ua.OVB6R7jKBWocXCFxKRw",
          "VL8eeWZHWC",
          "WriteType",
          "dt7QnPSkQi",
          "NooTlbnhwY",
          ">k__BackingField",
          "LwqKGVZANe34JZuNUoV",
          " b;&\"e }",
          "SwX0uyKB63",
          "BaseType",
          "aDg7yeXk3C",
          "D66EWEHhy8",
          "MAK39o4oBf",
          "c \"tU^a~'",
          "AllFields",
          "DataContractSerializerOperationBehavior",
          "GetInterfaces",
          "TryReadLengthPrefix",
          "x4`@zF#<",
          "FieldExistingObjectKey",
          "TypeBuilder",
          "System.Collections.IEnumerable.GetEnumerator",
          "get_AutoAddMissingTypes",
          "rPYTAmX8ih",
          "inherit",
          "a3Wx#qT",
          "metadataVersion",
          "ProtoBuf.ProtoMapAttribute",
          "get_Days",
          "uBmZoQquJk",
          "GetExportedTypes",
          "Sgc3btqfiy",
          "xDPn9lSzys4bdorUFdd",
          "afterDeserialize",
          "x38B8ZJlm6LS7298iMk",
          "AssemblyProductName",
          "<bM T",
          "mlSxOVRYpYgZmJ33ufe",
          "EtNLwoBpVZOiGOYMNqc",
          "eeGg7T5T2djK8KIYXD",
          "Eyx34Tt1Ne",
          "'DtBHlKjF9VK2WpdDC7e.V4k5AYCzpP4TQrvuRNY",
          "LoadArrayValue",
          "RPuocYKL86kskCpJJU9",
          "JMSnIvsu9S4kTJsCjMw",
          "cd5BsKjkA7",
          "nvPOyWQBmIDcTnEIKWx",
          "ltbNeEdDghNhT4P85My",
          "set_AutoCompile",
          "GetFromPool",
          "O}G0H",
          "Compare",
          "Intern",
          "t3vkgsyVSn",
          "QueueUserWorkItem",
          "No extension object available; appended data would be lost.",
          "Invalid factory signature in ",
          "float",
          "rj1R7n1fUg",
          "NfoCLEbBLb",
          "WgnjDRNDpY",
          "get_AllowParseableTypes",
          "ToArray",
          "value",
          "XmlObjectSerializer",
          "SIeVl75KT1",
          "Kfs624v57b",
          "gxpZnOUpog",
          "eYUpufGHox",
          "get_IncludeSerializerMethod",
          "XEFj1l0dlK",
          "dt5Bj4xD1nPgBUYUafi",
          "TwosComplement",
          "ynejJmfEW1",
          "YbImYh9JRr",
          "WPUYN9pA1s",
          "System.Xml.Serialization.XmlElementAttribute",
          "Unexpected wire-type: ",
          "Ay36FxKS2y",
          "NHTAV4SaRB",
          "EmfQQRqCeJ",
          "x7vjNJLN2C",
          "uLvVVfBJBt",
          "dM9WMW23PHNn0hEJWVt",
          "iQW6QNOtx",
          "Feg06xtUBB",
          "IExtensionResettable",
          "Location",
          "VHDCRfDr5e",
          "ProtoBuf.Serializers.IProtoTypeSerializer.CreateInstance",
          "TagDecorator",
          "xdo4D",
          "get_LongPosition",
          "b4oWkV0T0olshsdvV9x",
          "CustomAttributeBuilder",
          "o2o73cSFN3",
          "GetFileName",
          "]vMa~'",
          "oiTCOb2VGWuePc09vMy",
          "OSXeSNSpWf",
          "'YnONf8RiWdgeSFvZMqs.cphWvERncSxLQCKMBCI",
          "oMNm4RFAjY",
          "get_TotalSeconds",
          "ProtoBuf.IExtensionResettable.Reset",
          "UseImplicitZeroDefaults cannot be disabled on the default model",
          "ReadUInt64Variant",
          "q2vaL3Ts417hj5BqgiC.qA6DwKTekUcyec8GOYc+ayVfvsY51Qod9jMYtNw+Hhlt18Y1ZSshEeISQeC`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]",
          "useConstructor",
          "XxEpolGl5u",
          "ACZpPqAact",
          "HGgD2URTnSR47wjZ3I6",
          "ProtoBuf.Serializers.ISerializerProxy.get_Serializer",
          "BKaZdkqg5i",
          "serviceEndpoint",
          "AppendLine",
          "SocketType",
          "IndexOfString",
          "bow6eHE0Kj",
          "Packed",
          "set_AssemblyCompanyName",
          "assembly",
          "fiaTGgogqV",
          "get_ReturnType",
          "op_Explicit",
          "set_UseMachineKeyStore",
          "Ldc_I4",
          "hIA03H4hEP",
          "97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A",
          "i1QoDu4GvK",
          "fuWYeW7YW5",
          "p2Hgsx2xl2yIZokVVcK",
          "BeginExceptionBlock",
          "X13pVFmGRW",
          "oSJQuSrYTb",
          "flushLock",
          ".ctor",
          "Base128",
          "ShouldSerialize",
          "implicitMode",
          "get_Connected",
          "U6gYjfx9ecvbPIfnrqt",
          "HashAlgorithm",
          "Beq_S",
          "ProtoReader",
          "set_ImplicitFirstTag",
          "set_ConstructType",
          "ToInt32",
          "Replace",
          "user32.dll",
          "RQiCNJR3Jl",
          "ThreadStart",
          "GetWriterMethod",
          "AsReferenceHasValue",
          "set_AssemblyVersion",
          ".bcl.Guid",
          "WriteInt16",
          "Ldnull",
          "VQgEMwIAji",
          "gAbEbeACtM",
          "OPTIONS_AllowParseableTypes",
          "get_TargetFrameworkName",
          "bvns1N33b8",
          "TimeSpan was unexpectedly too big for DiscriminatedUnion64Object",
          "o9PMlqU50M",
          "'dEwDb66ZldgilLjOhDF.Av8JFP6Q5M8u9hLuTLE",
          "ct5lt8XvNU",
          "Multiple enums with wire-value ",
          "CheckDictionaryAccessors",
          "noAutoCreate",
          "Stack",
          "yZoIdPJNnG5M6RQVX9F",
          "isStatic",
          "Format",
          "set_IsRequired",
          "VSlW30W3LJ",
          "FieldAttributes",
          "ProtoBehaviorAttribute",
          "DyPYiYQUuY",
          "<Type>k__BackingField",
          "N1yvfjKojpc3INIfp4R",
          "k68Z0iU9gN",
          "e3lDxhdN9iRLVtNny8m",
          "MaxByteArraySize",
          "get_UseConstructor",
          "NullDecorator only supports implementations that return values",
          "QXf7864jEF",
          "ProtoBuf.Serializers.IProtoTypeSerializer.EmitCallback",
          "isPublic",
          "RawValue",
          "System.Xml",
          "lpBaseAddress",
          "Unexpected end-group in source data; this usually means the source data is corrupt",
          "Buffer",
          "axKTKDXXNR",
          "YlcAt4DdoZ",
          "MQAZNQTxVC",
          "get_ValueFormat",
          "hG7lEDpwcC",
          "GetArrayRank",
          "ux27SC5JTS",
          "WriteBase64",
          "AfterSerialize",
          "tk2oZqMdWEbNM5MLCJI",
          "String",
          "Type not recognised by the model: ",
          "Shutdown",
          "UnhandledExceptionEventArgs",
          "KSM6KZ1Agi",
          "ppNa6P5PK1",
          "m_13cbd7fc7863477cbf03b07bdc895636",
          ")&Ra~'",
          "wFseRpml2t",
          "aAnClR5UnP",
          "GetForegroundWindow",
          "singleton",
          "'DppXCylIfGnFNnXJY5q.N1q6tXlLEZ2N9s1VB08",
          "wAYXkyBSs",
          "ResolveMethod",
          "MXlpKSpaSb",
          "DT73vLXuWN",
          "'U2psuB0AY4euB4msdxw.OY8l210Bel4Tnt8vnnv",
          "TypeName",
          "Switch",
          "EvVFDyRS7xbfJEFRtBR",
          "BjIay8ofMAFgIUBUMtP",
          "ThrowInvalidLength",
          "WiXoRcUfEO",
          "member",
          "get_AssemblyProductName",
          "NoteObject",
          "WriteAttributeString",
          "callbackTypeName",
          "NhO74eK6gGxuK2oB4YG",
          "'id8gPvQsssmvxBlI259.dTSlarQeEonCTV1sVNq",
          "D2dVeedBHlIQg0tdOSC",
          "m_3f21b8cd8654447cb58b4a1fde44c2df",
          "TunCEhkPVv",
          "EwkVqtV7yA",
          "sVMkBckM6H",
          "m_d465918c7d9e4357a1b98ca1de0f5911",
          "Av8JFP6Q5M8u9hLuTLE",
          "System.Runtime.Serialization.DataContractAttribute",
          "Stloc",
          "/ 0!1\"7#8%:&='@(A)B*G+H,J-L.N/Q0X1Y2Z3^5b6d7h8k9m:r;v<w=y>z?{@~A",
          "slOTIehaqg",
          "'pWCW70CBRaFivd66rx0.yiPBi2CoE8xdXMxJrJh",
          "ParameterInfo",
          "zVl(W",
          "gnnfEQ0YkTkkoVFpWg2",
          "zM5eQJu75X",
          "WaitForExit",
          "System.ServiceModel.Description.IOperationBehavior.ApplyClientBehavior",
          "locals",
          "eKXPOA2WTy0XVt5QTPw",
          "OPTIONS_InferTagFromNameDefault",
          "w7JR1jtj9N",
          "g0Sal2td7m",
          "tPo7sN0H46",
          "IProtoTypeSerializer",
          "autoCreate",
          "ToObject",
          "yQgMQ1mq2o",
          "vnjOVWCiS",
          "SSg8ObTa8jLMibrLETF",
          "hXG2mZWK10m8Yt9FcBJ",
          "vairEGdluw2LQCcTvv4",
          "d594YdKz2Co3uWPeXVq",
          "EnableAutoCompile",
          "get_Jpeg",
          "v6O9siBYMY39jFPdPNK",
          "WriteConstructors",
          "E4sjuIy5l8",
          "ProtoBuf.IProtoInput<System.Byte[]>.Deserialize",
          "D696jywsAM",
          "iEKPVWfruOs4UikACO2",
          " cannot be assigned from ",
          "RbTmGAreBJ",
          "SslStream",
          "DeserializeType",
          "OXkCYmYyxq3fdrZOPBM",
          "trimNegative",
          "serializeBody",
          "ReadDecimal",
          "ApplyDefaultBehaviour_AddMembers",
          "Qwg[i",
          "Dy14LRpaWD",
          "M1iaOTqCaa",
          "H7EWD4vkEw",
          "y3Nk6EsH3kcuLbD7Faq",
          "Specified",
          ", but found ",
          "Jf9BxdkJup",
          "F9pYR4oApH",
          "ojmk7Y8y4U",
          "PV3TrmqhY9",
          "ReadByte",
          "xyoIbPxM1OcdH4r9RAv",
          "HtIAU1clCbVqRgl2GSc",
          "AppendToCollection",
          "Convert",
          "NbMMPr0t5N",
          "MetaTypeFinder",
          "Serialize ",
          " // reference-tracked ",
          "get_MainModule",
          "n6Abdqp1JNiK4YUSDV3",
          "RuntimeTypeHandle",
          "n6K3wlC9ym",
          "Xh8A9WTax",
          "basicTypes",
          "isEmpty",
          "KeyFormat",
          "x3IJWXxgowiuovxJKmW",
          "DataFormat",
          "LY1Vefkyo5",
          "get_Behaviors",
          "PvAT1LPv87",
          "NextDouble",
          "rptoqHExvE",
          "GetSchemaTypeName",
          "ReadBoolean",
          "ig9C5DITJc",
          "expectHeader",
          "Int64Msb",
          "WriteStartElement",
          "CopyTo",
          "IFormatProvider",
          "ListItemTag",
          "candidates",
          "SerializationContext",
          "dU2CYfQSyp",
          "<>7__wrap4",
          "ProcessModule",
          "<>3__instance",
          "TimeSpanSerializer",
          "get_InferTagFromNameDefault",
          "IEa7c15NGL",
          "pcrR8aECeF",
          "CreateException",
          "defaultFactory",
          "get_StackTrace",
          "AddRange",
          "UnhandledExceptionEventHandler",
          "m_7a4510d20fbf4d01a08a6170605da6f1",
          "EmptyBlob",
          "G7IuqcNGJEdSRmX00vr",
          "XEC452171J",
          "XZwAFgtHPVISNNYQAkc",
          "module",
          "VZIXy2EFYppeogrKTZA",
          "ytC0SYqyoc",
          "ResolveTupleConstructor",
          "Q8SuO9dzG4yyLIWlSsb",
          "Equals",
          "X509CertificateCollection",
          "System.Diagnostics",
          "get_AssemblyCopyright",
          "WaitOne",
          "EndOfStreamException",
          "MemberInfo",
          " enum is mapped to the wire-value ",
          "FE7WzeHj3B",
          "<>7__wrap2",
          "<DisableMap>k__BackingField",
          "FM3EoDUj8d22AA5UBSD",
          "OPTIONS_UseProtoMembersOnly",
          "TDictionary",
          "AddBindingParameters",
          "bOBYoufFe0",
          "EtkaIM7WKR",
          "c b~]Ia~'",
          "OutputPath",
          "get_IsGroup",
          "WF8HpGdArcwY4OtvXZl",
          "L2JjMJrGEM",
          "RM sl^",
          "CharSerializer",
          "VZZoLV93n7",
          "Stelem_Ref",
          "Dqua9yHWDl",
          "Stfld",
          "lBEs5wrA9D",
          "SelectMode",
          "xcbnU8f6iEuTvni47Xc",
          "XcDerAR1n4",
          "pLrpSlZlaS",
          "forced",
          "inferByTagName",
          "get_Operations",
          "get_RequireAdd",
          "CompilerContext",
          "TimeoutException",
          "System.Runtime.InteropServices",
          "DybWY6xd8F",
          "ProtoSerializer",
          "InvokeCallback",
          "Cannot begin a sub-item while performing packed encoding",
          "GetUnderlyingType",
          "Default",
          "measured"
        ],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 8,
        "cape_type": "Unpacked PE Image: 32-bit DLL",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "process_name": "87053d0ad81ac3367ef5.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "virtual_address": "0x07C40000"
      },
      {
        "name": "50fe3f888e158345bc5992769fb1750cf4848e0ba78d6263e877c9d6e10156de",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/50fe3f888e158345bc5992769fb1750cf4848e0ba78d6263e877c9d6e10156de",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?0x02C10000;?",
        "size": 3004,
        "crc32": "9F6CDDEB",
        "md5": "f3c26701cbba5809208589a5a19bd703",
        "sha1": "c46017fe81f16094ece8a082a270d3de3ae0343d",
        "sha256": "50fe3f888e158345bc5992769fb1750cf4848e0ba78d6263e877c9d6e10156de",
        "sha512": "35462036776b309a087c2206e477eddfacd5d37467a0687472c8ee4dffaf5022fff63f0048b48a0ccfdeb050827615c791091ca4c7ab9aa396f86042a97785d3",
        "rh_hash": null,
        "ssdeep": "12:GTcE+fGLJvldRM8oClsUtliC9mOrYY7EHN17K/tJz+F/dA:oDV2bpUtPmOrYqEHn7K/tJzKS",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1C351C2A6EEC2E720D80D1579EDE5030A33AF85C82AE35713C81D6E11DE821A91CE1E65",
        "sha3_384": "d1ce827122706915c0ad4ec99381a0c833fadd08c2f6a5d7cee7bd9113b5ec7a6b2329bdfc7618c8aff50b17c267c16f",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "0PUPp"
        ],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "process_name": "87053d0ad81ac3367ef5.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "virtual_address": "0x02C10000"
      },
      {
        "name": "e66aa3ffd9975b12e03c7c6a8ea5c1398308af843513323665f4e5b3db8ebcb4",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/e66aa3ffd9975b12e03c7c6a8ea5c1398308af843513323665f4e5b3db8ebcb4",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?0x07B30000;?",
        "size": 8190,
        "crc32": "205975BD",
        "md5": "0e5dc10c38b7d8abedab9e92b69187a5",
        "sha1": "3ded775dfa2af8c85a2c9cc0f24d61191633f702",
        "sha256": "e66aa3ffd9975b12e03c7c6a8ea5c1398308af843513323665f4e5b3db8ebcb4",
        "sha512": "362285d42845f7cbe8de729efb011d73aa1f20ee9b228170f164f34f263f8cb3a310082c70fa21e5bf1394d8a9f00d459438442b8861ca79c0a948ef94a51df3",
        "rh_hash": null,
        "ssdeep": "48:jAvc6leevKtqLxXqYTvHvR4Ls2NhgC0aK3ICHMcZoDRHQby:sc6fvKtqLzTHs5rgCtmICscG1wW",
        "type": "OpenPGP Public Key",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T174F17356FA0C7349C03D5B3040EE9F219324D7BD9229424B11060B83BF6A1F0AB12FCD",
        "sha3_384": "61c4386cd8285a5145506464822735deedacd79b801b38fa94dddcf722eac74687b27dcb2001066404ccf086962766be",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "jZqx4",
          "sp|Cs"
        ],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "process_name": "87053d0ad81ac3367ef5.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "virtual_address": "0x07B30000"
      },
      {
        "name": "7c809991dd355a53f3f02e58c0ffe5903c66c945349b5c3e59c43dda69a13c11",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/7c809991dd355a53f3f02e58c0ffe5903c66c945349b5c3e59c43dda69a13c11",
        "guest_paths": "9;?C:\\Windows\\System32\\backgroundTaskHost.exe;?C:\\Windows\\System32\\backgroundTaskHost.exe;?0x00007FF9038E0000;?",
        "size": 9896,
        "crc32": "CEE430E1",
        "md5": "acdfa25c5904a6b2a9c11c9173b3dcc5",
        "sha1": "0b3ff7f6bbd1864ce81cb03fd0018788ce0baf38",
        "sha256": "7c809991dd355a53f3f02e58c0ffe5903c66c945349b5c3e59c43dda69a13c11",
        "sha512": "04de92c1102936d3cb5cb56b013eb85147c805491918b512a58eae56251526b1d90af71e8b0572b5a351897311509e82499bcca576364fc3be85a870f2de6bb6",
        "rh_hash": null,
        "ssdeep": "192:29FM45FFHTr7fLij0EckFWJ/PeewvFhMPLJLtr:29u45FFHTr7fej0EckIJuzM9Br",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T145120F72A5ACC04DDC52913D9BC28CBF81E0B5A58B3D56C79011F21E671FFA161BB1C2",
        "sha3_384": "79adec44d94b7becfeb20df3fd82c06e2c5951aa7416aeb78d3c303f12b85172d7ccbed2f2b3fec4b96e66d33ea71ac2",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "UAWAVAUWVSH",
          "0[^_A]A^A_]",
          "@[^_A]A^A_]",
          "u+L;P"
        ],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
        "process_name": "backgroundTaskHost.exe",
        "module_path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
        "pid": 1872,
        "virtual_address": "0x00007FF9038E0000"
      },
      {
        "name": "523d7fd0e4727844fceb01575c54418f4730a5f46d0937e4a4dbb5366f0e25f8",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/523d7fd0e4727844fceb01575c54418f4730a5f46d0937e4a4dbb5366f0e25f8",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?0x02CB0000;?",
        "size": 21,
        "crc32": "AA67450B",
        "md5": "06a814be02f984a8a16a3b0dedea9e56",
        "sha1": "83a321678a4c689b6597cb95eb603de5d3f75244",
        "sha256": "523d7fd0e4727844fceb01575c54418f4730a5f46d0937e4a4dbb5366f0e25f8",
        "sha512": "2b22a4b70fc6657fd6d8b63a344e435d0d51f7238176312f13b59f2833736f9e5ac0b97c75e4709028a4376a4eac81dd55b98abfc3c44526720c0da9b2725849",
        "rh_hash": null,
        "ssdeep": "3:l0ln6n:mA",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": null,
        "sha3_384": "c43cbd5e84f892da521417cc15a087f942c2d2b9dfbf011dd56257e0e8aff6f319fa00c0000e84953f6001938963f446",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "process_name": "87053d0ad81ac3367ef5.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "virtual_address": "0x02CB0000"
      },
      {
        "name": "75f7129dc6c1a1f9f5f0138a37dd7b51769c7f3d4a39cc0880a7c857721a4e73",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/75f7129dc6c1a1f9f5f0138a37dd7b51769c7f3d4a39cc0880a7c857721a4e73",
        "guest_paths": "9;?C:\\Windows\\explorer.exe;?C:\\Windows\\explorer.exe;?0x0000000002B60000;?",
        "size": 309,
        "crc32": "1CE34DBC",
        "md5": "50344a164bd39dbaa1fecfa9023a84bc",
        "sha1": "5f57bceff4d63c5f1c22416ddf8b8e58f1be4a50",
        "sha256": "75f7129dc6c1a1f9f5f0138a37dd7b51769c7f3d4a39cc0880a7c857721a4e73",
        "sha512": "3220faf40de632ef54e146b0d3f6eca936dfe4ca4fd3e4fc5504b124a981d8ff5d75b9d8a3ac591510ee5a087367ee26eade50d764453ce4a8e130dba8346be1",
        "rh_hash": null,
        "ssdeep": "6:opvWrRd+mQ8U7XS5cppZssYjkEsPMf5lFora9PKIdEmc8vUQtPb5ojdnl5:opurvBqjp7ssXDkf7FoOKmc8vpPO5nl5",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T139E07D2F0D1520C7712D533D9C57084E35D9B613A315224349C456E0C9735EBECBCC15",
        "sha3_384": "7647dd29a6185455b0a701ff50e634353bab5398dcc887f2a6417b00a98e0edde592fe2f86ee6f58341727021929893f",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "@SUVH",
          "C:\\bx_3000n\\dll\\KWXNIGCf.dll"
        ],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Windows\\explorer.exe",
        "process_name": "explorer.exe",
        "module_path": "C:\\Windows\\explorer.exe",
        "pid": 4524,
        "virtual_address": "0x0000000002B60000"
      },
      {
        "name": "1c29368399684906f0e8f70815a33e8453a2bd2a8362cdcfd720393e5798d252",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/1c29368399684906f0e8f70815a33e8453a2bd2a8362cdcfd720393e5798d252",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe;?0x7F860000;?",
        "size": 60,
        "crc32": "F12DB374",
        "md5": "34da0b45cac072918ad6f0837741cc2d",
        "sha1": "3a2ac54b741f6d047903d6ca229855a394329379",
        "sha256": "1c29368399684906f0e8f70815a33e8453a2bd2a8362cdcfd720393e5798d252",
        "sha512": "a876c812aef8914f6e365d1f2b3d25216a743f29acfd3b56be4d5da695b7f021d5fb5333348b248da833dbe3dc9488277909d9e33aa9dd39a0da3170a830c1f9",
        "rh_hash": null,
        "ssdeep": "3:Uaql/stnyzNkfZCeTFXuP8VYE:UF/sVyhkfZCSYE",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T166A0025B120AE0B3CC4192B15584D6028340A845E416AA113F009B50BF5A10D4586332",
        "sha3_384": "8a6eb8562faf4bbb3869d78de3bc428e1769c6ea1741e3aeda46d27fff05d98236752e0146bdab984ec1c54ee9fcf78e",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "process_name": "87053d0ad81ac3367ef5.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "virtual_address": "0x7F860000"
      },
      {
        "name": "07c22227e862bed1e988bacdd788ae7cf4de30cf2072325898321cb66d96a71a",
        "path": "/opt/CAPEv2/storage/analyses/9/CAPE/07c22227e862bed1e988bacdd788ae7cf4de30cf2072325898321cb66d96a71a",
        "guest_paths": "9;?C:\\Windows\\System32\\backgroundTaskHost.exe;?C:\\Windows\\System32\\backgroundTaskHost.exe;?0x00007FF9042A0000;?",
        "size": 52942,
        "crc32": "B238ECB3",
        "md5": "1df4b11dbf8d26f61013e434ce44b124",
        "sha1": "1a435087f0576126e51e04aa54e2d9f86dac59a8",
        "sha256": "07c22227e862bed1e988bacdd788ae7cf4de30cf2072325898321cb66d96a71a",
        "sha512": "af96b8736ade3d8e94e8fe3479965f8d9b87267cc2dc71383b85f800729f8247e940fb100e0d3c0bdb9cf8acc00fc4ad4d6152dc404d668c8a775a7a4722c9b4",
        "rh_hash": null,
        "ssdeep": "384:ba9iENxLNqt3sa7Mot0hl6h/BPDw5R4dR6BGioX39BdldOCwxWzAcW8ne0acmUzt:yNxLMKa7r0z6h/BGR4do8lpzAeneyJ",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1B633D55E06E5102E5156C834EC30ADFFDAAE5F90777F868CD0ADA0D95FAF28031A452B",
        "sha3_384": "f71bdf493c6c67a4da206d23e3e34210c5d6c75776e3404f9f9153de54ce32163188a3ebbef72709a163d6dec7264da6",
        "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
        "process_name": "backgroundTaskHost.exe",
        "module_path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
        "pid": 1872,
        "virtual_address": "0x00007FF9042A0000"
      }
    ],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-03-05 13:22:51",
    "ended": "2026-03-05 13:27:34",
    "duration": 283,
    "id": 9,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 13,
      "status": "stopping",
      "name": "win10x64",
      "label": "win10x64",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-03-05 13:22:51",
      "shutdown_on": "2026-03-05 13:27:33"
    },
    "package": "exe",
    "timeout": true,
    "tlp": null,
    "parent_sample": null,
    "options": {},
    "source_url": null,
    "route": "",
    "user_id": 0,
    "CAPE_current_commit": "a9a0887dab232f52c59e955b9984dd494c47ce6b"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 4920,
        "process_name": "87053d0ad81ac3367ef5.exe",
        "parent_id": 5552,
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "first_seen": "2026-03-05 10:23:41,306",
        "calls": [
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c46176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace9b0"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "3380",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "3380",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73caed49",
            "parentcaller": "0x73c9dccc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\"
              },
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryInfoKeyW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75aceb00"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73cae980",
            "parentcaller": "0x73caed5c",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "5"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "9"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acead0"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73cae9f7",
            "parentcaller": "0x73caed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "v4.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73cae9f7",
            "parentcaller": "0x73caed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "v2.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v2.0"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73cae9f7",
            "parentcaller": "0x73caed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "Upgrades"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\Upgrades"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73cae9f7",
            "parentcaller": "0x73caed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "standards"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73cae9f7",
            "parentcaller": "0x73caed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "AppPatch"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73caedb8",
            "parentcaller": "0x73c9dccc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000230"
              },
              {
                "name": "SubKey",
                "value": "v4.0"
              },
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73caeb88",
            "parentcaller": "0x73caedde",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "1"
              },
              {
                "name": "MaxValueNameLength",
                "value": "5"
              },
              {
                "name": "MaxValueLength",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75aceba0"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73caec0a",
            "parentcaller": "0x73caedde",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "30319"
              },
              {
                "name": "Data",
                "value": "30319-30319"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0\\30319"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75aceb20"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x73caee01",
            "parentcaller": "0x73c9dccc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:23:41,666",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x73ca51c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e1c",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace8e0"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73cbec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cdc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e34",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e71",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e7f",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x73cb6667",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f11c18",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x51d5aa91"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d8c32f"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x73cb6677",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73caef8e",
            "parentcaller": "0x73c9dccc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e1c",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e34",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e71",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e7f",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x73cb6667",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f11698",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x51d5aa91"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d8c32f"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x73cb6677",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e1c",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e34",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e71",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x73ca4e7f",
            "parentcaller": "0x73ca52b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5316",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5316",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "628",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "628",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "2600",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "2600",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:23:41,681",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73ca952e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei"
              },
              {
                "name": "DllBase",
                "value": "0x738b0000"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738b89ae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738b89ae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738b8760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738b8760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738b8760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c46176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73ca952e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x738b0000"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73ca952e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x738b0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738b14d0"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCleanupCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "SetShellShimInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "OnShimDllMainCalled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738b9630"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738bfa20"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x738c2143",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738b8d85",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x738b8da2",
            "parentcaller": "0x738b924a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x738b8de3",
            "parentcaller": "0x738b924a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x738b8df4",
            "parentcaller": "0x738b924a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x738b162d",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f11c98",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc87fbef5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:23:41,712",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:23:41,728",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:23:41,728",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:23:41,728",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:23:41,728",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:23:41,728",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738b7007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738b7007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x738b5ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738c1a39",
            "parentcaller": "0x738b6701",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738c1a7f",
            "parentcaller": "0x738b6701",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c46176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x774e0000"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x774e0000"
              },
              {
                "name": "FunctionName",
                "value": "UrlIsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x774f43a0"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738c0224",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738c024d",
            "parentcaller": "0x738c0350",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyV2RuntimeActivationPolicyDefaultValue"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b760b",
            "parentcaller": "0x738c02b6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738c0224",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738c024d",
            "parentcaller": "0x738c0350",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "OnlyUseLatestCLR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b760b",
            "parentcaller": "0x738c02b6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c5081d",
            "parentcaller": "0x738e4737",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00@\t\\x00\\x00\\x00\\x00\\x00\\x00<\t\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c40e58",
            "parentcaller": "0x75c40abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4f16b",
            "parentcaller": "0x738e3dc6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04540000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbee6c"
              },
              {
                "name": "ViewSize",
                "value": "0x00094000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738f863e",
            "parentcaller": "0x738f740f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738e3e96",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c50c75",
            "parentcaller": "0x738e3ec1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04540000"
              },
              {
                "name": "RegionSize",
                "value": "0x00094000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738e3ee4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c5081d",
            "parentcaller": "0x738e4737",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00@\t\\x00\\x00\\x00\\x00\\x00\\x00<\t\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c40e58",
            "parentcaller": "0x75c40abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4f16b",
            "parentcaller": "0x738e3dc6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04540000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbee6c"
              },
              {
                "name": "ViewSize",
                "value": "0x00094000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738f863e",
            "parentcaller": "0x738f740f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738e3e96",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c50c75",
            "parentcaller": "0x738e3ec1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04540000"
              },
              {
                "name": "RegionSize",
                "value": "0x00094000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738e3ee4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738cfc7b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000006",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000000"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738cfc7b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738cfa9a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000230"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x738c509d",
            "parentcaller": "0x738c98ef",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:23:41,744",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bdd47",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x74d40000"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bdd47",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d40000"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bdd47",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74d40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43a00"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43d80"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43db0"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackagePath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43dd0"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c40848",
            "parentcaller": "0x738bdb51",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acea30"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c43cc4",
            "parentcaller": "0x738bdbb9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace690"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x738bdc0a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738bdc40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738bdc62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738b7f73",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7fa5",
            "parentcaller": "0x738b8014",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "NoClientChecks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7fd5",
            "parentcaller": "0x738b8014",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738b7a76",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7a31",
            "parentcaller": "0x738b7c6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000240"
              },
              {
                "name": "SubKey",
                "value": "default"
              },
              {
                "name": "Handle",
                "value": "0x00000244"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\default"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7c96",
            "parentcaller": "0x738b80d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x738b7cf1",
            "parentcaller": "0x738b80d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:23:41,759",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c46176",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\VERSION"
              },
              {
                "name": "DllBase",
                "value": "0x74f50000"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:23:41,775",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c46176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74f50000"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:23:41,775",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74f50000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74f515c0"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:23:41,775",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x738c080a",
            "parentcaller": "0x738bda39",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x0000083c",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74f50000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74f515e0"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x738c082b",
            "parentcaller": "0x738bda39",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74f50000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74f51560"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x738c233d",
            "parentcaller": "0x738c22cf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x738c2376",
            "parentcaller": "0x738c22cf",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "Release"
              },
              {
                "name": "Data",
                "value": "528372"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x738cc537",
            "parentcaller": "0x738c22cf",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x738bd044",
            "parentcaller": "0x738bcfd3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:23:41,791",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738b7007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:23:41,806",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ucrtbase_clr0400"
              },
              {
                "name": "DllBase",
                "value": "0x72fb0000"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:23:41,822",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\VCRUNTIME140_CLR0400"
              },
              {
                "name": "DllBase",
                "value": "0x73c70000"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:23:41,884",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr"
              },
              {
                "name": "DllBase",
                "value": "0x73060000"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:23:42,103",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73049eae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73049eae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73036aae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73036aae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73036aae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73c74906",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x73c74906",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73060000"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73060000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73060000"
              },
              {
                "name": "FunctionName",
                "value": "SetRuntimeInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x731e5f00"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c46176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "USER32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x769c0000"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a017d0"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a018c0"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:23:42,119",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x738bce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73935000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:23:42,134",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73060000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x731ec210"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x73152659",
            "parentcaller": "0x731ec000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x7319c9c7",
            "parentcaller": "0x7307a6a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x7319ca12",
            "parentcaller": "0x7307a6a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x7319ca45",
            "parentcaller": "0x7307a6a4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "DisableConfigCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x7319ca60",
            "parentcaller": "0x7307a6a4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x731e5535",
            "parentcaller": "0x731a6612",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x731e5535",
            "parentcaller": "0x731a6612",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x731e557c",
            "parentcaller": "0x731a6612",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x731e557c",
            "parentcaller": "0x731a6612",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731e6252",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-quirks-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731e6252",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75b30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-quirks-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "QuirkIsEnabled3"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c29950"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "QuirkGetData2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c90910"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731e66e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d40000"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731e66e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74d40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43a00"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43d80"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43db0"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74d40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackagePath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74d43dd0"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c40848",
            "parentcaller": "0x731e64f3",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731e655b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731e65ac",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731e65e6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:23:42,166",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731e6608",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731eac50",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "AcquireSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77972410"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779725b0"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731d34ae",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ce3150"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73c90000"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73c90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c90000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73ca1af0"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738b96a0"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x75c4249c",
            "parentcaller": "0x738b1df9",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000230"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:23:42,181",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4249c",
            "parentcaller": "0x738b1df9",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000230"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "roup name=\"system.runtime.caching\" type=\"System.Runtime.Caching.Configuration.CachingSectionGroup, System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\">\r\n            <section name=\"memoryCache\" type=\"System.Runtime.Cac"
              },
              {
                "name": "Length",
                "value": "22306"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x738c00b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731eadf2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNumaHighestNodeNumber"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760898f0"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c5e29a",
            "parentcaller": "0x731eae21",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "55"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x731e3282",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73070000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4f231",
            "parentcaller": "0x731d34ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FlsSetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760911e0"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608e770"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FlsAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091e20"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FlsFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092050"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731524f7",
            "parentcaller": "0x731e349d",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x7796007d",
            "parentcaller": "0x75c4648d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c40c1f",
            "parentcaller": "0x731d2ca3",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x731e3282",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73070000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x01000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x77960669",
            "parentcaller": "0x7796015b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 3,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731e01ba",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731e02a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x730bc1fb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\fusion.localgac"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731e6ba3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e6bcf",
            "parentcaller": "0x731e6d89",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "ValueName",
                "value": "CacheLocation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e6bec",
            "parentcaller": "0x731e6d89",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e6e1b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemWindowsDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089500"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731ea9b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731ea9ed",
            "parentcaller": "0x731e031c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "ValueName",
                "value": "DownloadCacheQuotaInKB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731eaa1b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731eaa3d",
            "parentcaller": "0x731e031c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e032f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "EnableLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e0348",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "LoggingLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e0360",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "ForceLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e0378",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "LogFailures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e0390",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "LogResourceBinds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e040e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "FileInUseRetryAttempts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e0430",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "FileInUseMillisecondsBetweenRetries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e0493",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyIdentityFormat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e04b1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "DisableMSIPeek"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e04e4",
            "parentcaller": "0x731d21ca",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731d3cbe",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              },
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731d3cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "ValueName",
                "value": "DevOverrideEnable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x731d3cf9",
            "parentcaller": "0x731e0537",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e1faa",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf090"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c40848",
            "parentcaller": "0x731d3e8b",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acea30"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731d3ec4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace690"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731d3f02",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731d3f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0c\\x0f\\xf2\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d3f68",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d3f7d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf2d0"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf170"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acfc70"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c40e58",
            "parentcaller": "0x75c40abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000264"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Cor_Private_IPCBlock_v4_4920"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4f16b",
            "parentcaller": "0x731e383f",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000264"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ee0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbf278"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e1faa",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf090"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c40848",
            "parentcaller": "0x731d3e8b",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acea30"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731d3ec4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace690"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731d3f02",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731d3f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\x0e\\xf2\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d3f68",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d3f7d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731e7620",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731e7620",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\combase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "RoInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7677f780"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf2d0"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf170"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acfc70"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e2421",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "AddSIDToBoundaryDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089830"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateBoundaryDescriptorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089710"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreatePrivateNamespaceW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760895c0"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "OpenPrivateNamespaceW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760899d0"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x77960669",
            "parentcaller": "0x7796015b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 3,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e1faa",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf090"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c40848",
            "parentcaller": "0x731d3e8b",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000268"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acea30"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731d3ec4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000268"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace690"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731d3f02",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731d3f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0c\r\\xf2\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d3f68",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d3f7d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf2d0"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf170"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acfc70"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c40e58",
            "parentcaller": "0x75c40abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000268"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4f16b",
            "parentcaller": "0x731e2831",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000268"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01140000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbf278"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731d413b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteBoundaryDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760897d0"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01150000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:23:42,197",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01150000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:23:42,212",
            "thread_id": "5380",
            "caller": "0x76091e6a",
            "parentcaller": "0x731e649a",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:23:42,212",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731e48bb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0"
              },
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:23:42,212",
            "thread_id": "5380",
            "caller": "0x731e490f",
            "parentcaller": "0x73159a16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "ValueName",
                "value": "OptimizeUsedBinaries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:23:42,259",
            "thread_id": "5380",
            "caller": "0x731fda2c",
            "parentcaller": "0x735e9705",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:23:42,259",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\87053d0ad81ac3367ef5.exe.log"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:23:42,259",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f2d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01151000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e5c5a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "WerRegisterRuntimeExceptionModule"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089810"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c5c6fe",
            "parentcaller": "0x75c45f8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04540000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c41137",
            "parentcaller": "0x75c5d521",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c457c5",
            "parentcaller": "0x75c2cd8f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c45736",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c5c6fe",
            "parentcaller": "0x75c458a4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04550000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c45900",
            "parentcaller": "0x75c458e0",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x731e09fa",
            "parentcaller": "0x731e0a30",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x05550000",
            "arguments": [
              {
                "name": "Options",
                "value": "0"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x731e09fa",
            "parentcaller": "0x731e0a45",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x04570000",
            "arguments": [
              {
                "name": "Options",
                "value": "262144"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f2f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e8555",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "RaiseException"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760905b0"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x731e87fe",
            "parentcaller": "0x731e8844",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c41137",
            "parentcaller": "0x75c4088e",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:23:42,275",
            "thread_id": "5380",
            "caller": "0x75c45900",
            "parentcaller": "0x731d49dc",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000270"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x731eb510"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5908"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000270",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x731eb510"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5908"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c5d303",
            "parentcaller": "0x731eb4e2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000270"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5908"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x731e8887",
            "parentcaller": "0x731e88c7",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x731d24d6",
            "parentcaller": "0x731d126a",
            "category": "hooking",
            "api": "RtlAddVectoredExceptionHandler",
            "status": true,
            "return": "0x00f20ba8",
            "arguments": [
              {
                "name": "First",
                "value": "1"
              },
              {
                "name": "Handler",
                "value": "0x7320b550"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731d4a20",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c90000"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c90000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "24"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73ca4420"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x738b0000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "24"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738be3f0"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x738bc6f8",
            "parentcaller": "0x738bc799",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x739036d0"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c51454",
            "parentcaller": "0x7311f41f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002ac"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x7311f45f",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c40c1f",
            "parentcaller": "0x731d2ca3",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e8cba",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-memory-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e8ccb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-libraryloader-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x731e8ce9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "SetSystemFileCacheSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ce5890"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtSetSystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a4530"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "PrivIsDllSynchronizationHeld"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5908",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c44500"
              }
            ],
            "repeated": 2,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5908",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5908",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5908",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731fd841",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731fd887",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c41446",
            "parentcaller": "0x731fd90a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\r\\xf2\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x731fd984",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x7321cbf5",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:23:42,322",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ce3150"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x73212cd6",
            "parentcaller": "0x731d5110",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "46"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c55e92",
            "parentcaller": "0x75c55e55",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05560000"
              },
              {
                "name": "RegionSize",
                "value": "0x02000000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07560000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a0000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x75c2e4c2",
            "parentcaller": "0x731d52f3",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\LowMemoryCondition"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:23:42,337",
            "thread_id": "5380",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x00f3ec08"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "216"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000002c0",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00f3ec08"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "216"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002c0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "216"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x75c45900",
            "parentcaller": "0x731784b3",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5237",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing"
              },
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "EntityFramework, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\EntityFramework, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "EntityFramework.PowerShell, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\EntityFramework.PowerShell, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "EntityFramework.PowerShell.Utility, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\EntityFramework.PowerShell.Utility, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.FriendlyUrls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.FriendlyUrls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.Membership.OpenAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.Membership.OpenAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.Mvc.Facebook, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.Mvc.Facebook, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Client, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Client, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Core, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Core, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Owin, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Owin, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Redis, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Redis, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:23:42,384",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.SqlServer, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.SqlServer, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.SystemWeb, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.SystemWeb, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.Web.Optimization.WebForms, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.Web.Optimization.WebForms, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "Microsoft.Owin.Host.HttpListener, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.Owin.Host.HttpListener, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "Microsoft.Owin.Host.SystemWeb, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.Owin.Host.SystemWeb, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "Microsoft.VisualStudio.Web.Mvc.3.0, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.VisualStudio.Web.Mvc.3.0, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "Microsoft.VisualStudio.Web.Mvc.4.0, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.VisualStudio.Web.Mvc.4.0, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": "Microsoft.Web.WebPages.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.Web.WebPages.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "Name",
                "value": "migrate, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\migrate, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "Name",
                "value": "signalr, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\signalr, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "Name",
                "value": "System.Composition.AttributedModel, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.AttributedModel, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "Name",
                "value": "System.Composition.AttributedModel, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.AttributedModel, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "Name",
                "value": "System.Composition.Convention, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Convention, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "Name",
                "value": "System.Composition.Convention, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Convention, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "Name",
                "value": "System.Composition.Hosting, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Hosting, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "Name",
                "value": "System.Composition.Hosting, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Hosting, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "Name",
                "value": "System.Composition.TypedParts, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.TypedParts, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "Name",
                "value": "System.Composition.TypedParts, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.TypedParts, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "Name",
                "value": "System.Net.Http, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Net.Http, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "Name",
                "value": "System.Net.Http.Formatting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Net.Http.Formatting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "Name",
                "value": "System.Net.Http.WebRequest, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Net.Http.WebRequest, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731d5924",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c41446",
            "parentcaller": "0x731d596b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d59ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731d5924",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c41446",
            "parentcaller": "0x731d596b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c4269a",
            "parentcaller": "0x731d59ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c40848",
            "parentcaller": "0x731ea429",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000318"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731ea447",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000318"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c41446",
            "parentcaller": "0x731ea468",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c41446",
            "parentcaller": "0x731ea4a5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x0c\\xf4\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c4269a",
            "parentcaller": "0x731ea516",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c4269a",
            "parentcaller": "0x731ea528",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c43cc4",
            "parentcaller": "0x731ea76d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c41446",
            "parentcaller": "0x731ea7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c41446",
            "parentcaller": "0x731ea830",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x0c\\xf2\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c4269a",
            "parentcaller": "0x731ea880",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "Name",
                "value": "System.Threading.Tasks.Dataflow, Version=4.5.8.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Threading.Tasks.Dataflow, Version=4.5.8.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "Name",
                "value": "System.Threading.Tasks.Dataflow, Version=4.5.9.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Threading.Tasks.Dataflow, Version=4.5.9.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "Name",
                "value": "System.Web.Helpers, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Helpers, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "Name",
                "value": "System.Web.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.OData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.OData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c53ee6",
            "parentcaller": "0x75c40d14",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "EventName",
                "value": "Global\\CPFATE_4920_v4.0.30319"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.Tracing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.Tracing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.WebHost, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.WebHost, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "Name",
                "value": "System.Web.Mvc, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Mvc, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "Name",
                "value": "System.Web.Optimization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Optimization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "Name",
                "value": "System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "Name",
                "value": "System.Web.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages.Administration, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages.Administration, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages.Deployment, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages.Deployment, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "Name",
                "value": "WebMatrix.Data, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\WebMatrix.Data, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "Name",
                "value": "WebMatrix.WebData, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\WebMatrix.WebData, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731e5284",
            "parentcaller": "0x731d262c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x731fda2c",
            "parentcaller": "0x731e53ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:23:42,400",
            "thread_id": "5380",
            "caller": "0x75c4c37b",
            "parentcaller": "0x75c3b41e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:23:42,416",
            "thread_id": "5380",
            "caller": "0x75c4c37b",
            "parentcaller": "0x75c3b41e",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "5380"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x75c633ec"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c4697a",
            "parentcaller": "0x75c46772",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c46bac",
            "parentcaller": "0x75c4678c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c467a0",
            "parentcaller": "0x75c466cd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c4697a",
            "parentcaller": "0x75c46772",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c46bac",
            "parentcaller": "0x75c4678c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c467a0",
            "parentcaller": "0x75c466eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c46bac",
            "parentcaller": "0x75c49581",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000a4"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x75c4961e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c496ea",
            "parentcaller": "0x75c4962f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608e880"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c496ea",
            "parentcaller": "0x75c49640",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760897e0"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c40e58",
            "parentcaller": "0x75c40abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000340"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c4f16b",
            "parentcaller": "0x7608f068",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000344"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07700000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbf1f4"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x7608f079",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x7608f080",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x7608ed98",
            "parentcaller": "0x7608eba1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x7608ec10",
            "parentcaller": "0x7608e9b3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x7608ec10",
            "parentcaller": "0x7608e9b3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000340"
              },
              {
                "name": "ValueName",
                "value": "ru"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x73138f3d",
            "parentcaller": "0x731893e7",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:23:42,509",
            "thread_id": "5380",
            "caller": "0x75c57bae",
            "parentcaller": "0x730d06f2",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c4074f",
            "parentcaller": "0x735ac262",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x730ccb14",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f493c8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x78d26111"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ad0c"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x730bc1fb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c5081d",
            "parentcaller": "0x73110802",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c4249c",
            "parentcaller": "0x73110842",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "Buffer",
                "value": "\\x05\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\r\\x00\\x00\\x00L\\x00\\x00\\x00mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x00\\x07\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x11\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00(M;7\\xde\\xac\\xd5\\x01\\x0f\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xe8\\xabV\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x02\\x00\\x00\\x00\t\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xcdb)\\xd8=b\\x1fM\\xa1y>\\xad9\\x90\\xe3g"
              },
              {
                "name": "Length",
                "value": "176"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x73110868",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c57bae",
            "parentcaller": "0x730cf482",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x730bc1fb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:23:42,556",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll.aux"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:23:42,572",
            "thread_id": "5380",
            "caller": "0x75c5081d",
            "parentcaller": "0x73110802",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll.aux"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:23:42,572",
            "thread_id": "5380",
            "caller": "0x75c4249c",
            "parentcaller": "0x73110842",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll.aux"
              },
              {
                "name": "Buffer",
                "value": "\\x05\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\r\\x00\\x00\\x00L\\x00\\x00\\x00mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x00\\x07\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x11\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00U\\x96\\xe1Q/\\xc3\\xd8\\x01\\x0f\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa8\\x8bV\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x02\\x00\\x00\\x00\t\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc9F\\xef\\xed\\xdb\\xb2\\x87K\\x8c\\x98I[\\xfd\\xc5\\x16\\xfa"
              },
              {
                "name": "Length",
                "value": "176"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:23:42,572",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x73110868",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:23:42,603",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni"
              },
              {
                "name": "DllBase",
                "value": "0x71ba0000"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:23:42,603",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ba0000"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:23:42,603",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71ba0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:23:42,619",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:23:42,619",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731e2d53",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\StrongName"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:23:42,619",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x730cbf1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:23:42,650",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:23:42,697",
            "thread_id": "5380",
            "caller": "0x730b8e07",
            "parentcaller": "0x731e6e98",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              },
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:23:42,697",
            "thread_id": "5380",
            "caller": "0x731e004e",
            "parentcaller": "0x731e6eae",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "Release"
              },
              {
                "name": "Data",
                "value": "528372"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:23:42,697",
            "thread_id": "5380",
            "caller": "0x731e6ee2",
            "parentcaller": "0x731e6f5b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:23:42,697",
            "thread_id": "5380",
            "caller": "0x77960669",
            "parentcaller": "0x7796015b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:23:42,697",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cb3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:23:42,728",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06562000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:23:42,728",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:23:42,728",
            "thread_id": "5380",
            "caller": "0x75c42ba1",
            "parentcaller": "0x7608e2b9",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:23:42,728",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x7608e2c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x7608e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f49448",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x7608e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x7608e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f49148",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x7608e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x7608e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f496c8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x7608e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x7608e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f49308",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x7608e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x7608e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f49448",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x7608e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c42ba1",
            "parentcaller": "0x7608e569",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c42ba1",
            "parentcaller": "0x76086d31",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x76086d41",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x76086eac",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f492c8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x8dacb7f4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac2e"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c55d68",
            "parentcaller": "0x76086ec5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c42ba1",
            "parentcaller": "0x76087095",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:23:42,744",
            "thread_id": "5380",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:23:42,759",
            "thread_id": "5380",
            "caller": "0x75c5a9e7",
            "parentcaller": "0x730d5b37",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000344"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:23:42,759",
            "thread_id": "5380",
            "caller": "0x75c57bae",
            "parentcaller": "0x730cf482",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:23:42,759",
            "thread_id": "5380",
            "caller": "0x75c4269a",
            "parentcaller": "0x730d5b68",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:23:42,822",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:23:42,837",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f51000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x73138f3d",
            "parentcaller": "0x731893e7",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75e30000"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75e30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoInitializeEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7670d0d0"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x75c456f1",
            "parentcaller": "0x766f835f",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x767808e6",
            "parentcaller": "0x76780886",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x7798112f",
            "parentcaller": "0x7797f0c9",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x779812bc",
            "parentcaller": "0x77981427",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x77991ee8",
            "parentcaller": "0x77991e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x77991ee8",
            "parentcaller": "0x77991ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x77969ddb",
            "parentcaller": "0x7797b530",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c5a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x7797f149",
            "parentcaller": "0x779823c8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x77980da0",
            "parentcaller": "0x7796e523",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c5a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9699",
            "parentcaller": "0x74bc940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9699",
            "parentcaller": "0x74bc940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9699",
            "parentcaller": "0x74bc940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9851",
            "parentcaller": "0x74bc8c22",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9890",
            "parentcaller": "0x74bc8c22",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000350"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9931",
            "parentcaller": "0x74bc8c22",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:23:42,931",
            "thread_id": "5380",
            "caller": "0x74bc9931",
            "parentcaller": "0x74bc8c22",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x76c00000"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:23:42,978",
            "thread_id": "5380",
            "caller": "0x76c33a14",
            "parentcaller": "0x76c292e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:23:42,978",
            "thread_id": "5380",
            "caller": "0x76c33a31",
            "parentcaller": "0x76c292e7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c33a5f",
            "parentcaller": "0x76c292e7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c29836",
            "parentcaller": "0x76c2973c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c29858",
            "parentcaller": "0x76c2973c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c298e5",
            "parentcaller": "0x76c2973c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c29907",
            "parentcaller": "0x76c2973c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c2995a",
            "parentcaller": "0x76c2973c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c29985",
            "parentcaller": "0x76c2973c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c29993",
            "parentcaller": "0x76c2973c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c29790",
            "parentcaller": "0x76c29351",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c296e4",
            "parentcaller": "0x76c29643",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c2966e",
            "parentcaller": "0x76c295e5",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000358"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "AY\\x19\\xcb\\x8d\\x0f\\xab\\xc5!}\\xf0`\\x1b]7\\x1a&\\xd5\\x98\\x98\\x02\\xc67\\x0eC?\\x92\\xe9\\x00\\xc9\\x84\\x15 W\\xc6\\x06,Q{\\xf5\\xf0\\x1dS\\xc2\\xbdU@\\xd4"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x76c2966e",
            "parentcaller": "0x76c295e5",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c00000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76c336c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76991000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76991000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:23:42,994",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x730b9581",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "RoInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7677f780"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "RoUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76795890"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "216",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x73152659",
            "parentcaller": "0x731ec000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "216",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetContextToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76782020"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "216",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x7795e3dc",
            "parentcaller": "0x7795e368",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f59000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x730bc1fb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe.config"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x75c57bae",
            "parentcaller": "0x73139095",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:23:43,041",
            "thread_id": "5380",
            "caller": "0x73138f3d",
            "parentcaller": "0x731d0a93",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c44566",
            "parentcaller": "0x730ccb14",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Htdzey\\*"
              }
            ],
            "repeated": 1,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c44429",
            "parentcaller": "0x730c66fc",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.INI"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x73152659",
            "parentcaller": "0x731ec000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x045c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x045c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x045c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x045c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x77960669",
            "parentcaller": "0x7796015b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:23:43,056",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cb5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:23:43,072",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731a375a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-xstate-l2-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:23:43,072",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x731a375a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75b30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-xstate-l2-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:23:43,072",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "GetEnabledXStateFeatures"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c5cf20"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:23:43,072",
            "thread_id": "5380",
            "caller": "0x7319c9c7",
            "parentcaller": "0x7307a6a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:23:43,072",
            "thread_id": "5380",
            "caller": "0x7319ca45",
            "parentcaller": "0x7307a6a4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "FeatureSIMD"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:23:43,119",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit"
              },
              {
                "name": "DllBase",
                "value": "0x71b10000"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:23:43,134",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71b10000"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:23:43,134",
            "thread_id": "5380",
            "caller": "0x75c41d96",
            "parentcaller": "0x738bfecf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71b10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:23:43,134",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71b10000"
              },
              {
                "name": "FunctionName",
                "value": "sxsJitStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71b66790"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:23:43,134",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71b10000"
              },
              {
                "name": "FunctionName",
                "value": "jitStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:23:43,134",
            "thread_id": "5380",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71b10000"
              },
              {
                "name": "FunctionName",
                "value": "getJit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71b65ca0"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:23:43,197",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05562000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:23:43,228",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cd5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:23:43,228",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:23:43,228",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cdb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:23:43,244",
            "thread_id": "5380",
            "caller": "0x75c561f1",
            "parentcaller": "0x730962ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cd7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:23:43,259",
            "thread_id": "5380",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:23:43,259",
            "thread_id": "5380",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:23:43,259",
            "thread_id": "5380",
            "caller": "0x75c45900",
            "parentcaller": "0x73185e93",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:23:44,634",
            "thread_id": "5380",
            "caller": "0x07f36b62",
            "parentcaller": "0x07f36ad8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:23:44,634",
            "thread_id": "5380",
            "caller": "0x07f36b62",
            "parentcaller": "0x07f36ad8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75ab0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:23:44,634",
            "thread_id": "5380",
            "caller": "0x07f36b62",
            "parentcaller": "0x07f36ad8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "EventRegister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7795e140"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:23:44,634",
            "thread_id": "5380",
            "caller": "0x07f36b62",
            "parentcaller": "0x07f36ad8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77960b80"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:23:44,728",
            "thread_id": "5380",
            "caller": "0x07f36c0e",
            "parentcaller": "0x07f369e8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a63000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:23:44,775",
            "thread_id": "5380",
            "caller": "0x045636b5",
            "parentcaller": "0x0456195c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:23:44,791",
            "thread_id": "5380",
            "caller": "0x045614fd",
            "parentcaller": "0x07f37810",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x045ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:23:44,822",
            "thread_id": "5380",
            "caller": "0x04561111",
            "parentcaller": "0x07f39de0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:23:44,822",
            "thread_id": "5380",
            "caller": "0x07f332a9",
            "parentcaller": "0x07f37c9f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:23:44,837",
            "thread_id": "5380",
            "caller": "0x04565e69",
            "parentcaller": "0x0456576e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:23:44,869",
            "thread_id": "5380",
            "caller": "0x07f3b809",
            "parentcaller": "0x045677f9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:23:44,884",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05551000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:23:44,884",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05552000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:23:44,884",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05553000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:23:44,884",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05554000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CompareStringOrdinal"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76086210"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76070000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760933d0"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadErrorMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089660"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093330"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe.config"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              },
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Data",
                "value": "5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000374"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\pubpol5.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "ValueName",
                "value": "index5"
              },
              {
                "name": "Data",
                "value": "\\x1f"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "ValueName",
                "value": "LegacyPolicyTimeStamp"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:23:44,900",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "26401"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/Htdzey.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/Htdzey.resources/Htdzey.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/Htdzey.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/Htdzey.resources/Htdzey.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources\\Htdzey.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources\\Htdzey.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00 \\x00\\x00\\x000-\\x08s\\xa0\\xca\\xbb\\x00Z-\\x08s \\x00\\x00\\x00\\xb4\\xca\\xbb\\x00\\xf7,\\x08s\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8c\\xcb\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"20.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"20.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "ValueName",
                "value": "cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.20.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.20.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "ValueName",
                "value": "cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "ValueName",
                "value": "cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "ValueName",
                "value": "cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:23:44,916",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ru-RU\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x07a70001",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ru\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ru"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ru"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "ResolveLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760a49c0"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/Htdzey.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/Htdzey.resources/Htdzey.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/Htdzey.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/Htdzey.resources/Htdzey.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:23:44,994",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:23:45,009",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources\\Htdzey.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:23:45,009",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:23:45,009",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources\\Htdzey.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f369e8",
            "parentcaller": "0x07f3690a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06572000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05555000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05557000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05530000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05530000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x0f\\xf4\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75ab0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertSidToStringSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace4c0"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000380"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000380"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:23:45,056",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shell32"
              },
              {
                "name": "DllBase",
                "value": "0x76c60000"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c60000"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76c60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c60000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76dbdc30"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0060d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75795000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7578f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00027000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e2000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e0000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7578f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\t\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00e\\x00b\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00i\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00i\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00c\\x00r\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00n\\x00g\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00S\\x00e\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00e\\x00S\\x00"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e0000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x751c0000"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:23:45,072",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x751f0000"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-eventing-provider-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77960b80"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\wldp"
              },
              {
                "name": "BaseAddress",
                "value": "0x751c0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x751c8bd0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77994e10"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ce8040"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7799a570"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75795000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75795000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779624f0"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a40c0"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77960780"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7799c2a0"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779952e0"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4920:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d8"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 1,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\windows.storage"
              },
              {
                "name": "BaseAddress",
                "value": "0x751f0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x753cb920"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771b5000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771b5000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:23:45,087",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SHCORE"
              },
              {
                "name": "DllBase",
                "value": "0x76190000"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:23:45,134",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x74d50000"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000801a",
                "pretty_value": "CSIDL_FLAG_CREATE|CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000001a",
                "pretty_value": "CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\Default\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75aceb20"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace9b0"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\AppContext"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\AppContext"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x80000002"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:23:45,244",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000118"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:23:45,259",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000118"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:23:45,447",
            "thread_id": "5380",
            "caller": "0x02c1d556",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:23:45,447",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000118"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "roup name=\"system.runtime.caching\" type=\"System.Runtime.Caching.Configuration.CachingSectionGroup, System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\">\r\n            <section name=\"memoryCache\" type=\"System.Runtime.Cac"
              },
              {
                "name": "Length",
                "value": "22306"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:23:45,447",
            "thread_id": "5380",
            "caller": "0x02c1d556",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:23:45,447",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000118"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "Tracking\" type=\"System.ServiceModel.Activities.Configuration.EtwTrackingBehaviorElement, System.ServiceModel.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\" />\r\n                <add name=\"routing\" type=\"System.ServiceModel.Ro"
              },
              {
                "name": "Length",
                "value": "9581"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000118"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77900000"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77900000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "bcrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcrypt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77900000"
              },
              {
                "name": "FunctionName",
                "value": "BCryptGetFipsAlgorithmMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77909570"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000118"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000118"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000118"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000118"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:23:45,462",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000118"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\cryptsp.dll"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000118"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d80000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d7f000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000118"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d7f000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:23:45,494",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP"
              },
              {
                "name": "DllBase",
                "value": "0x74d70000"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\cryptsp"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d70000"
              },
              {
                "name": "InitRoutine",
                "value": "0x74d75d30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b24000"
              },
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b24000"
              },
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000118"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:23:45,525",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:23:45,541",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\rsaenh"
              },
              {
                "name": "DllBase",
                "value": "0x74700000"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:23:45,556",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74700000"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:23:45,556",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3c4df",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a67000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3cc4a",
            "parentcaller": "0x07f3bf11",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74700000"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3cc4a",
            "parentcaller": "0x07f3bf11",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3cc4a",
            "parentcaller": "0x07f3bf11",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptprimitives.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c00000"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3cc4a",
            "parentcaller": "0x07f3bf11",
            "category": "crypto",
            "api": "CryptImportKey",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "\\x08\\x02\\x00\\x00\tf\\x00\\x00\\x10\\x00\\x00\\x00\r\\xacn\\xe6@\\x16y\\x9d\\xc0\\x04?\\xc8Nm\\x7f\\x17"
              },
              {
                "name": "Flags",
                "value": "0x00000001"
              },
              {
                "name": "CryptKey",
                "value": "0x00f496c8"
              },
              {
                "name": "Length",
                "value": "28"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3ccb2",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3ccb2",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:23:45,572",
            "thread_id": "5380",
            "caller": "0x07f3ccb2",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00049000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x07f3ccb2",
            "parentcaller": "0x07f3bf11",
            "category": "crypto",
            "api": "CryptDecrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00f496c8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x1c\n\\x00\\x1f\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x00\n\\xac]\\x07|\\x14e\\xfa~f\\xb6%\\x9b\\x02KBB\\xdf\\xa1\\x85% \\xa2\\xa2\\xec&4\\x05\\x04\\xc1\\x02X\\x00{D\\xb0\\x13%\\x8a\\xa2\\x82`/`=<\\xe5\\xc4\\x82\\x15\\x1b\\x96\\xb3\\x97\\xb3w\\xf1\\x04;\\xc6\\xc3\\x86\\xed<\\x95\\x0eIv\\xfe\\xbf\\xe7\\xfd\\xa6\\xee$\\x81;\\xff\\xf9)\\xc9\\xec~\\xf3\\xcd7_y\\xfb\\xfb\\xbc\\x07\\x1c~-B\\x00\\xc2\\x00L\\x13x\\x1a\\xeag\\x04v\\xfc3\\x1f@q\\xf2\\xd9b\\xfc=\\xff\\xfd\\xeeOk\\xfb\\xbf\\xdf\\xfd\\x90\\x13O\\xaa3N\\x9fU{\\xc2\\xac\\x9a\\xd3\\x8ci53g\\xd6\\x9ei\\x1c7\\xdd\\x98u\\xd6L\\xe3\\xa4\\x99\\xc6\\xa8\\x83\\x0e6N\\xab=~\\xfa\\x80\\xa2\\xa2x/\\xab\\x8f\t\\xa3\\x81\\xfd\\xb5\\x10\\xde\\xfb\\xf2\\xee\\x93\\xec~\\xd7\\xa2\\xb8{\\x816\\x10(\\x8d\\x03Q\\xf5Y\\xb7=\\xe2\\x80\\xc1\\x81\\xc5\\xd5\\xe8\\xf8\\xb7\\xae\\xc6\\xcd\\x1f\\xfb7\\xe6\\xc7\\xe5s\\xfe\\x840\\xe2\\x12\\xa0\\xad\\xfc\\xe7\\xfev~\\xc9\\xcf?w\\x8fc\\xbc\\xbcp\\x1c"
              },
              {
                "name": "Length",
                "value": "294432"
              },
              {
                "name": "Final",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x07f3ccb2",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x045614fd",
            "parentcaller": "0x07f3cce8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x045614fd",
            "parentcaller": "0x07f3cce8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x07f3cd0a",
            "parentcaller": "0x07f3bf11",
            "category": "crypto",
            "api": "CryptDecrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00f496c8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\n\\x00\\x06\\x06\\x06\\x06\\x06\\x06"
              },
              {
                "name": "Length",
                "value": "8"
              },
              {
                "name": "Final",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x07f3cd0a",
            "parentcaller": "0x07f3bf11",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00f496c8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "d\\x9cp^\\xd7L\\xcb\\xa4\\xd1\\x94\\x85\\xfb\\x89\\xb9\\x04i"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x07f3cd0a",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0663e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:23:45,603",
            "thread_id": "5380",
            "caller": "0x07f3bf11",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x066cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:23:45,634",
            "thread_id": "5380",
            "caller": "0x07f3cdca",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:23:45,634",
            "thread_id": "5380",
            "caller": "0x07f3cdca",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cc7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:23:45,634",
            "thread_id": "5380",
            "caller": "0x07f3cdca",
            "parentcaller": "0x07f3bf11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cc2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:23:45,697",
            "thread_id": "5380",
            "caller": "0x07f3cea9",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\920e3d1d70447c3c10e69e6df0766568\\System.ni"
              },
              {
                "name": "DllBase",
                "value": "0x70f70000"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:23:45,712",
            "thread_id": "5380",
            "caller": "0x07f3cea9",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\920e3d1d70447c3c10e69e6df0766568\\System.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70f70000"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:23:46,009",
            "thread_id": "5380",
            "caller": "0x07f3cea9",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05602000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:23:46,009",
            "thread_id": "5380",
            "caller": "0x07f3d029",
            "parentcaller": "0x07f3cea9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06715000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a2000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:23:46,009",
            "thread_id": "5380",
            "caller": "0x07f3d24a",
            "parentcaller": "0x07f3cea9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05612000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:23:46,025",
            "thread_id": "5380",
            "caller": "0x07f3d24a",
            "parentcaller": "0x07f3cea9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05622000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:23:46,087",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "wldp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x751c0000"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:23:46,087",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x751c0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "wldp.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:23:46,087",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x751c0000"
              },
              {
                "name": "FunctionName",
                "value": "WldpIsDynamicCodePolicyEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751d75c0"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:23:46,087",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\amsi"
              },
              {
                "name": "DllBase",
                "value": "0x70ad0000"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "amsi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ad0000"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x70ad0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "amsi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "amsi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70ad0000"
              },
              {
                "name": "FunctionName",
                "value": "AmsiInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70ad56b0"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ae4000"
              },
              {
                "name": "ModuleName",
                "value": "amsi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ae4000"
              },
              {
                "name": "ModuleName",
                "value": "amsi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000418"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000418"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000418"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000418"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000414"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000414"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbe8d8"
              },
              {
                "name": "ViewSize",
                "value": "0x000a2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:23:46,103",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a6d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f3d30a",
            "parentcaller": "0x07f3676a",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:23:46,150",
            "thread_id": "5380",
            "caller": "0x07f36ceb",
            "parentcaller": "0x07f36c0e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05559000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:23:46,306",
            "thread_id": "5380",
            "caller": "0x07f3e4a2",
            "parentcaller": "0x07f36552",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a51000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:23:46,306",
            "thread_id": "5380",
            "caller": "0x04569356",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x769c0000"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:23:46,306",
            "thread_id": "5380",
            "caller": "0x04569356",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x769c0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "user32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:23:46,306",
            "thread_id": "5380",
            "caller": "0x04569356",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "SetProcessDPIAware"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769eb760"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:23:46,353",
            "thread_id": "5380",
            "caller": "0x0456a8be",
            "parentcaller": "0x0456a499",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a53000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:23:46,353",
            "thread_id": "5380",
            "caller": "0x0456c573",
            "parentcaller": "0x0456a8be",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05632000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:23:46,447",
            "thread_id": "5380",
            "caller": "0x0456a4a8",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\2062ed810929ec0e33254c02b0c61bb4\\System.Xml.ni"
              },
              {
                "name": "DllBase",
                "value": "0x702d0000"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:23:46,447",
            "thread_id": "5380",
            "caller": "0x0456a4a8",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\2062ed810929ec0e33254c02b0c61bb4\\System.Xml.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x702d0000"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:23:46,541",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x0456a4a8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05642000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:23:46,541",
            "thread_id": "5380",
            "caller": "0x0456da25",
            "parentcaller": "0x0456d8e0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05652000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:23:46,603",
            "thread_id": "5380",
            "caller": "0x0456d836",
            "parentcaller": "0x0456a4a8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a56000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ae0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ae0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:23:46,697",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a4e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a59000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05662000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a4f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ae1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:23:46,712",
            "thread_id": "5380",
            "caller": "0x07f3fa7a",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a5a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:23:46,728",
            "thread_id": "5380",
            "caller": "0x07ae18f1",
            "parentcaller": "0x07f3f088",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:23:46,728",
            "thread_id": "5380",
            "caller": "0x07ae18f1",
            "parentcaller": "0x07f3f088",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FindNLSStringEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089020"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:23:46,728",
            "thread_id": "5380",
            "caller": "0x07f3fc60",
            "parentcaller": "0x07f3f9a9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05672000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07f3fb02",
            "parentcaller": "0x07ae1fb2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a5c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Gnrtupo.DLL"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Gnrtupo/Gnrtupo.DLL"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Gnrtupo.EXE"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Gnrtupo/Gnrtupo.EXE"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo.dll"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo\\Gnrtupo.dll"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo.exe"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:23:46,759",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo\\Gnrtupo.exe"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:23:46,775",
            "thread_id": "5380",
            "caller": "0x07ae389a",
            "parentcaller": "0x07ae383c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:23:46,822",
            "thread_id": "5380",
            "caller": "0x07ae2e89",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:23:46,822",
            "thread_id": "5380",
            "caller": "0x07ae5dfb",
            "parentcaller": "0x07ae2e89",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:23:46,837",
            "thread_id": "5380",
            "caller": "0x07ae6707",
            "parentcaller": "0x07ae614c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05692000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:23:46,916",
            "thread_id": "5380",
            "caller": "0x07ae17d9",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae1e62",
            "parentcaller": "0x07f3f259",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae1e62",
            "parentcaller": "0x07f3f259",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae1e62",
            "parentcaller": "0x07f3f259",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae1e62",
            "parentcaller": "0x07f3f259",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae1916",
            "parentcaller": "0x07ae30db",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae614c",
            "parentcaller": "0x07ae5850",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:23:46,962",
            "thread_id": "5380",
            "caller": "0x07ae4b13",
            "parentcaller": "0x07ae49b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:23:46,978",
            "thread_id": "5380",
            "caller": "0x07ae29ad",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05702000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:23:46,994",
            "thread_id": "5380",
            "caller": "0x07ae6525",
            "parentcaller": "0x07ae614c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:23:46,994",
            "thread_id": "5380",
            "caller": "0x07ae29ad",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05712000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:23:46,994",
            "thread_id": "5380",
            "caller": "0x07ae2ca6",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05722000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:23:46,994",
            "thread_id": "5380",
            "caller": "0x07ae17ef",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05732000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:23:46,994",
            "thread_id": "5380",
            "caller": "0x07ae17d9",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05742000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:23:47,009",
            "thread_id": "5380",
            "caller": "0x07f3f9a9",
            "parentcaller": "0x07f3f8b8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05752000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:23:47,009",
            "thread_id": "5380",
            "caller": "0x07ae71ee",
            "parentcaller": "0x07ae5dfb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05762000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:23:47,025",
            "thread_id": "5380",
            "caller": "0x07ae15fc",
            "parentcaller": "0x07ae14ce",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05772000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:23:47,025",
            "thread_id": "5380",
            "caller": "0x07ae587f",
            "parentcaller": "0x07ae2e89",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05782000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:23:47,025",
            "thread_id": "5380",
            "caller": "0x07ae29ad",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05792000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:23:47,025",
            "thread_id": "5380",
            "caller": "0x07ae2ca6",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:23:47,025",
            "thread_id": "5380",
            "caller": "0x07ae6e51",
            "parentcaller": "0x07ae6c80",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:23:47,041",
            "thread_id": "5380",
            "caller": "0x07ae17ef",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:23:47,041",
            "thread_id": "5380",
            "caller": "0x07ae17d9",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:23:47,041",
            "thread_id": "5380",
            "caller": "0x07ae2a28",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:23:47,041",
            "thread_id": "5380",
            "caller": "0x07ae17d9",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:23:47,056",
            "thread_id": "5380",
            "caller": "0x07ae4b13",
            "parentcaller": "0x07ae49b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05802000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:23:47,056",
            "thread_id": "5380",
            "caller": "0x07ae463a",
            "parentcaller": "0x07ae4b13",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05812000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:23:47,056",
            "thread_id": "5380",
            "caller": "0x07ae6e51",
            "parentcaller": "0x07ae6c80",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05822000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:23:47,056",
            "thread_id": "5380",
            "caller": "0x07ae17d9",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05832000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:23:47,056",
            "thread_id": "5380",
            "caller": "0x07ae17d9",
            "parentcaller": "0x07ae1581",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05842000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:23:47,087",
            "thread_id": "5380",
            "caller": "0x07ae1e62",
            "parentcaller": "0x07f3f259",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:23:47,087",
            "thread_id": "5380",
            "caller": "0x07ae1e62",
            "parentcaller": "0x07f3f259",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b12000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:23:47,087",
            "thread_id": "5380",
            "caller": "0x07ae614c",
            "parentcaller": "0x07ae5850",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05852000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:23:47,228",
            "thread_id": "5380",
            "caller": "0x07aee5b0",
            "parentcaller": "0x07aed6d4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05862000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:23:47,228",
            "thread_id": "5380",
            "caller": "0x07aeee97",
            "parentcaller": "0x07aece0d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:23:47,275",
            "thread_id": "5380",
            "caller": "0x07b2089c",
            "parentcaller": "0x07aef7ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:23:47,275",
            "thread_id": "5380",
            "caller": "0x07aebc26",
            "parentcaller": "0x07aeb719",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07af9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:23:47,291",
            "thread_id": "5380",
            "caller": "0x07b21b98",
            "parentcaller": "0x07b21714",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:23:47,306",
            "thread_id": "5380",
            "caller": "0x07aec9b1",
            "parentcaller": "0x07b226d9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05872000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:23:47,322",
            "thread_id": "5380",
            "caller": "0x07ae5b46",
            "parentcaller": "0x07ae2e89",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05882000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:23:47,322",
            "thread_id": "5380",
            "caller": "0x07ae8708",
            "parentcaller": "0x07aee11c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:23:47,337",
            "thread_id": "5380",
            "caller": "0x07aee4ea",
            "parentcaller": "0x07aed6d4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:23:47,400",
            "thread_id": "5380",
            "caller": "0x07b26189",
            "parentcaller": "0x07aef7ae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:23:47,494",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aefa50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05892000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:23:47,509",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07b234c8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x058a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:23:47,509",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aefa50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x058b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:23:47,509",
            "thread_id": "5380",
            "caller": "0x07ae6fdf",
            "parentcaller": "0x07b265dc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07afa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:23:47,509",
            "thread_id": "5380",
            "caller": "0x07ae6fdf",
            "parentcaller": "0x07b265dc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:23:47,509",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07b22a3d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x058c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:23:47,525",
            "thread_id": "5380",
            "caller": "0x07ae4c3e",
            "parentcaller": "0x07ae49b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x058d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:23:47,525",
            "thread_id": "5380",
            "caller": "0x07aec7bc",
            "parentcaller": "0x07b22a04",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x058e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:23:47,525",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aefa50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x058f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:23:47,525",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aefa50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05902000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:23:47,525",
            "thread_id": "5380",
            "caller": "0x07aebc26",
            "parentcaller": "0x07aeb719",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07afb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:23:47,525",
            "thread_id": "5380",
            "caller": "0x07ae6fdf",
            "parentcaller": "0x07ae5c6e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05912000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07aec9b1",
            "parentcaller": "0x07b21a22",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05922000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07b213a9",
            "parentcaller": "0x07b22e8a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05932000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07aebc26",
            "parentcaller": "0x07aeb719",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07afc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aefa50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05942000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07ae2be8",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05952000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07ae71ee",
            "parentcaller": "0x07ae5dfb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05962000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07aebc26",
            "parentcaller": "0x07aeb719",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07afd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07aec9b1",
            "parentcaller": "0x07aec654",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05972000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07aebf56",
            "parentcaller": "0x07aebbc1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05982000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:23:47,541",
            "thread_id": "5380",
            "caller": "0x07ae29ad",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05992000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:23:47,556",
            "thread_id": "5380",
            "caller": "0x07aebc26",
            "parentcaller": "0x07aeb719",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b29000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:23:47,556",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aefa50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x059a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:23:47,556",
            "thread_id": "5380",
            "caller": "0x07ae6fdf",
            "parentcaller": "0x07b265dc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07afe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07b22682",
            "parentcaller": "0x07b21b98",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07ae1dbf",
            "parentcaller": "0x07ae7b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x059b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07aece0d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x059c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07aebc26",
            "parentcaller": "0x07aeb719",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07aff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07ae29ad",
            "parentcaller": "0x07ae1e62",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x059d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07b24037",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x059e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07aec8a1",
            "parentcaller": "0x07b223ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x059f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:23:47,587",
            "thread_id": "5380",
            "caller": "0x07aeef9e",
            "parentcaller": "0x07b22478",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05a02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:23:47,634",
            "thread_id": "5380",
            "caller": "0x07b2e42d",
            "parentcaller": "0x05525a41",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:23:47,634",
            "thread_id": "5380",
            "caller": "0x07b2e42d",
            "parentcaller": "0x05525a41",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a077",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a077",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a077",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "crypt32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f70000"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a077",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75f70000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "crypt32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a077",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertFreeCertificateContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa2850"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\CRYPT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\CRYPT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f70000"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75f70000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CryptQueryObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fbd360"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:23:47,666",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\MSASN1"
              },
              {
                "name": "DllBase",
                "value": "0x70230000"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\xde0\\x82\\x02\\xc6\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x00\\x8bX\\x1c\\x11V\\xbc\\x7f\\x06\\x8b\\x1bMR\\x11w\\x0b0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\r\\x05\\x000\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0 \\x17\r250719145754Z\\x18\\x0f99991231235959Z0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x02\\x0f\\x000\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 1,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertCloseStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa34d0"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x0456a536",
            "parentcaller": "0x0456a077",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x0456a547",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateCertificateContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f9f6e0"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x0456a547",
            "parentcaller": "0x0456a077",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateCertificateContextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x045694b4",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093050"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x045694b4",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x045694b4",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMutexW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092fa0"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x045694b4",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092ee0"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x045694b4",
            "parentcaller": "0x07f3e4a2",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000418"
              },
              {
                "name": "MutexName",
                "value": "Elmbdfhjwu"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:23:47,681",
            "thread_id": "5380",
            "caller": "0x04569568",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:23:53,025",
            "thread_id": "5380",
            "caller": "0x04569cf1",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82239",
            "parentcaller": "0x07d821e9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82239",
            "parentcaller": "0x07d821e9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateEventW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092f60"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d8281c",
            "parentcaller": "0x07d82239",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75e30000"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d8281c",
            "parentcaller": "0x07d82239",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75e30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d8281c",
            "parentcaller": "0x07d82239",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetObjectContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76717da0"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779624f0"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a40c0"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77960780"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779952e0"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xac\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00`\\xdf\\xbb\\x00\\xc3\\xd8ovH\\x04\\x00\\x00\\x12\\x00\\x00\\x00x\\xdf\\xbb\\x00\\x04\\x00\\x00\\x00\\\\xdf\\xbb\\x00H\\x04\\x00\\x00\\x04\\x00\\x00\\x00\\x88\\xdf\\xbb\\x00/\\xd8ov\\xf8\\xe1\\xbb\\x00\\x00\\x00\\x00\\x00\\xec\\xdf\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8n\\xf5\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xe3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00<\t\\xe4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xef\\x008\t\\xe4\\x00\\x00\\x00\\xbb\\x004\\xe4\\xbb\\x00\\xae^\\x97w\\x94\\xe4\\xbb\\x00\\xae^\\x97w\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:23:53,150",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.4920"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000452"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000452"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xd8\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x0c\\xd9\\xbc\\xd8\\xb0\\xd8R\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00X\\xdb\\xbb\\x00\\xdct\\xc3uR\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000452"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000456"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000456"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd8\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xd8\\x94\\xd8\\x88\\xd8V\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x020\\xdb\\xbb\\x00\\xdct\\xc3uV\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000456"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000456"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000452"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "NdrOleExtDLL"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "NdrOleInitializeExtension"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76789590"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767472f0"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76745d80"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x766cb480"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76767f90"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767683b0"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7673e550"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7671db30"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xbc>\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xec/\\xd1\\x07\\x12\\x00\\x00\\x00\\x0c\\xf6\\xaf\\x07?\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x90\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x02\\x00\\x00\\x002\\xcaUT\\x05\\x18\\x00\\x80\\xb8z\ts\\x00\\x00\\x00\\x00\\xd0\\xf6\\xf7\\x00\\xf0_\\xf7\\x00\\xe0\\x1d\\xf8\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4u\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x83\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x008\\x83\\xf7\\x00\\x00\\x00#\\x00\\x94\\xdc\\x88\\xdcT\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0T\\x04\\x00\\x00\\xdc\\xdc\\xbb\\x00C\\x92\\x98wT\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sF0=\\xd0\\x84\\xd7\\xbb\\x00T\\x04\\x00\\x008\\xe6\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x94\\xdc\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "|8\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\xa8\ts\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x8c\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8d\\xb3\\xf8\\x00\\x00\\x04\\x00\\x00\\x08\\x10\\x00\\x00\\xc0\\x92\\xf6\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\r\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x82\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\xd8\\x82\\xf7\\x00\\x00\\x00#\\x00|\\xdap\\xdaT\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0T\\x04\\x00\\x00\\xc4\\xda\\xbb\\x00C\\x92\\x98wT\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94s.6=\\xd0l\\xd5\\xbb\\x00T\\x04\\x00\\x008\\xe6\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff|\\xda\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:23:53,166",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000458"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7678d700"
              },
              {
                "name": "Parameter",
                "value": "0x00f87258"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5168"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000458",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7678d700"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00f87258"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5168"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\:\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x8f\\x0es\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x8b\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00j\\xb3\\xf8\\x00\\x00\\x04\\x00\\x00\\x08\\x10\\x00\\x00h\\x92\\xf6\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5168",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xacr\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x7f\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\xd8\\x7f\\xf7\\x00\\x00\\x00#\\x00\\xb4\\xdf\\xa8\\xdf`\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0`\\x04\\x00\\x00\\xfc\\xdf\\xbb\\x00C\\x92\\x98w`\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sf3=\\xd0\\xa4\\xda\\xbb\\x00`\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xb4\\xdf\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "L;\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\xa8\ts\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x8c\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xb0\\xf8\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00h\\x92\\xf6\\x00(^\\xf1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x8c\\xf6\\x00"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8ct\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1c\\x82\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\x18\\x82\\xf7\\x00\\x00\\x00#\\x00\\x9c\\xdd\\x90\\xdd`\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0`\\x04\\x00\\x00\\xe4\\xdd\\xbb\\x00C\\x92\\x98w`\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sN1=\\xd0\\x8c\\xd8\\xbb\\x00`\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xdd\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000460"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xbc>\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xec/\\xd1\\x07\\x12\\x00\\x00\\x00\\x0c\\xf6\\xaf\\x07?\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x92\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\xb3\\xf8\\x00\\x00\\x04\\x00\\x00\\x08\\x10\\x00\\x00P\\x8f\\xf6\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xacr\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "|\\x85\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00x\\x85\\xf7\\x00\\x00\\x00#\\x00\\xb4\\xdf\\xa8\\xdfX\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0X\\x04\\x00\\x00\\xfc\\xdf\\xbb\\x00C\\x92\\x98wX\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sf3=\\xd0\\xa4\\xda\\xbb\\x00X\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xb4\\xdf\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xac?\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p)\\xd1\\x07\\x12\\x00\\x00\\x00\\x0c\\xf6\\xaf\\x07\\x02\\x01\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x8c\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xb0\\xf8\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00h\\x92\\xf6\\x00(^\\xf1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x8c\\xf6\\x00"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "dt\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x85\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\xd8\\x85\\xf7\\x00\\x00\\x00#\\x00\\x9c\\xdd\\x90\\xddX\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0X\\x04\\x00\\x00\\xe4\\xdd\\xbb\\x00C\\x92\\x98wX\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sN1=\\xd0\\x8c\\xd8\\xbb\\x00X\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xdd\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-03-05 10:23:53,181",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c<\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xec)\\xd1\\x07\\x12\\x00\\x00\\x00\\x0c\\xf6\\xaf\\x07F\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x8c\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x06\\x00\\xceq\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x05\\x00\\xceq\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x07\\x00\\xaf\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xacr\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x7f\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\xd8\\x7f\\xf7\\x00\\x00\\x00#\\x00\\xb4\\xdf\\xa8\\xdf`\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0`\\x04\\x00\\x00\\xfc\\xdf\\xbb\\x00C\\x92\\x98w`\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sf3=\\xd0\\xa4\\xda\\xbb\\x00`\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xb4\\xdf\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x9c;\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\xa8\ts\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x92\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\xb3\\xf8\\x00\\x00\\x04\\x00\\x00\\x08\\x10\\x00\\x00\\x08\\x91\\xf6\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ",u\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "|\\x85\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00x\\x85\\xf7\\x00\\x00\\x00#\\x00\\x9c\\xdd\\x90\\xdd`\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0`\\x04\\x00\\x00\\xe4\\xdd\\xbb\\x00C\\x92\\x98w`\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sN1=\\xd0\\x8c\\xd8\\xbb\\x00`\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xdd\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000460"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "L;\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\xa8\ts\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x90\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00\\xaf\\x07"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8ct\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x7f\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\xd8\\x7f\\xf7\\x00\\x00\\x00#\\x00\\xb4\\xdf\\xa8\\xdfX\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0X\\x04\\x00\\x00\\xfc\\xdf\\xbb\\x00C\\x92\\x98wX\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sf3=\\xd0\\xa4\\xda\\xbb\\x00X\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xb4\\xdf\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa2\\x10*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00px(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x9c;\\xf4\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\xa8\ts\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x90\\xf6\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1cv\\xf8\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xfc\\x83\\xf7\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\xb5s\\x08\\x15\\xb6s\\x06\\x00\\x00\\x00\\xf4\\x14\\xb6sT\\x00\\x00\\x00\\xf8\\x83\\xf7\\x00\\x00\\x00#\\x00\\x9c\\xdd\\x90\\xddX\\x04\\x00\\x00l\\xd8\\x00\\x00\\x00\\x00\\xef\\x00#\\x00\\x00\\xc0X\\x04\\x00\\x00\\xe4\\xdd\\xbb\\x00C\\x92\\x98wX\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\xbds\\xfc\\x91\\x06\\x03l\\xd8\\x07\\x03#\\x00\\x00\\xc0i\\xa7\\x94sN1=\\xd0\\x8c\\xd8\\xbb\\x00X\\x04\\x00\\x00P\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xdd\\xbb\\x00\\xd6\\xd9\\x97s/\\x00\\x00\\x00\\x8c\\xef\\xb5s$\\x15\\xb6s"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "5380",
            "caller": "0x07d82b4e",
            "parentcaller": "0x07d8281c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "3212",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "3212",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "3212",
            "caller": "0x75c51454",
            "parentcaller": "0x7691b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000460"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "6528",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01163000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "6528",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-03-05 10:23:53,197",
            "thread_id": "6528",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-03-05 10:23:53,259",
            "thread_id": "5380",
            "caller": "0x07d82fe5",
            "parentcaller": "0x07d82239",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibrary"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-03-05 10:23:53,259",
            "thread_id": "5380",
            "caller": "0x07d82fe5",
            "parentcaller": "0x07d82239",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090bd0"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-03-05 10:23:53,259",
            "thread_id": "5380",
            "caller": "0x07d84b6a",
            "parentcaller": "0x07d82fe5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "WideCharToMultiByte"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608dff0"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-03-05 10:23:53,291",
            "thread_id": "5380",
            "caller": "0x07d84b99",
            "parentcaller": "0x07d82fe5",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\wminet_utils"
              },
              {
                "name": "DllBase",
                "value": "0x73c40000"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-03-05 10:23:53,306",
            "thread_id": "5380",
            "caller": "0x07d84b99",
            "parentcaller": "0x07d82fe5",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\wminet_utils.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73c40000"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-03-05 10:23:53,306",
            "thread_id": "5380",
            "caller": "0x07d83008",
            "parentcaller": "0x07d82239",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f550"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-03-05 10:23:53,306",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83008",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "ResetSecurity"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47dd0"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-03-05 10:23:53,337",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83079",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "SetSecurity"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47e20"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-03-05 10:23:53,337",
            "thread_id": "5380",
            "caller": "0x07d830bb",
            "parentcaller": "0x07d82239",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-03-05 10:23:53,353",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d830ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "BlessIWbemServices"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46e70"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-03-05 10:23:53,353",
            "thread_id": "5380",
            "caller": "0x07d8312c",
            "parentcaller": "0x07d82239",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8315b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "BlessIWbemServicesObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46ed0"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d831cc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetPropertyHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47820"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8323d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "WritePropertyValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47fa0"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d832ae",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Clone"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46f30"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8331f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "VerifyClientKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47f20"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83390",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetQualifierSet"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c478e0"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83401",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Get"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c475c0"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83472",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Put"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47a00"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d834e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Delete"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47300"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-03-05 10:23:53,369",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83554",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetNames"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c477c0"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d835c5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "BeginEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46e30"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83636",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Next"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c479a0"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d836a7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "EndEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c473c0"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83718",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetPropertyQualifierSet"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c478b0"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83789",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Clone"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46f30"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d837fa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetObjectText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c477f0"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8386b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "SpawnDerivedClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47e80"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d838dc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "SpawnInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47eb0"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8394d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "CompareTo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47020"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d839e5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetPropertyOrigin"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47880"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83a7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "InheritsFrom"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47900"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83b0f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetMethod"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47730"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83ba1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "PutMethod"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47bf0"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83c33",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteMethod"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47320"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83cc5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "BeginMethodEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46e50"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83d57",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "NextMethod"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c479d0"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d83d93",
            "parentcaller": "0x07d82239",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83de9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "EndMethodEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c473e0"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetMethodQualifierSet"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47790"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83f0d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetMethodOrigin"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47760"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d83f9f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_Get"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47c80"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84031",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_Put"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47d10"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d840c3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_Delete"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47c40"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84155",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_GetNames"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47cb0"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d841e7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_BeginEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47c20"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-03-05 10:23:53,384",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84279",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_Next"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47ce0"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8430b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "QualifierSet_EndEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47c60"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8439d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentApartmentType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c478e0"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8442f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetDemultiplexedStub"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c475f0"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d844c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "CreateInstanceEnumWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47230"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d844fd",
            "parentcaller": "0x07d82239",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84553",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "CreateClassEnumWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47160"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d845e5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "ExecQueryWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c474e0"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84677",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "ExecNotificationQueryWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47400"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "PutInstanceWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47b10"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8479b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "PutClassWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47a30"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d8482d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "CloneEnumWbemClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c46f50"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d848bf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "ConnectServerWmi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47050"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d84951",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "GetErrorInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47650"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-03-05 10:23:53,400",
            "thread_id": "5380",
            "caller": "0x07d84cf5",
            "parentcaller": "0x07d849e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wminet_utils.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73c40000"
              },
              {
                "name": "FunctionName",
                "value": "Initialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73c47920"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-03-05 10:23:53,416",
            "thread_id": "5380",
            "caller": "0x07d888f5",
            "parentcaller": "0x07d84a75",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-03-05 10:23:53,416",
            "thread_id": "5380",
            "caller": "0x07d88a42",
            "parentcaller": "0x07d888f5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-03-05 10:23:53,416",
            "thread_id": "5380",
            "caller": "0x07d88a42",
            "parentcaller": "0x07d888f5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace8e0"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-03-05 10:23:53,416",
            "thread_id": "5380",
            "caller": "0x07d88a42",
            "parentcaller": "0x07d888f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "WMIDisableCOMSecurity"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\WMIDisableCOMSecurity"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-03-05 10:23:53,416",
            "thread_id": "5380",
            "caller": "0x07d888f5",
            "parentcaller": "0x07d84a75",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-03-05 10:23:53,431",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-03-05 10:23:53,431",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 1395
          },
          {
            "timestamp": "2026-03-05 10:23:53,447",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f868000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LCMapStringEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76088840"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "IIDFromString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76769c70"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-03-05 10:23:53,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000472"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "AlwaysReadHKCRForCLSIDs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7670a1f0"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-03-05 10:23:53,650",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-03-05 10:23:58,462",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x759e0000"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\wbemcomn"
              },
              {
                "name": "DllBase",
                "value": "0x71a80000"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wmiutils"
              },
              {
                "name": "DllBase",
                "value": "0x71af0000"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "API-MS-Win-Core-LocalRegistry-L1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wmiutils.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71af0000"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71b09000"
              },
              {
                "name": "ModuleName",
                "value": "wmiutils.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71b09000"
              },
              {
                "name": "ModuleName",
                "value": "wmiutils.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d88c68",
            "parentcaller": "0x07d88b6c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76bed000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-03-05 10:23:58,587",
            "thread_id": "5380",
            "caller": "0x07d88c68",
            "parentcaller": "0x07d88b6c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76bed000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d89b68",
            "parentcaller": "0x07d89822",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a10f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemprox"
              },
              {
                "name": "DllBase",
                "value": "0x71a70000"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-03-05 10:23:58,650",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemprox.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a70000"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-03-05 10:23:58,650",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-03-05 10:23:58,650",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-03-05 10:23:58,650",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetObjectContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76717da0"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-03-05 10:23:58,650",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-03-05 10:23:58,791",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "DC12A687-737F-11CF-884D-00AA004B2E24"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-03-05 10:23:58,791",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-03-05 10:23:58,791",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-03-05 10:23:58,791",
            "thread_id": "6528",
            "caller": "0x75c51454",
            "parentcaller": "0x7691b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-03-05 10:23:58,837",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-03-05 10:23:58,837",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-03-05 10:23:58,869",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemsvc"
              },
              {
                "name": "DllBase",
                "value": "0x71a60000"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-03-05 10:23:58,869",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemsvc.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a60000"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-03-05 10:23:58,869",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1461
          },
          {
            "timestamp": "2026-03-05 10:23:58,916",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\fastprox"
              },
              {
                "name": "DllBase",
                "value": "0x70ea0000"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-03-05 10:23:58,931",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\fastprox.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ea0000"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-03-05 10:23:58,931",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-03-05 10:23:58,931",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-03-05 10:23:58,931",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-obsolete-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-03-05 10:23:58,962",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "amsi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ad0000"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-03-05 10:23:58,962",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-03-05 10:23:58,978",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "WbemLocator_ConnectServer",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NetworkResource",
                "value": "\\\\.\\root\\cimv2"
              },
              {
                "name": "User",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d8b2ff",
            "parentcaller": "0x07d8a985",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d8b2ff",
            "parentcaller": "0x07d8a985",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d8b2ff",
            "parentcaller": "0x07d8a985",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d8b2ff",
            "parentcaller": "0x07d8a985",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76b60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d8b2ff",
            "parentcaller": "0x07d8a985",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              },
              {
                "name": "FunctionName",
                "value": "SysStringLen"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76b73f50"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d8b2ff",
            "parentcaller": "0x07d8a985",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "RtlZeroMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779b83d0"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-03-05 10:23:59,025",
            "thread_id": "5380",
            "caller": "0x07d89ba9",
            "parentcaller": "0x07d8b754",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-03-05 10:23:59,072",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a6c000"
              },
              {
                "name": "ModuleName",
                "value": "wbemsvc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-03-05 10:23:59,072",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a6c000"
              },
              {
                "name": "ModuleName",
                "value": "wbemsvc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-03-05 10:23:59,181",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1480
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\WBEM\\CIMOM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WBEM\\CIMOM"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "EnableObjectValidation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\WBEM\\CIMOM\\EnableObjectValidation"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76b60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "9"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76b7e610"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "5380",
            "caller": "0x07d85c58",
            "parentcaller": "0x07d8bcd2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d85cdb",
            "parentcaller": "0x07d8bcd2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d85cdb",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "149"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76b76150"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d85cdb",
            "parentcaller": "0x07d8bcd2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-03-05 10:23:59,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-03-05 10:23:59,384",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-03-05 10:23:59,384",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-03-05 10:23:59,384",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{027947E1-D731-11CE-A357-000000000001}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd1\\xcc\\xd0\\xc0\\xd0\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00h\\xd3\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd0\\xa4\\xd0\\x98\\xd0\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd3\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc5D\\xc58\\xc5\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xc7\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 1526
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xc4,\\xc4 \\xc4\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc8\\xc6\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc4\\x04\\xc4\\xf8\\xc3\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc6\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc4\\x04\\xc4\\xf8\\xc3\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc6\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xc4\\x94\\xc4\\x88\\xc4\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x000\\xc7\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc3\\xac\\xc3\\xa0\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc4\\xd4\\xc3\\xc8\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02p\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xc3\\x84\\xc3x\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc4\\xd4\\xc3\\xc8\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02p\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xc3\\x8c\\xc3\\x80\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xc4,\\xc4 \\xc4\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc8\\xc6\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xc4,\\xc4 \\xc4\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc8\\xc6\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc1\\xec\\xc0\\xe0\\xc0\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xc3\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 1594
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc0\\xd4\\xbf\\xc8\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02p\\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xbf\\xac\\xbf\\xa0\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xbf\\xac\\xbf\\xa0\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xc0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xc0<\\xc00\\xc0\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xd8\\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xbfT\\xbfH\\xbf\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf0\\xc1\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xbf|\\xbfp\\xbf\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x18\\xc2\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xbe\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xbf,\\xbf \\xbf\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc8\\xc1\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xbf|\\xbfp\\xbf\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x18\\xc2\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xbe\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xbf4\\xbf(\\xbf\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xc1\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d2"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc0\\xd4\\xbf\\xc8\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc0\\xd4\\xbf\\xc8\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xbf\\x84\\xbfx\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00 \\xc2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xbe\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xbf\\x04\\xbf\\xf8\\xbe\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc1\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xbf<\\xbf0\\xbf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd8\\xc1\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xc0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xc0<\\xc00\\xc0\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xd8\\xc2\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d2"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xce\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xcel\\xce`\\xce\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x08\\xd1\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd6\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x004\\xd7\\xe4\\xd6\\xd8\\xd6\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x80\\xd9\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xd6\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x0c\\xd7\\xbc\\xd6\\xb0\\xd6\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02X\\xd9\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-03-05 10:23:59,447",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xcb\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xcb\\\\xcbP\\xcb\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf8\\xcd\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 1717
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xca\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xcaD\\xca8\\xca\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xcc\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xca\\x1c\\xca\\x10\\xca\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xcc\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xca\\x1c\\xca\\x10\\xca\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xcc\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xca\\xac\\xca\\xa0\\xca\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00H\\xcd\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xca\\xc4\\xc9\\xb8\\xc9\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xcc\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xca\\xec\\xc9\\xe0\\xc9\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xcc\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xec\\xc9\\x9c\\xc9\\x90\\xc9\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x028\\xcc\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\wbemsvc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xca\\xec\\xc9\\xe0\\xc9\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xcc\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\wbemsvc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xc9\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xc9\\xa4\\xc9\\x98\\xc9\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xcc\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xca\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xcaD\\xca8\\xca\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xcc\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xca\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xcaD\\xca8\\xca\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xcc\\xbb\\x00\\xdct\\xc3u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xcf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xcft\\xcfh\\xcf\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x10\\xd2\\xbb\\x00\\xdct\\xc3u\\xda\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xcf\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x9c\\xcfL\\xcf@\\xcf\\xd2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe8\\xd1\\xbb\\x00\\xdct\\xc3u\\xd2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d2"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8c505",
            "parentcaller": "0x07d81a21",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8cb52",
            "parentcaller": "0x07d8c963",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8cb52",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76767f90"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "5380",
            "caller": "0x07d8cb52",
            "parentcaller": "0x07d8c963",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1806
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1812
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cc32",
            "parentcaller": "0x07d8c963",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cc32",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767683b0"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d8cc32",
            "parentcaller": "0x07d8c963",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d2"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-03-05 10:24:03,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-03-05 10:24:03,384",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-03-05 10:24:03,384",
            "thread_id": "5380",
            "caller": "0x07d85ca3",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ProcessorId"
              },
              {
                "name": "Value",
                "value": "0F8BFBFF000206D7"
              },
              {
                "name": "Class",
                "value": "Win32_Processor"
              }
            ],
            "repeated": 1,
            "id": 1828
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d8d6b0",
            "parentcaller": "0x07d8d09c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-03-05 10:24:03,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-03-05 10:24:03,478",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "DC12A687-737F-11CF-884D-00AA004B2E24"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-03-05 10:24:03,572",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-03-05 10:24:03,587",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-03-05 10:24:03,587",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-03-05 10:24:03,603",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "WbemLocator_ConnectServer",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NetworkResource",
                "value": "\\\\.\\root\\cimv2"
              },
              {
                "name": "User",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-03-05 10:24:03,916",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc5D\\xc58\\xc5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xc7\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 1874
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xc4,\\xc4 \\xc4\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc8\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc4\\x04\\xc4\\xf8\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc4\\x04\\xc4\\xf8\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xc4\\x94\\xc4\\x88\\xc4\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x000\\xc7\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc3\\xac\\xc3\\xa0\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc4\\xd4\\xc3\\xc8\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02p\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xc3\\x84\\xc3x\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xc4\\xd4\\xc3\\xc8\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02p\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-03-05 10:24:04,041",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xc3\\x8c\\xc3\\x80\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xc4,\\xc4 \\xc4\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc8\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xc4,\\xc4 \\xc4\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc8\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-03-05 10:24:04,056",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1941
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1947
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ea"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-03-05 10:24:04,291",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-03-05 10:24:04,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-03-05 10:24:04,306",
            "thread_id": "5380",
            "caller": "0x07d85ca3",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SerialNumber"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "Win32_DiskDrive"
              }
            ],
            "repeated": 1,
            "id": 1960
          },
          {
            "timestamp": "2026-03-05 10:24:04,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-03-05 10:24:04,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-03-05 10:24:04,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-03-05 10:24:04,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-03-05 10:24:04,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-03-05 10:24:04,322",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8219a",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8a059",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "DC12A687-737F-11CF-884D-00AA004B2E24"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-03-05 10:24:04,337",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-03-05 10:24:04,353",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-03-05 10:24:04,353",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-03-05 10:24:04,353",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "WbemLocator_ConnectServer",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NetworkResource",
                "value": "\\\\.\\root\\cimv2"
              },
              {
                "name": "User",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d8bb1d",
            "parentcaller": "0x07d89da2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-03-05 10:24:04,369",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d89e61",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xc5<\\xc50\\xc5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd8\\xc7\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 2005
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xc4$\\xc4\\x18\\xc4\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xc4\\xfc\\xc3\\xf0\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xc4\\xfc\\xc3\\xf0\\xc3\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xc4\\x8c\\xc4\\x80\\xc4\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00(\\xc7\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xc3\\xa4\\xc3\\x98\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xc4\\xcc\\xc3\\xc0\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xc3|\\xc3p\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x18\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-03-05 10:24:04,400",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xc4\\xcc\\xc3\\xc0\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xc3\\x84\\xc3x\\xc3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xc6\\xbb\\x00\\xdct\\xc3u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xc4$\\xc4\\x18\\xc4\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xc4$\\xc4\\x18\\xc4\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\xc6\\xbb\\x00\\xdct\\xc3u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d87994",
            "parentcaller": "0x07d8beb6",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-03-05 10:24:04,416",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2072
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2078
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d85ca3",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SerialNumber"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "Win32_PhysicalMemory"
              }
            ],
            "repeated": 1,
            "id": 2091
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-03-05 10:24:04,947",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-03-05 10:24:05,025",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\secur32"
              },
              {
                "name": "DllBase",
                "value": "0x71a50000"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-03-05 10:24:05,041",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "secur32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a50000"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-03-05 10:24:05,041",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71a50000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "secur32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-03-05 10:24:05,041",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserNameEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-03-05 10:24:05,041",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserNameExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c4dc70"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76767f90"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05a12000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d81242",
            "parentcaller": "0x07d800db",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767683b0"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8df95",
            "parentcaller": "0x07d811ca",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8df95",
            "parentcaller": "0x07d811ca",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf410"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8df95",
            "parentcaller": "0x07d811ca",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8dfec",
            "parentcaller": "0x07d811ca",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8e3a2",
            "parentcaller": "0x07d81155",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008003",
                "pretty_value": "MD5"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00fb7c00"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8e51c",
            "parentcaller": "0x07d81155",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00fb7c00"
              },
              {
                "name": "Buffer",
                "value": "0F8BFBFF000206D7DESKTOP-PC01cape[DESKTOP-PC01]"
              },
              {
                "name": "Length",
                "value": "46"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8e51c",
            "parentcaller": "0x07d81155",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00fb7c00"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-03-05 10:24:05,087",
            "thread_id": "5380",
            "caller": "0x07d8e51c",
            "parentcaller": "0x07d81155",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008003",
                "pretty_value": "MD5"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00fb7c80"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-03-05 10:24:05,103",
            "thread_id": "5380",
            "caller": "0x07d800e3",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\AB49D7E283B8FCD856D964B5261D63E7"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\AB49D7E283B8FCD856D964B5261D63E7"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-03-05 10:24:05,103",
            "thread_id": "5380",
            "caller": "0x07d800e3",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCreateKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-03-05 10:24:05,103",
            "thread_id": "5380",
            "caller": "0x07d800e3",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCreateKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acec30"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-03-05 10:24:05,103",
            "thread_id": "5380",
            "caller": "0x07d800e3",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\AB49D7E283B8FCD856D964B5261D63E7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\AB49D7E283B8FCD856D964B5261D63E7"
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-03-05 10:24:05,103",
            "thread_id": "5380",
            "caller": "0x07d8e877",
            "parentcaller": "0x07d800e3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "AB49D7E283B8FCD856D964B5261D63E7"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\AB49D7E283B8FCD856D964B5261D63E7\\AB49D7E283B8FCD856D964B5261D63E7"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-03-05 10:24:05,103",
            "thread_id": "5380",
            "caller": "0x07d800e3",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73060000"
              },
              {
                "name": "FunctionName",
                "value": "CreateAssemblyNameObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x730b1a20"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73060000"
              },
              {
                "name": "FunctionName",
                "value": "CreateAssemblyNameObjectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73060000"
              },
              {
                "name": "FunctionName",
                "value": "CreateAssemblyEnum"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735a8de0"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73060000"
              },
              {
                "name": "FunctionName",
                "value": "CreateAssemblyEnumW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-03-05 10:24:05,134",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources"
              }
            ],
            "repeated": 1,
            "id": 2128
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fb7a40",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x606557c0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac07"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources"
              }
            ],
            "repeated": 1,
            "id": 2138
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fb7a80",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x70832584"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ad0b"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources"
              }
            ],
            "repeated": 1,
            "id": 2150
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fb7880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x606557c0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac07"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib.resources"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources"
              }
            ],
            "repeated": 1,
            "id": 2160
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fb7b80",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x70832584"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ad0b"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-03-05 10:24:05,150",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.4.0.mscorlib.resources_ru_b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.mscorlib.resources_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "policy.4.0.mscorlib.resources_ru_b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.mscorlib.resources_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib.resources\\*"
              }
            ],
            "repeated": 1,
            "id": 2171
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbb220"
              },
              {
                "name": "ViewSize",
                "value": "0x0011c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08310000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbb220"
              },
              {
                "name": "ViewSize",
                "value": "0x0011c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.INI"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-03-05 10:24:05,228",
            "thread_id": "5380",
            "caller": "0x0456d8e0",
            "parentcaller": "0x07d800ea",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "policy.4.0.System.Configuration__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Configuration__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fb7900",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x791efb24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ad0c"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll.aux"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll.aux"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00`\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll.aux"
              },
              {
                "name": "Buffer",
                "value": "\\x05\\x00\\x00\\x00X\\x03\\x00\\x00\\x0b\\x00\\x00\\x00\\xac\\x00\\x00\\x00\r\\x00\\x00\\x00X\\x00\\x00\\x00System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\\x00\\x07\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x11\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00dG\\xf2Q/\\xc3\\xd8\\x01\\x0f\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa0n\\x06\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\t\\x00\\x00\\x00\\x10\\x00\\x00\\x00i\\x1c\\xce\\xa1VdqF\\x9d\\xb9\\xdf\\xa5|\\xf6\\xb9\\x9c\\x04\\x00\\x00\\x00l\\x00\\x00\\x00\\x01\\x00\\x00\\x00L\\x00\\x00\\x00mscorlib, Version=4.0.0.0, Culture=neutral, PublicKe"
              },
              {
                "name": "Length",
                "value": "864"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "policy.4.0.System.Security__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Security__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Security\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Security.dll"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Security\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Security.dll"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.4.0.System.Core__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Core__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "policy.4.0.System.Core__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Core__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-03-05 10:24:05,275",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-03-05 10:24:05,291",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fb7e40",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x78fae5f6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ad0c"
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-03-05 10:24:05,291",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-03-05 10:24:05,291",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll.aux"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-03-05 10:24:05,291",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll.aux"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll.aux"
              },
              {
                "name": "Buffer",
                "value": "\\x05\\x00\\x00\\x00|\\x03\\x00\\x00\\x0b\\x00\\x00\\x00\\xa4\\x00\\x00\\x00\r\\x00\\x00\\x00P\\x00\\x00\\x00System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x00\\xcc\\x07\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x11\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x80\\xa8\\xf4Q/\\xc3\\xd8\\x01\\x0f\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x18\\xab\\x17\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\t\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc6\\x8a\\xc3\\x07\\x83\\xda\\x88D\\x8a\\x1d\\x0f{\\xfd\\xe8|f\\x04\\x00\\x00\\x00l\\x00\\x00\\x00\\x01\\x00\\x00\\x00L\\x00\\x00\\x00mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b"
              },
              {
                "name": "Length",
                "value": "900"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.4.0.System.Numerics__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Numerics__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "policy.4.0.System.Numerics__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Numerics__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Numerics\\v4.0_4.0.0.0__b77a5c561934e089\\System.Numerics.dll"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091eb0"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-03-05 10:24:05,322",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Numerics\\v4.0_4.0.0.0__b77a5c561934e089\\System.Numerics.dll"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni"
              },
              {
                "name": "DllBase",
                "value": "0x6fa10000"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fa10000"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x6fa10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni"
              },
              {
                "name": "DllBase",
                "value": "0x70d90000"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d90000"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x70d90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-03-05 10:24:05,337",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-03-05 10:24:05,353",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-03-05 10:24:05,353",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-03-05 10:24:05,353",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092e80"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acea30"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessTokenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77930000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a2df0"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "206"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093330"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 1,
            "id": 2243
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093140"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-03-05 10:24:05,369",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093390"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-03-05 10:24:05,681",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "crypto",
            "api": "CryptGenRandom",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\?\\x99E\\xc95\\xb1\\x06"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-03-05 10:24:05,728",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093360"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-03-05 10:24:05,728",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x90\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\x8c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-03-05 10:24:05,728",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "ReadFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760934c0"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-03-05 10:24:05,728",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05a22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "oup name=\"system.runtime.caching\" type=\"System.Runtime.Caching.Configuration.CachingSectionGroup, System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\">\r\n            <section name=\"memoryCache\" type=\"System.Runtime.Cach"
              },
              {
                "name": "Length",
                "value": "24576"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02ccb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05a32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "ral, PublicKeyToken=31bf3856ad364e35\"/>\r\n                <add name=\"context\" type=\"System.ServiceModel.Configuration.ContextBindingElementExtensionElement, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n         "
              },
              {
                "name": "Length",
                "value": "7310"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-03-05 10:24:05,744",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe.config"
              }
            ],
            "repeated": 1,
            "id": 2265
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ws2_32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x758e0000"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x758e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ws2_32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758e9cc0"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "WSAStartup",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "VersionRequested",
                "value": "0x00000202"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "WSASocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "WSASocketW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758ecbc0"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758ef070"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAEventSelect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758ec860"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "ioctlsocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758f2520"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "closesocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758eea60"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-03-05 10:24:05,759",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\mswsock"
              },
              {
                "name": "DllBase",
                "value": "0x742b0000"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mswsock.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x742b0000"
              }
            ],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000504",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "2",
                "pretty_value": "SOCK_DGRAM"
              },
              {
                "name": "protocol",
                "value": "0"
              },
              {
                "name": "socket",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "setsockopt",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mswsock.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x742b0000"
              }
            ],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000504",
            "arguments": [
              {
                "name": "af",
                "value": "23",
                "pretty_value": "AF_INET6"
              },
              {
                "name": "type",
                "value": "2",
                "pretty_value": "SOCK_DGRAM"
              },
              {
                "name": "protocol",
                "value": "0"
              },
              {
                "name": "socket",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "setsockopt",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-03-05 10:24:05,884",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-03-05 10:24:05,962",
            "thread_id": "5380",
            "caller": "0x07d805dc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000504",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-03-05 10:24:05,962",
            "thread_id": "5380",
            "caller": "0x07d80596",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758ef070"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-03-05 10:24:05,962",
            "thread_id": "5380",
            "caller": "0x07d80596",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00001002"
              },
              {
                "name": "optval",
                "value": "\\x00\\xd0\\x07\\x00"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-03-05 10:24:05,962",
            "thread_id": "5380",
            "caller": "0x07d80724",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00001001"
              },
              {
                "name": "optval",
                "value": "\\x00\\xd0\\x07\\x00"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-03-05 10:24:05,962",
            "thread_id": "5380",
            "caller": "0x07d806cc",
            "parentcaller": "0x04569cf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAConnect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75916c80"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-03-05 10:24:06,009",
            "thread_id": "5380",
            "caller": "0x07d806cc",
            "parentcaller": "0x04569cf1",
            "category": "network",
            "api": "WSAConnect",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "ip",
                "value": "89.23.103.60"
              },
              {
                "name": "port",
                "value": "7001"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-03-05 10:24:06,041",
            "thread_id": "5380",
            "caller": "0x04569b6a",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00001006"
              },
              {
                "name": "optval",
                "value": "\\xe0\\x93\\x04\\x00"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-03-05 10:24:06,041",
            "thread_id": "5380",
            "caller": "0x045699af",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00001005"
              },
              {
                "name": "optval",
                "value": "\\xe0\\x93\\x04\\x00"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-03-05 10:24:06,166",
            "thread_id": "5380",
            "caller": "0x04569f33",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "getpeername"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758f3200"
              }
            ],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InstallationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace8e0"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InstallationType"
              },
              {
                "name": "Data",
                "value": "Client"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-03-05 10:24:06,244",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "HWRPortReuseOnSocketBind"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\HWRPortReuseOnSocketBind"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092e90"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessIdW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "LookupPrivilegeValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "LookupPrivilegeValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75aca000"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-03-05 10:24:06,259",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LookupPrivilegeValueW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "SystemName",
                "value": ""
              },
              {
                "name": "PrivilegeName",
                "value": "SeDebugPrivilege"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092e80"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acea30"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessTokenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000020"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustTokenPrivileges"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acfe40"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustTokenPrivilegesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092ee0"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090630"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-03-05 10:24:06,275",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\psapi"
              },
              {
                "name": "DllBase",
                "value": "0x75f20000"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "psapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f20000"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75f20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "psapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "EnumProcessModules"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f213a0"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "EnumProcessModulesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2c28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd80\\xef\\x00\\x10-\\xef\\x00\\xe00\\xef\\x00\\x18-\\xef\\x00@6\\xef\\x00\\x9c]\\xa5w\\x00\\x00\\x93w\\x00\\x00\\x00\\x00\\x00@\\x1a\\x00:\\x00<\\x008+\\xef\\x00\\x12\\x00\\x14\\x00\\x18\\x84\\x93w\\xc4\\xaa\\x00\\x00\\xff\\xff\\x00\\x00\\xf4\\xf4\\xf1\\x00 \\\\xa5w\\x06\\x01\\x04\\x10"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef30d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc02\\xef\\x00(,\\xef\\x00\\xc82\\xef\\x000,\\xef\\x00\\x08B\\xef\\x00\\xd02\\xef\\x00\\x00\\x00\\xc9s\\x00\\xf1\\xcbs\\x00 \\x05\\x00>\\x00@\\x00\\xc01\\xef\\x00\\x16\\x00\\x18\\x00\\xe81\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00$\\xf0\\xf1\\x000\\\\xa5w\\x9b\\xa3\\xe7\\xe5"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef32c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "06\\xef\\x00\\xd80\\xef\\x0086\\xef\\x00\\xe00\\xef\\x00\\xe80\\xef\\x00@6\\xef\\x00\\x00\\x00\\x07v@\\xf6\\x08v\\x00\\x00\\x0f\\x00@\\x00B\\x00\\xa83\\xef\\x00\\x18\\x00\\x1a\\x00\\xd03\\xef\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xf7\\xf1\\x00\\x10\\\\xa5wagV "
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef3630"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8A\\xef\\x00\\xc02\\xef\\x00\\x00B\\xef\\x00\\xc82\\xef\\x00\\xd02\\xef\\x008,\\xef\\x00\\x00\\x00\\xb3u@s\\xc4u\\x00\\x90!\\x00D\\x00F\\x00\\x187\\xef\\x00\\x1c\\x00\\x1e\\x00@7\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xa0[\\xa5w\\xa0[\\xa5w\\\\x0e\\xd2\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef41f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\x11\\xf0\\x0006\\xef\\x00@\\x11\\xf0\\x0086\\xef\\x00\\xb0J\\xf0\\x00\\xe80\\xef\\x00\\x00\\x00\\xbatp\\x88\\xbdt\\x00\\xf0\t\\x00>\\x00@\\x00\\xe0B\\xef\\x00\\x16\\x00\\x18\\x00\\x08C\\xef\\x00\\xcc\\xab\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xec\\xf1\\x00@\\\\xa5w\\x1c;a\\x1a"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f01138"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0J\\xf0\\x00\\xf8A\\xef\\x00\\xa8J\\xf0\\x00\\x00B\\xef\\x00\\xc0!\\xf0\\x00\\xb0J\\xf0\\x00\\x00\\x00\\xf7upP\\xfcu\\x00\\xa0\\x0f\\x00>\\x00@\\x00 \\x12\\xf0\\x00\\x16\\x00\\x18\\x00H\\x12\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xec!\\xf0\\x00\\x98[\\xa5w\\x95\\x03]\\x1d"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04aa0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0L\\xf0\\x008\\x11\\xf0\\x00\\xa8L\\xf0\\x00@\\x11\\xf0\\x00H\\x11\\xf0\\x00\\x08B\\xef\\x00\\x00\\x00\"w0\\xba$w\\x00\\x00\\x12\\x00@\\x00B\\x00PK\\xf0\\x00\\x18\\x00\\x1a\\x00xK\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x04\\xec\\xf1\\x008\\\\xa5w\\xa2\\x99\\xdc\\x82"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04ca0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0!\\xf0\\x00\\xa0J\\xf0\\x00\\xb8!\\xf0\\x00\\xa8J\\xf0\\x00\\xb0g\\xf0\\x00\\xc0!\\xf0\\x00\\x00\\x00\\x8eu@K\\x8eu\\x000\\x06\\x00<\\x00>\\x00\\x88M\\xf0\\x00\\x14\\x00\\x16\\x00\\xb0M\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xbcc\\xf0\\x00L-\\xef\\x00!\t\\xac\\xf9"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f021b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0#\\xf0\\x00\\xa0L\\xf0\\x00\\xf8#\\xf0\\x00\\xa8L\\xf0\\x00\\xb0L\\xf0\\x00H\\x11\\xf0\\x00\\x00\\x00\\x8ev0\\xbf\\x91v\\x00\\xe0\\x0b\\x00<\\x00>\\x00\\x98\"\\xf0\\x00\\x14\\x00\\x16\\x00\\xc0\"\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xe4\\xf2\\xf1\\x00t\\x11\\xf0\\x00\\xb6\\xa0\\xb4\\x11"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f023f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0g\\xf0\\x00\\xb0!\\xf0\\x00\\xa8g\\xf0\\x00\\xb8!\\xf0\\x00\\x90c\\xf0\\x00\\x80a\\xf0\\x00\\x00\\x00\\x9cv\\x90\\xc9\\x9fv\\x00\\xb0\\x19\\x00<\\x00>\\x00\\xd8$\\xf0\\x00\\x14\\x00\\x16\\x00\\x00%\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x80[\\xa5w\\x80[\\xa5w-\\xec\\xfb?"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f067a0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pa\\xf0\\x00\\xf0#\\xf0\\x00xa\\xf0\\x00\\xf8#\\xf0\\x00 k\\xf0\\x00\\xb0L\\xf0\\x00\\x00\\x00Sw\\x00\\x00\\x00\\x00\\x00\\x80\\x01\\x00<\\x00>\\x00\\xa8n\\xf0\\x00\\x14\\x00\\x16\\x00\\xd0n\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x1ce\\xf0\\x00\\x00\\\\xa5wh\\x97\\xcfU"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06170"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe0d\\xf0\\x00\\xa0g\\xf0\\x00\\xe8d\\xf0\\x00\\xa8g\\xf0\\x00\\x00$\\xf0\\x00\\xf0d\\xf0\\x00\\x00\\x00\\x16vps\\x16v\\x000\\x02\\x00:\\x00<\\x00\\x90/\\xf0\\x00\\x12\\x00\\x14\\x00\\xb8/\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xa4\\xea\\xf1\\x00\\x88[\\xa5w\\xd1\t\\xb0*"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f064e0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10k\\xf0\\x00pa\\xf0\\x00\\x18k\\xf0\\x00xa\\xf0\\x00\\x80a\\xf0\\x00 k\\xf0\\x00\\x00\\x00:w@\\x02@w\\x00\\xd0\r\\x00B\\x00D\\x00()\\xf0\\x00\\x1a\\x00\\x1c\\x00P)\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00Lk\\xf0\\x00\\xdcg\\xf0\\x00\\xd4\r\\x89+"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06b10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "Ph\\xf0\\x00\\xe0d\\xf0\\x00Xh\\xf0\\x00\\xe8d\\xf0\\x00\\xf0d\\xf0\\x00\\xb0g\\xf0\\x00\\x00\\x00Xw\\x00xYw\\x00\\xb0\\x07\\x00B\\x00D\\x000*\\xf0\\x00\\x1a\\x00\\x1c\\x00X*\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00|f\\xf0\\x00\\x1ce\\xf0\\x00RDR\\xfd"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06850"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0^\\xf0\\x00\\x10k\\xf0\\x00\\xb8^\\xf0\\x00\\x18k\\xf0\\x00pj\\xf0\\x00p_\\xf0\\x00\\x00\\x00\\xabu\\x10\"\\xacu\\x00\\xb0\\x07\\x00@\\x00B\\x00(8\\xf0\\x00\\x18\\x00\\x1a\\x00P8\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00`\\\\xa5w`\\\\xa5wL\\x9dxd"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05eb0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`_\\xf0\\x00Ph\\xf0\\x00h_\\xf0\\x00Xh\\xf0\\x00p_\\xf0\\x00\\x90c\\xf0\\x00\\x00\\x00aw\\xc0Zdw\\x00\\xf0\\x0b\\x00<\\x00>\\x0005\\xf0\\x00\\x14\\x00\\x16\\x00X5\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xff\\x04\\x02\\xf2\\x00\\xd8[\\xa5wPzV\\x7f"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05f60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc0`\\xf0\\x00\\xb0^\\xf0\\x00\\xc8`\\xf0\\x00\\xb8^\\xf0\\x00`h\\xf0\\x00\\xc0^\\xf0\\x00\\x00\\x00\\x86u \r\\x88u\\x00`\\x07\\x00>\\x00@\\x00x5\\xf0\\x00\\x16\\x00\\x18\\x00\\xa05\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf8[\\xa5w\\xf8[\\xa5wH\\xf4\\xe6L"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f060c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`j\\xf0\\x00`_\\xf0\\x00hj\\xf0\\x00h_\\xf0\\x00 `\\xf0\\x00pj\\xf0\\x00\\x00\\x00\\xe3u\\xf0\\xc8\\xe5u\\x000\\x0e\\x00:\\x00<\\x00\\xa04\\xf0\\x00\\x12\\x00\\x14\\x00\\xc84\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\m\\xf0\\x00h\\\\xa5w/\\xad(S"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06a60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10`\\xf0\\x00\\xc0`\\xf0\\x00\\x18`\\xf0\\x00\\xc8`\\xf0\\x00\\xd0`\\xf0\\x00`h\\xf0\\x00\\x00\\x00fv\\xe0\\xbayv\\x00\\x00(\\x00>\\x00@\\x00\\xc05\\xf0\\x00\\x16\\x00\\x18\\x00\\xe85\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xf4\\xe9\\xf1\\x00\\xc0[\\xa5w\\xdbc}("
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06010"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "@f\\xf0\\x00`j\\xf0\\x00Hf\\xf0\\x00hj\\xf0\\x00Pf\\xf0\\x00\\xd0`\\xf0\\x00\\x00\\x00\\xb6v\\xd0\\\\xb9v\\x00`\t\\x00@\\x00B\\x00`x\\xf0\\x00\\x18\\x00\\x1a\\x00\\x88x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xd4\\xfb\\xf1\\x00\\xe8[\\xa5w[\r\\x8f\\xfc"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06640"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pl\\xf0\\x00\\x10`\\xf0\\x00xl\\xf0\\x00\\x18`\\xf0\\x00\\x80l\\xf0\\x00 `\\xf0\\x00\\x00\\x00Nw\\x90xOw\\x00P\\x04\\x00>\\x00@\\x00\\x086\\xf0\\x00\\x16\\x00\\x18\\x0006\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xc4\\xee\\xf1\\x00Lk\\xf0\\x00?\\xc0\\xc7:"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06c70"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x80c\\xf0\\x00@f\\xf0\\x00\\x88c\\xf0\\x00Hf\\xf0\\x00\\x10i\\xf0\\x00Pf\\xf0\\x00\\x00\\x00\\x90w\\xe0\\x93\\x90w\\x00\\x90\\x01\\x00<\\x00>\\x00P6\\xf0\\x00\\x14\\x00\\x16\\x00x6\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00d\\xed\\xf1\\x00\\x90[\\xa5w\\xd4;0\\x90"
              }
            ],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06380"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00i\\xf0\\x00pl\\xf0\\x00\\x08i\\xf0\\x00xl\\xf0\\x00\\xc0^\\xf0\\x00\\x00$\\xf0\\x00\\x00\\x00Uw\\x10DUw\\x00P\\x02\\x00:\\x00<\\x00 0\\xf0\\x00\\x12\\x00\\x14\\x00H0\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00p\\\\xa5w\\xdcL\\xf0\\x00Ej\\x049"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06900"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": " m\\xf0\\x00\\x80c\\xf0\\x00(m\\xf0\\x00\\x88c\\xf0\\x000m\\xf0\\x00\\x80l\\xf0\\x00\\x00\\x00\\xb9t`*\\xb9t\\x00\\xa0\\x00\\x00B\\x00D\\x00h:\\xf1\\x00\\x1a\\x00\\x1c\\x00\\x90:\\xf1\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xf3\\xf1\\x00(\\\\xa5w\\xec\\x82\\x8d\\xc7"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06d20"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0f\\xf0\\x00\\x00i\\xf0\\x00\\xf8f\\xf0\\x00\\x08i\\xf0\\x00\\x00g\\xf0\\x00\\x10i\\xf0\\x00\\x00\\x00\\xc4t\\xd0\\xca\\xc4t\\x00\\x10\\x02\\x00>\\x00@\\x00pZ\\xf1\\x00\\x16\\x00\\x18\\x00\\x98Z\\xf1\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x14\\xf9\\xf1\\x00\\xfc`\\xf0\\x00\\xb5kb\\x98"
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f066f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00^\\xf0\\x00 m\\xf0\\x00\\x08^\\xf0\\x00(m\\xf0\\x00\\x10^\\xf0\\x000m\\xf0\\x00\\x00\\x00\\x8bsp(\\x8cs\\x00\\xd0\\x08\\x00t\\x00v\\x00\\xd0w\\xf0\\x00\\x18\\x00\\x1a\\x00,x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00ld\\xf0\\x00x\\\\xa5w\\xf2\\x1d}^"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05e00"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0i\\xf0\\x00\\xf0f\\xf0\\x00\\xb8i\\xf0\\x00\\xf8f\\xf0\\x00\\xc0i\\xf0\\x00\\x00g\\xf0\\x00\\x00\\x00\\xd4t\\xe0G\\xd4t\\x00\\xf0\\x00\\x00L\\x00N\\x00\\xb8\\x02\\xf0\\x00$\\x00&\\x00\\xe0\\x02\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xa4\\xf5\\xf1\\x00\\xa8[\\xa5wU\\xebI="
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f069b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "0d\\xf0\\x00\\x00^\\xf0\\x008d\\xf0\\x00\\x08^\\xf0\\x00x\\xf5\\xf1\\x00\\x10^\\xf0\\x00\\x00\\x00\\xf5t\\x00\\x18\\xf5t\\x00\\x80\\x00\\x00>\\x00@\\x00\\x88]\\xf1\\x00\\x16\\x00\\x18\\x00\\xb0]\\xf1\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\x84\\xf1\\xf1\\x00\\xf0[\\xa5w\\xa6P\\x89\\xa8"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06430"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x90e\\xf0\\x00\\xb0i\\xf0\\x00\\x98e\\xf0\\x00\\xb8i\\xf0\\x00(\\xeb\\xf1\\x00\\xa0e\\xf0\\x00\\x00\\x00\\x06sP0\\x08s\\x00\\x80\\x84\\x00j\\x00l\\x00 !\\xf0\\x00\\x0e\\x00\\x10\\x00|!\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xffx\\\\xa5w,g\\xf0\\x00\\x8c\\xf4Lb"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06590"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xf5\\xf1\\x000d\\xf0\\x00p\\xf5\\xf1\\x008d\\xf0\\x00@d\\xf0\\x00x\\xf5\\xf1\\x00\\x00\\x00\\xc7s\\x00\\xac\\xc7s\\x00@\\x01\\x00X\\x00Z\\x00\\x80#\\xf0\\x000\\x002\\x00\\xa8#\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00T\\xf6\\xf1\\x00\\xb0[\\xa5w\\xe5\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f568"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xeb\\xf1\\x00\\x90e\\xf0\\x00 \\xeb\\xf1\\x00\\x98e\\xf0\\x00\\xa0e\\xf0\\x00\\xc0i\\xf0\\x00\\x00\\x00\\xfbr _\\x04s\\x00\\xb0\n\\x00P\\x00R\\x00\\x08\\x08\\xf0\\x00(\\x00*\\x000\\x08\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xe8\\xf1\\x00<^\\xf0\\x00\\xe1\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1eb18"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xf1\\xf1\\x00h\\xf5\\xf1\\x00P\\xf1\\xf1\\x00p\\xf5\\xf1\\x00X\\xf1\\xf1\\x00@d\\xf0\\x00\\x00\\x00\\xbaq\\x00\\x00\\x00\\x00\\x00\\xe0@\\x01\\xd0\\x00\\xd2\\x00H\\xf4\\xf4\\x00\\x1e\\x00 \\x00\\xfa\\xf4\\xf4\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00P\\\\xa5wP\\\\xa5w\\x15\\xf3Lb"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f148"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(\\xed\\xf1\\x00\\x18\\xeb\\xf1\\x000\\xed\\xf1\\x00 \\xeb\\xf1\\x008\\xed\\xf1\\x00(\\xeb\\xf1\\x00\\x00\\x00\\xc0v\\xc06\\xc3v\\x00\\xf0\\x05\\x00P\\x00R\\x00X\\x14\\xf5\\x00(\\x00*\\x00\\x80\\x14\\xf5\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf0[\\xa5w\\xeci\\xf0\\x00\\xf6\\x13\\xd6\\x9d"
              }
            ],
            "repeated": 0,
            "id": 2377
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ed28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xe8\\xf1\\x00H\\xf1\\xf1\\x00`\\xe8\\xf1\\x00P\\xf1\\xf1\\x00h\\xe8\\xf1\\x00X\\xf1\\xf1\\x00\\x00\\x00\\xb1qP\\x11\\xb1q\\x00\\xa0\\x08\\x00p\\x00r\\x00X\\xb8\\xf6\\x00\\x14\\x00\\x16\\x00\\xb4\\xb8\\xf6\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x90[\\xa5w\\xacl\\xf0\\x00\\xe8\\xf2Lb"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e858"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xf6\\xf1\\x00(\\xed\\xf1\\x00 \\xf6\\xf1\\x000\\xed\\xf1\\x00\\xd8\\xeb\\xf1\\x008\\xed\\xf1\\x00\\x00\\x00\\xc6v\\x80\\xbf\\xddv\\x00P[\\x00>\\x00@\\x00 (\\xf7\\x00\\x16\\x00\\x18\\x00H(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xa8[\\xa5w\\xa4\\xf5\\xf1\\x00W\\xa3_3"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f618"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xeb\\xf1\\x00X\\xe8\\xf1\\x00\\xd0\\xeb\\xf1\\x00`\\xe8\\xf1\\x00\\x08\\xe7\\xf1\\x00\\xd8\\xeb\\xf1\\x00\\x00\\x00\\x1fu \\xb9<u\\x00\\xd0`\\x00N\\x00P\\x00X\\x01\\xf0\\x00&\\x00(\\x00\\x80\\x01\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xb0[\\xa5w\\xcce\\xf0\\x00\\x1a\\xa5Dl"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ebc8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xe6\\xf1\\x00\\x18\\xf6\\xf1\\x00\\x00\\xe7\\xf1\\x00 \\xf6\\xf1\\x00(\\xf6\\xf1\\x00h\\xe8\\xf1\\x00\\x00\\x00\\x1cu\\xd0\\x8b\\x1cu\\x00p\\x02\\x008\\x00:\\x00\\xb0(\\xf7\\x00\\x10\\x00\\x12\\x00\\xd8(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xc4\\xf9\\xf1\\x00\\xdcJ\\xf0\\x00\\xfaOW\\xc0"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e6f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xf9\\xf1\\x00\\xc8\\xeb\\xf1\\x00\\x90\\xf9\\xf1\\x00\\xd0\\xeb\\xf1\\x00\\x98\\xf9\\xf1\\x00(\\xf6\\xf1\\x00\\x00\\x00\\x19v\\x80$\\x1dv\\x00p\\x08\\x00<\\x00>\\x00\\xd0)\\xf7\\x00\\x14\\x00\\x16\\x00\\xf8)\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x84\\xe6\\xf1\\x00\\xd0[\\xa5w\\x96\\x11\\xa0S"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f988"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xea\\xf1\\x00\\xf8\\xe6\\xf1\\x00p\\xea\\xf1\\x00\\x00\\xe7\\xf1\\x00x\\xea\\xf1\\x00\\x08\\xe7\\xf1\\x00\\x00\\x00\\xd5tP\\xa2\\xd5t\\x00\\x80\\x01\\x00>\\x00@\\x00\\xd0 \\xf7\\x00\\x16\\x00\\x18\\x00\\xf8 \\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x008\\\\xa5w\\x04\\xec\\xf1\\x00\\xa7= \\x1c"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ea68"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xf3\\xf1\\x00\\x88\\xf9\\xf1\\x00`\\xf3\\xf1\\x00\\x90\\xf9\\xf1\\x00h\\xf3\\xf1\\x00\\x98\\xf9\\xf1\\x00\\x00\\x00\\xd7t0]\\xd7t\\x000\\x01\\x00>\\x00@\\x00\\x90\\x1e\\xf7\\x00\\x16\\x00\\x18\\x00\\xb8\\x1e\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe4\\xe7\\xf1\\x00\\xaca\\xf0\\x00Sq\\xe7:"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f358"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xee\\xf1\\x00h\\xea\\xf1\\x00\\x90\\xee\\xf1\\x00p\\xea\\xf1\\x00\\x98\\xee\\xf1\\x00x\\xea\\xf1\\x00\\x00\\x00pt0\\xcbpt\\x00\\xf0\\x02\\x00<\\x00>\\x00\\xb8\\x1d\\xf7\\x00\\x14\\x00\\x16\\x00\\xe0\\x1d\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00(\\\\xa5w<i\\xf0\\x00[\\x1d\\x7f\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ee88"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "x\\xec\\xf1\\x00X\\xf3\\xf1\\x00\\x80\\xec\\xf1\\x00`\\xf3\\xf1\\x00\\x88\\xec\\xf1\\x00h\\xf3\\xf1\\x00\\x00\\x00\\xf7p\\x00\\x00\\x00\\x00\\x00`\\xa5\\x00\\xc8\\x00\\xca\\x00 o\\xf7\\x00\\x1a\\x00\\x1c\\x00\\xceo\\xf7\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\x00\\\\xa5w|f\\xf0\\x00;(\\xa1b"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ec78"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x08\\xf4\\xf1\\x00\\x88\\xee\\xf1\\x00\\x10\\xf4\\xf1\\x00\\x90\\xee\\xf1\\x00\\x18\\xf4\\xf1\\x00\\x98\\xee\\xf1\\x00\\x00\\x00\\xadp\\x00\\xed\\xadp\\x00\\x90\\x01\\x008\\x00:\\x00H\\x1e\\xf7\\x00\\x10\\x00\\x12\\x00p\\x1e\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00@\\\\xa5w4B\\xef\\x00@\\xcb]\\xdb"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f408"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xf6\\xf1\\x00x\\xec\\xf1\\x00\\xd0\\xf6\\xf1\\x00\\x80\\xec\\xf1\\x00\\xd8\\xf6\\xf1\\x00\\x88\\xec\\xf1\\x00\\x00\\x00-p\\x00\\x00\\x00\\x00\\x00@w\\x00\\xd8\\x00\\xda\\x00`\\xbc\\xf7\\x00\"\\x00$\\x00\\x16\\xbd\\xf7\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\xb8[\\xa5w\\xb8[\\xa5w.>\\xda]"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f6c8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "x\\xf7\\xf1\\x00\\x08\\xf4\\xf1\\x00\\x80\\xf7\\xf1\\x00\\x10\\xf4\\xf1\\x00\\x88\\xf7\\xf1\\x00\\x18\\xf4\\xf1\\x00\\x00\\x00#p\\x90V#p\\x00\\xe0\\x00\\x00<\\x00>\\x00`\\x07\\xf8\\x00\\x14\\x00\\x16\\x00\\x88\\x07\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x08\\\\xa5w\\x08\\\\xa5w\\xad\\x96!v"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f778"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xe6\\xf1\\x00\\xc8\\xf6\\xf1\\x00P\\xe6\\xf1\\x00\\xd0\\xf6\\xf1\\x00X\\xe6\\xf1\\x00\\xd8\\xf6\\xf1\\x00\\x00\\x00\\xc4s\\xe0\\x98\\xc4s\\x00\\x10\\x02\\x00|\\x00~\\x00(E\\xf8\\x00 \\x00\"\\x00\\x84E\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x10\\\\xa5w\\xfc2\\xef\\x00\\xb3=\\xda]"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e648"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xf4\\xf1\\x00x\\xf7\\xf1\\x00\\xc0\\xf4\\xf1\\x00\\x80\\xf7\\xf1\\x00\\xf8\\xef\\xf1\\x00\\x88\\xf7\\xf1\\x00\\x00\\x00\\x9euP\\xbd\\xa4u\\x00\\xe0\\x07\\x00>\\x00@\\x00\\xe8\\x00\\xf8\\x00\\x16\\x00\\x18\\x00\\x10\\x01\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xd0[\\xa5w4\\xe7\\xf1\\x003\\x947\\x93"
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f4b8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe8\\xef\\xf1\\x00H\\xe6\\xf1\\x00\\xf0\\xef\\xf1\\x00P\\xe6\\xf1\\x00\\x08\\xf2\\xf1\\x00\\xf8\\xef\\xf1\\x00\\x00\\x00\\xafq\\xa0\\xa8\\xafq\\x00\\xd0\\x01\\x00J\\x00L\\x008\\x8c\\xf6\\x00\\x18\\x00\\x1a\\x00j\\x8c\\xf6\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x004\\xf2\\xf1\\x00d,\\xef\\x00\\x0b\\x14\\xe0\\xdc"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1efe8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xf1\\xf1\\x00\\xb8\\xf4\\xf1\\x00\\x00\\xf2\\xf1\\x00\\xc0\\xf4\\xf1\\x00\\xc8\\xf4\\xf1\\x00X\\xe6\\xf1\\x00\\x00\\x00\\xa8q\\xb0\\xd1\\xa9q\\x00\\x00\\x07\\x00@\\x00B\\x00\\x08?\\xf4\\x00\\x18\\x00\\x1a\\x000?\\xf4\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x000\\\\xa5w\\x141\\xef\\x00\\x91kS\\x98"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f1f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa8\\xf2\\xf1\\x00\\xe8\\xef\\xf1\\x00\\xb0\\xf2\\xf1\\x00\\xf0\\xef\\xf1\\x00\\xb8\\xf2\\xf1\\x00\\xc8\\xf4\\xf1\\x00\\x00\\x00\\xa7qP5\\xa7q\\x00\\xd0\\x00\\x00J\\x00L\\x00\\x00\\x90\\xf6\\x00\\x18\\x00\\x1a\\x002\\x90\\xf6\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00 \\\\xa5w\\xf4\\xf4\\xf1\\x000\\x08\"\\xcc"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f2a8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd8\\xf8\\xf1\\x00\\xf8\\xf1\\xf1\\x00\\xe0\\xf8\\xf1\\x00\\x00\\xf2\\xf1\\x00\\xe8\\xf8\\xf1\\x00\\x08\\xf2\\xf1\\x00\\x00\\x00\\xa6q\\xe0\\x90\\xa6q\\x00\\x00\\x01\\x00H\\x00J\\x00h\\x8e\\xfa\\x00\\x16\\x00\\x18\\x00\\x9a\\x8e\\xfa\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00t\\xfa\\xf1\\x00\\xec!\\xf0\\x00`\t\\x95U"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f8d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\xfa\\xf1\\x00\\xa8\\xf2\\xf1\\x00@\\xfa\\xf1\\x00\\xb0\\xf2\\xf1\\x00H\\xfa\\xf1\\x00\\xb8\\xf2\\xf1\\x00\\x00\\x00\\xeap\\x90C\\xedp\\x00\\x90\\x0c\\x00J\\x00L\\x00\\xa0\\x8a\\xfa\\x00\\x18\\x00\\x1a\\x00\\xd2\\x8a\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00h\\\\xa5w\\m\\xf0\\x00\\xfb\\x1f\\x83\\x84"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1fa38"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa8\\xe7\\xf1\\x00\\xd8\\xf8\\xf1\\x00\\xb0\\xe7\\xf1\\x00\\xe0\\xf8\\xf1\\x00\\xb8\\xe7\\xf1\\x00\\xe8\\xf8\\xf1\\x00\\x00\\x00\\xa5q \\x18\\xa5q\\x00\\xa0\\x00\\x00>\\x00@\\x00H-\\xfa\\x00\\x16\\x00\\x18\\x00p-\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x98[\\xa5w\\xe4\\xf2\\xf1\\x00\\x8b\\xb6\\xc0\\xae"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e7a8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xe9\\xf1\\x008\\xfa\\xf1\\x00\\xc0\\xe9\\xf1\\x00@\\xfa\\xf1\\x00\\xc8\\xe9\\xf1\\x00H\\xfa\\xf1\\x00\\x00\\x00\\xa1o\\x00\\x00\\x00\\x00\\x00\\x80\\x81\\x00\\xdc\\x00\\xde\\x00P\\xf9\\xfa\\x00$\\x00&\\x00\\x08\\xfa\\xfa\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\x88[\\xa5w\\xa4\\xea\\xf1\\x00#(\\xa1b"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e9b8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\x01\\xf2\\x00\\xa8\\xe7\\xf1\\x00\\xd0\\x01\\xf2\\x00\\xb0\\xe7\\xf1\\x00\\xd8\\x01\\xf2\\x00\\xb8\\xe7\\xf1\\x00\\x00\\x00\\xd9p\\x00\\x00\\x00\\x00\\x00`\\x10\\x00\\x00\\x01\\x02\\x01\\x98\\xb3\\xf6\\x006\\x008\\x00b\\xb4\\xf6\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\xc0[\\xa5w\\x9cj\\xf0\\x00\\xdc\\xc0\\xd9^"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f201c8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x98\\xfb\\xf1\\x00\\xb8\\xe9\\xf1\\x00\\xa0\\xfb\\xf1\\x00\\xc0\\xe9\\xf1\\x00\\xa8\\xfb\\xf1\\x00\\xc8\\xe9\\xf1\\x00\\x00\\x00+t\\xa0\\xa0+t\\x00 \\x05\\x00>\\x00@\\x00\\xd0/\\xfa\\x00\\x16\\x00\\x18\\x00\\xf8/\\xfa\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xd8[\\xa5w\\xec^\\xf0\\x00'\\xcb)\\xde"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1fb98"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x8c]\\xa5w\\xc8\\x01\\xf2\\x00\\x94]\\xa5w\\xd0\\x01\\xf2\\x00\\x9c]\\xa5w\\xd8\\x01\\xf2\\x00\\x00\\x00\\xf2u\\xd0\\x14\\xf2u\\x00`\\x00\\x00:\\x00<\\x00 .\\xfa\\x00\\x12\\x00\\x14\\x00H.\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe8[\\xa5wL`\\xf0\\x00\\xcb\\xc2\\xc4\\xfa"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f21440"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleBaseName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleBaseNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f21400"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef1cfa"
              },
              {
                "name": "Size",
                "value": "0x00000032"
              },
              {
                "name": "Buffer",
                "value": "8\\x007\\x000\\x005\\x003\\x00d\\x000\\x00a\\x00d\\x008\\x001\\x00a\\x00c\\x003\\x003\\x006\\x007\\x00e\\x00f\\x005\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileNameEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f20000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileNameExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f21420"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef1cb8"
              },
              {
                "name": "Size",
                "value": "0x00000074"
              },
              {
                "name": "Buffer",
                "value": "C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\\\x008\\x007\\x000\\x005\\x003\\x00d\\x000\\x00a\\x00d\\x008\\x001\\x00a\\x00c\\x003\\x003\\x006\\x007\\x00e\\x00f\\x005\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "UseHttpPipeliningAndBufferPooling"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseHttpPipeliningAndBufferPooling"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2c28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd80\\xef\\x00\\x10-\\xef\\x00\\xe00\\xef\\x00\\x18-\\xef\\x00@6\\xef\\x00\\x9c]\\xa5w\\x00\\x00\\x93w\\x00\\x00\\x00\\x00\\x00@\\x1a\\x00:\\x00<\\x008+\\xef\\x00\\x12\\x00\\x14\\x00\\x18\\x84\\x93w\\xc4\\xaa\\x00\\x00\\xff\\xff\\x00\\x00\\xf4\\xf4\\xf1\\x00 \\\\xa5w\\x06\\x01\\x04\\x10"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef30d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc02\\xef\\x00(,\\xef\\x00\\xc82\\xef\\x000,\\xef\\x00\\x08B\\xef\\x00\\xd02\\xef\\x00\\x00\\x00\\xc9s\\x00\\xf1\\xcbs\\x00 \\x05\\x00>\\x00@\\x00\\xc01\\xef\\x00\\x16\\x00\\x18\\x00\\xe81\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00$\\xf0\\xf1\\x000\\\\xa5w\\x9b\\xa3\\xe7\\xe5"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef32c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "06\\xef\\x00\\xd80\\xef\\x0086\\xef\\x00\\xe00\\xef\\x00\\xe80\\xef\\x00@6\\xef\\x00\\x00\\x00\\x07v@\\xf6\\x08v\\x00\\x00\\x0f\\x00@\\x00B\\x00\\xa83\\xef\\x00\\x18\\x00\\x1a\\x00\\xd03\\xef\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xf7\\xf1\\x00\\x10\\\\xa5wagV "
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef3630"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8A\\xef\\x00\\xc02\\xef\\x00\\x00B\\xef\\x00\\xc82\\xef\\x00\\xd02\\xef\\x008,\\xef\\x00\\x00\\x00\\xb3u@s\\xc4u\\x00\\x90!\\x00D\\x00F\\x00\\x187\\xef\\x00\\x1c\\x00\\x1e\\x00@7\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xa0[\\xa5w\\xa0[\\xa5w\\\\x0e\\xd2\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef41f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\x11\\xf0\\x0006\\xef\\x00@\\x11\\xf0\\x0086\\xef\\x00\\xb0J\\xf0\\x00\\xe80\\xef\\x00\\x00\\x00\\xbatp\\x88\\xbdt\\x00\\xf0\t\\x00>\\x00@\\x00\\xe0B\\xef\\x00\\x16\\x00\\x18\\x00\\x08C\\xef\\x00\\xcc\\xab\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xec\\xf1\\x00@\\\\xa5w\\x1c;a\\x1a"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f01138"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0J\\xf0\\x00\\xf8A\\xef\\x00\\xa8J\\xf0\\x00\\x00B\\xef\\x00\\xc0!\\xf0\\x00\\xb0J\\xf0\\x00\\x00\\x00\\xf7upP\\xfcu\\x00\\xa0\\x0f\\x00>\\x00@\\x00 \\x12\\xf0\\x00\\x16\\x00\\x18\\x00H\\x12\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xec!\\xf0\\x00\\x98[\\xa5w\\x95\\x03]\\x1d"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04aa0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0L\\xf0\\x008\\x11\\xf0\\x00\\xa8L\\xf0\\x00@\\x11\\xf0\\x00H\\x11\\xf0\\x00\\x08B\\xef\\x00\\x00\\x00\"w0\\xba$w\\x00\\x00\\x12\\x00@\\x00B\\x00PK\\xf0\\x00\\x18\\x00\\x1a\\x00xK\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x04\\xec\\xf1\\x008\\\\xa5w\\xa2\\x99\\xdc\\x82"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04ca0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0!\\xf0\\x00\\xa0J\\xf0\\x00\\xb8!\\xf0\\x00\\xa8J\\xf0\\x00\\xb0g\\xf0\\x00\\xc0!\\xf0\\x00\\x00\\x00\\x8eu@K\\x8eu\\x000\\x06\\x00<\\x00>\\x00\\x88M\\xf0\\x00\\x14\\x00\\x16\\x00\\xb0M\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xbcc\\xf0\\x00L-\\xef\\x00!\t\\xac\\xf9"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f021b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0#\\xf0\\x00\\xa0L\\xf0\\x00\\xf8#\\xf0\\x00\\xa8L\\xf0\\x00\\xb0L\\xf0\\x00H\\x11\\xf0\\x00\\x00\\x00\\x8ev0\\xbf\\x91v\\x00\\xe0\\x0b\\x00<\\x00>\\x00\\x98\"\\xf0\\x00\\x14\\x00\\x16\\x00\\xc0\"\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xe4\\xf2\\xf1\\x00t\\x11\\xf0\\x00\\xb6\\xa0\\xb4\\x11"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f023f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0g\\xf0\\x00\\xb0!\\xf0\\x00\\xa8g\\xf0\\x00\\xb8!\\xf0\\x00\\x90c\\xf0\\x00\\x80a\\xf0\\x00\\x00\\x00\\x9cv\\x90\\xc9\\x9fv\\x00\\xb0\\x19\\x00<\\x00>\\x00\\xd8$\\xf0\\x00\\x14\\x00\\x16\\x00\\x00%\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x80[\\xa5w\\x80[\\xa5w-\\xec\\xfb?"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f067a0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pa\\xf0\\x00\\xf0#\\xf0\\x00xa\\xf0\\x00\\xf8#\\xf0\\x00 k\\xf0\\x00\\xb0L\\xf0\\x00\\x00\\x00Sw\\x00\\x00\\x00\\x00\\x00\\x80\\x01\\x00<\\x00>\\x00\\xa8n\\xf0\\x00\\x14\\x00\\x16\\x00\\xd0n\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x1ce\\xf0\\x00\\x00\\\\xa5wh\\x97\\xcfU"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06170"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe0d\\xf0\\x00\\xa0g\\xf0\\x00\\xe8d\\xf0\\x00\\xa8g\\xf0\\x00\\x00$\\xf0\\x00\\xf0d\\xf0\\x00\\x00\\x00\\x16vps\\x16v\\x000\\x02\\x00:\\x00<\\x00\\x90/\\xf0\\x00\\x12\\x00\\x14\\x00\\xb8/\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xa4\\xea\\xf1\\x00\\x88[\\xa5w\\xd1\t\\xb0*"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f064e0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10k\\xf0\\x00pa\\xf0\\x00\\x18k\\xf0\\x00xa\\xf0\\x00\\x80a\\xf0\\x00 k\\xf0\\x00\\x00\\x00:w@\\x02@w\\x00\\xd0\r\\x00B\\x00D\\x00()\\xf0\\x00\\x1a\\x00\\x1c\\x00P)\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00Lk\\xf0\\x00\\xdcg\\xf0\\x00\\xd4\r\\x89+"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06b10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "Ph\\xf0\\x00\\xe0d\\xf0\\x00Xh\\xf0\\x00\\xe8d\\xf0\\x00\\xf0d\\xf0\\x00\\xb0g\\xf0\\x00\\x00\\x00Xw\\x00xYw\\x00\\xb0\\x07\\x00B\\x00D\\x000*\\xf0\\x00\\x1a\\x00\\x1c\\x00X*\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00|f\\xf0\\x00\\x1ce\\xf0\\x00RDR\\xfd"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06850"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0^\\xf0\\x00\\x10k\\xf0\\x00\\xb8^\\xf0\\x00\\x18k\\xf0\\x00pj\\xf0\\x00p_\\xf0\\x00\\x00\\x00\\xabu\\x10\"\\xacu\\x00\\xb0\\x07\\x00@\\x00B\\x00(8\\xf0\\x00\\x18\\x00\\x1a\\x00P8\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00`\\\\xa5w`\\\\xa5wL\\x9dxd"
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05eb0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`_\\xf0\\x00Ph\\xf0\\x00h_\\xf0\\x00Xh\\xf0\\x00p_\\xf0\\x00\\x90c\\xf0\\x00\\x00\\x00aw\\xc0Zdw\\x00\\xf0\\x0b\\x00<\\x00>\\x0005\\xf0\\x00\\x14\\x00\\x16\\x00X5\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xff\\x04\\x02\\xf2\\x00\\xd8[\\xa5wPzV\\x7f"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05f60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc0`\\xf0\\x00\\xb0^\\xf0\\x00\\xc8`\\xf0\\x00\\xb8^\\xf0\\x00`h\\xf0\\x00\\xc0^\\xf0\\x00\\x00\\x00\\x86u \r\\x88u\\x00`\\x07\\x00>\\x00@\\x00x5\\xf0\\x00\\x16\\x00\\x18\\x00\\xa05\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf8[\\xa5w\\xf8[\\xa5wH\\xf4\\xe6L"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f060c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`j\\xf0\\x00`_\\xf0\\x00hj\\xf0\\x00h_\\xf0\\x00 `\\xf0\\x00pj\\xf0\\x00\\x00\\x00\\xe3u\\xf0\\xc8\\xe5u\\x000\\x0e\\x00:\\x00<\\x00\\xa04\\xf0\\x00\\x12\\x00\\x14\\x00\\xc84\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\m\\xf0\\x00h\\\\xa5w/\\xad(S"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06a60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10`\\xf0\\x00\\xc0`\\xf0\\x00\\x18`\\xf0\\x00\\xc8`\\xf0\\x00\\xd0`\\xf0\\x00`h\\xf0\\x00\\x00\\x00fv\\xe0\\xbayv\\x00\\x00(\\x00>\\x00@\\x00\\xc05\\xf0\\x00\\x16\\x00\\x18\\x00\\xe85\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xf4\\xe9\\xf1\\x00\\xc0[\\xa5w\\xdbc}("
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06010"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "@f\\xf0\\x00`j\\xf0\\x00Hf\\xf0\\x00hj\\xf0\\x00Pf\\xf0\\x00\\xd0`\\xf0\\x00\\x00\\x00\\xb6v\\xd0\\\\xb9v\\x00`\t\\x00@\\x00B\\x00`x\\xf0\\x00\\x18\\x00\\x1a\\x00\\x88x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xd4\\xfb\\xf1\\x00\\xe8[\\xa5w[\r\\x8f\\xfc"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06640"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pl\\xf0\\x00\\x10`\\xf0\\x00xl\\xf0\\x00\\x18`\\xf0\\x00\\x80l\\xf0\\x00 `\\xf0\\x00\\x00\\x00Nw\\x90xOw\\x00P\\x04\\x00>\\x00@\\x00\\x086\\xf0\\x00\\x16\\x00\\x18\\x0006\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xc4\\xee\\xf1\\x00Lk\\xf0\\x00?\\xc0\\xc7:"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06c70"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x80c\\xf0\\x00@f\\xf0\\x00\\x88c\\xf0\\x00Hf\\xf0\\x00\\x10i\\xf0\\x00Pf\\xf0\\x00\\x00\\x00\\x90w\\xe0\\x93\\x90w\\x00\\x90\\x01\\x00<\\x00>\\x00P6\\xf0\\x00\\x14\\x00\\x16\\x00x6\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00d\\xed\\xf1\\x00\\x90[\\xa5w\\xd4;0\\x90"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06380"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00i\\xf0\\x00pl\\xf0\\x00\\x08i\\xf0\\x00xl\\xf0\\x00\\xc0^\\xf0\\x00\\x00$\\xf0\\x00\\x00\\x00Uw\\x10DUw\\x00P\\x02\\x00:\\x00<\\x00 0\\xf0\\x00\\x12\\x00\\x14\\x00H0\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00p\\\\xa5w\\xdcL\\xf0\\x00Ej\\x049"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06900"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": " m\\xf0\\x00\\x80c\\xf0\\x00(m\\xf0\\x00\\x88c\\xf0\\x000m\\xf0\\x00\\x80l\\xf0\\x00\\x00\\x00\\xb9t`*\\xb9t\\x00\\xa0\\x00\\x00B\\x00D\\x00h:\\xf1\\x00\\x1a\\x00\\x1c\\x00\\x90:\\xf1\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xf3\\xf1\\x00(\\\\xa5w\\xec\\x82\\x8d\\xc7"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06d20"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0f\\xf0\\x00\\x00i\\xf0\\x00\\xf8f\\xf0\\x00\\x08i\\xf0\\x00\\x00g\\xf0\\x00\\x10i\\xf0\\x00\\x00\\x00\\xc4t\\xd0\\xca\\xc4t\\x00\\x10\\x02\\x00>\\x00@\\x00pZ\\xf1\\x00\\x16\\x00\\x18\\x00\\x98Z\\xf1\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x14\\xf9\\xf1\\x00\\xfc`\\xf0\\x00\\xb5kb\\x98"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f066f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00^\\xf0\\x00 m\\xf0\\x00\\x08^\\xf0\\x00(m\\xf0\\x00\\x10^\\xf0\\x000m\\xf0\\x00\\x00\\x00\\x8bsp(\\x8cs\\x00\\xd0\\x08\\x00t\\x00v\\x00\\xd0w\\xf0\\x00\\x18\\x00\\x1a\\x00,x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00ld\\xf0\\x00x\\\\xa5w\\xf2\\x1d}^"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05e00"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0i\\xf0\\x00\\xf0f\\xf0\\x00\\xb8i\\xf0\\x00\\xf8f\\xf0\\x00\\xc0i\\xf0\\x00\\x00g\\xf0\\x00\\x00\\x00\\xd4t\\xe0G\\xd4t\\x00\\xf0\\x00\\x00L\\x00N\\x00\\xb8\\x02\\xf0\\x00$\\x00&\\x00\\xe0\\x02\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xa4\\xf5\\xf1\\x00\\xa8[\\xa5wU\\xebI="
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f069b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "0d\\xf0\\x00\\x00^\\xf0\\x008d\\xf0\\x00\\x08^\\xf0\\x00x\\xf5\\xf1\\x00\\x10^\\xf0\\x00\\x00\\x00\\xf5t\\x00\\x18\\xf5t\\x00\\x80\\x00\\x00>\\x00@\\x00\\x88]\\xf1\\x00\\x16\\x00\\x18\\x00\\xb0]\\xf1\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\x84\\xf1\\xf1\\x00\\xf0[\\xa5w\\xa6P\\x89\\xa8"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06430"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x90e\\xf0\\x00\\xb0i\\xf0\\x00\\x98e\\xf0\\x00\\xb8i\\xf0\\x00(\\xeb\\xf1\\x00\\xa0e\\xf0\\x00\\x00\\x00\\x06sP0\\x08s\\x00\\x80\\x84\\x00j\\x00l\\x00 !\\xf0\\x00\\x0e\\x00\\x10\\x00|!\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xffx\\\\xa5w,g\\xf0\\x00\\x8c\\xf4Lb"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06590"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xf5\\xf1\\x000d\\xf0\\x00p\\xf5\\xf1\\x008d\\xf0\\x00@d\\xf0\\x00x\\xf5\\xf1\\x00\\x00\\x00\\xc7s\\x00\\xac\\xc7s\\x00@\\x01\\x00X\\x00Z\\x00\\x80#\\xf0\\x000\\x002\\x00\\xa8#\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00T\\xf6\\xf1\\x00\\xb0[\\xa5w\\xe5\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f568"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xeb\\xf1\\x00\\x90e\\xf0\\x00 \\xeb\\xf1\\x00\\x98e\\xf0\\x00\\xa0e\\xf0\\x00\\xc0i\\xf0\\x00\\x00\\x00\\xfbr _\\x04s\\x00\\xb0\n\\x00P\\x00R\\x00\\x08\\x08\\xf0\\x00(\\x00*\\x000\\x08\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xe8\\xf1\\x00<^\\xf0\\x00\\xe1\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1eb18"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xf1\\xf1\\x00h\\xf5\\xf1\\x00P\\xf1\\xf1\\x00p\\xf5\\xf1\\x00X\\xf1\\xf1\\x00@d\\xf0\\x00\\x00\\x00\\xbaq\\x00\\x00\\x00\\x00\\x00\\xe0@\\x01\\xd0\\x00\\xd2\\x00H\\xf4\\xf4\\x00\\x1e\\x00 \\x00\\xfa\\xf4\\xf4\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00P\\\\xa5wP\\\\xa5w\\x15\\xf3Lb"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f148"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(\\xed\\xf1\\x00\\x18\\xeb\\xf1\\x000\\xed\\xf1\\x00 \\xeb\\xf1\\x008\\xed\\xf1\\x00(\\xeb\\xf1\\x00\\x00\\x00\\xc0v\\xc06\\xc3v\\x00\\xf0\\x05\\x00P\\x00R\\x00X\\x14\\xf5\\x00(\\x00*\\x00\\x80\\x14\\xf5\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf0[\\xa5w\\xeci\\xf0\\x00\\xf6\\x13\\xd6\\x9d"
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ed28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xe8\\xf1\\x00H\\xf1\\xf1\\x00`\\xe8\\xf1\\x00P\\xf1\\xf1\\x00h\\xe8\\xf1\\x00X\\xf1\\xf1\\x00\\x00\\x00\\xb1qP\\x11\\xb1q\\x00\\xa0\\x08\\x00p\\x00r\\x00X\\xb8\\xf6\\x00\\x14\\x00\\x16\\x00\\xb4\\xb8\\xf6\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x90[\\xa5w\\xacl\\xf0\\x00\\xe8\\xf2Lb"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e858"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xf6\\xf1\\x00(\\xed\\xf1\\x00 \\xf6\\xf1\\x000\\xed\\xf1\\x00\\xd8\\xeb\\xf1\\x008\\xed\\xf1\\x00\\x00\\x00\\xc6v\\x80\\xbf\\xddv\\x00P[\\x00>\\x00@\\x00 (\\xf7\\x00\\x16\\x00\\x18\\x00H(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xa8[\\xa5w\\xa4\\xf5\\xf1\\x00W\\xa3_3"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f618"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xeb\\xf1\\x00X\\xe8\\xf1\\x00\\xd0\\xeb\\xf1\\x00`\\xe8\\xf1\\x00\\x08\\xe7\\xf1\\x00\\xd8\\xeb\\xf1\\x00\\x00\\x00\\x1fu \\xb9<u\\x00\\xd0`\\x00N\\x00P\\x00X\\x01\\xf0\\x00&\\x00(\\x00\\x80\\x01\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xb0[\\xa5w\\xcce\\xf0\\x00\\x1a\\xa5Dl"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ebc8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xe6\\xf1\\x00\\x18\\xf6\\xf1\\x00\\x00\\xe7\\xf1\\x00 \\xf6\\xf1\\x00(\\xf6\\xf1\\x00h\\xe8\\xf1\\x00\\x00\\x00\\x1cu\\xd0\\x8b\\x1cu\\x00p\\x02\\x008\\x00:\\x00\\xb0(\\xf7\\x00\\x10\\x00\\x12\\x00\\xd8(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xc4\\xf9\\xf1\\x00\\xdcJ\\xf0\\x00\\xfaOW\\xc0"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e6f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xf9\\xf1\\x00\\xc8\\xeb\\xf1\\x00\\x90\\xf9\\xf1\\x00\\xd0\\xeb\\xf1\\x00\\x98\\xf9\\xf1\\x00(\\xf6\\xf1\\x00\\x00\\x00\\x19v\\x80$\\x1dv\\x00p\\x08\\x00<\\x00>\\x00\\xd0)\\xf7\\x00\\x14\\x00\\x16\\x00\\xf8)\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x84\\xe6\\xf1\\x00\\xd0[\\xa5w\\x96\\x11\\xa0S"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f988"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xea\\xf1\\x00\\xf8\\xe6\\xf1\\x00p\\xea\\xf1\\x00\\x00\\xe7\\xf1\\x00x\\xea\\xf1\\x00\\x08\\xe7\\xf1\\x00\\x00\\x00\\xd5tP\\xa2\\xd5t\\x00\\x80\\x01\\x00>\\x00@\\x00\\xd0 \\xf7\\x00\\x16\\x00\\x18\\x00\\xf8 \\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x008\\\\xa5w\\x04\\xec\\xf1\\x00\\xa7= \\x1c"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ea68"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xf3\\xf1\\x00\\x88\\xf9\\xf1\\x00`\\xf3\\xf1\\x00\\x90\\xf9\\xf1\\x00h\\xf3\\xf1\\x00\\x98\\xf9\\xf1\\x00\\x00\\x00\\xd7t0]\\xd7t\\x000\\x01\\x00>\\x00@\\x00\\x90\\x1e\\xf7\\x00\\x16\\x00\\x18\\x00\\xb8\\x1e\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe4\\xe7\\xf1\\x00\\xaca\\xf0\\x00Sq\\xe7:"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f358"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xee\\xf1\\x00h\\xea\\xf1\\x00\\x90\\xee\\xf1\\x00p\\xea\\xf1\\x00\\x98\\xee\\xf1\\x00x\\xea\\xf1\\x00\\x00\\x00pt0\\xcbpt\\x00\\xf0\\x02\\x00<\\x00>\\x00\\xb8\\x1d\\xf7\\x00\\x14\\x00\\x16\\x00\\xe0\\x1d\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00(\\\\xa5w<i\\xf0\\x00[\\x1d\\x7f\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ee88"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "x\\xec\\xf1\\x00X\\xf3\\xf1\\x00\\x80\\xec\\xf1\\x00`\\xf3\\xf1\\x00\\x88\\xec\\xf1\\x00h\\xf3\\xf1\\x00\\x00\\x00\\xf7p\\x00\\x00\\x00\\x00\\x00`\\xa5\\x00\\xc8\\x00\\xca\\x00 o\\xf7\\x00\\x1a\\x00\\x1c\\x00\\xceo\\xf7\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\x00\\\\xa5w|f\\xf0\\x00;(\\xa1b"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ec78"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x08\\xf4\\xf1\\x00\\x88\\xee\\xf1\\x00\\x10\\xf4\\xf1\\x00\\x90\\xee\\xf1\\x00\\x18\\xf4\\xf1\\x00\\x98\\xee\\xf1\\x00\\x00\\x00\\xadp\\x00\\xed\\xadp\\x00\\x90\\x01\\x008\\x00:\\x00H\\x1e\\xf7\\x00\\x10\\x00\\x12\\x00p\\x1e\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00@\\\\xa5w4B\\xef\\x00@\\xcb]\\xdb"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f408"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xf6\\xf1\\x00x\\xec\\xf1\\x00\\xd0\\xf6\\xf1\\x00\\x80\\xec\\xf1\\x00\\xd8\\xf6\\xf1\\x00\\x88\\xec\\xf1\\x00\\x00\\x00-p\\x00\\x00\\x00\\x00\\x00@w\\x00\\xd8\\x00\\xda\\x00`\\xbc\\xf7\\x00\"\\x00$\\x00\\x16\\xbd\\xf7\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\xb8[\\xa5w\\xb8[\\xa5w.>\\xda]"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f6c8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "x\\xf7\\xf1\\x00\\x08\\xf4\\xf1\\x00\\x80\\xf7\\xf1\\x00\\x10\\xf4\\xf1\\x00\\x88\\xf7\\xf1\\x00\\x18\\xf4\\xf1\\x00\\x00\\x00#p\\x90V#p\\x00\\xe0\\x00\\x00<\\x00>\\x00`\\x07\\xf8\\x00\\x14\\x00\\x16\\x00\\x88\\x07\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x08\\\\xa5w\\x08\\\\xa5w\\xad\\x96!v"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f778"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xe6\\xf1\\x00\\xc8\\xf6\\xf1\\x00P\\xe6\\xf1\\x00\\xd0\\xf6\\xf1\\x00X\\xe6\\xf1\\x00\\xd8\\xf6\\xf1\\x00\\x00\\x00\\xc4s\\xe0\\x98\\xc4s\\x00\\x10\\x02\\x00|\\x00~\\x00(E\\xf8\\x00 \\x00\"\\x00\\x84E\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x10\\\\xa5w\\xfc2\\xef\\x00\\xb3=\\xda]"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e648"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xf4\\xf1\\x00x\\xf7\\xf1\\x00\\xc0\\xf4\\xf1\\x00\\x80\\xf7\\xf1\\x00\\xf8\\xef\\xf1\\x00\\x88\\xf7\\xf1\\x00\\x00\\x00\\x9euP\\xbd\\xa4u\\x00\\xe0\\x07\\x00>\\x00@\\x00\\xe8\\x00\\xf8\\x00\\x16\\x00\\x18\\x00\\x10\\x01\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xd0[\\xa5w4\\xe7\\xf1\\x003\\x947\\x93"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f4b8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe8\\xef\\xf1\\x00H\\xe6\\xf1\\x00\\xf0\\xef\\xf1\\x00P\\xe6\\xf1\\x00\\x08\\xf2\\xf1\\x00\\xf8\\xef\\xf1\\x00\\x00\\x00\\xafq\\xa0\\xa8\\xafq\\x00\\xd0\\x01\\x00J\\x00L\\x008\\x8c\\xf6\\x00\\x18\\x00\\x1a\\x00j\\x8c\\xf6\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x004\\xf2\\xf1\\x00d,\\xef\\x00\\x0b\\x14\\xe0\\xdc"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1efe8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xf1\\xf1\\x00\\xb8\\xf4\\xf1\\x00\\x00\\xf2\\xf1\\x00\\xc0\\xf4\\xf1\\x00\\xc8\\xf4\\xf1\\x00X\\xe6\\xf1\\x00\\x00\\x00\\xa8q\\xb0\\xd1\\xa9q\\x00\\x00\\x07\\x00@\\x00B\\x00\\x08?\\xf4\\x00\\x18\\x00\\x1a\\x000?\\xf4\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x000\\\\xa5w\\x141\\xef\\x00\\x91kS\\x98"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f1f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa8\\xf2\\xf1\\x00\\xe8\\xef\\xf1\\x00\\xb0\\xf2\\xf1\\x00\\xf0\\xef\\xf1\\x00\\xb8\\xf2\\xf1\\x00\\xc8\\xf4\\xf1\\x00\\x00\\x00\\xa7qP5\\xa7q\\x00\\xd0\\x00\\x00J\\x00L\\x00\\x00\\x90\\xf6\\x00\\x18\\x00\\x1a\\x002\\x90\\xf6\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00 \\\\xa5w\\xf4\\xf4\\xf1\\x000\\x08\"\\xcc"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f2a8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd8\\xf8\\xf1\\x00\\xf8\\xf1\\xf1\\x00\\xe0\\xf8\\xf1\\x00\\x00\\xf2\\xf1\\x00\\xe8\\xf8\\xf1\\x00\\x08\\xf2\\xf1\\x00\\x00\\x00\\xa6q\\xe0\\x90\\xa6q\\x00\\x00\\x01\\x00H\\x00J\\x00h\\x8e\\xfa\\x00\\x16\\x00\\x18\\x00\\x9a\\x8e\\xfa\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00t\\xfa\\xf1\\x00\\xec!\\xf0\\x00`\t\\x95U"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f8d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\xfa\\xf1\\x00\\xa8\\xf2\\xf1\\x00@\\xfa\\xf1\\x00\\xb0\\xf2\\xf1\\x00H\\xfa\\xf1\\x00\\xb8\\xf2\\xf1\\x00\\x00\\x00\\xeap\\x90C\\xedp\\x00\\x90\\x0c\\x00J\\x00L\\x00\\xa0\\x8a\\xfa\\x00\\x18\\x00\\x1a\\x00\\xd2\\x8a\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00h\\\\xa5w\\m\\xf0\\x00\\xfb\\x1f\\x83\\x84"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1fa38"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa8\\xe7\\xf1\\x00\\xd8\\xf8\\xf1\\x00\\xb0\\xe7\\xf1\\x00\\xe0\\xf8\\xf1\\x00\\xb8\\xe7\\xf1\\x00\\xe8\\xf8\\xf1\\x00\\x00\\x00\\xa5q \\x18\\xa5q\\x00\\xa0\\x00\\x00>\\x00@\\x00H-\\xfa\\x00\\x16\\x00\\x18\\x00p-\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x98[\\xa5w\\xe4\\xf2\\xf1\\x00\\x8b\\xb6\\xc0\\xae"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e7a8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xe9\\xf1\\x008\\xfa\\xf1\\x00\\xc0\\xe9\\xf1\\x00@\\xfa\\xf1\\x00\\xc8\\xe9\\xf1\\x00H\\xfa\\xf1\\x00\\x00\\x00\\xa1o\\x00\\x00\\x00\\x00\\x00\\x80\\x81\\x00\\xdc\\x00\\xde\\x00P\\xf9\\xfa\\x00$\\x00&\\x00\\x08\\xfa\\xfa\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\x88[\\xa5w\\xa4\\xea\\xf1\\x00#(\\xa1b"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e9b8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\x01\\xf2\\x00\\xa8\\xe7\\xf1\\x00\\xd0\\x01\\xf2\\x00\\xb0\\xe7\\xf1\\x00\\xd8\\x01\\xf2\\x00\\xb8\\xe7\\xf1\\x00\\x00\\x00\\xd9p\\x00\\x00\\x00\\x00\\x00`\\x10\\x00\\x00\\x01\\x02\\x01\\x98\\xb3\\xf6\\x006\\x008\\x00b\\xb4\\xf6\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\xc0[\\xa5w\\x9cj\\xf0\\x00\\xdc\\xc0\\xd9^"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f201c8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x98\\xfb\\xf1\\x00\\xb8\\xe9\\xf1\\x00\\xa0\\xfb\\xf1\\x00\\xc0\\xe9\\xf1\\x00\\xa8\\xfb\\xf1\\x00\\xc8\\xe9\\xf1\\x00\\x00\\x00+t\\xa0\\xa0+t\\x00 \\x05\\x00>\\x00@\\x00\\xd0/\\xfa\\x00\\x16\\x00\\x18\\x00\\xf8/\\xfa\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xd8[\\xa5w\\xec^\\xf0\\x00'\\xcb)\\xde"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1fb98"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x8c]\\xa5w\\xc8\\x01\\xf2\\x00\\x94]\\xa5w\\xd0\\x01\\xf2\\x00\\x9c]\\xa5w\\xd8\\x01\\xf2\\x00\\x00\\x00\\xf2u\\xd0\\x14\\xf2u\\x00`\\x00\\x00:\\x00<\\x00 .\\xfa\\x00\\x12\\x00\\x14\\x00H.\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe8[\\xa5wL`\\xf0\\x00\\xcb\\xc2\\xc4\\xfa"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef1cfa"
              },
              {
                "name": "Size",
                "value": "0x00000032"
              },
              {
                "name": "Buffer",
                "value": "8\\x007\\x000\\x005\\x003\\x00d\\x000\\x00a\\x00d\\x008\\x001\\x00a\\x00c\\x003\\x003\\x006\\x007\\x00e\\x00f\\x005\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef1cb8"
              },
              {
                "name": "Size",
                "value": "0x00000074"
              },
              {
                "name": "Buffer",
                "value": "C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\\\x008\\x007\\x000\\x005\\x003\\x00d\\x000\\x00a\\x00d\\x008\\x001\\x00a\\x00c\\x003\\x003\\x006\\x007\\x00e\\x00f\\x005\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05a42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2496
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "UseSafeSynchronousClose"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseSafeSynchronousClose"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2c28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd80\\xef\\x00\\x10-\\xef\\x00\\xe00\\xef\\x00\\x18-\\xef\\x00@6\\xef\\x00\\x9c]\\xa5w\\x00\\x00\\x93w\\x00\\x00\\x00\\x00\\x00@\\x1a\\x00:\\x00<\\x008+\\xef\\x00\\x12\\x00\\x14\\x00\\x18\\x84\\x93w\\xc4\\xaa\\x00\\x00\\xff\\xff\\x00\\x00\\xf4\\xf4\\xf1\\x00 \\\\xa5w\\x06\\x01\\x04\\x10"
              }
            ],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef30d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc02\\xef\\x00(,\\xef\\x00\\xc82\\xef\\x000,\\xef\\x00\\x08B\\xef\\x00\\xd02\\xef\\x00\\x00\\x00\\xc9s\\x00\\xf1\\xcbs\\x00 \\x05\\x00>\\x00@\\x00\\xc01\\xef\\x00\\x16\\x00\\x18\\x00\\xe81\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00$\\xf0\\xf1\\x000\\\\xa5w\\x9b\\xa3\\xe7\\xe5"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef32c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "06\\xef\\x00\\xd80\\xef\\x0086\\xef\\x00\\xe00\\xef\\x00\\xe80\\xef\\x00@6\\xef\\x00\\x00\\x00\\x07v@\\xf6\\x08v\\x00\\x00\\x0f\\x00@\\x00B\\x00\\xa83\\xef\\x00\\x18\\x00\\x1a\\x00\\xd03\\xef\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xf7\\xf1\\x00\\x10\\\\xa5wagV "
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef3630"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8A\\xef\\x00\\xc02\\xef\\x00\\x00B\\xef\\x00\\xc82\\xef\\x00\\xd02\\xef\\x008,\\xef\\x00\\x00\\x00\\xb3u@s\\xc4u\\x00\\x90!\\x00D\\x00F\\x00\\x187\\xef\\x00\\x1c\\x00\\x1e\\x00@7\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xa0[\\xa5w\\xa0[\\xa5w\\\\x0e\\xd2\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef41f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\x11\\xf0\\x0006\\xef\\x00@\\x11\\xf0\\x0086\\xef\\x00\\xb0J\\xf0\\x00\\xe80\\xef\\x00\\x00\\x00\\xbatp\\x88\\xbdt\\x00\\xf0\t\\x00>\\x00@\\x00\\xe0B\\xef\\x00\\x16\\x00\\x18\\x00\\x08C\\xef\\x00\\xcc\\xab\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xec\\xf1\\x00@\\\\xa5w\\x1c;a\\x1a"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f01138"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0J\\xf0\\x00\\xf8A\\xef\\x00\\xa8J\\xf0\\x00\\x00B\\xef\\x00\\xc0!\\xf0\\x00\\xb0J\\xf0\\x00\\x00\\x00\\xf7upP\\xfcu\\x00\\xa0\\x0f\\x00>\\x00@\\x00 \\x12\\xf0\\x00\\x16\\x00\\x18\\x00H\\x12\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xec!\\xf0\\x00\\x98[\\xa5w\\x95\\x03]\\x1d"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04aa0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0L\\xf0\\x008\\x11\\xf0\\x00\\xa8L\\xf0\\x00@\\x11\\xf0\\x00H\\x11\\xf0\\x00\\x08B\\xef\\x00\\x00\\x00\"w0\\xba$w\\x00\\x00\\x12\\x00@\\x00B\\x00PK\\xf0\\x00\\x18\\x00\\x1a\\x00xK\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x04\\xec\\xf1\\x008\\\\xa5w\\xa2\\x99\\xdc\\x82"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04ca0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0!\\xf0\\x00\\xa0J\\xf0\\x00\\xb8!\\xf0\\x00\\xa8J\\xf0\\x00\\xb0g\\xf0\\x00\\xc0!\\xf0\\x00\\x00\\x00\\x8eu@K\\x8eu\\x000\\x06\\x00<\\x00>\\x00\\x88M\\xf0\\x00\\x14\\x00\\x16\\x00\\xb0M\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xbcc\\xf0\\x00L-\\xef\\x00!\t\\xac\\xf9"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f021b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0#\\xf0\\x00\\xa0L\\xf0\\x00\\xf8#\\xf0\\x00\\xa8L\\xf0\\x00\\xb0L\\xf0\\x00H\\x11\\xf0\\x00\\x00\\x00\\x8ev0\\xbf\\x91v\\x00\\xe0\\x0b\\x00<\\x00>\\x00\\x98\"\\xf0\\x00\\x14\\x00\\x16\\x00\\xc0\"\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xe4\\xf2\\xf1\\x00t\\x11\\xf0\\x00\\xb6\\xa0\\xb4\\x11"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f023f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0g\\xf0\\x00\\xb0!\\xf0\\x00\\xa8g\\xf0\\x00\\xb8!\\xf0\\x00\\x90c\\xf0\\x00\\x80a\\xf0\\x00\\x00\\x00\\x9cv\\x90\\xc9\\x9fv\\x00\\xb0\\x19\\x00<\\x00>\\x00\\xd8$\\xf0\\x00\\x14\\x00\\x16\\x00\\x00%\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x80[\\xa5w\\x80[\\xa5w-\\xec\\xfb?"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f067a0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pa\\xf0\\x00\\xf0#\\xf0\\x00xa\\xf0\\x00\\xf8#\\xf0\\x00 k\\xf0\\x00\\xb0L\\xf0\\x00\\x00\\x00Sw\\x00\\x00\\x00\\x00\\x00\\x80\\x01\\x00<\\x00>\\x00\\xa8n\\xf0\\x00\\x14\\x00\\x16\\x00\\xd0n\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x1ce\\xf0\\x00\\x00\\\\xa5wh\\x97\\xcfU"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06170"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe0d\\xf0\\x00\\xa0g\\xf0\\x00\\xe8d\\xf0\\x00\\xa8g\\xf0\\x00\\x00$\\xf0\\x00\\xf0d\\xf0\\x00\\x00\\x00\\x16vps\\x16v\\x000\\x02\\x00:\\x00<\\x00\\x90/\\xf0\\x00\\x12\\x00\\x14\\x00\\xb8/\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xa4\\xea\\xf1\\x00\\x88[\\xa5w\\xd1\t\\xb0*"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f064e0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10k\\xf0\\x00pa\\xf0\\x00\\x18k\\xf0\\x00xa\\xf0\\x00\\x80a\\xf0\\x00 k\\xf0\\x00\\x00\\x00:w@\\x02@w\\x00\\xd0\r\\x00B\\x00D\\x00()\\xf0\\x00\\x1a\\x00\\x1c\\x00P)\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00Lk\\xf0\\x00\\xdcg\\xf0\\x00\\xd4\r\\x89+"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06b10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "Ph\\xf0\\x00\\xe0d\\xf0\\x00Xh\\xf0\\x00\\xe8d\\xf0\\x00\\xf0d\\xf0\\x00\\xb0g\\xf0\\x00\\x00\\x00Xw\\x00xYw\\x00\\xb0\\x07\\x00B\\x00D\\x000*\\xf0\\x00\\x1a\\x00\\x1c\\x00X*\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00|f\\xf0\\x00\\x1ce\\xf0\\x00RDR\\xfd"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06850"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0^\\xf0\\x00\\x10k\\xf0\\x00\\xb8^\\xf0\\x00\\x18k\\xf0\\x00pj\\xf0\\x00p_\\xf0\\x00\\x00\\x00\\xabu\\x10\"\\xacu\\x00\\xb0\\x07\\x00@\\x00B\\x00(8\\xf0\\x00\\x18\\x00\\x1a\\x00P8\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00`\\\\xa5w`\\\\xa5wL\\x9dxd"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05eb0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`_\\xf0\\x00Ph\\xf0\\x00h_\\xf0\\x00Xh\\xf0\\x00p_\\xf0\\x00\\x90c\\xf0\\x00\\x00\\x00aw\\xc0Zdw\\x00\\xf0\\x0b\\x00<\\x00>\\x0005\\xf0\\x00\\x14\\x00\\x16\\x00X5\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xff\\x04\\x02\\xf2\\x00\\xd8[\\xa5wPzV\\x7f"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05f60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc0`\\xf0\\x00\\xb0^\\xf0\\x00\\xc8`\\xf0\\x00\\xb8^\\xf0\\x00`h\\xf0\\x00\\xc0^\\xf0\\x00\\x00\\x00\\x86u \r\\x88u\\x00`\\x07\\x00>\\x00@\\x00x5\\xf0\\x00\\x16\\x00\\x18\\x00\\xa05\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf8[\\xa5w\\xf8[\\xa5wH\\xf4\\xe6L"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f060c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`j\\xf0\\x00`_\\xf0\\x00hj\\xf0\\x00h_\\xf0\\x00 `\\xf0\\x00pj\\xf0\\x00\\x00\\x00\\xe3u\\xf0\\xc8\\xe5u\\x000\\x0e\\x00:\\x00<\\x00\\xa04\\xf0\\x00\\x12\\x00\\x14\\x00\\xc84\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\m\\xf0\\x00h\\\\xa5w/\\xad(S"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06a60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10`\\xf0\\x00\\xc0`\\xf0\\x00\\x18`\\xf0\\x00\\xc8`\\xf0\\x00\\xd0`\\xf0\\x00`h\\xf0\\x00\\x00\\x00fv\\xe0\\xbayv\\x00\\x00(\\x00>\\x00@\\x00\\xc05\\xf0\\x00\\x16\\x00\\x18\\x00\\xe85\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xf4\\xe9\\xf1\\x00\\xc0[\\xa5w\\xdbc}("
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06010"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "@f\\xf0\\x00`j\\xf0\\x00Hf\\xf0\\x00hj\\xf0\\x00Pf\\xf0\\x00\\xd0`\\xf0\\x00\\x00\\x00\\xb6v\\xd0\\\\xb9v\\x00`\t\\x00@\\x00B\\x00`x\\xf0\\x00\\x18\\x00\\x1a\\x00\\x88x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xd4\\xfb\\xf1\\x00\\xe8[\\xa5w[\r\\x8f\\xfc"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06640"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pl\\xf0\\x00\\x10`\\xf0\\x00xl\\xf0\\x00\\x18`\\xf0\\x00\\x80l\\xf0\\x00 `\\xf0\\x00\\x00\\x00Nw\\x90xOw\\x00P\\x04\\x00>\\x00@\\x00\\x086\\xf0\\x00\\x16\\x00\\x18\\x0006\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xc4\\xee\\xf1\\x00Lk\\xf0\\x00?\\xc0\\xc7:"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06c70"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x80c\\xf0\\x00@f\\xf0\\x00\\x88c\\xf0\\x00Hf\\xf0\\x00\\x10i\\xf0\\x00Pf\\xf0\\x00\\x00\\x00\\x90w\\xe0\\x93\\x90w\\x00\\x90\\x01\\x00<\\x00>\\x00P6\\xf0\\x00\\x14\\x00\\x16\\x00x6\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00d\\xed\\xf1\\x00\\x90[\\xa5w\\xd4;0\\x90"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06380"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00i\\xf0\\x00pl\\xf0\\x00\\x08i\\xf0\\x00xl\\xf0\\x00\\xc0^\\xf0\\x00\\x00$\\xf0\\x00\\x00\\x00Uw\\x10DUw\\x00P\\x02\\x00:\\x00<\\x00 0\\xf0\\x00\\x12\\x00\\x14\\x00H0\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00p\\\\xa5w\\xdcL\\xf0\\x00Ej\\x049"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06900"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": " m\\xf0\\x00\\x80c\\xf0\\x00(m\\xf0\\x00\\x88c\\xf0\\x000m\\xf0\\x00\\x80l\\xf0\\x00\\x00\\x00\\xb9t`*\\xb9t\\x00\\xa0\\x00\\x00B\\x00D\\x00h:\\xf1\\x00\\x1a\\x00\\x1c\\x00\\x90:\\xf1\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xf3\\xf1\\x00(\\\\xa5w\\xec\\x82\\x8d\\xc7"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06d20"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0f\\xf0\\x00\\x00i\\xf0\\x00\\xf8f\\xf0\\x00\\x08i\\xf0\\x00\\x00g\\xf0\\x00\\x10i\\xf0\\x00\\x00\\x00\\xc4t\\xd0\\xca\\xc4t\\x00\\x10\\x02\\x00>\\x00@\\x00pZ\\xf1\\x00\\x16\\x00\\x18\\x00\\x98Z\\xf1\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x14\\xf9\\xf1\\x00\\xfc`\\xf0\\x00\\xb5kb\\x98"
              }
            ],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f066f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00^\\xf0\\x00 m\\xf0\\x00\\x08^\\xf0\\x00(m\\xf0\\x00\\x10^\\xf0\\x000m\\xf0\\x00\\x00\\x00\\x8bsp(\\x8cs\\x00\\xd0\\x08\\x00t\\x00v\\x00\\xd0w\\xf0\\x00\\x18\\x00\\x1a\\x00,x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00ld\\xf0\\x00x\\\\xa5w\\xf2\\x1d}^"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05e00"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0i\\xf0\\x00\\xf0f\\xf0\\x00\\xb8i\\xf0\\x00\\xf8f\\xf0\\x00\\xc0i\\xf0\\x00\\x00g\\xf0\\x00\\x00\\x00\\xd4t\\xe0G\\xd4t\\x00\\xf0\\x00\\x00L\\x00N\\x00\\xb8\\x02\\xf0\\x00$\\x00&\\x00\\xe0\\x02\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xa4\\xf5\\xf1\\x00\\xa8[\\xa5wU\\xebI="
              }
            ],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f069b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "0d\\xf0\\x00\\x00^\\xf0\\x008d\\xf0\\x00\\x08^\\xf0\\x00x\\xf5\\xf1\\x00\\x10^\\xf0\\x00\\x00\\x00\\xf5t\\x00\\x18\\xf5t\\x00\\x80\\x00\\x00>\\x00@\\x00\\x88]\\xf1\\x00\\x16\\x00\\x18\\x00\\xb0]\\xf1\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\x84\\xf1\\xf1\\x00\\xf0[\\xa5w\\xa6P\\x89\\xa8"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06430"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x90e\\xf0\\x00\\xb0i\\xf0\\x00\\x98e\\xf0\\x00\\xb8i\\xf0\\x00(\\xeb\\xf1\\x00\\xa0e\\xf0\\x00\\x00\\x00\\x06sP0\\x08s\\x00\\x80\\x84\\x00j\\x00l\\x00 !\\xf0\\x00\\x0e\\x00\\x10\\x00|!\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xffx\\\\xa5w,g\\xf0\\x00\\x8c\\xf4Lb"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06590"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xf5\\xf1\\x000d\\xf0\\x00p\\xf5\\xf1\\x008d\\xf0\\x00@d\\xf0\\x00x\\xf5\\xf1\\x00\\x00\\x00\\xc7s\\x00\\xac\\xc7s\\x00@\\x01\\x00X\\x00Z\\x00\\x80#\\xf0\\x000\\x002\\x00\\xa8#\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00T\\xf6\\xf1\\x00\\xb0[\\xa5w\\xe5\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f568"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xeb\\xf1\\x00\\x90e\\xf0\\x00 \\xeb\\xf1\\x00\\x98e\\xf0\\x00\\xa0e\\xf0\\x00\\xc0i\\xf0\\x00\\x00\\x00\\xfbr _\\x04s\\x00\\xb0\n\\x00P\\x00R\\x00\\x08\\x08\\xf0\\x00(\\x00*\\x000\\x08\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xe8\\xf1\\x00<^\\xf0\\x00\\xe1\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1eb18"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xf1\\xf1\\x00h\\xf5\\xf1\\x00P\\xf1\\xf1\\x00p\\xf5\\xf1\\x00X\\xf1\\xf1\\x00@d\\xf0\\x00\\x00\\x00\\xbaq\\x00\\x00\\x00\\x00\\x00\\xe0@\\x01\\xd0\\x00\\xd2\\x00H\\xf4\\xf4\\x00\\x1e\\x00 \\x00\\xfa\\xf4\\xf4\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00P\\\\xa5wP\\\\xa5w\\x15\\xf3Lb"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f148"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(\\xed\\xf1\\x00\\x18\\xeb\\xf1\\x000\\xed\\xf1\\x00 \\xeb\\xf1\\x008\\xed\\xf1\\x00(\\xeb\\xf1\\x00\\x00\\x00\\xc0v\\xc06\\xc3v\\x00\\xf0\\x05\\x00P\\x00R\\x00X\\x14\\xf5\\x00(\\x00*\\x00\\x80\\x14\\xf5\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf0[\\xa5w\\xeci\\xf0\\x00\\xf6\\x13\\xd6\\x9d"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ed28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xe8\\xf1\\x00H\\xf1\\xf1\\x00`\\xe8\\xf1\\x00P\\xf1\\xf1\\x00h\\xe8\\xf1\\x00X\\xf1\\xf1\\x00\\x00\\x00\\xb1qP\\x11\\xb1q\\x00\\xa0\\x08\\x00p\\x00r\\x00X\\xb8\\xf6\\x00\\x14\\x00\\x16\\x00\\xb4\\xb8\\xf6\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x90[\\xa5w\\xacl\\xf0\\x00\\xe8\\xf2Lb"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e858"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xf6\\xf1\\x00(\\xed\\xf1\\x00 \\xf6\\xf1\\x000\\xed\\xf1\\x00\\xd8\\xeb\\xf1\\x008\\xed\\xf1\\x00\\x00\\x00\\xc6v\\x80\\xbf\\xddv\\x00P[\\x00>\\x00@\\x00 (\\xf7\\x00\\x16\\x00\\x18\\x00H(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xa8[\\xa5w\\xa4\\xf5\\xf1\\x00W\\xa3_3"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f618"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xeb\\xf1\\x00X\\xe8\\xf1\\x00\\xd0\\xeb\\xf1\\x00`\\xe8\\xf1\\x00\\x08\\xe7\\xf1\\x00\\xd8\\xeb\\xf1\\x00\\x00\\x00\\x1fu \\xb9<u\\x00\\xd0`\\x00N\\x00P\\x00X\\x01\\xf0\\x00&\\x00(\\x00\\x80\\x01\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xb0[\\xa5w\\xcce\\xf0\\x00\\x1a\\xa5Dl"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ebc8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xe6\\xf1\\x00\\x18\\xf6\\xf1\\x00\\x00\\xe7\\xf1\\x00 \\xf6\\xf1\\x00(\\xf6\\xf1\\x00h\\xe8\\xf1\\x00\\x00\\x00\\x1cu\\xd0\\x8b\\x1cu\\x00p\\x02\\x008\\x00:\\x00\\xb0(\\xf7\\x00\\x10\\x00\\x12\\x00\\xd8(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xc4\\xf9\\xf1\\x00\\xdcJ\\xf0\\x00\\xfaOW\\xc0"
              }
            ],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e6f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xf9\\xf1\\x00\\xc8\\xeb\\xf1\\x00\\x90\\xf9\\xf1\\x00\\xd0\\xeb\\xf1\\x00\\x98\\xf9\\xf1\\x00(\\xf6\\xf1\\x00\\x00\\x00\\x19v\\x80$\\x1dv\\x00p\\x08\\x00<\\x00>\\x00\\xd0)\\xf7\\x00\\x14\\x00\\x16\\x00\\xf8)\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x84\\xe6\\xf1\\x00\\xd0[\\xa5w\\x96\\x11\\xa0S"
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f988"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xea\\xf1\\x00\\xf8\\xe6\\xf1\\x00p\\xea\\xf1\\x00\\x00\\xe7\\xf1\\x00x\\xea\\xf1\\x00\\x08\\xe7\\xf1\\x00\\x00\\x00\\xd5tP\\xa2\\xd5t\\x00\\x80\\x01\\x00>\\x00@\\x00\\xd0 \\xf7\\x00\\x16\\x00\\x18\\x00\\xf8 \\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x008\\\\xa5w\\x04\\xec\\xf1\\x00\\xa7= \\x1c"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ea68"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xf3\\xf1\\x00\\x88\\xf9\\xf1\\x00`\\xf3\\xf1\\x00\\x90\\xf9\\xf1\\x00h\\xf3\\xf1\\x00\\x98\\xf9\\xf1\\x00\\x00\\x00\\xd7t0]\\xd7t\\x000\\x01\\x00>\\x00@\\x00\\x90\\x1e\\xf7\\x00\\x16\\x00\\x18\\x00\\xb8\\x1e\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe4\\xe7\\xf1\\x00\\xaca\\xf0\\x00Sq\\xe7:"
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f358"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xee\\xf1\\x00h\\xea\\xf1\\x00\\x90\\xee\\xf1\\x00p\\xea\\xf1\\x00\\x98\\xee\\xf1\\x00x\\xea\\xf1\\x00\\x00\\x00pt0\\xcbpt\\x00\\xf0\\x02\\x00<\\x00>\\x00\\xb8\\x1d\\xf7\\x00\\x14\\x00\\x16\\x00\\xe0\\x1d\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00(\\\\xa5w<i\\xf0\\x00[\\x1d\\x7f\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ee88"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "x\\xec\\xf1\\x00X\\xf3\\xf1\\x00\\x80\\xec\\xf1\\x00`\\xf3\\xf1\\x00\\x88\\xec\\xf1\\x00h\\xf3\\xf1\\x00\\x00\\x00\\xf7p\\x00\\x00\\x00\\x00\\x00`\\xa5\\x00\\xc8\\x00\\xca\\x00 o\\xf7\\x00\\x1a\\x00\\x1c\\x00\\xceo\\xf7\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\x00\\\\xa5w|f\\xf0\\x00;(\\xa1b"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ec78"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x08\\xf4\\xf1\\x00\\x88\\xee\\xf1\\x00\\x10\\xf4\\xf1\\x00\\x90\\xee\\xf1\\x00\\x18\\xf4\\xf1\\x00\\x98\\xee\\xf1\\x00\\x00\\x00\\xadp\\x00\\xed\\xadp\\x00\\x90\\x01\\x008\\x00:\\x00H\\x1e\\xf7\\x00\\x10\\x00\\x12\\x00p\\x1e\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00@\\\\xa5w4B\\xef\\x00@\\xcb]\\xdb"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f408"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xf6\\xf1\\x00x\\xec\\xf1\\x00\\xd0\\xf6\\xf1\\x00\\x80\\xec\\xf1\\x00\\xd8\\xf6\\xf1\\x00\\x88\\xec\\xf1\\x00\\x00\\x00-p\\x00\\x00\\x00\\x00\\x00@w\\x00\\xd8\\x00\\xda\\x00`\\xbc\\xf7\\x00\"\\x00$\\x00\\x16\\xbd\\xf7\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\xb8[\\xa5w\\xb8[\\xa5w.>\\xda]"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f6c8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "x\\xf7\\xf1\\x00\\x08\\xf4\\xf1\\x00\\x80\\xf7\\xf1\\x00\\x10\\xf4\\xf1\\x00\\x88\\xf7\\xf1\\x00\\x18\\xf4\\xf1\\x00\\x00\\x00#p\\x90V#p\\x00\\xe0\\x00\\x00<\\x00>\\x00`\\x07\\xf8\\x00\\x14\\x00\\x16\\x00\\x88\\x07\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x08\\\\xa5w\\x08\\\\xa5w\\xad\\x96!v"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f778"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xe6\\xf1\\x00\\xc8\\xf6\\xf1\\x00P\\xe6\\xf1\\x00\\xd0\\xf6\\xf1\\x00X\\xe6\\xf1\\x00\\xd8\\xf6\\xf1\\x00\\x00\\x00\\xc4s\\xe0\\x98\\xc4s\\x00\\x10\\x02\\x00|\\x00~\\x00(E\\xf8\\x00 \\x00\"\\x00\\x84E\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x10\\\\xa5w\\xfc2\\xef\\x00\\xb3=\\xda]"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e648"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xf4\\xf1\\x00x\\xf7\\xf1\\x00\\xc0\\xf4\\xf1\\x00\\x80\\xf7\\xf1\\x00\\xf8\\xef\\xf1\\x00\\x88\\xf7\\xf1\\x00\\x00\\x00\\x9euP\\xbd\\xa4u\\x00\\xe0\\x07\\x00>\\x00@\\x00\\xe8\\x00\\xf8\\x00\\x16\\x00\\x18\\x00\\x10\\x01\\xf8\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xd0[\\xa5w4\\xe7\\xf1\\x003\\x947\\x93"
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f4b8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe8\\xef\\xf1\\x00H\\xe6\\xf1\\x00\\xf0\\xef\\xf1\\x00P\\xe6\\xf1\\x00\\x08\\xf2\\xf1\\x00\\xf8\\xef\\xf1\\x00\\x00\\x00\\xafq\\xa0\\xa8\\xafq\\x00\\xd0\\x01\\x00J\\x00L\\x008\\x8c\\xf6\\x00\\x18\\x00\\x1a\\x00j\\x8c\\xf6\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x004\\xf2\\xf1\\x00d,\\xef\\x00\\x0b\\x14\\xe0\\xdc"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1efe8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xf1\\xf1\\x00\\xb8\\xf4\\xf1\\x00\\x00\\xf2\\xf1\\x00\\xc0\\xf4\\xf1\\x00\\xc8\\xf4\\xf1\\x00X\\xe6\\xf1\\x00\\x00\\x00\\xa8q\\xb0\\xd1\\xa9q\\x00\\x00\\x07\\x00@\\x00B\\x00\\x08?\\xf4\\x00\\x18\\x00\\x1a\\x000?\\xf4\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x000\\\\xa5w\\x141\\xef\\x00\\x91kS\\x98"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f1f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa8\\xf2\\xf1\\x00\\xe8\\xef\\xf1\\x00\\xb0\\xf2\\xf1\\x00\\xf0\\xef\\xf1\\x00\\xb8\\xf2\\xf1\\x00\\xc8\\xf4\\xf1\\x00\\x00\\x00\\xa7qP5\\xa7q\\x00\\xd0\\x00\\x00J\\x00L\\x00\\x00\\x90\\xf6\\x00\\x18\\x00\\x1a\\x002\\x90\\xf6\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00 \\\\xa5w\\xf4\\xf4\\xf1\\x000\\x08\"\\xcc"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f2a8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd8\\xf8\\xf1\\x00\\xf8\\xf1\\xf1\\x00\\xe0\\xf8\\xf1\\x00\\x00\\xf2\\xf1\\x00\\xe8\\xf8\\xf1\\x00\\x08\\xf2\\xf1\\x00\\x00\\x00\\xa6q\\xe0\\x90\\xa6q\\x00\\x00\\x01\\x00H\\x00J\\x00h\\x8e\\xfa\\x00\\x16\\x00\\x18\\x00\\x9a\\x8e\\xfa\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00t\\xfa\\xf1\\x00\\xec!\\xf0\\x00`\t\\x95U"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f8d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\xfa\\xf1\\x00\\xa8\\xf2\\xf1\\x00@\\xfa\\xf1\\x00\\xb0\\xf2\\xf1\\x00H\\xfa\\xf1\\x00\\xb8\\xf2\\xf1\\x00\\x00\\x00\\xeap\\x90C\\xedp\\x00\\x90\\x0c\\x00J\\x00L\\x00\\xa0\\x8a\\xfa\\x00\\x18\\x00\\x1a\\x00\\xd2\\x8a\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00h\\\\xa5w\\m\\xf0\\x00\\xfb\\x1f\\x83\\x84"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1fa38"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa8\\xe7\\xf1\\x00\\xd8\\xf8\\xf1\\x00\\xb0\\xe7\\xf1\\x00\\xe0\\xf8\\xf1\\x00\\xb8\\xe7\\xf1\\x00\\xe8\\xf8\\xf1\\x00\\x00\\x00\\xa5q \\x18\\xa5q\\x00\\xa0\\x00\\x00>\\x00@\\x00H-\\xfa\\x00\\x16\\x00\\x18\\x00p-\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\x98[\\xa5w\\xe4\\xf2\\xf1\\x00\\x8b\\xb6\\xc0\\xae"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e7a8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xe9\\xf1\\x008\\xfa\\xf1\\x00\\xc0\\xe9\\xf1\\x00@\\xfa\\xf1\\x00\\xc8\\xe9\\xf1\\x00H\\xfa\\xf1\\x00\\x00\\x00\\xa1o\\x00\\x00\\x00\\x00\\x00\\x80\\x81\\x00\\xdc\\x00\\xde\\x00P\\xf9\\xfa\\x00$\\x00&\\x00\\x08\\xfa\\xfa\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\x88[\\xa5w\\xa4\\xea\\xf1\\x00#(\\xa1b"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e9b8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\x01\\xf2\\x00\\xa8\\xe7\\xf1\\x00\\xd0\\x01\\xf2\\x00\\xb0\\xe7\\xf1\\x00\\xd8\\x01\\xf2\\x00\\xb8\\xe7\\xf1\\x00\\x00\\x00\\xd9p\\x00\\x00\\x00\\x00\\x00`\\x10\\x00\\x00\\x01\\x02\\x01\\x98\\xb3\\xf6\\x006\\x008\\x00b\\xb4\\xf6\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00\\xc0[\\xa5w\\x9cj\\xf0\\x00\\xdc\\xc0\\xd9^"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f201c8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x98\\xfb\\xf1\\x00\\xb8\\xe9\\xf1\\x00\\xa0\\xfb\\xf1\\x00\\xc0\\xe9\\xf1\\x00\\xa8\\xfb\\xf1\\x00\\xc8\\xe9\\xf1\\x00\\x00\\x00+t\\xa0\\xa0+t\\x00 \\x05\\x00>\\x00@\\x00\\xd0/\\xfa\\x00\\x16\\x00\\x18\\x00\\xf8/\\xfa\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xd8[\\xa5w\\xec^\\xf0\\x00'\\xcb)\\xde"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1fb98"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x8c]\\xa5w\\xc8\\x01\\xf2\\x00\\x94]\\xa5w\\xd0\\x01\\xf2\\x00\\x9c]\\xa5w\\xd8\\x01\\xf2\\x00\\x00\\x00\\xf2u\\xd0\\x14\\xf2u\\x00`\\x00\\x00:\\x00<\\x00 .\\xfa\\x00\\x12\\x00\\x14\\x00H.\\xfa\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe8[\\xa5wL`\\xf0\\x00\\xcb\\xc2\\xc4\\xfa"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef1cfa"
              },
              {
                "name": "Size",
                "value": "0x00000032"
              },
              {
                "name": "Buffer",
                "value": "8\\x007\\x000\\x005\\x003\\x00d\\x000\\x00a\\x00d\\x008\\x001\\x00a\\x00c\\x003\\x003\\x006\\x007\\x00e\\x00f\\x005\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef1cb8"
              },
              {
                "name": "Size",
                "value": "0x00000074"
              },
              {
                "name": "Buffer",
                "value": "C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\\\x008\\x007\\x000\\x005\\x003\\x00d\\x000\\x00a\\x00d\\x008\\x001\\x00a\\x00c\\x003\\x003\\x006\\x007\\x00e\\x00f\\x005\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "UseStrictRfcInterimResponseHandling"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictRfcInterimResponseHandling"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c9a00c"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x80]\\xa5w"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a55d94"
              },
              {
                "name": "Size",
                "value": "0x00000004"
              },
              {
                "name": "Buffer",
                "value": "\\x18-\\xef\\x00"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2d10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(,\\xef\\x00\\x8c]\\xa5w0,\\xef\\x00\\x94]\\xa5w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\t\\x00r\\x00t\\x00\\xb8\\x1c\\xef\\x000\\x002\\x00\\xfa\\x1c\\xef\\x00\\xc4\"@\\x01\\xff\\xff\\x00\\x00\\xdcL\\xf0\\x00p\\\\xa5w\\x7f\\xad\\x8e\\x9a"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef2c28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xd80\\xef\\x00\\x10-\\xef\\x00\\xe00\\xef\\x00\\x18-\\xef\\x00@6\\xef\\x00\\x9c]\\xa5w\\x00\\x00\\x93w\\x00\\x00\\x00\\x00\\x00@\\x1a\\x00:\\x00<\\x008+\\xef\\x00\\x12\\x00\\x14\\x00\\x18\\x84\\x93w\\xc4\\xaa\\x00\\x00\\xff\\xff\\x00\\x00\\xf4\\xf4\\xf1\\x00 \\\\xa5w\\x06\\x01\\x04\\x10"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef30d8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc02\\xef\\x00(,\\xef\\x00\\xc82\\xef\\x000,\\xef\\x00\\x08B\\xef\\x00\\xd02\\xef\\x00\\x00\\x00\\xc9s\\x00\\xf1\\xcbs\\x00 \\x05\\x00>\\x00@\\x00\\xc01\\xef\\x00\\x16\\x00\\x18\\x00\\xe81\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00$\\xf0\\xf1\\x000\\\\xa5w\\x9b\\xa3\\xe7\\xe5"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef32c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "06\\xef\\x00\\xd80\\xef\\x0086\\xef\\x00\\xe00\\xef\\x00\\xe80\\xef\\x00@6\\xef\\x00\\x00\\x00\\x07v@\\xf6\\x08v\\x00\\x00\\x0f\\x00@\\x00B\\x00\\xa83\\xef\\x00\\x18\\x00\\x1a\\x00\\xd03\\xef\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xf7\\xf1\\x00\\x10\\\\xa5wagV "
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef3630"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8A\\xef\\x00\\xc02\\xef\\x00\\x00B\\xef\\x00\\xc82\\xef\\x00\\xd02\\xef\\x008,\\xef\\x00\\x00\\x00\\xb3u@s\\xc4u\\x00\\x90!\\x00D\\x00F\\x00\\x187\\xef\\x00\\x1c\\x00\\x1e\\x00@7\\xef\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xa0[\\xa5w\\xa0[\\xa5w\\\\x0e\\xd2\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef41f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "8\\x11\\xf0\\x0006\\xef\\x00@\\x11\\xf0\\x0086\\xef\\x00\\xb0J\\xf0\\x00\\xe80\\xef\\x00\\x00\\x00\\xbatp\\x88\\xbdt\\x00\\xf0\t\\x00>\\x00@\\x00\\xe0B\\xef\\x00\\x16\\x00\\x18\\x00\\x08C\\xef\\x00\\xcc\\xab\\x0c\\x00\\xff\\xff\\x00\\x00\\xb4\\xec\\xf1\\x00@\\\\xa5w\\x1c;a\\x1a"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f01138"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0J\\xf0\\x00\\xf8A\\xef\\x00\\xa8J\\xf0\\x00\\x00B\\xef\\x00\\xc0!\\xf0\\x00\\xb0J\\xf0\\x00\\x00\\x00\\xf7upP\\xfcu\\x00\\xa0\\x0f\\x00>\\x00@\\x00 \\x12\\xf0\\x00\\x16\\x00\\x18\\x00H\\x12\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xec!\\xf0\\x00\\x98[\\xa5w\\x95\\x03]\\x1d"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04aa0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0L\\xf0\\x008\\x11\\xf0\\x00\\xa8L\\xf0\\x00@\\x11\\xf0\\x00H\\x11\\xf0\\x00\\x08B\\xef\\x00\\x00\\x00\"w0\\xba$w\\x00\\x00\\x12\\x00@\\x00B\\x00PK\\xf0\\x00\\x18\\x00\\x1a\\x00xK\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x04\\xec\\xf1\\x008\\\\xa5w\\xa2\\x99\\xdc\\x82"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f04ca0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0!\\xf0\\x00\\xa0J\\xf0\\x00\\xb8!\\xf0\\x00\\xa8J\\xf0\\x00\\xb0g\\xf0\\x00\\xc0!\\xf0\\x00\\x00\\x00\\x8eu@K\\x8eu\\x000\\x06\\x00<\\x00>\\x00\\x88M\\xf0\\x00\\x14\\x00\\x16\\x00\\xb0M\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xbcc\\xf0\\x00L-\\xef\\x00!\t\\xac\\xf9"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f021b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0#\\xf0\\x00\\xa0L\\xf0\\x00\\xf8#\\xf0\\x00\\xa8L\\xf0\\x00\\xb0L\\xf0\\x00H\\x11\\xf0\\x00\\x00\\x00\\x8ev0\\xbf\\x91v\\x00\\xe0\\x0b\\x00<\\x00>\\x00\\x98\"\\xf0\\x00\\x14\\x00\\x16\\x00\\xc0\"\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\xe4\\xf2\\xf1\\x00t\\x11\\xf0\\x00\\xb6\\xa0\\xb4\\x11"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f023f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xa0g\\xf0\\x00\\xb0!\\xf0\\x00\\xa8g\\xf0\\x00\\xb8!\\xf0\\x00\\x90c\\xf0\\x00\\x80a\\xf0\\x00\\x00\\x00\\x9cv\\x90\\xc9\\x9fv\\x00\\xb0\\x19\\x00<\\x00>\\x00\\xd8$\\xf0\\x00\\x14\\x00\\x16\\x00\\x00%\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x80[\\xa5w\\x80[\\xa5w-\\xec\\xfb?"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f067a0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pa\\xf0\\x00\\xf0#\\xf0\\x00xa\\xf0\\x00\\xf8#\\xf0\\x00 k\\xf0\\x00\\xb0L\\xf0\\x00\\x00\\x00Sw\\x00\\x00\\x00\\x00\\x00\\x80\\x01\\x00<\\x00>\\x00\\xa8n\\xf0\\x00\\x14\\x00\\x16\\x00\\xd0n\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x1ce\\xf0\\x00\\x00\\\\xa5wh\\x97\\xcfU"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06170"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xe0d\\xf0\\x00\\xa0g\\xf0\\x00\\xe8d\\xf0\\x00\\xa8g\\xf0\\x00\\x00$\\xf0\\x00\\xf0d\\xf0\\x00\\x00\\x00\\x16vps\\x16v\\x000\\x02\\x00:\\x00<\\x00\\x90/\\xf0\\x00\\x12\\x00\\x14\\x00\\xb8/\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xa4\\xea\\xf1\\x00\\x88[\\xa5w\\xd1\t\\xb0*"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f064e0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10k\\xf0\\x00pa\\xf0\\x00\\x18k\\xf0\\x00xa\\xf0\\x00\\x80a\\xf0\\x00 k\\xf0\\x00\\x00\\x00:w@\\x02@w\\x00\\xd0\r\\x00B\\x00D\\x00()\\xf0\\x00\\x1a\\x00\\x1c\\x00P)\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00Lk\\xf0\\x00\\xdcg\\xf0\\x00\\xd4\r\\x89+"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06b10"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "Ph\\xf0\\x00\\xe0d\\xf0\\x00Xh\\xf0\\x00\\xe8d\\xf0\\x00\\xf0d\\xf0\\x00\\xb0g\\xf0\\x00\\x00\\x00Xw\\x00xYw\\x00\\xb0\\x07\\x00B\\x00D\\x000*\\xf0\\x00\\x1a\\x00\\x1c\\x00X*\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00|f\\xf0\\x00\\x1ce\\xf0\\x00RDR\\xfd"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06850"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0^\\xf0\\x00\\x10k\\xf0\\x00\\xb8^\\xf0\\x00\\x18k\\xf0\\x00pj\\xf0\\x00p_\\xf0\\x00\\x00\\x00\\xabu\\x10\"\\xacu\\x00\\xb0\\x07\\x00@\\x00B\\x00(8\\xf0\\x00\\x18\\x00\\x1a\\x00P8\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00`\\\\xa5w`\\\\xa5wL\\x9dxd"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05eb0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`_\\xf0\\x00Ph\\xf0\\x00h_\\xf0\\x00Xh\\xf0\\x00p_\\xf0\\x00\\x90c\\xf0\\x00\\x00\\x00aw\\xc0Zdw\\x00\\xf0\\x0b\\x00<\\x00>\\x0005\\xf0\\x00\\x14\\x00\\x16\\x00X5\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xff\\x04\\x02\\xf2\\x00\\xd8[\\xa5wPzV\\x7f"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05f60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc0`\\xf0\\x00\\xb0^\\xf0\\x00\\xc8`\\xf0\\x00\\xb8^\\xf0\\x00`h\\xf0\\x00\\xc0^\\xf0\\x00\\x00\\x00\\x86u \r\\x88u\\x00`\\x07\\x00>\\x00@\\x00x5\\xf0\\x00\\x16\\x00\\x18\\x00\\xa05\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf8[\\xa5w\\xf8[\\xa5wH\\xf4\\xe6L"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f060c0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "`j\\xf0\\x00`_\\xf0\\x00hj\\xf0\\x00h_\\xf0\\x00 `\\xf0\\x00pj\\xf0\\x00\\x00\\x00\\xe3u\\xf0\\xc8\\xe5u\\x000\\x0e\\x00:\\x00<\\x00\\xa04\\xf0\\x00\\x12\\x00\\x14\\x00\\xc84\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\m\\xf0\\x00h\\\\xa5w/\\xad(S"
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06a60"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x10`\\xf0\\x00\\xc0`\\xf0\\x00\\x18`\\xf0\\x00\\xc8`\\xf0\\x00\\xd0`\\xf0\\x00`h\\xf0\\x00\\x00\\x00fv\\xe0\\xbayv\\x00\\x00(\\x00>\\x00@\\x00\\xc05\\xf0\\x00\\x16\\x00\\x18\\x00\\xe85\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xf4\\xe9\\xf1\\x00\\xc0[\\xa5w\\xdbc}("
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06010"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "@f\\xf0\\x00`j\\xf0\\x00Hf\\xf0\\x00hj\\xf0\\x00Pf\\xf0\\x00\\xd0`\\xf0\\x00\\x00\\x00\\xb6v\\xd0\\\\xb9v\\x00`\t\\x00@\\x00B\\x00`x\\xf0\\x00\\x18\\x00\\x1a\\x00\\x88x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xd4\\xfb\\xf1\\x00\\xe8[\\xa5w[\r\\x8f\\xfc"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06640"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "pl\\xf0\\x00\\x10`\\xf0\\x00xl\\xf0\\x00\\x18`\\xf0\\x00\\x80l\\xf0\\x00 `\\xf0\\x00\\x00\\x00Nw\\x90xOw\\x00P\\x04\\x00>\\x00@\\x00\\x086\\xf0\\x00\\x16\\x00\\x18\\x0006\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xc4\\xee\\xf1\\x00Lk\\xf0\\x00?\\xc0\\xc7:"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06c70"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x80c\\xf0\\x00@f\\xf0\\x00\\x88c\\xf0\\x00Hf\\xf0\\x00\\x10i\\xf0\\x00Pf\\xf0\\x00\\x00\\x00\\x90w\\xe0\\x93\\x90w\\x00\\x90\\x01\\x00<\\x00>\\x00P6\\xf0\\x00\\x14\\x00\\x16\\x00x6\\xf0\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00d\\xed\\xf1\\x00\\x90[\\xa5w\\xd4;0\\x90"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06380"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00i\\xf0\\x00pl\\xf0\\x00\\x08i\\xf0\\x00xl\\xf0\\x00\\xc0^\\xf0\\x00\\x00$\\xf0\\x00\\x00\\x00Uw\\x10DUw\\x00P\\x02\\x00:\\x00<\\x00 0\\xf0\\x00\\x12\\x00\\x14\\x00H0\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00p\\\\xa5w\\xdcL\\xf0\\x00Ej\\x049"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06900"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": " m\\xf0\\x00\\x80c\\xf0\\x00(m\\xf0\\x00\\x88c\\xf0\\x000m\\xf0\\x00\\x80l\\xf0\\x00\\x00\\x00\\xb9t`*\\xb9t\\x00\\xa0\\x00\\x00B\\x00D\\x00h:\\xf1\\x00\\x1a\\x00\\x1c\\x00\\x90:\\xf1\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xf3\\xf1\\x00(\\\\xa5w\\xec\\x82\\x8d\\xc7"
              }
            ],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06d20"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf0f\\xf0\\x00\\x00i\\xf0\\x00\\xf8f\\xf0\\x00\\x08i\\xf0\\x00\\x00g\\xf0\\x00\\x10i\\xf0\\x00\\x00\\x00\\xc4t\\xd0\\xca\\xc4t\\x00\\x10\\x02\\x00>\\x00@\\x00pZ\\xf1\\x00\\x16\\x00\\x18\\x00\\x98Z\\xf1\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\x14\\xf9\\xf1\\x00\\xfc`\\xf0\\x00\\xb5kb\\x98"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f066f0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x00^\\xf0\\x00 m\\xf0\\x00\\x08^\\xf0\\x00(m\\xf0\\x00\\x10^\\xf0\\x000m\\xf0\\x00\\x00\\x00\\x8bsp(\\x8cs\\x00\\xd0\\x08\\x00t\\x00v\\x00\\xd0w\\xf0\\x00\\x18\\x00\\x1a\\x00,x\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00ld\\xf0\\x00x\\\\xa5w\\xf2\\x1d}^"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f05e00"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xb0i\\xf0\\x00\\xf0f\\xf0\\x00\\xb8i\\xf0\\x00\\xf8f\\xf0\\x00\\xc0i\\xf0\\x00\\x00g\\xf0\\x00\\x00\\x00\\xd4t\\xe0G\\xd4t\\x00\\xf0\\x00\\x00L\\x00N\\x00\\xb8\\x02\\xf0\\x00$\\x00&\\x00\\xe0\\x02\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xa4\\xf5\\xf1\\x00\\xa8[\\xa5wU\\xebI="
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f069b0"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "0d\\xf0\\x00\\x00^\\xf0\\x008d\\xf0\\x00\\x08^\\xf0\\x00x\\xf5\\xf1\\x00\\x10^\\xf0\\x00\\x00\\x00\\xf5t\\x00\\x18\\xf5t\\x00\\x80\\x00\\x00>\\x00@\\x00\\x88]\\xf1\\x00\\x16\\x00\\x18\\x00\\xb0]\\xf1\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\x84\\xf1\\xf1\\x00\\xf0[\\xa5w\\xa6P\\x89\\xa8"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06430"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x90e\\xf0\\x00\\xb0i\\xf0\\x00\\x98e\\xf0\\x00\\xb8i\\xf0\\x00(\\xeb\\xf1\\x00\\xa0e\\xf0\\x00\\x00\\x00\\x06sP0\\x08s\\x00\\x80\\x84\\x00j\\x00l\\x00 !\\xf0\\x00\\x0e\\x00\\x10\\x00|!\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\xff\\xffx\\\\xa5w,g\\xf0\\x00\\x8c\\xf4Lb"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f06590"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xf5\\xf1\\x000d\\xf0\\x00p\\xf5\\xf1\\x008d\\xf0\\x00@d\\xf0\\x00x\\xf5\\xf1\\x00\\x00\\x00\\xc7s\\x00\\xac\\xc7s\\x00@\\x01\\x00X\\x00Z\\x00\\x80#\\xf0\\x000\\x002\\x00\\xa8#\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00T\\xf6\\xf1\\x00\\xb0[\\xa5w\\xe5\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f568"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xeb\\xf1\\x00\\x90e\\xf0\\x00 \\xeb\\xf1\\x00\\x98e\\xf0\\x00\\xa0e\\xf0\\x00\\xc0i\\xf0\\x00\\x00\\x00\\xfbr _\\x04s\\x00\\xb0\n\\x00P\\x00R\\x00\\x08\\x08\\xf0\\x00(\\x00*\\x000\\x08\\xf0\\x00\\xcc\\xaa\\x08\\x00\\xff\\xff\\x00\\x00\\x94\\xe8\\xf1\\x00<^\\xf0\\x00\\xe1\\x17\\xac["
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1eb18"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "H\\xf1\\xf1\\x00h\\xf5\\xf1\\x00P\\xf1\\xf1\\x00p\\xf5\\xf1\\x00X\\xf1\\xf1\\x00@d\\xf0\\x00\\x00\\x00\\xbaq\\x00\\x00\\x00\\x00\\x00\\xe0@\\x01\\xd0\\x00\\xd2\\x00H\\xf4\\xf4\\x00\\x1e\\x00 \\x00\\xfa\\xf4\\xf4\\x00\\xcc*H\\x00\\x06\\x00\\x00\\x00P\\\\xa5wP\\\\xa5w\\x15\\xf3Lb"
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f148"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "(\\xed\\xf1\\x00\\x18\\xeb\\xf1\\x000\\xed\\xf1\\x00 \\xeb\\xf1\\x008\\xed\\xf1\\x00(\\xeb\\xf1\\x00\\x00\\x00\\xc0v\\xc06\\xc3v\\x00\\xf0\\x05\\x00P\\x00R\\x00X\\x14\\xf5\\x00(\\x00*\\x00\\x80\\x14\\xf5\\x00\\xcc\\xaa\\x0c\\x00\\xff\\xff\\x00\\x00\\xf0[\\xa5w\\xeci\\xf0\\x00\\xf6\\x13\\xd6\\x9d"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ed28"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xe8\\xf1\\x00H\\xf1\\xf1\\x00`\\xe8\\xf1\\x00P\\xf1\\xf1\\x00h\\xe8\\xf1\\x00X\\xf1\\xf1\\x00\\x00\\x00\\xb1qP\\x11\\xb1q\\x00\\xa0\\x08\\x00p\\x00r\\x00X\\xb8\\xf6\\x00\\x14\\x00\\x16\\x00\\xb4\\xb8\\xf6\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x90[\\xa5w\\xacl\\xf0\\x00\\xe8\\xf2Lb"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e858"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x18\\xf6\\xf1\\x00(\\xed\\xf1\\x00 \\xf6\\xf1\\x000\\xed\\xf1\\x00\\xd8\\xeb\\xf1\\x008\\xed\\xf1\\x00\\x00\\x00\\xc6v\\x80\\xbf\\xddv\\x00P[\\x00>\\x00@\\x00 (\\xf7\\x00\\x16\\x00\\x18\\x00H(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xa8[\\xa5w\\xa4\\xf5\\xf1\\x00W\\xa3_3"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f618"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xc8\\xeb\\xf1\\x00X\\xe8\\xf1\\x00\\xd0\\xeb\\xf1\\x00`\\xe8\\xf1\\x00\\x08\\xe7\\xf1\\x00\\xd8\\xeb\\xf1\\x00\\x00\\x00\\x1fu \\xb9<u\\x00\\xd0`\\x00N\\x00P\\x00X\\x01\\xf0\\x00&\\x00(\\x00\\x80\\x01\\xf0\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\xb0[\\xa5w\\xcce\\xf0\\x00\\x1a\\xa5Dl"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ebc8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\xf8\\xe6\\xf1\\x00\\x18\\xf6\\xf1\\x00\\x00\\xe7\\xf1\\x00 \\xf6\\xf1\\x00(\\xf6\\xf1\\x00h\\xe8\\xf1\\x00\\x00\\x00\\x1cu\\xd0\\x8b\\x1cu\\x00p\\x02\\x008\\x00:\\x00\\xb0(\\xf7\\x00\\x10\\x00\\x12\\x00\\xd8(\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\x00\\x00\\xc4\\xf9\\xf1\\x00\\xdcJ\\xf0\\x00\\xfaOW\\xc0"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1e6f8"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xf9\\xf1\\x00\\xc8\\xeb\\xf1\\x00\\x90\\xf9\\xf1\\x00\\xd0\\xeb\\xf1\\x00\\x98\\xf9\\xf1\\x00(\\xf6\\xf1\\x00\\x00\\x00\\x19v\\x80$\\x1dv\\x00p\\x08\\x00<\\x00>\\x00\\xd0)\\xf7\\x00\\x14\\x00\\x16\\x00\\xf8)\\xf7\\x00\\xcc\\xaa\\x08\\x00\\x06\\x00\\xff\\xff\\x84\\xe6\\xf1\\x00\\xd0[\\xa5w\\x96\\x11\\xa0S"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f988"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "h\\xea\\xf1\\x00\\xf8\\xe6\\xf1\\x00p\\xea\\xf1\\x00\\x00\\xe7\\xf1\\x00x\\xea\\xf1\\x00\\x08\\xe7\\xf1\\x00\\x00\\x00\\xd5tP\\xa2\\xd5t\\x00\\x80\\x01\\x00>\\x00@\\x00\\xd0 \\xf7\\x00\\x16\\x00\\x18\\x00\\xf8 \\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x008\\\\xa5w\\x04\\xec\\xf1\\x00\\xa7= \\x1c"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1ea68"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "X\\xf3\\xf1\\x00\\x88\\xf9\\xf1\\x00`\\xf3\\xf1\\x00\\x90\\xf9\\xf1\\x00h\\xf3\\xf1\\x00\\x98\\xf9\\xf1\\x00\\x00\\x00\\xd7t0]\\xd7t\\x000\\x01\\x00>\\x00@\\x00\\x90\\x1e\\xf7\\x00\\x16\\x00\\x18\\x00\\xb8\\x1e\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00\\xe4\\xe7\\xf1\\x00\\xaca\\xf0\\x00Sq\\xe7:"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-03-05 10:24:06,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f1f358"
              },
              {
                "name": "Size",
                "value": "0x00000048"
              },
              {
                "name": "Buffer",
                "value": "\\x88\\xee\\xf1\\x00h\\xea\\xf1\\x00\\x90\\xee\\xf1\\x00p\\xea\\xf1\\x00\\x98\\xee\\xf1\\x00x\\xea\\xf1\\x00\\x00\\x00pt0\\xcbpt\\x00\\xf0\\x02\\x00<\\x00>\\x00\\xb8\\x1d\\xf7\\x00\\x14\\x00\\x16\\x00\\xe0\\x1d\\xf7\\x00\\xcc\\xaa\\x0c\\x00\\x06\\x00\\x00\\x00(\\\\xa5w<i\\xf0\\x00[\\x1d\\x7f\\xa5"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "AllowDangerousUnicodeDecompositions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowDangerousUnicodeDecompositions"
              }
            ],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "UseStrictIPv6AddressParsing"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictIPv6AddressParsing"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "AllowAllUriEncodingExpansion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowAllUriEncodingExpansion"
              }
            ],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "SchUseStrongCrypto"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchUseStrongCrypto"
              }
            ],
            "repeated": 0,
            "id": 2642
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "SchSendAuxRecord"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchSendAuxRecord"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2650
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "SystemDefaultTlsVersions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SystemDefaultTlsVersions"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05a52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "RequireCertificateEKUs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\RequireCertificateEKUs"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "EnumerateSecurityPackagesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c550f0"
              }
            ],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "FreeContextBuffer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c4c870"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2684
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Control\\SecurityProviders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "SecurityProviders"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "SecurityProviders"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "credssp.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders"
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2689
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Control\\Lsa\\SspiCache"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SspiCache"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "credssp.dll"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name"
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CREDSSP"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Comment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Comment"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft CredSSP Security Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment"
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Capabilities"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "8455987"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Capabilities"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "RpcId"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "65535"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\RpcId"
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Version"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Type"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "33"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Type"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "TokenSize"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "73032"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\TokenSize"
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2703
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Control\\SecurityProviders\\SaslProfiles"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SaslProfiles"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-03-05 10:24:06,306",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-03-05 10:24:06,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-03-05 10:24:06,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "FreeCredentialsHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c54870"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-03-05 10:24:06,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "AcquireCredentialsHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c54470"
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-03-05 10:24:06,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\schannel"
              },
              {
                "name": "DllBase",
                "value": "0x719d0000"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schannel.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x719d0000"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "schannel.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x719d0000"
              },
              {
                "name": "FunctionName",
                "value": "SpUserModeInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x719d8fe0"
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2714
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "UserContextLockCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextLockCount"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "UserContextListCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextListCount"
              }
            ],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteSecurityContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c55000"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeSecurityContextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c548c0"
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-03-05 10:24:06,369",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-03-05 10:24:06,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-03-05 10:24:06,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090e50"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-03-05 10:24:06,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-03-05 10:24:06,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f550"
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-03-05 10:24:06,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c2d7f0"
              }
            ],
            "repeated": 1,
            "id": 2728
          },
          {
            "timestamp": "2026-03-05 10:24:06,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cbd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-03-05 10:24:06,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "send"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758f58a0"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-03-05 10:24:06,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000005f",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x16\\x03\\x01\\x00Z\\x01\\x00\\x00V\\x03\\x01i\\xa9Y\\xc6\\x16PU\\xda\\x92\\x97\\xe2\\xa9\\x8f\\xfdW\\xe9\\xf0\\xb3\\x05\\xadz\\x8b\r\\xeb<=Gn\\xf8j\\xe0h\\x00\\x00\\x0e\\xc0\n\\xc0\t\\xc0\\x14\\xc0\\x13\\x005\\x00/\\x00\n\\x01\\x00\\x00\\x1f\\x00\n\\x00\\x08\\x00\\x06\\x00\\x1d\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00\\x00#\\x00\\x00\\x00\\x17\\x00\\x00\\xff\\x01\\x00\\x01\\x00"
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-03-05 10:24:06,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "recv"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758f23a0"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-03-05 10:24:06,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x16\\x03\\x01\\x07\\xb0"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-03-05 10:24:06,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x000007b0",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x02\\x00\\x00Q\\x03\\x01i\\xa9\\x84\\x0b\\x1f\\xa4Y=\\x04\\xe1oIdB\\xe9\\x9a\\xc8\\xec\\x91P^\\x81\\xa0\\xd6\\x12\\x92\\xef?\\xe0\\x11\\xde\" \\x9f(\\x00\\x00~#\\xe4KC4\\x9d2\\x9d@\\xd1oEb\\xd4\\xcd\\x1f\\xc3\\xdd\\xb1\\xdc\\x86N\\x81\\xae\\d\\x1d\\xc0\\x14\\x00\\x00\t\\x00\\x17\\x00\\x00\\xff\\x01\\x00\\x01\\x00\\x0b\\x00\\x04\\xe8\\x00\\x04\\xe5\\x00\\x04\\xe20\\x82\\x04\\xde0\\x82\\x02\\xc6\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x00\\x8bX\\x1c\\x11V\\xbc\\x7f\\x06\\x8b\\x1bMR\\x11w\\x0b0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\r\\x05\\x000\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0 \\x17\r250719145754Z\\x18\\x0f99991231235959Z0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x02\\x0f\\x000\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-03-05 10:24:06,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-03-05 10:24:06,666",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x000000a6",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04l\\xd9<\\xa3\\xe6\"\\xd3\\xce\\x13\\x0c\\xd5:\\xbb1\ny\\xf0\\xd4\\x04<\\xfe\\xa8B`\\x90A\\xb2\\xd4\\xf6r\\x99G^\\x02\\xec\\xa1AF\\xbc\\xae\\xc8\\x9a\\xac\\xb3\\x9ci$\\xe1=\\x97\\xff\\x81\"\\x00\\xf1\\xfeF\\xdagTo\\x9eh\\xe8\\xd5\\x13\\xe8R\\xaa7\\xdd\\xc5\\xed\\xef%rUpB\\xf0o\\xc7h}\\xbf\\x04\\xc3\\xfd\\x01\\xc5\\x0fAx\\xea\\xcb\\xb6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\t\\x12\\x82U{\\xf9\\xaf\\xdf\\x93.\\x81\\x16\\xeft\\x93\\xf6(n[\\x96Gh](O\\x81Kp\\x08\\x10\\xe4\\x19\\x88\\xf2tL\\x82\\xb4\\xf2q;\\xce\\xe4-AI\\xa6e"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x14\\x03\\x01\\x00\\x01"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x16\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x1a\\x9e\\x0b\\x15\\xbbu\\x15\\x10\\xd5\\x82\\xb8K\\x1c,\\x05\\xffB\\xdeU\\x8f\\xd6\\x8e,<\\x920\\x87U\\xab\\x85'\\xa4\\x18\\x01\\xd0\\xd0\\x90\\x0c\\xe0\\xc6\\x9cwf\\x8e&\\x9a\\x17\\x9e"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "sspicli.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c40000"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SspiCli.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74c40000"
              },
              {
                "name": "FunctionName",
                "value": "FreeContextBuffer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c4c870"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-03-05 10:24:06,744",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\mskeyprotect"
              },
              {
                "name": "DllBase",
                "value": "0x70d80000"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-03-05 10:24:06,822",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\NTASN1"
              },
              {
                "name": "DllBase",
                "value": "0x70d50000"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mskeyprotect.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d80000"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mskeyprotect.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70d80000"
              },
              {
                "name": "FunctionName",
                "value": "KeyFileProtectSessionTicket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70d869b0"
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mskeyprotect.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70d80000"
              },
              {
                "name": "FunctionName",
                "value": "KeyFileUnprotectSessionTicket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70d86d50"
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "ncrypt.dll"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ncrypt.dll"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ncrypt.dll"
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ncrypt.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000574"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000570"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ncrypt.dll"
              }
            ],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000574"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3b000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3a000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3a000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2763
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2765
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\ncrypt.dll"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ncrypt.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-03-05 10:24:06,884",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ncrypt"
              },
              {
                "name": "DllBase",
                "value": "0x70d20000"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3b000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3b000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\ncrypt"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d20000"
              },
              {
                "name": "InitRoutine",
                "value": "0x70d28730"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a45000"
              },
              {
                "name": "ModuleName",
                "value": "schannel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a45000"
              },
              {
                "name": "ModuleName",
                "value": "schannel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3b000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d3b000"
              },
              {
                "name": "ModuleName",
                "value": "ncrypt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x02\\x00\\x01\\x00\\x08R\\xa4q\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00S\\x00S\\x00L\\x00 \\x00P\\x00r\\x00o\\x00t\\x00o\\x00c\\x00o\\x00l\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffP\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00c\\x00r\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffM\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00S\\x00S\\x00L\\x00 \\x00P\\x00r\\x00o\\x00t\\x00o\\x00c\\x00o\\x00l\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00n\\x00c\\x00r\\x00y\\x00p\\x00t\\x00s\\x00s\\x00l\\x00p\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\ncryptsslp"
              },
              {
                "name": "DllBase",
                "value": "0x70d00000"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ncryptsslp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70d00000"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ncryptsslp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70d00000"
              },
              {
                "name": "FunctionName",
                "value": "GetSChannelInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70d084e0"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xac\\xd3\\x97w0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00S\\x00H\\x00A\\x001\\x00\\x00\\x00\\x00\\x00UG\\xd2p"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00A\\x001\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffS\\x00H\\x00A\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c00000"
              },
              {
                "name": "FunctionName",
                "value": "GetHashInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76c15880"
              }
            ],
            "repeated": 3,
            "id": 2782
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x07R\\x9eq0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00A\\x00E\\x00S\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00S\\x00\\x00\\x00\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffA\\x00E\\x00S\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x00\\x00\\x00\\x00\\x00\\x00\\x00K\\x00e\\x00y\\x00L\\x00e\\x00n\\x00g\\x00t\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c00000"
              },
              {
                "name": "FunctionName",
                "value": "GetCipherInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76c2a8d0"
              }
            ],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "BCryptImportKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "0\\x02\\x00\\x00KSSM\\x02\\x00\\x01\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00\\xa1a %~\\x04\\x80bX\\x82\\\\x93\\xa0\\xad\\x13\\x14\\xf7f\\x82\\xe5\\xda\\xfc\\xf7b\\x9d|\\xed\\xccj%\\x9a\\xa7\\x00\\x00\\x00\\x00\\xa1a %~\\x04\\x80bX\\x82\\\\x93\\xa0\\xad\\x13\\x14\\xf7f\\x82\\xe5\\xda\\xfc\\xf7b\\x9d|\\xed\\xccj%\\x9a\\xa7\\x9f\\xd9|'\\xe1\\xdd\\xfcE\\xb9_\\xa0\\xd6\\x19\\xf2\\xb3\\xc2#\\xef\\xef\\xc0\\xf9\\x13\\x18\\xa2do\\xf5n\\x0eJo\\xc9Kq\\xa1\\x8c\\xaa\\xac]\\xc9\\x13\\xf3\\xfd\\x1f\n\\x01N\\xddD\\x93\\xc0\\x01\\xbd\\x80\\xd8\\xa3\\xd9\\xef-\\xcd\\xd7\\xa5B\\x04I]S\\x82\\xe3\\xf1\\x0eK\\xf0\\x02\\xf3T\\xfa\\x03\\xbd\\x89i\\xe8\\xba\\xa6\\xd4hb\\x05\r\\x87O\\xc8\\xda\"\r\\xcc\\xd2\\x8a\\x18\\xd51{\\x16\\x9e\\xc1y\\xe5\\xca;zXC\\x8b2\\xd0\\xbc_Z\\xb2\\xb9R\\xdd\\xfdq\\x88\\xff\\xf0\\xbd\\xd4\\x06b\\x11\\xe5}t\\x8f$\\x04\\x91E\\x1f~\\xc9\\x06K\\xc1\r\\xd3\\x14\\x9b\\xbfjFFB\\x1b\\xce\\xb9\\xb2\\xa6"
              },
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "CryptKey",
                "value": "0x07b7f400"
              },
              {
                "name": "Length",
                "value": "560"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "BCryptImportKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "0\\x02\\x00\\x00KSSM\\x02\\x00\\x01\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00\\x18m\\x85\\xe3\\x92\\xa6\\x16\\xf5D}\\x867\\xf1\\x90\\xcd(\\xe6+\\xdd?\\xee\\x85\\x0f\\xf6]\\x8a<c\\xcd\\xa5\\xb5b\\x00\\x00\\x00\\x00\\x18m\\x85\\xe3\\x92\\xa6\\x16\\xf5D}\\x867\\xf1\\x90\\xcd(\\xe6+\\xdd?\\xee\\x85\\x0f\\xf6]\\x8a<c\\xcd\\xa5\\xb5b\\x1f\\xb8/^\\x8d\\x1e9\\xab\\xc9c\\xbf\\x9c8\\xf3r\\xb4\\xe1&\\x9d\\xb2\\x0f\\xa3\\x92DR)\\xae'\\x9f\\x8c\\x1bEy\\x17A\\x85\\xf4\tx.=j\\xc7\\xb2\\x05\\x99\\xb5\\x06\\x8a\\xc8H\\xdd\\x85k\\xda\\x99\\xd7Bt\\xbeH\\xceo\\xfb\\xf6\\xbfN\\xd7\\x02\\xb66\\xf9?\\xdc\\xf1K:EDM\n\\xa6S>\\x8f\\xcd\\x89\\xa7X\\x8f\\xfd\\x19\\x10A\\x92\\xe2}\\xf0\\xd6\\x1d\\x7fF\\xe0\\xe4@\\x9a\\x11\\xafz\\xdfU\\xe2\\xd08\\xaf\\xa6_\\xf5&\\x01\\x07z\\xdb\\x18\\x17;I\\xfa\\x8f\\xcb\\xfb\\xed\\xf0\\x8d\\x1b\t\\xb0\\x17\n\\xa6\\xca\\xc8_D\\xa4\\xd0`\\xbd\\xfb%F\\xbc\\xfc_\\x9d\\xa4\\xebd\\xd4^"
              },
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "CryptKey",
                "value": "0x07b7f6e0"
              },
              {
                "name": "Length",
                "value": "560"
              }
            ],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-03-05 10:24:06,900",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "QueryContextAttributesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c553c0"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertFreeCertificateContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa2850"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a45000"
              },
              {
                "name": "ModuleName",
                "value": "schannel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71a45000"
              },
              {
                "name": "ModuleName",
                "value": "schannel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\xde0\\x82\\x02\\xc6\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x00\\x8bX\\x1c\\x11V\\xbc\\x7f\\x06\\x8b\\x1bMR\\x11w\\x0b0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\r\\x05\\x000\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0 \\x17\r250719145754Z\\x18\\x0f99991231235959Z0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x02\\x0f\\x000\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateCertificateContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f9f6e0"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertGetCertificateContextProperty"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa4ab0"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertCloseStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa34d0"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fc1e10"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateStoreW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertEnumCertificatesInStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f9e480"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-03-05 10:24:06,978",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertEnumCertificatesInStoreW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertFreeCertificateChain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fb30b0"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetTimeZoneInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091cc0"
              }
            ],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetSystemTimeAndBias"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779b7190"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000594"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000594"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbd0d8"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbd0d8"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-03-05 10:24:06,994",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbd0d8"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              }
            ],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbd0d8"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x081f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-03-05 10:24:07,009",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-03-05 10:24:07,025",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertOpenStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa94e0"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-03-05 10:24:07,025",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertOpenStoreW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-03-05 10:24:07,025",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertAddCertificateLinkToStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fe9d10"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-03-05 10:24:07,025",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertAddCertificateLinkToStoreW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f530"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090460"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAllocW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetDynamicTimeZoneInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760a3510"
              }
            ],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "102"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "TZI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\TZI"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "TZI"
              },
              {
                "name": "Data",
                "value": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\TZI"
              }
            ],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "FirstEntry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\FirstEntry"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace8e0"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "FirstEntry"
              },
              {
                "name": "Data",
                "value": "2010"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\FirstEntry"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LastEntry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\LastEntry"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LastEntry"
              },
              {
                "name": "Data",
                "value": "2015"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\LastEntry"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2010"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2010"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2010"
              },
              {
                "name": "Data",
                "value": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\n\\x00\\x00\\x00\\x05\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2010"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2011"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2011"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2011"
              },
              {
                "name": "Data",
                "value": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x01\\x00\\x06\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2011"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2012"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2012"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2012"
              },
              {
                "name": "Data",
                "value": "\\x10\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2012"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2013"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2013"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2013"
              },
              {
                "name": "Data",
                "value": "\\x10\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2013"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2014"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2014"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2014"
              },
              {
                "name": "Data",
                "value": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\n\\x00\\x00\\x00\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x03\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2014"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2015"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2015"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "2015"
              },
              {
                "name": "Data",
                "value": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2015"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MUI_Display"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Display"
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MUI_Display"
              },
              {
                "name": "Data",
                "value": "@tzres.dll,-2980"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Display"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MUI_Std"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Std"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MUI_Std"
              },
              {
                "name": "Data",
                "value": "@tzres.dll,-1832"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Std"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MUI_Dlt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Dlt"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MUI_Dlt"
              },
              {
                "name": "Data",
                "value": "@tzres.dll,-1831"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Dlt"
              }
            ],
            "repeated": 0,
            "id": 2892
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c60000"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76c60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c60000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-03-05 10:24:07,197",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c60000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76dbdc30"
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000025",
                "pretty_value": "CSIDL_SYSTEM"
              },
              {
                "name": "Path",
                "value": "C:\\Windows\\system32"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileMUIPath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760a35a0"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2902
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005a4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbe128"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000008",
                "pretty_value": "PAGE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-03-05 10:24:07,291",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000025",
                "pretty_value": "CSIDL_SYSTEM"
              },
              {
                "name": "Path",
                "value": "C:\\Windows\\system32"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005a4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbe128"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000008",
                "pretty_value": "PAGE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000025",
                "pretty_value": "CSIDL_SYSTEM"
              },
              {
                "name": "Path",
                "value": "C:\\Windows\\system32"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005a4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbe128"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000008",
                "pretty_value": "PAGE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-03-05 10:24:07,322",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2932
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Display"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Display"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Display"
              },
              {
                "name": "Data",
                "value": "(UTC+03:00) \\x41c\\x43e\\x441\\x43a\\x432\\x430, \\x421\\x430\\x43d\\x43a\\x442-\\x41f\\x435\\x442\\x435\\x440\\x431\\x443\\x440\\x433"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Display"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Std"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Std"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Std"
              },
              {
                "name": "Data",
                "value": "RTZ 2 (\\x437\\x438\\x43c\\x430)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Std"
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Dlt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dlt"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Dlt"
              },
              {
                "name": "Data",
                "value": "RTZ 2 (\\x43b\\x435\\x442\\x43e)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dlt"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertGetCertificateChain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75f97b60"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertGetCertificateChainW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2944
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2945
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SYSTEM\\CurrentControlSet\\Services\\crypt32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "DiagLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagLevel"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "DiagMatchAnyMask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagMatchAnyMask"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2950
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SYSTEM\\CurrentControlSet\\Services\\crypt32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2958
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2960
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2962
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2964
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "DisallowedCertSyncDeltaTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertSyncDeltaTime"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2968
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2970
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "DisableMandatoryBasicConstraints"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints"
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "DisableCANameConstraints"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "DisableUnsupportedCriticalExtensions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions"
              }
            ],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxAIAUrlCountInCert"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxAIAUrlRetrievalCountPerChain"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxUrlRetrievalByteCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount"
              }
            ],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxAIAUrlRetrievalByteCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxAIAUrlRetrievalCertCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount"
              }
            ],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxVerifySignatureCountPerChain"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxVerifySignatureCountPerChain"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxIssuerDepth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxIssuerDepth"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MaxPathCountPerChain"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxPathCountPerChain"
              }
            ],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "CryptnetPreFetchTriggerPeriodSeconds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "EnableWeakSignatureFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "MinRsaPubKeyBitLength"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MinRsaPubKeyBitLength"
              }
            ],
            "repeated": 0,
            "id": 2985
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakRsaPubKeyTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRsaPubKeyTime"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "ChainCacheResyncFiletime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "EnableStrictChecksFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableStrictChecksFlags"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Default"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2990
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SYSTEM\\CurrentControlSet\\Control\\CI\\Config"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\CI\\Config"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Default"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartyFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744071705722880"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartyAfterTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyAfterTime"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartyAfterTime"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x00\\xc0)\\xb8C\\x9a\\xc9\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyAfterTime"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllFlags"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllFlags"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllFlags"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllFlags"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartySha256Allow"
              }
            ],
            "repeated": 1,
            "id": 3004
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartySha256Allow"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "Information",
                "value": "\\x00\\x00\\x001P\\xe4a2\\x7f3\\x5410\\x400\\x15\\x1000t\\x65af"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "WeakMD5AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartyFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744071562330112"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartyAfterTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyAfterTime"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllFlags"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllFlags"
              }
            ],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllFlags"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllFlags"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1ThirdPartySha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1ThirdPartySha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "WeakSHA1AllSha256Allow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllSha256Allow"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakRSAThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakRSAThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakRSAAllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAAllFlags"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakRSAAllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAAllFlags"
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakDSAThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakDSAThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakDSAAllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAAllFlags"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakDSAAllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAAllFlags"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakECDSAThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakECDSAThirdPartyFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAThirdPartyFlags"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "WeakECDSAAllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAAllFlags"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ValueName",
                "value": "WeakECDSAAllFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAAllFlags"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3041
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CertDllOpenStoreProv"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllOpenStoreProv"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "#16"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllOpenStoreProv\\#16"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffad\\xff85\\xff823\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00B\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Ldap"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllOpenStoreProv\\Ldap"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffad\\xff85\\xff823\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00B\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CertDllOpenStoreProv"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CertDllOpenStoreProv"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3072
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3078
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00D\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00D\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3082
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00@\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00@\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3093
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xdc\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xda0=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x0e\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xa0\\xdc\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x18\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\x0e1=\\xd0L\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xffd\\xdd\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xa4\\xdd\\xbb\\x00\\x08\\xe0\\xc4\\xddd\\xddT\\xdd\\xc8\\xdd\\x00\\x00\\xb4\\x05\\x00\\x00\\x08\\xe0\\xbb\\x00\\xc4\\xdd\\xbb\\x00\\xc8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00x\\xdd\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xa4\\xdd\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3107
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3109
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3110
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3114
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3115
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3118
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3121
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xda\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xf26=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\n\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xb8\\xda\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x070\\xdb\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s&7=\\xd0d\\xd6\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff|\\xdb\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xbc\\xdb\\xbb\\x00$\\xde\\xdc\\xdb|\\xdbl\\xdb\\xe0\\xdb\\x00\\x00\\xb4\\x05\\x00\\x00$\\xde\\xbb\\x00\\xdc\\xdb\\xbb\\x00\\xe0\\xdb\\xbb\\x00\\x00\\x00\\x00\\x00\\x90\\xdb\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xbc\\xdb\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3131
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-03-05 10:24:07,337",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3137
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3140
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3143
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 3144
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3146
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3148
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3150
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3151
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "KeyInformation",
                "value": "N+h%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3155
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "109F1CAED645BB78B3EA2B94C0697C740733031C"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3158
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x83\\xb6S\\x18fNo\\xa2E\\xe0\\xd7`\\x9f\\xb9X \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x10\\x9f\\x1c\\xae\\xd6E\\xbbx\\xb3\\xea+\\x94\\xc0i|t\\x073\\x03\\x1c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00&]\\x05\\x07\\xd8/\\xa2`\\x84\\xbd\\x83}\\xf5!\\x80\\xa7\\x05oZ\\x85 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x04\\x00\\x000\\x82\\x04\\x0f0\\x82\\x02\\xf7\\xa0\\x03\\x02\\x01\\x02\\x02\n\\x19\\x8b\\x11\\xd1?\\x9a\\x8f\\xfei\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r971001070000Z\\x17\r021231070000Z0\\x81\\xc31+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1A0?\\x06\\x03U\\x04\\x0b\\x138Microsoft Windows Hardware Compatibility Intermediate CA1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation110/\\x06\\x03U\\x04\\x03\\x13(Microsoft Windows Hardware Compatibility0\\x81\\x9f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x81\\x8d\\x000\\x81"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\x0f0\\x82\\x02\\xf7\\xa0\\x03\\x02\\x01\\x02\\x02\n\\x19\\x8b\\x11\\xd1?\\x9a\\x8f\\xfei\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r971001070000Z\\x17\r021231070000Z0\\x81\\xc31+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1A0?\\x06\\x03U\\x04\\x0b\\x138Microsoft W"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "D559A586669B08F46A30A133F8A9ED3D038E2EA8"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3164
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xac\\xd8\\x0e\\xa2{\\xb7,\\xe7\\x00\\xdc\"rJ_\\x1e\\x92\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00Is\\xe0\\x92\\xcf\\x8a\\x9e,\\xa5\\xf9\\x88I:[\\xac\\xfe8\\x95\\x94.\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\n\\xcf\\xebK\\x07\\xe7\\x03\\xa0\\x1fL\\xef(\\xeerV\\xf7Qu\\x91U\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xd6\\xed}\\xf5/\\xc1\\x9b\\xdc\\x9e_\\xe9\\xe2\\xbe!\\xfb\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5Y\\xa5\\x86f\\x9b\\x08\\xf4j0\\xa13\\xf8\\xa9\\xed=\\x03\\x8e.\\xa8 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x87\\x03\\x00\\x000\\x82\\x03\\x830\\x82\\x02\\xec\\xa0\\x03\\x02\\x01\\x02\\x02\\x10F\\xfc\\xeb\\xba\\xb4\\xd0/\\x0f\\x92`\\x98#?\\x93\\x07\\x8f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certification Authority0\\x1e\\x17\r970417000000Z\\x17\r161024235959Z0\\x81\\xba1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign International Server CA - Class 31I0G\\x06\\x03U\\x04\\x0b\\x13@www.verisign.com/CPS"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\x830\\x82\\x02\\xec\\xa0\\x03\\x02\\x01\\x02\\x02\\x10F\\xfc\\xeb\\xba\\xb4\\xd0/\\x0f\\x92`\\x98#?\\x93\\x07\\x8f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certification Authority0\\x1e\\x17\r970417000000Z\\x17\r161024235959Z0\\x81\\xba1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign "
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEE449EE0E3965A5246F000E87FDE2A065FD89D4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3170
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xed\\xbc\\xcd\\xd5\\x10j\\x07\\x1c]\\x8bF\\x90\\x91\\x8eH\\xaa\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xfe\\xe4I\\xee\\x0e9e\\xa5$o\\x00\\x0e\\x87\\xfd\\xe2\\xa0e\\xfd\\x89\\xd4\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x9a\\xa6X\\x7f\\x94\\xdd\\x91\\xd9\\x1ec\\xdf\\xd3\\xf0\\xce_\\xae\\x18\\x93\\xaa\\xb7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xce\\x01\\x00\\x000\\x82\\x01\\xca0\\x82\\x01t\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0\\x1e\\x17\r960528220259Z\\x17\r391231235959Z0\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0[0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03J\\x000G\\x02@\\x81U\"\\xb9\\x8a\\xa4o\\xed\\xd6\\xe7\\xd9f\\x0fU\\xbc\\xd7\\xcd\\xd5\\xbcN@\\x02!\\xa2\\xb1\\xf7\\x870\\x85^\\xd2\\xf2D\\xb9\\xdc\\x9bu\\xb6\\xfbF_B\\xb6\\x9d#6\\x0b\\xdeT\\x0f\\xcd\\xbd\\x1f\\x99*\\x10X\\x11\\xcb@\\xcb\\xb5\\xa7A\\x02\\x03\\x01\\x00\\x01\\xa3\\x81\\x9e0\\x81\\x9b0P\\x06\\x03U\\x04\\x03\\x04I\\x13GFor Testing Purposes Only Sample Software Publishing Credentials Agency0G\\x06\\x03U\\x1d\\x01\\x04@0>\\x80\\x10\\x12\\xe4\t-\\x06\\x1d\\x1dO\\x00\\x8da!\\xdc\\x16dc\\xa1\\x180\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency\\x82\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x00\\x03A\\x00-.>{\\x89B\\x89?\\xa8!"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x01\\xca0\\x82\\x01t\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0\\x1e\\x17\r960528220259Z\\x17\r391231235959Z0\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0[0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03J\\x000G\\x02@\\x81U\"\\xb9\\x8a\\xa4o\\xed\\xd6\\xe7\\xd9f\\x0fU\\xbc\\xd7\\xcd\\xd5\\xbcN@\\x02!\\xa2\\xb1\\xf7\\x870\\x85^\\xd2\\xf2D\\xb9\\xdc\\x9bu\\xb6\\xfbF_B\\xb6\\x9d#6\\x0b\\xdeT\\x0f\\xcd\\xbd\\x1f\\x99*\\x10X\\x11\\xcb@\\xcb\\xb5\\xa7A\\x02\\x03\\x01\\x00\\x01\\xa3\\x81\\x9e0\\x81\\x9b0P\\x06\\x03U\\x04\\x03\\x04I\\x13GFor Testing Purposes"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "KeyInformation",
                "value": "N+h%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3176
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "A377D1B1C0538833035211F4083D00FECC414DAB"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3179
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa3w\\xd1\\xb1\\xc0S\\x883\\x03R\\x11\\xf4\\x08=\\x00\\xfe\\xccAM\\xab!\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb5\\x01\\x00\\x000\\x82\\x01\\xb10\\x82\\x01\\x1a\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x000a1\\x110\\x0f\\x06\\x03U\\x04\\x07\\x13\\x08Internet1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign Commercial Software Publishers CA\\x17\r010324000000Z\\x17\r040107235959Z0i0!\\x02\\x10\\x1bQ\\x90\\xf77$9\\x9c\\x92T\\xcdBF7\\x99j\\x17\r010130000124Z0!\\x02\\x10u\\x0e@\\xff\\x97\\xf0G\\xed\\xf5V\\xc7\\x08N\\xb1\\xab\\xfd\\x17\r010131000049Z0!\\x02\\x10w\\xe6ZCY\\x93]_zu\\x80\\x1a\\xcd\\xad\\xc2\"\\x17\r000831000056Z\\xa0\\x1a0\\x180\t\\x06\\x03U\\x1d\\x13\\x04\\x020\\x000\\x0b\\x06\\x03U\\x1d\\x0f\\x04\\x04\\x03\\x02\\x05\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x00\\x03\\x81\\x81\\x00\\x18,\\xe8\\xfc\\x16m\\x91J=\\x88TH]\\xb8\\x11\\xbfd\\xbb\\xf9\\xdaY\\x19\\xdd\\x0ee\\xab\\xc0\\x0c\\xfag~!\\x1e\\x83\\x0e\\xcf\\x9b\\x89\\x8a\\xcf\\x0cK\\xc19\\x9d\\xe7j\\xacFtj\\x91b\"\r\\xc4\\x08\\xbd\\xf5\n\\x90\\x7f\\x06!=~\\xa7\\xaa^\\xcd\"\\x15\\xe6\\x0cu\\x8en\\xad\\xf1\\x84\\xe4\"\\xb40o\\xfbd\\x8f\\xd7\\x80C\\xf5\\x19\\x18f\\x1dr\\xa3\\xe3\\x94\\x82(R\\xa0\\x06N\\xb1\\xc8\\x92\\x0c\\x97\\xbe\\x15\\x07\\xabz\\xc9\\xea\\x08gCMQc;\\x9c\\x9c\\xcd"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x01\\xb10\\x82\\x01\\x1a\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x000a1\\x110\\x0f\\x06\\x03U\\x04\\x07\\x13\\x08Internet1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign Commercial Software Publishers CA\\x17\r010324000000Z\\x17\r040107235959Z0i0!\\x02\\x10\\x1bQ\\x90\\xf77$9\\x9c\\x92T\\xcdBF7\\x99j\\x17\r010130000124Z0!\\x02\\x10u\\x0e@\\xff\\x97\\xf0G\\xed\\xf5V\\xc7\\x08N\\xb1\\xab\\xfd\\x17\r010131000049Z0!\\x02\\x10w\\xe6ZCY\\x93]_zu\\x80\\x1a\\xcd\\xad\\xc2\"\\x17\r0008310"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3185
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 3186
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3188
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3190
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3191
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3194
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3197
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3200
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\CA\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\CA\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3202
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3205
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\CA"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3209
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3212
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3215
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00D\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00D\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3233
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00@\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00@\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3244
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3249
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00J2=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x10\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\x10\\xde\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x88\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s~2=\\xd0\\xbc\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xd4\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\x14\\xdf\\xbb\\x00P\\xe14\\xdf\\xd4\\xde\\xc4\\xde8\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00P\\xe1\\xbb\\x004\\xdf\\xbb\\x008\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xe8\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\x14\\xdf\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3254
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3258
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xdc\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xda0=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x0e\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xa0\\xdc\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x18\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\x0e1=\\xd0L\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xffd\\xdd\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xa4\\xdd\\xbb\\x00\\x08\\xe0\\xc4\\xddd\\xddT\\xdd\\xc8\\xdd\\x00\\x00\\xb4\\x05\\x00\\x00\\x08\\xe0\\xbb\\x00\\xc4\\xdd\\xbb\\x00\\xc8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00x\\xdd\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xa4\\xdd\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3271
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3277
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3280
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3283
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xda\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xf26=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\n\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xb8\\xda\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x070\\xdb\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s&7=\\xd0d\\xd6\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff|\\xdb\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xbc\\xdb\\xbb\\x00$\\xde\\xdc\\xdb|\\xdbl\\xdb\\xe0\\xdb\\x00\\x00\\xb4\\x05\\x00\\x00$\\xde\\xbb\\x00\\xdc\\xdb\\xbb\\x00\\xe0\\xdb\\xbb\\x00\\x00\\x00\\x00\\x00\\x90\\xdb\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xbc\\xdb\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3293
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-03-05 10:24:07,353",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3299
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "6764",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "6764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3304
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3307
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3310
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3312
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3315
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdc\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00z0=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x0c\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00@\\xdc\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xb8\\xdc\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xae0=\\xd0\\xec\\xd7\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x04\\xdd\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6sD\\xdd\\xbb\\x00\\x80\\xdfd\\xdd\\x04\\xdd\\xf4\\xdch\\xdd\\x00\\x00\\xb4\\x05\\x00\\x00\\x80\\xdf\\xbb\\x00d\\xdd\\xbb\\x00h\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x18\\xdd\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00D\\xdd\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3320
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3324
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3326
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "KeyInformation",
                "value": "#\\x0fk%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3330
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3333
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa0\\xfff9q%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3336
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "27748148BBE67A43CDBFEC6C3784862CE134E6EA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3339
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x03\\x00\\x00\\x00\\x01\\x00\\x01\\x00\\x14\\x00\\x00\\x00't\\x81H\\xbb\\xe6zC\\xcd\\xbf\\xecl7\\x84\\x86,\\xe14\\xe6\\xea\"\\x00\\x00\\x00\\x01\\x00\\x01\\x00*\\x02\\x00\\x000\\x82\\x02&\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x82\\x02\\x170\\x82\\x02\\x13\\x02\\x01\\x011\\x000\\x82\\x02\\x08\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x82\\x01\\xf90\\x82\\x01\\xf50\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x04(D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00O\\x00S\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xcd??\\xac\\xc3\\xee\\x89\\x17\r120531151137Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x000\\x82\\x01\\x900\\x12\\x04\\x10%\\xfbz]\\x86\\xf7/^g(\\x8fys\\x05\\xfe\\x940\\x12\\x04\\x10o-Ce\\xc1\\x02\\x1f[\\x8bc\\xef\\x13+\\xc3\\xb3`0\\x12\\x04\\x10\\xad\\x11\\xdb\\xb7l\\x9c\\xf1\\xab\\x99\\x98\\xcd\\x84.\\xc1vs0\\x12\\x04\\x10\\xdf\\xbd\\xd7/\\x99\\xc3\\xb6Jy~Z\\xc9mY\\xbeV0\\x12\\x04\\x10\\xc6h\\x15K\\xe9^\\x16\\xad\\xbc2\\x1a\\xbc1n8J0\\x12\\x04\\x1079.\\x83=\\xc6\\x05\\xdd{8$G9\\x93\\x9e\\xe30\\x12\\x04\\x101y\\xfeKW&\\xd8\\xdb*\\xaf=\\xf9X\\xc9k\\x970\\x12\\x04\\x10\\xc3Z\\x97\\xc8\\x0fh}\\xc3\\xc1\\x08\\xc6\\xa33\\x9bhF0\\x12\\x04\\x10!\\x18\\xa4\\xc6\\xf7\\x18\\xcf\\xc7\\xd6\\xd8x\\x8cSt\\xd3)0\\x12\\x04\\x10Rj9\\xc0M\\x15\\x86-B\\x7f\\xd9%\\xaf\\x036\\x900\\x12\\x04\\x10<6\\xe1h\\xab\\xcc\\x85\\x96c\\xedG\\xa0\\xc0Z\\xeey0\\x12\\x04\\x10\\x01\\x9e}V\\xd6\r\\xb9\\xad\\xec@\\xb9g\\xb1\\xbc\\xba\\x9f0\\x12\\x04\\x106\\xcd\\xe9\\x9a\\xb8s\\x7f\\x86(|X7\\x04\\xc9^\\x160\\x12\\x04\\x10&\\x99\nwX~\\xd8d\\x01\\x84\\xc4\\x93f\\xac\\xb0u0\\x12\\x04\\x10\\xf6\\x9d\"\\xae\\x1e\\xd6\\x15\\xb1\\xb9\\xe3\\x90\\xe3\\x10\\xbb\\xbb10\\x12\\x04\\x10\\xeb\\xe9\n\\xd1\\x01\\xd3\\x80+\\x8aL\\x91<"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x800\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x04(D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00O\\x00S\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xcd??\\xac\\xc3\\xee\\x89\\x17\r120531151137Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x00\\x00\\x00"
              },
              {
                "name": "Flags",
                "value": "0x00008004"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74700000"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptAcquireContextA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3349
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3352
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3355
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3358
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3361
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\Disallowed\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Disallowed\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3363
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3366
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Disallowed"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3370
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3373
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3376
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00D\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00D\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3394
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3398
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00@\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00@\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3405
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3408
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3410
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x8a1=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00P\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xc8\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xbe1=\\xd0\\xfc\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x14\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6sT\\xde\\xbb\\x00\\xa0\\xe0t\\xde\\x14\\xde\\x04\\xdex\\xde\\x00\\x00\\xb4\\x05\\x00\\x00\\xa0\\xe0\\xbb\\x00t\\xde\\xbb\\x00x\\xde\\xbb\\x00\\x00\\x00\\x00\\x00(\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00T\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3419
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00z1=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x10\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00@\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xb8\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xae1=\\xd0\\xec\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x04\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6sD\\xde\\xbb\\x00|\\xe0d\\xde\\x04\\xde\\xf4\\xddh\\xde\\x00\\x00\\xb4\\x05\\x00\\x00|\\xe0\\xbb\\x00d\\xde\\xbb\\x00h\\xde\\xbb\\x00\\x00\\x00\\x00\\x00\\x18\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00D\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3425
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3432
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3435
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3438
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xdc\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x0021=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x0f\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xf8\\xdc\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07p\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sf1=\\xd0\\xa4\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xbc\\xdd\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xfc\\xdd\\xbb\\x00<\\xe0\\x1c\\xde\\xbc\\xdd\\xac\\xdd \\xde\\x00\\x00\\xb4\\x05\\x00\\x00<\\xe0\\xbb\\x00\\x1c\\xde\\xbb\\x00 \\xde\\xbb\\x00\\x00\\x00\\x00\\x00\\xd0\\xdd\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xfc\\xdd\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3443
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3444
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Certificates"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Certificates"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x80k\\xbe\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3454
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3456
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3459
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "103"
              }
            ],
            "repeated": 1,
            "id": 3461
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3462
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa0\\xfff9q%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3466
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3469
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xfc\\x02\\xa4\\x9e.\\x1e\\x8eH\\x8c\\xa2\\x91!5W,\\xc2\\xf8\\xe7\\x1b\\xb0\\xe2\\xf2\\x85\\x96\\xb3r\"\\x99\\xf5\\xcb\\x9cb\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x84's\\x95\\x00\\x86\\xd0k\\x04\\xd7\\x02-b\\xa2\\x84\\xbek\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00e\\xaf\\x95\\xf4\\xbe\\x86\\x84sDcB\\x82\\xf9A\\xb2\\xe6\\x05\\x06>\\xf0\\xc8T/\\x01L\\xa0\\x88\\xd1\\x82\\x10\\x9eO\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00j\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x004\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x19\\xe8\\x1b\\xe9\\xa1L\\xd8\\xe2/@\\xac\\x11\\x8ch~\\xcb\\xa3\\xf4\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xf7&\\x98\\xd7\\x0e#\\x1f\\x8d\\xc4[W\\xf1\\x18\\xa4K\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe4\\xa2\\xf6\\xfe\\x9c\\xa7\\xf1\\x8a+\\xeb\\xa9aa0\\x8b\\xaa\\x88\\x80\\xb0\\x13\\x16\\x1d\\xdd\\x852\\xd4%\\x9e'\\xe5\\x05p\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcb\\xd1\\xf2\\xceH\\xfd\\x01\\x9f\\xeaV\\xaaW\\xd1~\\x99X\\xf8?\\xff\\xe0Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x07\\x06\\x00\\x000\\x82\\x06\\x030\\x82\\x03\\xeb\\xa0\\x03\\x02\\x01\\x02\\x02\\x10/\\xd6zC\"\\x932\\x90E\\xe9S4>\\xe2tf0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x931\\x0b0\t\\x06"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x06\\x030\\x82\\x03\\xeb\\xa0\\x03\\x02\\x01\\x02\\x02\\x10/\\xd6zC\"\\x932\\x90E\\xe9S4>\\xe2tf0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x931\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1=0;\\x06\\x03U\\x04\\x03\\x134Microsoft Time Stamp Root Certificate Authority 20140\\x1e\\x17\r141022220857Z\\x17\r391022221519Z0\\x81\\x931\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nW"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "06F1AA330B927B753A40E68CDF22E34BCBEF3352"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3475
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\x9e}\\x1e\\x8d]\\xa1\\x1d\\xc0\\xc8K\\x07W\\xec\\xed\\xcb\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x002\\x99\\x19\\x81\\xbf\\x15u\\xa1\\xa50;\\xb9:8\\x17#\\xea4k\\x9e\\xc10\\xfd\\xb5\\x96\\xa7[\\xa1\\xd7\\xce\\x0b\n\\x06W\\x0b\\xb9\\x85\\xd2XA\\xe2;\\xe9D\\xe8\\xff\\x11\\x8f\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00l\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00P\\x00r\\x00o\\x00d\\x00u\\x00c\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x06\\xf1\\xaa3\\x0b\\x92{u:@\\xe6\\x8c\\xdf\"\\xe3K\\xcb\\xef3R\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f\\x12N\\xde\\x13\\xe0j\\x02<\\xd7\\xc0\\x9aOH\\xc3\\xd6\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00C\\xefp\\x87\\xb8\\x9d\\xbf\\xec\\x88\\x19\\xdc\\xc6\\xc4ku\ru43\\x08\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00'\\x03\\x00\\x000\\x82\\x03#0\\x82\\x02\\xa8\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x14\\x98&f\\xdc|\\xcd\\x8f@Sg{\\xb9\\x99\\xec\\x850\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x941\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft C"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03#0\\x82\\x02\\xa8\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x14\\x98&f\\xdc|\\xcd\\x8f@Sg{\\xb9\\x99\\xec\\x850\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x941\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1>0<\\x06\\x03U\\x04\\x03\\x135Microsoft ECC Product Root Certificate Authority 20180\\x1e\\x17\r180227204208Z\\x17\r430227205046Z0\\x81\\x941\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWas"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-03-05 10:24:07,384",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "18F7C1FCC3090203FD5BAA2F861A754976C8DD25"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25"
              }
            ],
            "repeated": 0,
            "id": 3480
          },
          {
            "timestamp": "2026-03-05 10:24:07,400",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3481
          },
          {
            "timestamp": "2026-03-05 10:24:07,400",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe5=4\\xce\\xcb\\x05\\xc1~\\xe32\\xc7I\\xd7\\x8c\\x02V\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00e\\xfcGR\\x0ff89b\\xec\\x0b{\\x88\\xa0\\x82\\x1d\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x18\\xf7\\xc1\\xfc\\xc3\t\\x02\\x03\\xfd[\\xaa/\\x86\\x1auIv\\xc8\\xdd%\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00>\\xdf)\\x0c\\xc1\\xf5\\xccs,\\xeb=$\\xe1~R\\xda\\xbd'\\xe2\\xf0 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\x02\\x00\\x000\\x82\\x02\\xbc0\\x82\\x02%\\x02\\x10J\\x19\\xd28\\x8c\\x82Y\\x1c\\xa5]s_\\x15]\\xdc\\xa30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1,0*\\x06\\x03U\\x04\\x0b\\x13#VeriSign Time Stamping Service Root1402\\x06\\x03U\\x04\\x0b\\x13+NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.0\\x1e\\x17\r970512000000Z\\x17\r040107235959Z0\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, I"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-03-05 10:24:07,400",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-03-05 10:24:07,400",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02\\xbc0\\x82\\x02%\\x02\\x10J\\x19\\xd28\\x8c\\x82Y\\x1c\\xa5]s_\\x15]\\xdc\\xa30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1,0*\\x06\\x03U\\x04\\x0b\\x13#VeriSign Time Stamping Service Root1402\\x06\\x03U\\x04\\x0b\\x13+NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.0\\x1e\\x17\r970512000000Z\\x17\r040107235959Z0\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-03-05 10:24:07,400",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "245C97DF7514E7CF2DF8BE72AE957B9E04741E85"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3487
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7f\\xdf\\xf5\\x07)Dg\\x10$JD|\\xa2\\xa1\\x97\\xea\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x9d\\xf0\\xd11\\x00\\x12:\\xec\\xa7p\\x13\\x0fJ\\xd8\\xd2\t\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00$\\\\x97\\xdfu\\x14\\xe7\\xcf-\\xf8\\xber\\xae\\x95{\\x9e\\x04t\\x1e\\x85\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x004O0-%i1\\x91\\xea\\xf7s\\\\xab\\xf5\\x86\\x8d7\\x82@\\xec \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb1\\x02\\x00\\x000\\x82\\x02\\xad0\\x82\\x02\\x16\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03U\\x04\\x0b\\x13$Microsoft Time Stamping Service Root1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.0\\x1e\\x17\r970513161259Z\\x17\r991230235959Z0\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02\\xad0\\x82\\x02\\x16\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03U\\x04\\x0b\\x13$Microsoft Time Stamping Service Root1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.0\\x1e\\x17\r970513161259Z\\x17\r991230235959Z0\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "31F9FC8BA3805986B721EA7295C65B3A44534274"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3494
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe8G\\xc8B\\x9a\\xb0\\x9d\\xaeo\\x0b(;\\x98\\x15\\x8f\\xe3\\xb1\\xe8\\x80\\xb2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x03\\xd1\\xc7ge\\xed\\xa8\\x8b\\xc8\\xe0\\x87^`\\x91\\xd0`C%C\\xd1\\x80\\xbc\\xb8l\\x06I6\\xad\\xb9A\\xc4!cx\\x0b\\x82\\x89\\x92\\x1a\\x94\\xfe\\xbb\\x7f\\x9eG\\xed\\xac\\x12\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x007\\x94)X\\x86*\\x06\\xe6\\xbb\\xcf\\xd7\\xabY\\xc7\\xf2<i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00b\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00T\\x00S\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x001\\xf9\\xfc\\x8b\\xa3\\x80Y\\x86\\xb7!\\xear\\x95\\xc6[:DSBtk\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00?\\xd4\\xbe\\x8b\\xaa\\xd2\\xf2n\\x1b\\xde\\x06\\xc7XK\\xb7 \\xdd\\x1a\\x97-\\x11\\x1fZI\\x99\\xbcD\\xb0\\x8f\\xb4\\x96\r\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa4\\x0f<\\xb7\\xf5\\xff\\xa3\\xe8\\x12\\xbe\\xc7\\xf8U\\x07\\xcb\\xf4|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc5u\\x0b\\xf8_E\\x9f\\xb7\\x0e+l\\xd1\\x89\\x8d7^\\x92\\xd7\\x93\\x8eG\\xa6\\xe04\\xcc\\xe0\\xc1-07,\\xcd \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1b\\x03\\x00\\x000\\x82\\x03\\x170\\x82\\x02\\x9e\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x158u\\xe1d~\\xd1\\xb0G\\xb4\\xef\\xafA\\x12\\x82E0\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x8f1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02U"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\x170\\x82\\x02\\x9e\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x158u\\xe1d~\\xd1\\xb0G\\xb4\\xef\\xafA\\x12\\x82E0\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x8f1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1907\\x06\\x03U\\x04\\x03\\x130Microsoft ECC TS Root Certificate Authority 20180\\x1e\\x17\r180227205134Z\\x17\r430227210012Z0\\x81\\x8f1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashingt"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "3B1EFD3A66EA28B16697394703A72CA340A05BD5"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3500
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa2f\\xbb}\\xcc8\\xa5bc\\x13a\\xbb\\xf6\\x1d\\xd1\\x1b\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x08\\xfb\\xa81\\xc0\\x85D \\x8fR\\x08hk\\x99\\x1c\\xa1\\xb2\\xcf\\xc5\\x10\\xe70\\x17\\x84\\xdd\\xf1\\xeb[\\xf0929i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x000\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00;\\x1e\\xfd:f\\xea(\\xb1f\\x979G\\x03\\xa7,\\xa3@\\xa0[\\xd5\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5\\xf6V\\xcb\\x8f\\xe8\\xa2\\bh\\xd1=\\x94\\x90[\\xd7\\xce\\x9a\\x18\\xc4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00<p\\xfa\\xea%`\\x0c\\xe3\\xb2\\xcc_\\x0b\".\\xd6) \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10(\\xcc:%\\xbf\\xbaD\\xacD\\x9a\\x9bXkC9\\xaa0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20100\\x1e\\x17\r100623215"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10(\\xcc:%\\xbf\\xbaD\\xacD\\x9a\\x9bXkC9\\xaa0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20100\\x1e\\x17\r100623215724Z\\x17\r350623220401Z0\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x10"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "7F88CD7223F3C813818C994614A89C99FA3B5247"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3506
          },
          {
            "timestamp": "2026-03-05 10:24:07,416",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x07\\xd3M\\xedI\\x8dEw\\xf2a\\xbd8\\xb6\\xb8sn\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd6uv\\xf5R\\x1d\\x1c\\xca\\xb5.\\x92\\x15\\xe0\\xf9\\xf7C\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x7f\\x88\\xcdr#\\xf3\\xc8\\x13\\x81\\x8c\\x99F\\x14\\xa8\\x9c\\x99\\xfa;RG\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00o\\x00d\\x00e\\x00(\\x00t\\x00m\\x00)\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\xf03L\\x1a\\xa1\\xd9\\xee[{\\xa9\\xdeC\\xbc\\x02}W\t3\\xfb \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xda\\x03\\x00\\x000\\x82\\x03\\xd60\\x82\\x02\\xbe\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x1e\\x17\r950101080001Z\\x17\r991231235959Z0P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x82\\x01\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01\n\\x02\\x82\\x01\\x01\\x00\\xdf\\x08\\xba\\xe3?nd\\x9b\\xf5\\x89"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\xd60\\x82\\x02\\xbe\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x1e\\x17\r950101080001Z\\x17\r991231235959Z0P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x82\\x01\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01\n\\x02"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "8F43288AD272F3103B6FB1428485EA3014C0BCFE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3512
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fbc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbb\\x04\\x8f\\x1889_o\\xc3\\xa1\\xf3\\xd2\\xb7\\xe9vT\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00'\\x9c\\xd6R\\xc4\\xe2R\\xbf\\xbeR\\x17\\xacr\"\\x05\\xd7r\\x9b\\xa4\t\\x14\\x8c\\xfa\\x9em\\x9e[\\x1c\\xb9N\\xaf\\xf1\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x001\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8fC(\\x8a\\xd2r\\xf3\\x10;o\\xb1B\\x84\\x85\\xea0\\x14\\xc0\\xbc\\xfe\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00r-:\\x021\\x90C\\xb9\\x14\\x05N\\xe1\\xea\\xa7\\xc71\\xd1#\\x894\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xce\\x04\\x90\\xd5\\xe5l4\\xa5\\xae\\x0b\\xe9\\x8b\\xe5\\x81\\x18] \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10?\\x8b\\xc8\\xb5\\xfc\\x9f\\xb2\\x96C\\xb5i\\xd6lB\\xe1D0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20110\\x1e\\x17\r110322220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10?\\x8b\\xc8\\xb5\\xfc\\x9f\\xb2\\x96C\\xb5i\\xd6lB\\xe1D0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20110\\x1e\\x17\r110322220528Z\\x17\r360322221304Z0\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x10"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "92B46C76E13054E104F230517E6E504D43AB10B5"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3519
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00M\\xec\\xdf&\\x06\\xdc$\\x10\\xc0\\xb6\\x99\\xf4\\xd79\\xc7o\\x19\\xf8&(\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00WS\\xd5}h\\xf32&,L\\xc2\\xe5\\xefv\\x84\\x8e\\x03\\xdd\\xc8!,4\\xc7W\\x08|*\\xa7\\xe3 \\xa9F\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00q\\xd0\\xa5\\xff-Yt\\x16\\x94\\xbe\\xe3}\\x1e\\\\x86\\x0b\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x92\\xb4lv\\xe10T\\xe1\\x04\\xf20Q~nPMC\\xab\\x10\\xb5k\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x8a^H\\x81\\xd4/tu\\xe8\\xec7&\\xfc\\xd5\\xe5\\x18\\x84\\xaa\\x04\\xda\\xa9\\xfaz\\xda\\xc8\\xcd&E,\\xf8\\x85\\xd4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc8\\xb53\\x18\\xbf\\xf7\\xf6\\x89\\xdf\\xeak\\xfc?\\xd7\\x93rY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc1\\x03\\x00\\x000\\x82\\x03\\xbd0\\x82\\x02\\xa5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0fkU/\\x9e\\xbf\\x90{\\x0ff)\\xa9\\xbd\\xf4\\xd8\\xce0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Corporation1604\\x06\\x03U\\x04\\x03\\x13-Symantec Enterprise Mobile Root for Microsoft0\\x1e\\x17\r120315000000Z\\x17\r320314235959Z0d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Cor"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\xbd0\\x82\\x02\\xa5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0fkU/\\x9e\\xbf\\x90{\\x0ff)\\xa9\\xbd\\xf4\\xd8\\xce0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Corporation1604\\x06\\x03U\\x04\\x03\\x13-Symantec Enterprise Mobile Root for Microsoft0\\x1e\\x17\r120315000000Z\\x17\r320314235959Z0d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Corporation1604\\x06\\x03U\\x04\\x03\\x13-Symantec Enterprise"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "A43489159A520F0D93D032CCAF37E7FE20A8B419"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3525
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00?\\xc8\\xcb\\x0b\\xc0RA\\xe5\\x8de\\xe9D\\x8b-\\x07\\xc2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8b<0\\x87\\xb7\\x05o^\\xc5\\xdd\\xba\\x91\\xa1\\xb9\\x01\\xf0i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa44\\x89\\x15\\x9aR\\x0f\r\\x93\\xd02\\xcc\\xaf7\\xe7\\xfe \\xa8\\xb4\\x19\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00J\\u\"\\xaaF\\xbf\\xa4\\x08\\x9d9\\x97N\\xbd\\xb4\\xa3`\\xf7\\xa0\\x1d \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x04\\x00\\x000\\x82\\x04\\x120\\x82\\x02\\xfa\\xa0\\x03\\x02\\x01\\x02\\x02\\x0f\\x00\\xc1\\x00\\x8b<<\\x88\\x11\\xd1>\\xf6c\\xec\\xdf@0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r970110070000Z\\x17\r201231070000Z0p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft R"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\x120\\x82\\x02\\xfa\\xa0\\x03\\x02\\x01\\x02\\x02\\x0f\\x00\\xc1\\x00\\x8b<<\\x88\\x11\\xd1>\\xf6c\\xec\\xdf@0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r970110070000Z\\x17\r201231070000Z0p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microso"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BE36A4562FB2EE05DBB3D32323ADF445084ED656"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3531
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe8\\xa5\\x98\\xbe\\x84\\x82\\x8e\\xfe\\xaep\\x11\\x15\\x015v\\xb2\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7ffzq\\xd3\\xebix \\x9aQ\\x14\\x9d\\x83\\xda \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xbe6\\xa4V/\\xb2\\xee\\x05\\xdb\\xb3\\xd3##\\xad\\xf4E\\x08N\\xd6V\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00.\\x00\\x00\\x00T\\x00h\\x00a\\x00w\\x00t\\x00e\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x18\\x1c+\\xe0XQ\\xf9i\\x93\\xe1\\x96\\xf2y\\x95K#\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xbc\\xbd\\x86\\x9c?\\x07\\xed@\\xe3\\x1b\\x08\\xef\\xce\\xc4\\xd1\\x88\\xcd;\\x15 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa5\\x02\\x00\\x000\\x82\\x02\\xa10\\x82\\x02\n\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x000\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r\\x06\\x03U\\x04\n\\x13\\x06Thawte1\\x1d0\\x1b\\x06\\x03U\\x04\\x0b\\x13\\x14Thawte Certification1\\x1f0\\x1d\\x06\\x03U\\x04\\x03\\x13\\x16Thawte Timestamping CA0\\x1e\\x17\r970101000000Z\\x17\r201231235959Z0\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02\\xa10\\x82\\x02\n\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x000\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r\\x06\\x03U\\x04\n\\x13\\x06Thawte1\\x1d0\\x1b\\x06\\x03U\\x04\\x0b\\x13\\x14Thawte Certification1\\x1f0\\x1d\\x06\\x03U\\x04\\x03\\x13\\x16Thawte Timestamping CA0\\x1e\\x17\r970101000000Z\\x17\r201231235959Z0\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bD"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CDD4EEAE6000AC7F40C3802C171E30148030C072"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3537
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fbd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x98;\\x13&5\\xb7\\xe9\\x1d\\xee\\xf5Jg\\x80\\xc0\\x92i\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x009\\x1b\\xe9(\\x83\\xd5%\t\\x15[\\xfe\\xae'\\xb9\\xbd4\\x01p\\xb7k\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcd\\xd4\\xee\\xae`\\x00\\xac\\x7f@\\xc3\\x80,\\x17\\x1e0\\x14\\x800\\xc0r\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00J\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x0e\\xac\\x82`@V'\\x97\\xe5%\\x13\\xfc*\\xe1\nS\\x95Y\\xe4\\xa4\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe1\\xc0~\\xa0\\xaa\\xbb\\xd4\\xb7{\\x84\\xc2(\\x11x\\x08\\xa7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x9d\\x05\\x00\\x000\\x82\\x05\\x990\\x82\\x03\\x81\\xa0\\x03\\x02\\x01\\x02\\x02\\x10y\\xad\\x16\\xa1J\\xa0\\xa5\\xadLsX\\xf4\\x07\\x13.e0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicrosoft1-0+\\x06\\x03U\\x04\\x03\\x13$Microsoft Root Certificate Authority0\\x1e\\x17\r010509231922Z\\x17\r210509232813Z0_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicr"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x05\\x990\\x82\\x03\\x81\\xa0\\x03\\x02\\x01\\x02\\x02\\x10y\\xad\\x16\\xa1J\\xa0\\xa5\\xadLsX\\xf4\\x07\\x13.e0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicrosoft1-0+\\x06\\x03U\\x04\\x03\\x13$Microsoft Root Certificate Authority0\\x1e\\x17\r010509231922Z\\x17\r210509232813Z0_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicrosoft1-0+\\x06\\x03U\\x04\\x03\\x13$Microsoft Root Certi"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3544
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3547
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3550
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\"
              }
            ],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffef\\xffa7\\xffa6+-\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3554
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3557
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00t\\x99f\\xce\\xcc\\x95\\xc1\\x87A\\x94\\xcar\\x03\\xf9\\xb6 \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x05c\\xb8c\rb\\xd7Z\\xbb\\xc8\\xab\\x1eK\\xdf\\xb5\\xa8\\x99\\xb2MC\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O_\\x10i09\\x8d\t\\x10{@\\xc3\\xc7\\xca\\x8f\\x1c\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00E\\xeb\\xa2\\xaf\\xf4\\x92\\xcb\\x821-Q\\x8b\\xa7\\xa7!\\x9d\\xf3m\\xc8\\x0fb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00>\\x90\\x99\\xb5\\x01^\\x8fHl\\x00\\xbc\\xea\\x9d\\x11\\x1e\\xe7!\\xfa\\xba5Z\\x89\\xbc\\xf1\\xdfiV\\x1e=\\xc62\\\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00m\\xca[\\xd0\r\\xcf\\x1c\\x0f2pY\\xd3t\\xb2\\x9c\\xa6\\xe3\\xc5\n\\xa6\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x87\\xce\\x0b{*\\x0eI\\x00\\xe1Xq\\x9b7\\xa8\\x93r \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xbb\\x03\\x00\\x000\\x82\\x03\\xb70\\x82\\x02\\x9f\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xe7\\xe0\\xe5\\x17\\xd8F\\xfe\\x8f\\xe5`\\xfc\\x1b\\xf0090\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\xb70\\x82\\x02\\x9f\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xe7\\xe0\\xe5\\x17\\xd8F\\xfe\\x8f\\xe5`\\xfc\\x1b\\xf0090\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1$0\"\\x06\\x03U\\x04\\x03\\x13\\x1bDigiCert Assured ID Root CA0\\x1e\\x17\r061110000000Z\\x17\r311110000000Z0e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1$0\"\\x06\\x03U\\x04\\x03\\x13"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "07E032E020B72C3F192F0628A2593A19A70F069E"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3563
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f~u\\x0bVk\\x12\\x8a\\xc0\\xb8\\xd6Wm*p\\xa5\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x07\\xe02\\xe0 \\xb7,?\\x19/\\x06(\\xa2Y:\\x19\\xa7\\x0f\\x06\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe3\\xf9\\xaf\\x95,m\\xf2\\xaa\\xa4\\x17\\x06\\xa7zD\\xc2\\x03\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x08v\\xcd\\xcb\\x07\\xff$\\xf6\\xc5\\xcd\\xed\\xbb\\x90\\xbc\\xe2\\x847Fu\\xf7b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\XF\\x8dU\\xf5\\x8eI~t9\\x82\\xd2\\xb5\\x00\\x10\\xb6\\xd1e7J\\xcf\\x83\\xa7\\xd4\\xa3-\\xb7h\\xc4@\\x8e\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00C\\x00e\\x00r\\x00t\\x00u\\x00m\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00 \\x00C\\x00A\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00e\\x00\\x00\\x000c0!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x070\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8V\\x9c\\xcd!\\xef\\x9c\\xc5s|z\\x12\\xdf`\\x8c,\\xbcT]\\xf1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd5\\xe9\\x81@\\xc5\\x18i\\xfcF,\\x89ub\\x0f\\xaa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\xbb0\\x82\\x02\\xa3\\xa0\\x03\\x02\\x01\\x02\\x02\\x03\\x04D\\xc00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000~1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02PL1\"0 \\x06\\x03U\\x04\n\\x13\\x19Unizeto Technologies S.A.1'0%\\x06\\x03U\\x04\\x0b\\x13\\x1eCertum Certification Authority1\"0 \\x06\\x03U\\x04\\x03\\x13\\x19Certum Trusted Network CA0\\x1e\\x17\r081022120737Z\\x17\r291231120737Z0~1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02PL1\"0 \\x06\\x03U\\x04\n\\x13\\x19Unizeto Technologies S.A.1'0%\\x06\\x03U\\x04\\x0b\\x13\\x1eC"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "51501FBFCE69189D609CFAF140C576755DCC1FDF"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF"
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fbe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x000\\x1e\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xeb\\x15w\\xb4\\x0b<\\x8b\\xab\\xae4m\\xd9\\x8e\\xad\\x07\\x80\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00QP\\x1f\\xbf\\xcei\\x18\\x9d`\\x9c\\xfa\\xf1@\\xc5vu]\\xcc\\x1f\\xdf\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00[\\xcb\\x93\\xea\\xdb}mO\\xb7\\xa0\n/:\\xe5\\x03\\x0c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00g\\x0eI,a\\x17\\x9e\\xeb\\xed\\xe0T\\xe7\\x84\\xd9\\x9b\\xadd`seb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xa3\\xcchY]\\xfe~\\x86\\xd8\\xad\\x17r\\xa8\\xb5(J\\xddT\\xac\\xe3\\xb8\\xa7\\x98\\xdfG\\xbc\\xca\\xfb\\x1f\\xdb\\x84\\xdf\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00>\\x00\\x00\\x00H\\x00o\\x00t\\x00s\\x00p\\x00o\\x00t\\x00 \\x002\\x00.\\x000\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x000\\x003\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xbeR\\xe4a\\xb1}\\xd6%'q%\\x1bE\\xe9\\x8f\\x122\\xca\\xa1%\\x12\\xdcy\\x11\\x8d\\x0c_\\xces\\xa5M\\x95\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O\\xcb\\x14\\xf7\\xc4\\xa3\\x8f/&\\\\x1f\\x12\\xc9\\xafVwY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\x05\\x00\\x000\\x82\\x05l0\\x82\\x03T\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xb3\\x0fp\\xf2\\x86\\xa43\\xe0\\xb9\t\\x89\\xde\\x01\\xed\\xb70\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x180\\x16\\x06\\x03U\\x04\n\\x13\\x0fWFA Hotspot 2.01'0%\\x06\\x03U\\x04\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fbf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x05l0\\x82\\x03T\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xb3\\x0fp\\xf2\\x86\\xa43\\xe0\\xb9\t\\x89\\xde\\x01\\xed\\xb70\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x180\\x16\\x06\\x03U\\x04\n\\x13\\x0fWFA Hotspot 2.01'0%\\x06\\x03U\\x04\\x03\\x13\\x1eHotspot 2.0 Trust Root CA - 030\\x1e\\x17\r131208120000Z\\x17\r431208120000Z0P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x180\\x16\\x06\\x03U\\x04\n\\x13\\x0fWFA Hotspot 2.01'0%\\x06\\x03U\\x04\\x03\\x13\\x1eHotspot 2.0 Trust Root CA - 030\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25"
              }
            ],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3578
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbaO9r\\xe7\\xae\\xd9\\xdc\\xcd\\xc2\\x10\\xdbY\\xda\\x13\\xc9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00_\\xb7\\xee\\x063\\xe2Y\\xdb\\xad\\x0cL\\x9a\\xe6\\xd3\\x8f\\x1aa\\xc7\\xdc%\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8fv\\xb9\\x81\\xd5(\\xadGp\\x08\\x82E\\xe2\\x03\\x1bc\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1>\\xc3i\\x03\\xf8\\xbfG\\x01\\xd4\\x98&\\x1a\\x08\\x02\\xefcd+\\xc3b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00t1\\xe5\\xf4\\xc3\\xc1\\xceF\\x90wO\\x0ba\\xe0T@\\x88;\\xa9\\xa0\\x1e\\xd0\\x0b\\xa6\\xab\\xd7\\x80n\\xd3\\xb1\\x18\\xcf\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe3^\\xf0\\x8d\\x88O\n\n\\xde/u\\xe9c\\x01\\xceb0\\xf2\\x13\\xa8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd4t\\xdeW\\9\\xb2\\xd3\\x9c\\x85\\x83\\xc5\\xc0eI\\x8a \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc9\\x03\\x00\\x000\\x82\\x03\\xc50\\x82\\x02\\xad\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x02\\xac\\&j\\x0b@\\x9b\\x8f\\x0by\\xf2\\xaeF%w0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000l1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\xc50\\x82\\x02\\xad\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x02\\xac\\&j\\x0b@\\x9b\\x8f\\x0by\\xf2\\xaeF%w0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000l1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1+0)\\x06\\x03U\\x04\\x03\\x13\"DigiCert High Assurance EV Root CA0\\x1e\\x17\r061110000000Z\\x17\r311110000000Z0l1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1+0"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x9ds\\x93y;\\xca2@1u\\xdc\\x12~\\x0e\\xc1\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00s\\xa5\\xe6J;\\xff\\x83\\x16\\xff\\x0e\\xdc\\xcca\\x8a\\x90nN\\xaeMti\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x01\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00r\\xa4\\x91\\x950\\x9f\\xb94\\xd6\n\\x98\\xe4\\xecE\\x1al\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\t\\xcbY\\x7f\\x86\\xb2p\\x8f\\x1a\\xc39\\xe3\\xc0\\xd9\\xe9\\xbf\\xbbM\\xb2#\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc7A\\xf7\\x0fK*\\x8d\\x88\\xbf.q\\xc1A\"\\xefS\\xef\\x10\\xeb\\xa0\\xcf\\xa5\\xe6L\\xfa \\xf4\\x18\\x850s\\xe0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00S\\x00A\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x007\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00A3\\xc4\\xe6\\x0f\\xa1\\x83\\xee^zD\\x16\\xc5\\xd5L3\\x92\\xc5l/W()\\xbfY4tg\\xba\\xb0{\\xcd\\xcf\\x84\\x01b\\x98\\x83A\\xd2\\xd2\\x84\\xfb\\xd8V\\xdfS\\xb1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xff\\x00\\xff\\xcf\\xc9\\xf8\\xc7z\\xc0\\xee5\\x8e\\xc9\\x0fG \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xac\\x05\\x00\\x000\\x82\\x05\\xa80\\x82\\x03\\x90\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x1e\\xd3\\x97\t_\\xd8\\xb4\\xb3Gp\\x1e\\xaa\\xbe\\x7fE\\xb30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0c\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1e0\\x1c\\x06\\x03U"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x05\\xa80\\x82\\x03\\x90\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x1e\\xd3\\x97\t_\\xd8\\xb4\\xb3Gp\\x1e\\xaa\\xbe\\x7fE\\xb30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0c\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1604\\x06\\x03U\\x04\\x03\\x13-Microsoft RSA Root Certificate Authority 20170\\x1e\\x17\r191218225122Z\\x17\r420718230023Z0e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1604\\x06\\x03U\\x04\\x03\\x13-Microsoft RSA Roo"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "742C3192E607E424EB4549542BE1BBC53E6174E2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3592
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00=\\xb6[\\xd9\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x02S\\x00\\x00\\x00\\x01\\x00\\x00\\x00$\\x00\\x00\\x000\"0 \\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd7\\xc6;\\xe0\\x83}\\xba\\xbf\\x88\\x1dO\\xbf_\\x98j\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xfcc]\\xf6&>\r\\xf3%\\xbe_y\\xcdgg\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00F\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x003\\x00 \\x00P\\x00u\\x00b\\x00l\\x00i\\x00c\\x00 \\x00P\\x00r\\x00i\\x00m\\x00a\\x00r\\x00y\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe2\\x7f{\\xd8w\\xd5\\xdf\\x9e\n?\\x9e\\xb4\\xcb\\x0e.\\xa9\\xef\\xdbiw\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00'\\xb3Qvg3\\x1c\\xe2\\xc1\\xe7@\\x02\\xb5\\xff\"\\x98\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00t,1\\x92\\xe6\\x07\\xe4$\\xebEIT+\\xe1\\xbb\\xc5>at\\xe2\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00*\\x00\\x00\\x000(\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe7hV4\\xef\\xac\\xf6\\x9a\\xce\\x93\\x9ak%[{O\\xab\\xefB\\x93[P\\xa2e\\xac\\xb5\\xcb`'\\xe4Np~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x10\\xc5\\x1e\\x92\\xd2\\x01 \\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x02\\x00\\x000\\x82\\x02<0\\x82\\x01\\xa5\\x02\\x10p\\xba\\xe4\\x1d\\x10\\xd9)4\\xb68\\xca{\\x03\\xcc\\xba\\xbf0\r\\x06\t"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02<0\\x82\\x01\\xa5\\x02\\x10p\\xba\\xe4\\x1d\\x10\\xd9)4\\xb68\\xca{\\x03\\xcc\\xba\\xbf0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x000_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certification Authority0\\x1e\\x17\r960129000000Z\\x17\r280801235959Z0_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certificatio"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "7E04DE896A3E666D00E687D33FFAD93BE83D349E"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3598
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xb0\t\\xe9\\x9a\\\\xfc\\x92\\x8a\\x171\\x90\\x10m\\xbb2\\xa9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00~\\x04\\xde\\x89j>fm\\x00\\xe6\\x87\\xd3?\\xfa\\xd9;\\xe8=4\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xab9\\xed\\xd1\\xa4\\xd8\\x9aU\\x12\\x88-\\xeb\t\\xcb\\x13\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3\\xdbH\\xa4\\xf9\\xa1\\xc5\\xd8\\xae6A\\xcc\\x11cib)\\xbcK\\xc6b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x001\\xadfH\\xf8\\x10A8\\xc78\\xf3\\x9e\\xa42\\x0139>:\\x18\\xcc\\x02)n\\xf9|*\\xc9\\xefg1\\xd0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x003\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x82\\xc8\\x01\\x999w\"\\xb5z\\xd4s\\xea&k\\x93\\xd4\\x7f\\xfcw\\xfe\\x07\\xf0\\x93\\x884_ \\xda\\xb6\\xad\\xdd\\x08vr\\xf9\\x88\\xb4\\xbb\\xfd\\x15LK\\x13<p\\xc9\\xec\\xff\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xf5]\\xa4P\\xa5\\xfb(~\\x1e\\x0f\r\\xcc\\x96WV\\xca \\x00\\x00\\x00\\x01\\x00\\x00\\x00C\\x02\\x00\\x000\\x82\\x02?0\\x82\\x01\\xc5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05UV\\xbc\\xf2^\\xa455\\xc3\\xa4\\x0f\\xd5\\xabEr0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02?0\\x82\\x01\\xc5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05UV\\xbc\\xf2^\\xa455\\xc3\\xa4\\x0f\\xd5\\xabEr0\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030a1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1 0\\x1e\\x06\\x03U\\x04\\x03\\x13\\x17DigiCert Global Root G30\\x1e\\x17\r130801120000Z\\x17\r380115120000Z0a1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1 0\\x1e\\x06\\x03U\\x04\\x03\\x13\\x17DigiCe"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3604
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0f:\\x05'\\xd2B\\xde-\\xc9\\x8e\\\\xfc\\xb1\\xe9\\x91\\xee\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8\\x98]:e\\xe5\\xe5\\xc4\\xb2\\xd7\\xd6m@\\xc6\\xdd/\\xb1\\x9cT6~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00Yw\\x9e9\\xe2\\x1a.=\\xfc\\xedhW\\xed\\_\\xd9\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x03\\xdeP5V\\xd1L\\xbbf\\xf0\\xa3\\xe2\\x1b\\x1b\\xc3\\x97\\xb2=\\xd1Ub\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00CH\\xa0\\xe9DLx\\xcb&^\\x05\\x8d^\\x89D\\xb4\\xd8O\\x96b\\xbd&\\xdb%\\x7f\\x894\\xa4C\\xc7\\x01a\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3M\\xdd7.\\xd9.\\x8f*\\xbf\\xbb\\x9e \\xa9\\xd3\\x1f O\\x19K\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00y\\xe4\\xa9\\x84\r}:\\x96\\xd7\\xc0O\\xe2CL\\x89. \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb3\\x03\\x00\\x000\\x82\\x03\\xaf0\\x82\\x02\\x97\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x08;\\xe0V\\x90BF\\xb1\\xa1uj\\xc9Y\\x91\\xc7J0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\xaf0\\x82\\x02\\x97\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x08;\\xe0V\\x90BF\\xb1\\xa1uj\\xc9Y\\x91\\xc7J0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000a1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1 0\\x1e\\x06\\x03U\\x04\\x03\\x13\\x17DigiCert Global Root CA0\\x1e\\x17\r061110000000Z\\x17\r311110000000Z0a1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1 0\\x1e\\x06\\x03U\\x04\\x03\\x13\\x17Dig"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "B1BC968BD4F49D622AA89A81F2150152A41D829C"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3610
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00>ER\\x15\tQ\\x92\\xe1\\xb7]7\\x9f\\xb1\\x87)\\x8a\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1\\xbc\\x96\\x8b\\xd4\\xf4\\x9db*\\xa8\\x9a\\x81\\xf2\\x15\\x01R\\xa4\\x1d\\x82\\x9c~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x04+\\xebw\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xe7\\xf3\\xb0`\\xd1\\x0e\\x90\\xa3\\x1b\\xa3G\\x1b\\x99\\x926\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00`{f\\x1aE\r\\x97\\xca\\x89P/}\\x04\\xcd4\\xa8\\xff\\xfc\\xfdKb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xeb\\xd4\\x10@\\xe4\\xbb>\\xc7B\\xc9\\xe3\\x81\\xd3\\x1e\\xf2\\xa4\\x1aH\\xb6h\\\\x96\\xe7\\xce\\xf3\\xc1\\xdfl\\xd43\\x1c\\x99\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x001\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00h\\x00\\x00\\x000f\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x08\\x02\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3613
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03u0\\x82\\x02]\\xa0\\x03\\x02\\x01\\x02\\x02\\x0b\\x04\\x00\\x00\\x00\\x00\\x01\\x15KZ\\xc3\\x940\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000W1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02BE1\\x190\\x17\\x06\\x03U\\x04\n\\x13\\x10GlobalSign nv-sa1\\x100\\x0e\\x06\\x03U\\x04\\x0b\\x13\\x07Root CA1\\x1b0\\x19\\x06\\x03U\\x04\\x03\\x13\\x12GlobalSign Root CA0\\x1e\\x17\r980901120000Z\\x17\r280128120000Z0W1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02BE1\\x190\\x17\\x06\\x03U\\x04\n\\x13\\x10GlobalSign nv-sa1\\x100\\x0e\\x06\\x03U\\x04\\x0b\\x13\\x07Root CA1\\x1b0\\x19\\x06\\x03U\\x04\\x03\\x13\\x12GlobalSign Root CA0\\x82\\x01\"0"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "D69B561148F01C77C54578C10926DF5B856976AD"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3617
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xfd<\\x9c8\r{e\\xe2k\\x9a?\\xed\\xd3\\x9b\\x8f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd6\\x9bV\\x11H\\xf0\\x1cw\\xc5Ex\\xc1\t&\\xdf[\\x85iv\\xad\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01r\\x8e\\x1e\\xcfz\\x9d\\x86\\xfb<\\xec\\x89H\\xab\\xa9S\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8f\\xf0K\\x7f\\xa8.E$\\xaeMP\\xfac\\x9a\\x8b\\xde\\xe2\\xdd\\x1b\\xbcb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb\\xb5\"\\xd7\\xb7\\xf1'\\xadj\\x01\\x13\\x86[\\xdf\\x1c\\xd4\\x10.}\\x07Y\\xafcZ|\\xf4r\r\\xc9c\\xc5;\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x003\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00R)\\xba\\x15\\xb3\\x1b\\x0coL\\xca\\x89\\xc2\\x98Qw\\x97C'\\xd1\\xb6\\x89\\xa3\\xb95\\xa0\\xbd\\x97U2\\xaf\"\\xab \\x00\\x00\\x00\\x01\\x00\\x00\\x00c\\x03\\x00\\x000\\x82\\x03_0\\x82\\x02G\\xa0\\x03\\x02\\x01\\x02\\x02\\x0b\\x04\\x00\\x00\\x00\\x00\\x01!XS\\x08\\xa20\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000L1 0\\x1e\\x06\\x03U\\x04\\x0b\\x13\\x17Global"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03_0\\x82\\x02G\\xa0\\x03\\x02\\x01\\x02\\x02\\x0b\\x04\\x00\\x00\\x00\\x00\\x01!XS\\x08\\xa20\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000L1 0\\x1e\\x06\\x03U\\x04\\x0b\\x13\\x17GlobalSign Root CA - R31\\x130\\x11\\x06\\x03U\\x04\n\\x13\nGlobalSign1\\x130\\x11\\x06\\x03U\\x04\\x03\\x13\nGlobalSign0\\x1e\\x17\r090318100000Z\\x17\r290318100000Z0L1 0\\x1e\\x06\\x03U\\x04\\x0b\\x13\\x17GlobalSign Root CA - R31\\x130\\x11\\x06\\x03U\\x04\n\\x13\nGlobalSign1\\x130\\x11\\x06\\x03U\\x04\\x03\\x13\nGlobalSign0\\x82\\x01\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DDFB16CD4931C973A2037D3FC83A4D7D775D05E4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3623
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xff\\xac y\\x97\\xbb,\\xfe\\x86Up\\x17\\x9e\\xe07\\xb9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xfb\\x16\\xcdI1\\xc9s\\xa2\\x03}?\\xc8:M}w]\\x05\\xe4\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa8m\\xc6\\xa23\\xeb3\\x96\\x10\\xf3\\xedAI'\\xc5Y\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xec\\xd7\\xe3\\x82\\xd2q]dL\\xdf.g?\\xe7\\xba\\x98\\xae\\x1c\\x0fOb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00U/{\\xdc\\xf1\\xa7\\xaf\\x9el\\xe6r\\x01\\x7fO\\x12\\xab\\xf7r@\\xc7\\x8ev\\x1a\\xc2\\x03\\xd1\\xd9\\xd2\n\\xc8\\x99\\x88\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x004\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00N\\xa1\\xb3K\\x10\\xb9\\x82\\xa9j8\\x91XCPx \\xadc,j\\xad\\x83C\\xe37\\xb3Mf\\x0c\\xd86o\\xa1TTJ\\xe8\\x06h\\xae\\x1f\\xdf91\\xd5~\\x19\\x96\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00x\\xf2\\xfc\\xaa`\\x1f/\\xb4\\xeb\\xc97\\xbaS.uI \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x94\\x05\\x00\\x000\\x82\\x05\\x900\\x82\\x03x\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05\\x9b\\x1bW\\x9e\\x8e!2\\xe29\\x07\\xbd\\xa7wu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x05\\x900\\x82\\x03x\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05\\x9b\\x1bW\\x9e\\x8e!2\\xe29\\x07\\xbd\\xa7wu\\0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0c\\x05\\x000b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18DigiCert Trusted Root G40\\x1e\\x17\r130801120000Z\\x17\r380115120000Z0b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Di"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Index",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DF3C24F9BFD666761B268073FE06D1CC8D4F82A4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3629
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\xc3\\xbd5I\\xee\"Z\\xec\\xe174\\xad\\x8c\\xa0\\xb8\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdf<$\\xf9\\xbf\\xd6fv\\x1b&\\x80s\\xfe\\x06\\xd1\\xcc\\x8dO\\x82\\xa4~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\xc3\\x0b\\xc9tiU`\\xa2\\xf0\t\neEUl\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00N\"T \\x18\\x95\\xe6\\xe3n\\xe6\\x0f\\xfa\\xfa\\xb9\\x12\\xed\\x06\\x17\\x8f9b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb<\\xcb\\xb7`1\\xe5\\xe0\\x13\\x8f\\x8d\\xd3\\x9a#\\xf9\\xdeG\\xff\\xc3^C\\xc1\\x14L\\xea'\\xd4jZ\\xb1\\xcb_\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x002\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00KN\\xb4\\xb0t)\\x8b\\x82\\x8b\\\\x000\\x95\\xa1\\x0bE#\\xfb\\x95\\x1c\\x0c\\x884\\x8b\t\\xc5>[\\xab\\xa4\\x08\\xa3\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe4\\xa6\\x8a\\xc8T\\xacRBF\n\\xfdrH\\x1b*D \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x92\\x03\\x00\\x000\\x82\\x03\\x8e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x03\\x8e0\\x82\\x02v\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x03:\\xf1\\xe6\\xa7\\x11\\xa9\\xa0\\xbb(d\\xb1\\x1d\t\\xfa\\xe50\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000a1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1 0\\x1e\\x06\\x03U\\x04\\x03\\x13\\x17DigiCert Global Root G20\\x1e\\x17\r130801120000Z\\x17\r380115120000Z0a1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03U\\x04\\x0b\\x13\\x10www.digicert.com1 0\\x1e\\x06\\x03U\\x04\\x03\\x13\\x17Dig"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3636
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3639
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3642
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa0\\xfff9q%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3645
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3648
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3651
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3654
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\Root\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Root\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3656
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3659
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Root"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd2\\x01f%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3663
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3666
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3669
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3672
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\SmartCardRoot"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-03-05 10:24:07,431",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3676
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3679
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3682
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x8a1=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00P\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xc8\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xbe1=\\xd0\\xfc\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x14\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6sT\\xde\\xbb\\x00\\xa0\\xe0t\\xde\\x14\\xde\\x04\\xdex\\xde\\x00\\x00\\xb4\\x05\\x00\\x00\\xa0\\xe0\\xbb\\x00t\\xde\\xbb\\x00x\\xde\\xbb\\x00\\x00\\x00\\x00\\x00(\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00T\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3692
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\SmartCardRoot"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000600"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd1\\xff8e`\\xffb5\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3697
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000600"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd1\\xff8e`\\xffb5\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3700
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000600"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd1\\xff8e`\\xffb5\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3703
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3708
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3712
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3719
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00D\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00D\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3723
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3728
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x122=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xd8\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07P\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sF2=\\xd0\\x84\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\x9c\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xdc\\xde\\xbb\\x00@\\xe1\\xfc\\xde\\x9c\\xde\\x8c\\xde\\x00\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00@\\xe1\\xbb\\x00\\xfc\\xde\\xbb\\x00\\x00\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00\\xb0\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xdc\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3732
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3734
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3739
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xdc\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xda0=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x0e\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xa0\\xdc\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x18\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\x0e1=\\xd0L\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xffd\\xdd\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xa4\\xdd\\xbb\\x00\\x08\\xe0\\xc4\\xddd\\xddT\\xdd\\xc8\\xdd\\x00\\x00\\xb4\\x05\\x00\\x00\\x08\\xe0\\xbb\\x00\\xc4\\xdd\\xbb\\x00\\xc8\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00x\\xdd\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xa4\\xdd\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3750
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3752
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 3755
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3758
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3761
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3764
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xda\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xf26=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\n\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xb8\\xda\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x070\\xdb\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s&7=\\xd0d\\xd6\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff|\\xdb\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xbc\\xdb\\xbb\\x00$\\xde\\xdc\\xdb|\\xdbl\\xdb\\xe0\\xdb\\x00\\x00\\xb4\\x05\\x00\\x00$\\xde\\xbb\\x00\\xdc\\xdb\\xbb\\x00\\xe0\\xdb\\xbb\\x00\\x00\\x00\\x00\\x00\\x90\\xdb\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xbc\\xdb\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3773
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3774
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000604"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3780
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3783
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3786
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3789
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3791
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3792
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3794
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\"
              }
            ],
            "repeated": 0,
            "id": 3796
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000608"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3798
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000608"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3801
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000608"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3804
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3806
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3807
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3808
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3810
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 3811
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3812
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3813
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 3814
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3816
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3819
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3820
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3821
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3824
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3828
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3831
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 3832
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3834
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-03-05 10:24:07,447",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xea1=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x10\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xb0\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07(\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\x1e2=\\xd0\\\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xfft\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xb4\\xde\\xbb\\x00\\x1c\\xe1\\xd4\\xdet\\xded\\xde\\xd8\\xde\\x00\\x00\\xb4\\x05\\x00\\x00\\x1c\\xe1\\xbb\\x00\\xd4\\xde\\xbb\\x00\\xd8\\xde\\xbb\\x00\\x00\\x00\\x00\\x00\\x88\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xb4\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3852
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3860
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xea1=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x10\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\xb0\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07(\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\x1e2=\\xd0\\\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xfft\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\xb4\\xde\\xbb\\x00\\x18\\xe1\\xd4\\xdet\\xded\\xde\\xd8\\xde\\x00\\x00\\xb4\\x05\\x00\\x00\\x18\\xe1\\xbb\\x00\\xd4\\xde\\xbb\\x00\\xd8\\xde\\xbb\\x00\\x00\\x00\\x00\\x00\\x88\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\xb4\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3863
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3870
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xdc\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xb20=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\r\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00x\\xdc\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xf0\\xdc\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xe60=\\xd0$\\xd8\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff<\\xdd\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s|\\xdd\\xbb\\x00\\xe0\\xdf\\x9c\\xdd<\\xdd,\\xdd\\xa0\\xdd\\x00\\x00\\xb4\\x05\\x00\\x00\\xe0\\xdf\\xbb\\x00\\x9c\\xdd\\xbb\\x00\\xa0\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00P\\xdd\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00|\\xdd\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3879
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3880
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3885
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3888
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3890
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3891
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xda\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xca6=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\t\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\x90\\xda\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x08\\xdb\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xfe6=\\xd0<\\xd6\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xffT\\xdb\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\x94\\xdb\\xbb\\x00\\xfc\\xdd\\xb4\\xdbT\\xdbD\\xdb\\xb8\\xdb\\x00\\x00\\xb4\\x05\\x00\\x00\\xfc\\xdd\\xbb\\x00\\xb4\\xdb\\xbb\\x00\\xb8\\xdb\\xbb\\x00\\x00\\x00\\x00\\x00h\\xdb\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\x94\\xdb\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3901
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000618"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3907
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3910
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3913
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3916
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3918
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3921
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3925
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3928
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3931
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3933
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3934
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3937
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 3938
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3940
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3943
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3946
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\trust\\PhysicalStores"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\trust\\PhysicalStores"
              }
            ],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3948
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3951
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\EnterpriseCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\trust"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\Certificates"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3955
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\CRLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3958
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0003001f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\CTLs"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3961
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3965
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3968
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3971
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 3973
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xde\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xaa2=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\r\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00p\\xde\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xe8\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xde2=\\xd0\\x1c\\xda\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff4\\xdf\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6st\\xdf\\xbb\\x00\\xb4\\xe1\\x94\\xdf4\\xdf$\\xdf\\x98\\xdf\\x00\\x00\\xb4\\x05\\x00\\x00\\xb4\\xe1\\xbb\\x00\\x94\\xdf\\xbb\\x00\\x98\\xdf\\xbb\\x00\\x00\\x00\\x00\\x00H\\xdf\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00t\\xdf\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3976
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000630"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Certificates"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 3979
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Certificates"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x80k\\xbe\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa0\\xfff9q%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 3984
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3987
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xfc\\x02\\xa4\\x9e.\\x1e\\x8eH\\x8c\\xa2\\x91!5W,\\xc2\\xf8\\xe7\\x1b\\xb0\\xe2\\xf2\\x85\\x96\\xb3r\"\\x99\\xf5\\xcb\\x9cb\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x84's\\x95\\x00\\x86\\xd0k\\x04\\xd7\\x02-b\\xa2\\x84\\xbek\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00e\\xaf\\x95\\xf4\\xbe\\x86\\x84sDcB\\x82\\xf9A\\xb2\\xe6\\x05\\x06>\\xf0\\xc8T/\\x01L\\xa0\\x88\\xd1\\x82\\x10\\x9eO\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00j\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x004\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x19\\xe8\\x1b\\xe9\\xa1L\\xd8\\xe2/@\\xac\\x11\\x8ch~\\xcb\\xa3\\xf4\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xf7&\\x98\\xd7\\x0e#\\x1f\\x8d\\xc4[W\\xf1\\x18\\xa4K\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe4\\xa2\\xf6\\xfe\\x9c\\xa7\\xf1\\x8a+\\xeb\\xa9aa0\\x8b\\xaa\\x88\\x80\\xb0\\x13\\x16\\x1d\\xdd\\x852\\xd4%\\x9e'\\xe5\\x05p\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcb\\xd1\\xf2\\xceH\\xfd\\x01\\x9f\\xeaV\\xaaW\\xd1~\\x99X\\xf8?\\xff\\xe0Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x07\\x06\\x00\\x000\\x82\\x06\\x030\\x82\\x03\\xeb\\xa0\\x03\\x02\\x01\\x02\\x02\\x10/\\xd6zC\"\\x932\\x90E\\xe9S4>\\xe2tf0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x931\\x0b0\t\\x06"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3990
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "06F1AA330B927B753A40E68CDF22E34BCBEF3352"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3992
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\x9e}\\x1e\\x8d]\\xa1\\x1d\\xc0\\xc8K\\x07W\\xec\\xed\\xcb\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x002\\x99\\x19\\x81\\xbf\\x15u\\xa1\\xa50;\\xb9:8\\x17#\\xea4k\\x9e\\xc10\\xfd\\xb5\\x96\\xa7[\\xa1\\xd7\\xce\\x0b\n\\x06W\\x0b\\xb9\\x85\\xd2XA\\xe2;\\xe9D\\xe8\\xff\\x11\\x8f\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00l\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00P\\x00r\\x00o\\x00d\\x00u\\x00c\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x06\\xf1\\xaa3\\x0b\\x92{u:@\\xe6\\x8c\\xdf\"\\xe3K\\xcb\\xef3R\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f\\x12N\\xde\\x13\\xe0j\\x02<\\xd7\\xc0\\x9aOH\\xc3\\xd6\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00C\\xefp\\x87\\xb8\\x9d\\xbf\\xec\\x88\\x19\\xdc\\xc6\\xc4ku\ru43\\x08\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00'\\x03\\x00\\x000\\x82\\x03#0\\x82\\x02\\xa8\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x14\\x98&f\\xdc|\\xcd\\x8f@Sg{\\xb9\\x99\\xec\\x850\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x941\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft C"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3993
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "18F7C1FCC3090203FD5BAA2F861A754976C8DD25"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25"
              }
            ],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob"
              }
            ],
            "repeated": 1,
            "id": 3997
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe5=4\\xce\\xcb\\x05\\xc1~\\xe32\\xc7I\\xd7\\x8c\\x02V\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00e\\xfcGR\\x0ff89b\\xec\\x0b{\\x88\\xa0\\x82\\x1d\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x18\\xf7\\xc1\\xfc\\xc3\t\\x02\\x03\\xfd[\\xaa/\\x86\\x1auIv\\xc8\\xdd%\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00>\\xdf)\\x0c\\xc1\\xf5\\xccs,\\xeb=$\\xe1~R\\xda\\xbd'\\xe2\\xf0 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\x02\\x00\\x000\\x82\\x02\\xbc0\\x82\\x02%\\x02\\x10J\\x19\\xd28\\x8c\\x82Y\\x1c\\xa5]s_\\x15]\\xdc\\xa30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1,0*\\x06\\x03U\\x04\\x0b\\x13#VeriSign Time Stamping Service Root1402\\x06\\x03U\\x04\\x0b\\x13+NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.0\\x1e\\x17\r970512000000Z\\x17\r040107235959Z0\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, I"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob"
              }
            ],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 3999
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "245C97DF7514E7CF2DF8BE72AE957B9E04741E85"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4002
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7f\\xdf\\xf5\\x07)Dg\\x10$JD|\\xa2\\xa1\\x97\\xea\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x9d\\xf0\\xd11\\x00\\x12:\\xec\\xa7p\\x13\\x0fJ\\xd8\\xd2\t\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00$\\\\x97\\xdfu\\x14\\xe7\\xcf-\\xf8\\xber\\xae\\x95{\\x9e\\x04t\\x1e\\x85\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x004O0-%i1\\x91\\xea\\xf7s\\\\xab\\xf5\\x86\\x8d7\\x82@\\xec \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb1\\x02\\x00\\x000\\x82\\x02\\xad0\\x82\\x02\\x16\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03U\\x04\\x0b\\x13$Microsoft Time Stamping Service Root1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.0\\x1e\\x17\r970513161259Z\\x17\r991230235959Z0\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "31F9FC8BA3805986B721EA7295C65B3A44534274"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274"
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4007
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe8G\\xc8B\\x9a\\xb0\\x9d\\xaeo\\x0b(;\\x98\\x15\\x8f\\xe3\\xb1\\xe8\\x80\\xb2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x03\\xd1\\xc7ge\\xed\\xa8\\x8b\\xc8\\xe0\\x87^`\\x91\\xd0`C%C\\xd1\\x80\\xbc\\xb8l\\x06I6\\xad\\xb9A\\xc4!cx\\x0b\\x82\\x89\\x92\\x1a\\x94\\xfe\\xbb\\x7f\\x9eG\\xed\\xac\\x12\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x007\\x94)X\\x86*\\x06\\xe6\\xbb\\xcf\\xd7\\xabY\\xc7\\xf2<i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00b\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00T\\x00S\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x001\\xf9\\xfc\\x8b\\xa3\\x80Y\\x86\\xb7!\\xear\\x95\\xc6[:DSBtk\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00?\\xd4\\xbe\\x8b\\xaa\\xd2\\xf2n\\x1b\\xde\\x06\\xc7XK\\xb7 \\xdd\\x1a\\x97-\\x11\\x1fZI\\x99\\xbcD\\xb0\\x8f\\xb4\\x96\r\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa4\\x0f<\\xb7\\xf5\\xff\\xa3\\xe8\\x12\\xbe\\xc7\\xf8U\\x07\\xcb\\xf4|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc5u\\x0b\\xf8_E\\x9f\\xb7\\x0e+l\\xd1\\x89\\x8d7^\\x92\\xd7\\x93\\x8eG\\xa6\\xe04\\xcc\\xe0\\xc1-07,\\xcd \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1b\\x03\\x00\\x000\\x82\\x03\\x170\\x82\\x02\\x9e\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x158u\\xe1d~\\xd1\\xb0G\\xb4\\xef\\xafA\\x12\\x82E0\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x8f1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02U"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "3B1EFD3A66EA28B16697394703A72CA340A05BD5"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4012
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa2f\\xbb}\\xcc8\\xa5bc\\x13a\\xbb\\xf6\\x1d\\xd1\\x1b\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x08\\xfb\\xa81\\xc0\\x85D \\x8fR\\x08hk\\x99\\x1c\\xa1\\xb2\\xcf\\xc5\\x10\\xe70\\x17\\x84\\xdd\\xf1\\xeb[\\xf0929i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x000\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00;\\x1e\\xfd:f\\xea(\\xb1f\\x979G\\x03\\xa7,\\xa3@\\xa0[\\xd5\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5\\xf6V\\xcb\\x8f\\xe8\\xa2\\bh\\xd1=\\x94\\x90[\\xd7\\xce\\x9a\\x18\\xc4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00<p\\xfa\\xea%`\\x0c\\xe3\\xb2\\xcc_\\x0b\".\\xd6) \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10(\\xcc:%\\xbf\\xbaD\\xacD\\x9a\\x9bXkC9\\xaa0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20100\\x1e\\x17\r100623215"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "7F88CD7223F3C813818C994614A89C99FA3B5247"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247"
              }
            ],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4017
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x07\\xd3M\\xedI\\x8dEw\\xf2a\\xbd8\\xb6\\xb8sn\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd6uv\\xf5R\\x1d\\x1c\\xca\\xb5.\\x92\\x15\\xe0\\xf9\\xf7C\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x7f\\x88\\xcdr#\\xf3\\xc8\\x13\\x81\\x8c\\x99F\\x14\\xa8\\x9c\\x99\\xfa;RG\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00o\\x00d\\x00e\\x00(\\x00t\\x00m\\x00)\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\xf03L\\x1a\\xa1\\xd9\\xee[{\\xa9\\xdeC\\xbc\\x02}W\t3\\xfb \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xda\\x03\\x00\\x000\\x82\\x03\\xd60\\x82\\x02\\xbe\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x1e\\x17\r950101080001Z\\x17\r991231235959Z0P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x82\\x01\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01\n\\x02\\x82\\x01\\x01\\x00\\xdf\\x08\\xba\\xe3?nd\\x9b\\xf5\\x89"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "8F43288AD272F3103B6FB1428485EA3014C0BCFE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4022
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbb\\x04\\x8f\\x1889_o\\xc3\\xa1\\xf3\\xd2\\xb7\\xe9vT\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00'\\x9c\\xd6R\\xc4\\xe2R\\xbf\\xbeR\\x17\\xacr\"\\x05\\xd7r\\x9b\\xa4\t\\x14\\x8c\\xfa\\x9em\\x9e[\\x1c\\xb9N\\xaf\\xf1\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x001\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8fC(\\x8a\\xd2r\\xf3\\x10;o\\xb1B\\x84\\x85\\xea0\\x14\\xc0\\xbc\\xfe\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00r-:\\x021\\x90C\\xb9\\x14\\x05N\\xe1\\xea\\xa7\\xc71\\xd1#\\x894\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xce\\x04\\x90\\xd5\\xe5l4\\xa5\\xae\\x0b\\xe9\\x8b\\xe5\\x81\\x18] \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10?\\x8b\\xc8\\xb5\\xfc\\x9f\\xb2\\x96C\\xb5i\\xd6lB\\xe1D0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20110\\x1e\\x17\r110322220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "92B46C76E13054E104F230517E6E504D43AB10B5"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5"
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4027
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00M\\xec\\xdf&\\x06\\xdc$\\x10\\xc0\\xb6\\x99\\xf4\\xd79\\xc7o\\x19\\xf8&(\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00WS\\xd5}h\\xf32&,L\\xc2\\xe5\\xefv\\x84\\x8e\\x03\\xdd\\xc8!,4\\xc7W\\x08|*\\xa7\\xe3 \\xa9F\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00q\\xd0\\xa5\\xff-Yt\\x16\\x94\\xbe\\xe3}\\x1e\\\\x86\\x0b\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x92\\xb4lv\\xe10T\\xe1\\x04\\xf20Q~nPMC\\xab\\x10\\xb5k\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x8a^H\\x81\\xd4/tu\\xe8\\xec7&\\xfc\\xd5\\xe5\\x18\\x84\\xaa\\x04\\xda\\xa9\\xfaz\\xda\\xc8\\xcd&E,\\xf8\\x85\\xd4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc8\\xb53\\x18\\xbf\\xf7\\xf6\\x89\\xdf\\xeak\\xfc?\\xd7\\x93rY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc1\\x03\\x00\\x000\\x82\\x03\\xbd0\\x82\\x02\\xa5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0fkU/\\x9e\\xbf\\x90{\\x0ff)\\xa9\\xbd\\xf4\\xd8\\xce0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Corporation1604\\x06\\x03U\\x04\\x03\\x13-Symantec Enterprise Mobile Root for Microsoft0\\x1e\\x17\r120315000000Z\\x17\r320314235959Z0d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Cor"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "A43489159A520F0D93D032CCAF37E7FE20A8B419"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419"
              }
            ],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4032
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00?\\xc8\\xcb\\x0b\\xc0RA\\xe5\\x8de\\xe9D\\x8b-\\x07\\xc2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8b<0\\x87\\xb7\\x05o^\\xc5\\xdd\\xba\\x91\\xa1\\xb9\\x01\\xf0i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa44\\x89\\x15\\x9aR\\x0f\r\\x93\\xd02\\xcc\\xaf7\\xe7\\xfe \\xa8\\xb4\\x19\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00J\\u\"\\xaaF\\xbf\\xa4\\x08\\x9d9\\x97N\\xbd\\xb4\\xa3`\\xf7\\xa0\\x1d \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x04\\x00\\x000\\x82\\x04\\x120\\x82\\x02\\xfa\\xa0\\x03\\x02\\x01\\x02\\x02\\x0f\\x00\\xc1\\x00\\x8b<<\\x88\\x11\\xd1>\\xf6c\\xec\\xdf@0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r970110070000Z\\x17\r201231070000Z0p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft R"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BE36A4562FB2EE05DBB3D32323ADF445084ED656"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4037
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe8\\xa5\\x98\\xbe\\x84\\x82\\x8e\\xfe\\xaep\\x11\\x15\\x015v\\xb2\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7ffzq\\xd3\\xebix \\x9aQ\\x14\\x9d\\x83\\xda \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xbe6\\xa4V/\\xb2\\xee\\x05\\xdb\\xb3\\xd3##\\xad\\xf4E\\x08N\\xd6V\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00.\\x00\\x00\\x00T\\x00h\\x00a\\x00w\\x00t\\x00e\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x18\\x1c+\\xe0XQ\\xf9i\\x93\\xe1\\x96\\xf2y\\x95K#\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xbc\\xbd\\x86\\x9c?\\x07\\xed@\\xe3\\x1b\\x08\\xef\\xce\\xc4\\xd1\\x88\\xcd;\\x15 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa5\\x02\\x00\\x000\\x82\\x02\\xa10\\x82\\x02\n\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x000\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r\\x06\\x03U\\x04\n\\x13\\x06Thawte1\\x1d0\\x1b\\x06\\x03U\\x04\\x0b\\x13\\x14Thawte Certification1\\x1f0\\x1d\\x06\\x03U\\x04\\x03\\x13\\x16Thawte Timestamping CA0\\x1e\\x17\r970101000000Z\\x17\r201231235959Z0\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Index",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CDD4EEAE6000AC7F40C3802C171E30148030C072"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4042
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x98;\\x13&5\\xb7\\xe9\\x1d\\xee\\xf5Jg\\x80\\xc0\\x92i\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x009\\x1b\\xe9(\\x83\\xd5%\t\\x15[\\xfe\\xae'\\xb9\\xbd4\\x01p\\xb7k\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcd\\xd4\\xee\\xae`\\x00\\xac\\x7f@\\xc3\\x80,\\x17\\x1e0\\x14\\x800\\xc0r\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00J\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x0e\\xac\\x82`@V'\\x97\\xe5%\\x13\\xfc*\\xe1\nS\\x95Y\\xe4\\xa4\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe1\\xc0~\\xa0\\xaa\\xbb\\xd4\\xb7{\\x84\\xc2(\\x11x\\x08\\xa7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x9d\\x05\\x00\\x000\\x82\\x05\\x990\\x82\\x03\\x81\\xa0\\x03\\x02\\x01\\x02\\x02\\x10y\\xad\\x16\\xa1J\\xa0\\xa5\\xadLsX\\xf4\\x07\\x13.e0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicrosoft1-0+\\x06\\x03U\\x04\\x03\\x13$Microsoft Root Certificate Authority0\\x1e\\x17\r010509231922Z\\x17\r210509232813Z0_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicr"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4047
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 4048
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4050
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 4051
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4052
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffef\\xffa7\\xffa6+-\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4053
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43"
              }
            ],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4056
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00t\\x99f\\xce\\xcc\\x95\\xc1\\x87A\\x94\\xcar\\x03\\xf9\\xb6 \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x05c\\xb8c\rb\\xd7Z\\xbb\\xc8\\xab\\x1eK\\xdf\\xb5\\xa8\\x99\\xb2MC\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O_\\x10i09\\x8d\t\\x10{@\\xc3\\xc7\\xca\\x8f\\x1c\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00E\\xeb\\xa2\\xaf\\xf4\\x92\\xcb\\x821-Q\\x8b\\xa7\\xa7!\\x9d\\xf3m\\xc8\\x0fb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00>\\x90\\x99\\xb5\\x01^\\x8fHl\\x00\\xbc\\xea\\x9d\\x11\\x1e\\xe7!\\xfa\\xba5Z\\x89\\xbc\\xf1\\xdfiV\\x1e=\\xc62\\\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00m\\xca[\\xd0\r\\xcf\\x1c\\x0f2pY\\xd3t\\xb2\\x9c\\xa6\\xe3\\xc5\n\\xa6\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x87\\xce\\x0b{*\\x0eI\\x00\\xe1Xq\\x9b7\\xa8\\x93r \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xbb\\x03\\x00\\x000\\x82\\x03\\xb70\\x82\\x02\\x9f\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xe7\\xe0\\xe5\\x17\\xd8F\\xfe\\x8f\\xe5`\\xfc\\x1b\\xf0090\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4060
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "07E032E020B72C3F192F0628A2593A19A70F069E"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4062
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f~u\\x0bVk\\x12\\x8a\\xc0\\xb8\\xd6Wm*p\\xa5\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x07\\xe02\\xe0 \\xb7,?\\x19/\\x06(\\xa2Y:\\x19\\xa7\\x0f\\x06\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe3\\xf9\\xaf\\x95,m\\xf2\\xaa\\xa4\\x17\\x06\\xa7zD\\xc2\\x03\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x08v\\xcd\\xcb\\x07\\xff$\\xf6\\xc5\\xcd\\xed\\xbb\\x90\\xbc\\xe2\\x847Fu\\xf7b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\XF\\x8dU\\xf5\\x8eI~t9\\x82\\xd2\\xb5\\x00\\x10\\xb6\\xd1e7J\\xcf\\x83\\xa7\\xd4\\xa3-\\xb7h\\xc4@\\x8e\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00C\\x00e\\x00r\\x00t\\x00u\\x00m\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00 \\x00C\\x00A\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00e\\x00\\x00\\x000c0!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x070\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8V\\x9c\\xcd!\\xef\\x9c\\xc5s|z\\x12\\xdf`\\x8c,\\xbcT]\\xf1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd5\\xe9\\x81@\\xc5\\x18i\\xfcF,\\x89ub\\x0f\\xaa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-03-05 10:24:07,462",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "51501FBFCE69189D609CFAF140C576755DCC1FDF"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF"
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4067
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x000\\x1e\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xeb\\x15w\\xb4\\x0b<\\x8b\\xab\\xae4m\\xd9\\x8e\\xad\\x07\\x80\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00QP\\x1f\\xbf\\xcei\\x18\\x9d`\\x9c\\xfa\\xf1@\\xc5vu]\\xcc\\x1f\\xdf\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00[\\xcb\\x93\\xea\\xdb}mO\\xb7\\xa0\n/:\\xe5\\x03\\x0c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00g\\x0eI,a\\x17\\x9e\\xeb\\xed\\xe0T\\xe7\\x84\\xd9\\x9b\\xadd`seb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xa3\\xcchY]\\xfe~\\x86\\xd8\\xad\\x17r\\xa8\\xb5(J\\xddT\\xac\\xe3\\xb8\\xa7\\x98\\xdfG\\xbc\\xca\\xfb\\x1f\\xdb\\x84\\xdf\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00>\\x00\\x00\\x00H\\x00o\\x00t\\x00s\\x00p\\x00o\\x00t\\x00 \\x002\\x00.\\x000\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x000\\x003\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xbeR\\xe4a\\xb1}\\xd6%'q%\\x1bE\\xe9\\x8f\\x122\\xca\\xa1%\\x12\\xdcy\\x11\\x8d\\x0c_\\xces\\xa5M\\x95\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O\\xcb\\x14\\xf7\\xc4\\xa3\\x8f/&\\\\x1f\\x12\\xc9\\xafVwY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\x05\\x00\\x000\\x82\\x05l0\\x82\\x03T\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xb3\\x0fp\\xf2\\x86\\xa43\\xe0\\xb9\t\\x89\\xde\\x01\\xed\\xb70\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x180\\x16\\x06\\x03U\\x04\n\\x13\\x0fWFA Hotspot 2.01'0%\\x06\\x03U\\x04\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25"
              }
            ],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4072
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbaO9r\\xe7\\xae\\xd9\\xdc\\xcd\\xc2\\x10\\xdbY\\xda\\x13\\xc9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00_\\xb7\\xee\\x063\\xe2Y\\xdb\\xad\\x0cL\\x9a\\xe6\\xd3\\x8f\\x1aa\\xc7\\xdc%\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8fv\\xb9\\x81\\xd5(\\xadGp\\x08\\x82E\\xe2\\x03\\x1bc\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1>\\xc3i\\x03\\xf8\\xbfG\\x01\\xd4\\x98&\\x1a\\x08\\x02\\xefcd+\\xc3b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00t1\\xe5\\xf4\\xc3\\xc1\\xceF\\x90wO\\x0ba\\xe0T@\\x88;\\xa9\\xa0\\x1e\\xd0\\x0b\\xa6\\xab\\xd7\\x80n\\xd3\\xb1\\x18\\xcf\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe3^\\xf0\\x8d\\x88O\n\n\\xde/u\\xe9c\\x01\\xceb0\\xf2\\x13\\xa8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd4t\\xdeW\\9\\xb2\\xd3\\x9c\\x85\\x83\\xc5\\xc0eI\\x8a \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc9\\x03\\x00\\x000\\x82\\x03\\xc50\\x82\\x02\\xad\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x02\\xac\\&j\\x0b@\\x9b\\x8f\\x0by\\xf2\\xaeF%w0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000l1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4077
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x9ds\\x93y;\\xca2@1u\\xdc\\x12~\\x0e\\xc1\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00s\\xa5\\xe6J;\\xff\\x83\\x16\\xff\\x0e\\xdc\\xcca\\x8a\\x90nN\\xaeMti\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x01\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00r\\xa4\\x91\\x950\\x9f\\xb94\\xd6\n\\x98\\xe4\\xecE\\x1al\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\t\\xcbY\\x7f\\x86\\xb2p\\x8f\\x1a\\xc39\\xe3\\xc0\\xd9\\xe9\\xbf\\xbbM\\xb2#\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc7A\\xf7\\x0fK*\\x8d\\x88\\xbf.q\\xc1A\"\\xefS\\xef\\x10\\xeb\\xa0\\xcf\\xa5\\xe6L\\xfa \\xf4\\x18\\x850s\\xe0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00S\\x00A\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x007\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00A3\\xc4\\xe6\\x0f\\xa1\\x83\\xee^zD\\x16\\xc5\\xd5L3\\x92\\xc5l/W()\\xbfY4tg\\xba\\xb0{\\xcd\\xcf\\x84\\x01b\\x98\\x83A\\xd2\\xd2\\x84\\xfb\\xd8V\\xdfS\\xb1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xff\\x00\\xff\\xcf\\xc9\\xf8\\xc7z\\xc0\\xee5\\x8e\\xc9\\x0fG \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xac\\x05\\x00\\x000\\x82\\x05\\xa80\\x82\\x03\\x90\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x1e\\xd3\\x97\t_\\xd8\\xb4\\xb3Gp\\x1e\\xaa\\xbe\\x7fE\\xb30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0c\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1e0\\x1c\\x06\\x03U"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "742C3192E607E424EB4549542BE1BBC53E6174E2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4082
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00=\\xb6[\\xd9\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x02S\\x00\\x00\\x00\\x01\\x00\\x00\\x00$\\x00\\x00\\x000\"0 \\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd7\\xc6;\\xe0\\x83}\\xba\\xbf\\x88\\x1dO\\xbf_\\x98j\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xfcc]\\xf6&>\r\\xf3%\\xbe_y\\xcdgg\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00F\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x003\\x00 \\x00P\\x00u\\x00b\\x00l\\x00i\\x00c\\x00 \\x00P\\x00r\\x00i\\x00m\\x00a\\x00r\\x00y\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe2\\x7f{\\xd8w\\xd5\\xdf\\x9e\n?\\x9e\\xb4\\xcb\\x0e.\\xa9\\xef\\xdbiw\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00'\\xb3Qvg3\\x1c\\xe2\\xc1\\xe7@\\x02\\xb5\\xff\"\\x98\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00t,1\\x92\\xe6\\x07\\xe4$\\xebEIT+\\xe1\\xbb\\xc5>at\\xe2\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00*\\x00\\x00\\x000(\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe7hV4\\xef\\xac\\xf6\\x9a\\xce\\x93\\x9ak%[{O\\xab\\xefB\\x93[P\\xa2e\\xac\\xb5\\xcb`'\\xe4Np~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x10\\xc5\\x1e\\x92\\xd2\\x01 \\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x02\\x00\\x000\\x82\\x02<0\\x82\\x01\\xa5\\x02\\x10p\\xba\\xe4\\x1d\\x10\\xd9)4\\xb68\\xca{\\x03\\xcc\\xba\\xbf0\r\\x06\t"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "7E04DE896A3E666D00E687D33FFAD93BE83D349E"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4087
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xb0\t\\xe9\\x9a\\\\xfc\\x92\\x8a\\x171\\x90\\x10m\\xbb2\\xa9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00~\\x04\\xde\\x89j>fm\\x00\\xe6\\x87\\xd3?\\xfa\\xd9;\\xe8=4\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xab9\\xed\\xd1\\xa4\\xd8\\x9aU\\x12\\x88-\\xeb\t\\xcb\\x13\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3\\xdbH\\xa4\\xf9\\xa1\\xc5\\xd8\\xae6A\\xcc\\x11cib)\\xbcK\\xc6b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x001\\xadfH\\xf8\\x10A8\\xc78\\xf3\\x9e\\xa42\\x0139>:\\x18\\xcc\\x02)n\\xf9|*\\xc9\\xefg1\\xd0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x003\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x82\\xc8\\x01\\x999w\"\\xb5z\\xd4s\\xea&k\\x93\\xd4\\x7f\\xfcw\\xfe\\x07\\xf0\\x93\\x884_ \\xda\\xb6\\xad\\xdd\\x08vr\\xf9\\x88\\xb4\\xbb\\xfd\\x15LK\\x13<p\\xc9\\xec\\xff\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xf5]\\xa4P\\xa5\\xfb(~\\x1e\\x0f\r\\xcc\\x96WV\\xca \\x00\\x00\\x00\\x01\\x00\\x00\\x00C\\x02\\x00\\x000\\x82\\x02?0\\x82\\x01\\xc5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05UV\\xbc\\xf2^\\xa455\\xc3\\xa4\\x0f\\xd5\\xabEr0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436"
              }
            ],
            "repeated": 0,
            "id": 4091
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4092
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0f:\\x05'\\xd2B\\xde-\\xc9\\x8e\\\\xfc\\xb1\\xe9\\x91\\xee\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8\\x98]:e\\xe5\\xe5\\xc4\\xb2\\xd7\\xd6m@\\xc6\\xdd/\\xb1\\x9cT6~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00Yw\\x9e9\\xe2\\x1a.=\\xfc\\xedhW\\xed\\_\\xd9\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x03\\xdeP5V\\xd1L\\xbbf\\xf0\\xa3\\xe2\\x1b\\x1b\\xc3\\x97\\xb2=\\xd1Ub\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00CH\\xa0\\xe9DLx\\xcb&^\\x05\\x8d^\\x89D\\xb4\\xd8O\\x96b\\xbd&\\xdb%\\x7f\\x894\\xa4C\\xc7\\x01a\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3M\\xdd7.\\xd9.\\x8f*\\xbf\\xbb\\x9e \\xa9\\xd3\\x1f O\\x19K\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00y\\xe4\\xa9\\x84\r}:\\x96\\xd7\\xc0O\\xe2CL\\x89. \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb3\\x03\\x00\\x000\\x82\\x03\\xaf0\\x82\\x02\\x97\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x08;\\xe0V\\x90BF\\xb1\\xa1uj\\xc9Y\\x91\\xc7J0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "B1BC968BD4F49D622AA89A81F2150152A41D829C"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4097
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00>ER\\x15\tQ\\x92\\xe1\\xb7]7\\x9f\\xb1\\x87)\\x8a\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1\\xbc\\x96\\x8b\\xd4\\xf4\\x9db*\\xa8\\x9a\\x81\\xf2\\x15\\x01R\\xa4\\x1d\\x82\\x9c~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x04+\\xebw\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xe7\\xf3\\xb0`\\xd1\\x0e\\x90\\xa3\\x1b\\xa3G\\x1b\\x99\\x926\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00`{f\\x1aE\r\\x97\\xca\\x89P/}\\x04\\xcd4\\xa8\\xff\\xfc\\xfdKb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xeb\\xd4\\x10@\\xe4\\xbb>\\xc7B\\xc9\\xe3\\x81\\xd3\\x1e\\xf2\\xa4\\x1aH\\xb6h\\\\x96\\xe7\\xce\\xf3\\xc1\\xdfl\\xd43\\x1c\\x99\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x001\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00h\\x00\\x00\\x000f\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x08\\x02\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "D69B561148F01C77C54578C10926DF5B856976AD"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4102
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xfd<\\x9c8\r{e\\xe2k\\x9a?\\xed\\xd3\\x9b\\x8f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd6\\x9bV\\x11H\\xf0\\x1cw\\xc5Ex\\xc1\t&\\xdf[\\x85iv\\xad\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01r\\x8e\\x1e\\xcfz\\x9d\\x86\\xfb<\\xec\\x89H\\xab\\xa9S\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8f\\xf0K\\x7f\\xa8.E$\\xaeMP\\xfac\\x9a\\x8b\\xde\\xe2\\xdd\\x1b\\xbcb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb\\xb5\"\\xd7\\xb7\\xf1'\\xadj\\x01\\x13\\x86[\\xdf\\x1c\\xd4\\x10.}\\x07Y\\xafcZ|\\xf4r\r\\xc9c\\xc5;\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x003\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00R)\\xba\\x15\\xb3\\x1b\\x0coL\\xca\\x89\\xc2\\x98Qw\\x97C'\\xd1\\xb6\\x89\\xa3\\xb95\\xa0\\xbd\\x97U2\\xaf\"\\xab \\x00\\x00\\x00\\x01\\x00\\x00\\x00c\\x03\\x00\\x000\\x82\\x03_0\\x82\\x02G\\xa0\\x03\\x02\\x01\\x02\\x02\\x0b\\x04\\x00\\x00\\x00\\x00\\x01!XS\\x08\\xa20\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000L1 0\\x1e\\x06\\x03U\\x04\\x0b\\x13\\x17Global"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DDFB16CD4931C973A2037D3FC83A4D7D775D05E4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4"
              }
            ],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4107
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xff\\xac y\\x97\\xbb,\\xfe\\x86Up\\x17\\x9e\\xe07\\xb9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xfb\\x16\\xcdI1\\xc9s\\xa2\\x03}?\\xc8:M}w]\\x05\\xe4\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa8m\\xc6\\xa23\\xeb3\\x96\\x10\\xf3\\xedAI'\\xc5Y\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xec\\xd7\\xe3\\x82\\xd2q]dL\\xdf.g?\\xe7\\xba\\x98\\xae\\x1c\\x0fOb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00U/{\\xdc\\xf1\\xa7\\xaf\\x9el\\xe6r\\x01\\x7fO\\x12\\xab\\xf7r@\\xc7\\x8ev\\x1a\\xc2\\x03\\xd1\\xd9\\xd2\n\\xc8\\x99\\x88\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x004\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00N\\xa1\\xb3K\\x10\\xb9\\x82\\xa9j8\\x91XCPx \\xadc,j\\xad\\x83C\\xe37\\xb3Mf\\x0c\\xd86o\\xa1TTJ\\xe8\\x06h\\xae\\x1f\\xdf91\\xd5~\\x19\\x96\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00x\\xf2\\xfc\\xaa`\\x1f/\\xb4\\xeb\\xc97\\xbaS.uI \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x94\\x05\\x00\\x000\\x82\\x05\\x900\\x82\\x03x\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05\\x9b\\x1bW\\x9e\\x8e!2\\xe29\\x07\\xbd\\xa7wu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "Index",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DF3C24F9BFD666761B268073FE06D1CC8D4F82A4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4"
              }
            ],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4112
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\xc3\\xbd5I\\xee\"Z\\xec\\xe174\\xad\\x8c\\xa0\\xb8\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdf<$\\xf9\\xbf\\xd6fv\\x1b&\\x80s\\xfe\\x06\\xd1\\xcc\\x8dO\\x82\\xa4~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\xc3\\x0b\\xc9tiU`\\xa2\\xf0\t\neEUl\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00N\"T \\x18\\x95\\xe6\\xe3n\\xe6\\x0f\\xfa\\xfa\\xb9\\x12\\xed\\x06\\x17\\x8f9b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb<\\xcb\\xb7`1\\xe5\\xe0\\x13\\x8f\\x8d\\xd3\\x9a#\\xf9\\xdeG\\xff\\xc3^C\\xc1\\x14L\\xea'\\xd4jZ\\xb1\\xcb_\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x002\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00KN\\xb4\\xb0t)\\x8b\\x82\\x8b\\\\x000\\x95\\xa1\\x0bE#\\xfb\\x95\\x1c\\x0c\\x884\\x8b\t\\xc5>[\\xab\\xa4\\x08\\xa3\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe4\\xa6\\x8a\\xc8T\\xacRBF\n\\xfdrH\\x1b*D \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x92\\x03\\x00\\x000\\x82\\x03\\x8e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4118
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4120
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4121
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "gpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\gpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\gpapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000650"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\gpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000654"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ce0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70cfa000"
              },
              {
                "name": "ModuleName",
                "value": "gpapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4130
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70cf8000"
              },
              {
                "name": "ModuleName",
                "value": "gpapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70cf8000"
              },
              {
                "name": "ModuleName",
                "value": "gpapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xd9d\\xb5\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00`|\\xf9\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4136
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4138
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\gpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\gpapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-03-05 10:24:07,478",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\gpapi"
              },
              {
                "name": "DllBase",
                "value": "0x70ce0000"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\gpapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x70ce0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x70ce95f0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d17000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d17000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4146
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4148
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "UserenvDebugLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 4151
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4152
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\System"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "GpSvcDebugLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel"
              }
            ],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4156
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\Setup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\Setup"
              }
            ],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "SystemSetupInProgress"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000065c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4167
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4169
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000668"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa0\\xfff9q%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4172
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 4173
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000668"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4175
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000668"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4177
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4178
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 4179
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd2\\x01f%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4182
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4185
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4188
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4191
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4194
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4197
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-03-05 10:24:07,494",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000600"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd1\\xff8e`\\xffb5\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4200
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000600"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd1\\xff8e`\\xffb5\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4203
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000600"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd1\\xff8e`\\xffb5\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4206
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4223
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4226
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 4227
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000614"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4229
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4231
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4233
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "UserenvDebugLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel"
              }
            ],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4237
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\System"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System"
              }
            ],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "GpSvcDebugLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4241
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\Setup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\Setup"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "SystemSetupInProgress"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress"
              }
            ],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 4249
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 4250
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xaa1=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x07\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00p\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\xe8\\xdd\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\xde1=\\xd0\\x1c\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff4\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6st\\xde\\xbb\\x00\\xdc\\xe0\\x94\\xde4\\xde$\\xde\\x98\\xde\\x00\\x00\\xb4\\x05\\x00\\x00\\xdc\\xe0\\xbb\\x00\\x94\\xde\\xbb\\x00\\x98\\xde\\xbb\\x00\\x00\\x00\\x00\\x00H\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00t\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4253
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates"
              }
            ],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 4256
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000618"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4260
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4263
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4266
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b0"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4270
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4273
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 4274
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4276
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4278
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\trust"
              }
            ],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4281
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 4282
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4284
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4287
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fc9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4292
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4295
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4298
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4301
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 4302
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4303
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4304
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4307
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4311
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4314
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0emd\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4317
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "KeyInformation",
                "value": "N+h%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4321
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4322
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "109F1CAED645BB78B3EA2B94C0697C740733031C"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4324
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x83\\xb6S\\x18fNo\\xa2E\\xe0\\xd7`\\x9f\\xb9X \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x10\\x9f\\x1c\\xae\\xd6E\\xbbx\\xb3\\xea+\\x94\\xc0i|t\\x073\\x03\\x1c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00&]\\x05\\x07\\xd8/\\xa2`\\x84\\xbd\\x83}\\xf5!\\x80\\xa7\\x05oZ\\x85 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x04\\x00\\x000\\x82\\x04\\x0f0\\x82\\x02\\xf7\\xa0\\x03\\x02\\x01\\x02\\x02\n\\x19\\x8b\\x11\\xd1?\\x9a\\x8f\\xfei\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r971001070000Z\\x17\r021231070000Z0\\x81\\xc31+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1A0?\\x06\\x03U\\x04\\x0b\\x138Microsoft Windows Hardware Compatibility Intermediate CA1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation110/\\x06\\x03U\\x04\\x03\\x13(Microsoft Windows Hardware Compatibility0\\x81\\x9f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x81\\x8d\\x000\\x81"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 4326
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "D559A586669B08F46A30A133F8A9ED3D038E2EA8"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4329
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xac\\xd8\\x0e\\xa2{\\xb7,\\xe7\\x00\\xdc\"rJ_\\x1e\\x92\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00Is\\xe0\\x92\\xcf\\x8a\\x9e,\\xa5\\xf9\\x88I:[\\xac\\xfe8\\x95\\x94.\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\n\\xcf\\xebK\\x07\\xe7\\x03\\xa0\\x1fL\\xef(\\xeerV\\xf7Qu\\x91U\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xd6\\xed}\\xf5/\\xc1\\x9b\\xdc\\x9e_\\xe9\\xe2\\xbe!\\xfb\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5Y\\xa5\\x86f\\x9b\\x08\\xf4j0\\xa13\\xf8\\xa9\\xed=\\x03\\x8e.\\xa8 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x87\\x03\\x00\\x000\\x82\\x03\\x830\\x82\\x02\\xec\\xa0\\x03\\x02\\x01\\x02\\x02\\x10F\\xfc\\xeb\\xba\\xb4\\xd0/\\x0f\\x92`\\x98#?\\x93\\x07\\x8f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certification Authority0\\x1e\\x17\r970417000000Z\\x17\r161024235959Z0\\x81\\xba1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign International Server CA - Class 31I0G\\x06\\x03U\\x04\\x0b\\x13@www.verisign.com/CPS"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEE449EE0E3965A5246F000E87FDE2A065FD89D4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4334
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xed\\xbc\\xcd\\xd5\\x10j\\x07\\x1c]\\x8bF\\x90\\x91\\x8eH\\xaa\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xfe\\xe4I\\xee\\x0e9e\\xa5$o\\x00\\x0e\\x87\\xfd\\xe2\\xa0e\\xfd\\x89\\xd4\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x9a\\xa6X\\x7f\\x94\\xdd\\x91\\xd9\\x1ec\\xdf\\xd3\\xf0\\xce_\\xae\\x18\\x93\\xaa\\xb7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xce\\x01\\x00\\x000\\x82\\x01\\xca0\\x82\\x01t\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0\\x1e\\x17\r960528220259Z\\x17\r391231235959Z0\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0[0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03J\\x000G\\x02@\\x81U\"\\xb9\\x8a\\xa4o\\xed\\xd6\\xe7\\xd9f\\x0fU\\xbc\\xd7\\xcd\\xd5\\xbcN@\\x02!\\xa2\\xb1\\xf7\\x870\\x85^\\xd2\\xf2D\\xb9\\xdc\\x9bu\\xb6\\xfbF_B\\xb6\\x9d#6\\x0b\\xdeT\\x0f\\xcd\\xbd\\x1f\\x99*\\x10X\\x11\\xcb@\\xcb\\xb5\\xa7A\\x02\\x03\\x01\\x00\\x01\\xa3\\x81\\x9e0\\x81\\x9b0P\\x06\\x03U\\x04\\x03\\x04I\\x13GFor Testing Purposes Only Sample Software Publishing Credentials Agency0G\\x06\\x03U\\x1d\\x01\\x04@0>\\x80\\x10\\x12\\xe4\t-\\x06\\x1d\\x1dO\\x00\\x8da!\\xdc\\x16dc\\xa1\\x180\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency\\x82\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x00\\x03A\\x00-.>{\\x89B\\x89?\\xa8!"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "KeyInformation",
                "value": "N+h%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4339
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "A377D1B1C0538833035211F4083D00FECC414DAB"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4342
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa3w\\xd1\\xb1\\xc0S\\x883\\x03R\\x11\\xf4\\x08=\\x00\\xfe\\xccAM\\xab!\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb5\\x01\\x00\\x000\\x82\\x01\\xb10\\x82\\x01\\x1a\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x000a1\\x110\\x0f\\x06\\x03U\\x04\\x07\\x13\\x08Internet1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign Commercial Software Publishers CA\\x17\r010324000000Z\\x17\r040107235959Z0i0!\\x02\\x10\\x1bQ\\x90\\xf77$9\\x9c\\x92T\\xcdBF7\\x99j\\x17\r010130000124Z0!\\x02\\x10u\\x0e@\\xff\\x97\\xf0G\\xed\\xf5V\\xc7\\x08N\\xb1\\xab\\xfd\\x17\r010131000049Z0!\\x02\\x10w\\xe6ZCY\\x93]_zu\\x80\\x1a\\xcd\\xad\\xc2\"\\x17\r000831000056Z\\xa0\\x1a0\\x180\t\\x06\\x03U\\x1d\\x13\\x04\\x020\\x000\\x0b\\x06\\x03U\\x1d\\x0f\\x04\\x04\\x03\\x02\\x05\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x00\\x03\\x81\\x81\\x00\\x18,\\xe8\\xfc\\x16m\\x91J=\\x88TH]\\xb8\\x11\\xbfd\\xbb\\xf9\\xdaY\\x19\\xdd\\x0ee\\xab\\xc0\\x0c\\xfag~!\\x1e\\x83\\x0e\\xcf\\x9b\\x89\\x8a\\xcf\\x0cK\\xc19\\x9d\\xe7j\\xacFtj\\x91b\"\r\\xc4\\x08\\xbd\\xf5\n\\x90\\x7f\\x06!=~\\xa7\\xaa^\\xcd\"\\x15\\xe6\\x0cu\\x8en\\xad\\xf1\\x84\\xe4\"\\xb40o\\xfbd\\x8f\\xd7\\x80C\\xf5\\x19\\x18f\\x1dr\\xa3\\xe3\\x94\\x82(R\\xa0\\x06N\\xb1\\xc8\\x92\\x0c\\x97\\xbe\\x15\\x07\\xabz\\xc9\\xea\\x08gCMQc;\\x9c\\x9c\\xcd"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 4345
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4347
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4349
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\CA"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4352
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4355
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "KeyInformation",
                "value": "o&\\xfff1\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4358
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4362
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4365
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 4366
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4368
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4379
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4396
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4397
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4398
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4401
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4405
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4408
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4410
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4411
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000700"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000700"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4415
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000700"
              }
            ],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000700"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000700"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4418
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000700"
              }
            ],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000700"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000700"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff85\\xffcef\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4421
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000700"
              }
            ],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006fc"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "KeyInformation",
                "value": "#\\x0fk%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4425
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000708"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4428
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000708"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa0\\xfff9q%\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4431
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000708"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000070c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000708"
              },
              {
                "name": "ObjectAttributesName",
                "value": "27748148BBE67A43CDBFEC6C3784862CE134E6EA"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA"
              }
            ],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000070c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob"
              }
            ],
            "repeated": 1,
            "id": 4434
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000070c"
              },
              {
                "name": "ValueName",
                "value": "Blob"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x03\\x00\\x00\\x00\\x01\\x00\\x01\\x00\\x14\\x00\\x00\\x00't\\x81H\\xbb\\xe6zC\\xcd\\xbf\\xecl7\\x84\\x86,\\xe14\\xe6\\xea\"\\x00\\x00\\x00\\x01\\x00\\x01\\x00*\\x02\\x00\\x000\\x82\\x02&\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x82\\x02\\x170\\x82\\x02\\x13\\x02\\x01\\x011\\x000\\x82\\x02\\x08\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x82\\x01\\xf90\\x82\\x01\\xf50\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x04(D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00O\\x00S\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xcd??\\xac\\xc3\\xee\\x89\\x17\r120531151137Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x000\\x82\\x01\\x900\\x12\\x04\\x10%\\xfbz]\\x86\\xf7/^g(\\x8fys\\x05\\xfe\\x940\\x12\\x04\\x10o-Ce\\xc1\\x02\\x1f[\\x8bc\\xef\\x13+\\xc3\\xb3`0\\x12\\x04\\x10\\xad\\x11\\xdb\\xb7l\\x9c\\xf1\\xab\\x99\\x98\\xcd\\x84.\\xc1vs0\\x12\\x04\\x10\\xdf\\xbd\\xd7/\\x99\\xc3\\xb6Jy~Z\\xc9mY\\xbeV0\\x12\\x04\\x10\\xc6h\\x15K\\xe9^\\x16\\xad\\xbc2\\x1a\\xbc1n8J0\\x12\\x04\\x1079.\\x83=\\xc6\\x05\\xdd{8$G9\\x93\\x9e\\xe30\\x12\\x04\\x101y\\xfeKW&\\xd8\\xdb*\\xaf=\\xf9X\\xc9k\\x970\\x12\\x04\\x10\\xc3Z\\x97\\xc8\\x0fh}\\xc3\\xc1\\x08\\xc6\\xa33\\x9bhF0\\x12\\x04\\x10!\\x18\\xa4\\xc6\\xf7\\x18\\xcf\\xc7\\xd6\\xd8x\\x8cSt\\xd3)0\\x12\\x04\\x10Rj9\\xc0M\\x15\\x86-B\\x7f\\xd9%\\xaf\\x036\\x900\\x12\\x04\\x10<6\\xe1h\\xab\\xcc\\x85\\x96c\\xedG\\xa0\\xc0Z\\xeey0\\x12\\x04\\x10\\x01\\x9e}V\\xd6\r\\xb9\\xad\\xec@\\xb9g\\xb1\\xbc\\xba\\x9f0\\x12\\x04\\x106\\xcd\\xe9\\x9a\\xb8s\\x7f\\x86(|X7\\x04\\xc9^\\x160\\x12\\x04\\x10&\\x99\nwX~\\xd8d\\x01\\x84\\xc4\\x93f\\xac\\xb0u0\\x12\\x04\\x10\\xf6\\x9d\"\\xae\\x1e\\xd6\\x15\\xb1\\xb9\\xe3\\x90\\xe3\\x10\\xbb\\xbb10\\x12\\x04\\x10\\xeb\\xe9\n\\xd1\\x01\\xd3\\x80+\\x8aL\\x91<"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob"
              }
            ],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000070c"
              }
            ],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x800\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x04(D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00O\\x00S\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xcd??\\xac\\xc3\\xee\\x89\\x17\r120531151137Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x00\\x00\\x00"
              },
              {
                "name": "Flags",
                "value": "0x00008004"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000708"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4439
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000070c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000710"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000070c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000710"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4442
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000710"
              }
            ],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000710"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000070c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000710"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4445
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000710"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000710"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000070c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000710"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4448
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000710"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-03-05 10:24:07,509",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000070c"
              }
            ],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000718"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000718"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4452
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000718"
              }
            ],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000718"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000718"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4455
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000718"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000718"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000718"
              },
              {
                "name": "KeyInformation",
                "value": "\\x1fz\\xfff3\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4458
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000718"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000724"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4461
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000724"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000724"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4464
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000724"
              }
            ],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000724"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4467
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000724"
              }
            ],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000604"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000728"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4471
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000072c"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000728"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4474
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000072c"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000728"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "KeyInformation",
                "value": "I\\xff93k\\xffbe\\x11\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4477
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000072c"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000608"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4481
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000608"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4484
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000608"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4487
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4489
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople"
              }
            ],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000738"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4492
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000738"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4495
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000738"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4498
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 4499
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000738"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Certificates"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\Certificates"
              }
            ],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4502
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4503
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CRLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\CRLs"
              }
            ],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4505
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CTLs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\CTLs"
              }
            ],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff97\\xffdb\\xfff5\\xff80\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 1,
            "id": 4508
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fcb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4511
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "ValueName",
                "value": "DisallowedCertLastSyncTime"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x13=\\x1c\\xda*\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertLastSyncTime"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xde\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00B3=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x11\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\x08\\xdf\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x80\\xdf\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7sv3=\\xd0\\xb4\\xda\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\xcc\\xdf\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\x0c\\xe0\\xbb\\x00h\\xe2,\\xe0\\xcc\\xdf\\xbc\\xdf0\\xe0\\x00\\x00\\xb4\\x05\\x00\\x00h\\xe2\\xbb\\x00,\\xe0\\xbb\\x000\\xe0\\xbb\\x00\\x00\\x00\\x00\\x00\\xe0\\xdf\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\x0c\\xe0\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4523
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000744"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4527
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "ValueName",
                "value": "DisallowedCertEncodedCtl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fcc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4530
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "ValueName",
                "value": "DisallowedCertEncodedCtl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "ValueName",
                "value": "DisallowedCertEncodedCtl"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "0\\x82\\x17\\xcc\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x82\\x17\\xbd0\\x82\\x17\\xb9\\x02\\x01\\x011\\x0f0\r\\x06\t`\\x86H\\x01e\\x03\\x04\\x02\\x01\\x05\\x000\\x82\\x08(\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x82\\x08\\x190\\x82\\x08\\x150\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x048D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00A\\x00u\\x00t\\x00o\\x00U\\x00p\\x00d\\x00a\\x00t\\x00e\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xdc\\x1e\\x14\\x131$\\xbf\\x17\r250905032048Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x000\\x82\\x07\\xa00\\x12\\x04\\x10%\\xfbz]\\x86\\xf7/^g(\\x8fys\\x05\\xfe\\x940\\x12\\x04\\x10o-Ce\\xc1\\x02\\x1f[\\x8bc\\xef\\x13+\\xc3\\xb3`0\\x12\\x04\\x10\\xad\\x11\\xdb\\xb7l\\x9c\\xf1\\xab\\x99\\x98\\xcd\\x84.\\xc1vs0\\x12\\x04\\x10\\xdf\\xbd\\xd7/\\x99\\xc3\\xb6Jy~Z\\xc9mY\\xbeV0\\x12\\x04\\x10\\xc6h\\x15K\\xe9^\\x16\\xad\\xbc2\\x1a\\xbc1n8J0\\x12\\x04\\x1079.\\x83=\\xc6\\x05\\xdd{8$G9\\x93\\x9e\\xe30\\x12\\x04\\x101y\\xfeKW&\\xd8\\xdb*\\xaf=\\xf9X\\xc9k\\x970\\x12\\x04\\x10\\xc3Z\\x97\\xc8\\x0fh}\\xc3\\xc1\\x08\\xc6\\xa33\\x9bhF0\\x12\\x04\\x10!\\x18\\xa4\\xc6\\xf7\\x18\\xcf\\xc7\\xd6\\xd8x\\x8cSt\\xd3)0\\x12\\x04\\x10Rj9\\xc0M\\x15\\x86-B\\x7f\\xd9%\\xaf\\x036\\x900\\x12\\x04\\x10<6\\xe1h\\xab\\xcc\\x85\\x96c\\xedG\\xa0\\xc0Z\\xeey0\\x12\\x04\\x10\\x01\\x9e}V\\xd6\r\\xb9\\xad\\xec@\\xb9g\\xb1\\xbc\\xba\\x9f0\\x12\\x04\\x106\\xcd\\xe9\\x9a\\xb8s\\x7f\\x86(|X7\\x04\\xc9^\\x160\\x12\\x04\\x10&\\x99\nwX~\\xd8d\\x01\\x84\\xc4\\x93f\\xac\\xb0u0\\x12\\x04\\x10\\xf6\\x9d\"\\xae\\x1e\\xd6\\x15\\xb1\\xb9\\xe3\\x90\\xe3\\x10\\xbb\\xbb10\\x12\\x04\\x10\\xeb\\xe9\n\\xd1\\x01\\xd3\\x80+\\x8aL\\x91<\\xac\\xeejW0\\x12\\x04\\x10\\x1e%\\xf2N\\xdf"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl"
              }
            ],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x800\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x048D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00A\\x00u\\x00t\\x00o\\x00U\\x00p\\x00d\\x00a\\x00t\\x00e\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xdc\\x1e\\x14\\x131$\\xbf\\x17\r250905032048Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x00\\x00\\x00"
              },
              {
                "name": "Flags",
                "value": "0x00008004"
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4535
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000748"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000748"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000074c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllFindOIDInfo"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "1.3.6.1.4.1.311.64.1.1!7"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff8b1p'\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00N\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4543
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7"
              }
            ],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\dnsapi.dll,-103"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name"
              }
            ],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ValueName",
                "value": "StringCacheGeneration"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "48"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration"
              }
            ],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\nQ\\x97w\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xb0\\xd5\\xbb\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\xff\\xff\\xff\\x02\\x00\\x00\\x02\\x18\\x08\\x0c\\x03"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              }
            ],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4552
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dnsapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "ValueName",
                "value": "@%SystemRoot%\\system32\\dnsapi.dll,-103"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "\\x414\\x43e\\x432\\x435\\x440\\x435\\x43d\\x43d\\x44b\\x439 DNS-\\x441\\x435\\x440\\x432\\x435\\x440"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\dnsapi.dll,-103"
              }
            ],
            "repeated": 0,
            "id": 4554
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\dnsapi.dll,-103"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name"
              }
            ],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "ValueName",
                "value": "StringCacheGeneration"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "48"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\nQ\\x97w\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xb0\\xd5\\xbb\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\xff\\xff\\xff\\x02\\x00\\x00\\x02\\xf0\\x11\\x0c\\x03"
              }
            ],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000760"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              }
            ],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              }
            ],
            "repeated": 0,
            "id": 4563
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dnsapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ValueName",
                "value": "@%SystemRoot%\\system32\\dnsapi.dll,-103"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "\\x414\\x43e\\x432\\x435\\x440\\x435\\x43d\\x43d\\x44b\\x439 DNS-\\x441\\x435\\x440\\x432\\x435\\x440"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\dnsapi.dll,-103"
              }
            ],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4566
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000758"
              }
            ],
            "repeated": 0,
            "id": 4567
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "1.3.6.1.4.1.311.80.1!7"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff8b1p'\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xff84\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4571
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4573
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7\\Name"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              }
            ],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ValueName",
                "value": "StringCacheGeneration"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "48"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\nQ\\x97w\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xb0\\xd5\\xbb\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\xff\\xff\\xff\\x02\\x00\\x00\\x02P\\x0c\\x0c\\x03"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              }
            ],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
              }
            ],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "ValueName",
                "value": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "\\x428\\x438\\x444\\x440\\x43e\\x432\\x430\\x43d\\x438\\x435 \\x434\\x43e\\x43a\\x443\\x43c\\x435\\x43d\\x442\\x43e\\x432"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7\\Name"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "ValueName",
                "value": "StringCacheGeneration"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "48"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration"
              }
            ],
            "repeated": 0,
            "id": 4588
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd0\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\nQ\\x97w\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xb0\\xd5\\xbb\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\xff\\xff\\xff\\x02\\x00\\x00\\x02\\x80\t\\x0c\\x03"
              }
            ],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000760"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4591
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000760"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              }
            ],
            "repeated": 0,
            "id": 4592
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              }
            ],
            "repeated": 0,
            "id": 4593
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
              }
            ],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ValueName",
                "value": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "\\x428\\x438\\x444\\x440\\x43e\\x432\\x430\\x43d\\x438\\x435 \\x434\\x43e\\x43a\\x443\\x43c\\x435\\x43d\\x442\\x43e\\x432"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4596
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000758"
              }
            ],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4603
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000748"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SYSTEM\\CurrentControlSet\\Control\\Cryptography\\ECCParameters"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Cryptography\\ECCParameters"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000748"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fd3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fd4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fd7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000748"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000748"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 4613
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000748"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\CRYPT32.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000748"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\crypt32.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 4615
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000074c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08230000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbcf80"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4616
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 4617
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7605e000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00?\\x04@\\x040\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00A\\x002\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffS\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c00000"
              },
              {
                "name": "FunctionName",
                "value": "GetHashInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76c15880"
              }
            ],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fd9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fdb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fdd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "AutoFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlags"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b89000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fdf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "DisableAutoFlushProcessNameList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableAutoFlushProcessNameList"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "AutoFlushFirstDeltaSeconds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushFirstDeltaSeconds"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ValueName",
                "value": "AutoFlushNextDeltaSeconds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushNextDeltaSeconds"
              }
            ],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-03-05 10:24:07,525",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4632
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\xde0\\x82\\x02\\xc6\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x00\\x8bX\\x1c\\x11V\\xbc\\x7f\\x06\\x8b\\x1bMR\\x11w\\x0b0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\r\\x05\\x000\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0 \\x17\r250719145754Z\\x18\\x0f99991231235959Z0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x02\\x0f\\x000\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00S\\x00H\\x00A\\x005\\x001\\x002\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00A\\x005\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffS\\x00H\\x00A\\x005\\x001\\x002\\x00\\x00\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c00000"
              },
              {
                "name": "FunctionName",
                "value": "GetHashInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76c15880"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\xde0\\x82\\x02\\xc6\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x00\\x8bX\\x1c\\x11V\\xbc\\x7f\\x06\\x8b\\x1bMR\\x11w\\x0b0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\r\\x05\\x000\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0 \\x17\r250719145754Z\\x18\\x0f99991231235959Z0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x02\\x0f\\x000\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 4637
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00010001"
              },
              {
                "name": "Encoded",
                "value": "0\\x03\\x01\\x01\\xff"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x04\\xde0\\x82\\x02\\xc6\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x00\\x8bX\\x1c\\x11V\\xbc\\x7f\\x06\\x8b\\x1bMR\\x11w\\x0b0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\r\\x05\\x000\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0 \\x17\r250719145754Z\\x18\\x0f99991231235959Z0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre0\\x82\\x02\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x02\\x0f\\x000\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef"
              },
              {
                "name": "Flags",
                "value": "0x0000800d"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4640
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllVerifyEncodedSignature"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllVerifyEncodedSignature"
              }
            ],
            "repeated": 0,
            "id": 4644
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4645
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllVerifyEncodedSignature"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllVerifyEncodedSignature"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4652
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllImportPublicKeyInfoEx2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllImportPublicKeyInfoEx2"
              }
            ],
            "repeated": 0,
            "id": 4656
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllImportPublicKeyInfoEx2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllImportPublicKeyInfoEx2"
              }
            ],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef\\xfbq\\xfc\\x9bz7\\x86\\x81\\xb8\\x10%\\xc7\\xe9\\xd6\\xbdc1\\x15a\\xd3\\xbb\\x05\\xc9\"\\xed\\xff\\x7fe=\\xdfa9c[\\x08U\\xb8\\xee=\\xbf\\x19N\\x98\\x07\\xcc\\x02d\\xad\\xd4\\x00\\xbf{\\xe2\\x8f\\xa0\\x01Xj*.\\x125\\xce\\xc8\\xe6\\xda+R\\x84\\xb6\\xde\\xff\\xbd\\x07\\xb3\\xf1\\xc8n\\xbb\\x90\\x1dmK\\xf7\\x84=\\xff\\x0e\\\\xd7\\xfd\\xeb\tQ\\xcc\\xf2\\x99\t4\\x8c\\xfa\\xdd\\xf8\\x07u\\xb8\\xff7\\xba\\xd9{\\x1eN\\x1f\\xca\\x08`\\x029\\xbc\\xc0\\xd2\\x17n\\x08\\xa4\\x1cn\\x05\\xf1\\xc9$\rc|}\\xb8\\xc3\\xee\\x06"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00x\\x99\\xb5\\x070\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00R\\x00S\\x00A\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00A\\x00\\x00\\x00\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffR\\x00S\\x00A\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x00\\x00\\x00\\x00\\x00\\x00\\x00K\\x00e\\x00y\\x00L\\x00e\\x00n\\x00g\\x00t\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c00000"
              },
              {
                "name": "FunctionName",
                "value": "GetAsymmetricEncryptionInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76c10910"
              }
            ],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "BCryptImportKeyPair",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "RSA1\\x00\\x10\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x01\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef\\xfbq\\xfc\\x9bz7\\x86\\x81\\xb8\\x10%\\xc7\\xe9\\xd6\\xbdc1\\x15a\\xd3\\xbb\\x05\\xc9\"\\xed\\xff\\x7fe=\\xdfa9c[\\x08U\\xb8\\xee=\\xbf\\x19N\\x98\\x07\\xcc\\x02d\\xad\\xd4\\x00\\xbf{\\xe2\\x8f\\xa0\\x01Xj*.\\x125\\xce\\xc8\\xe6\\xda+R\\x84\\xb6\\xde\\xff\\xbd\\x07\\xb3\\xf1\\xc8n\\xbb\\x90\\x1dmK\\xf7\\x84=\\xff\\x0e\\\\xd7\\xfd\\xeb\tQ\\xcc\\xf2\\x99\t4\\x8c\\xfa\\xdd\\xf8\\x07u\\xb8\\xff7\\xba\\xd9{\\x1eN\\x1f\\xca\\x08`\\x029\\xbc\\xc0\\xd2"
              },
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "CryptKey",
                "value": "0x00fc2f88"
              },
              {
                "name": "Length",
                "value": "539"
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fe2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4669
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4671
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot"
              }
            ],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4673
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "SyncDeltaTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\SyncDeltaTime"
              }
            ],
            "repeated": 0,
            "id": 4675
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\Flags"
              }
            ],
            "repeated": 0,
            "id": 4676
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "RootDirUrl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\RootDirUrl"
              }
            ],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4679
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "LastSyncTime"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "t>`\\xfe*\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\LastSyncTime"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4682
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4684
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4686
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xdd\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xd21=\\xd0\\xbd\\x9fV\\x04\\x00\\x00\\x00\\x00\\xa2\\xe4\\xf3\\x07\\x0f\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\xbc\\x00\\x00\\x00\\x00\\x00\\x98\\xdd\\xbb\\x008\\xeb\\xbb\\x00P\\xeb\\xbb\\x00\\xbd\\x9fV\\x04\\xc8\\xfb\\xb7s\\xa2\\xe4\\xf3\\x07\\x10\\xde\\xbb\\x006\\xa7\\x96s\\xc0\\xab\\xb5s\\xc8M\\xbds\\xfc\\x91\\x06\\x03\\xc8\\xfb\\xb7s\\x062=\\xd0D\\xd9\\xbb\\x00i\\xa7\\x94sP\\xeb\\xbb\\x00\\xd0\\xa9\\xabs\\xba\\xba1\\xa3\\xfe\\xff\\xff\\xff\\\\xde\\xbb\\x00F\\xd9\\x97s.\\x00\\x00\\x00\\x8c\\xef\\xb5s\\xe0\\x14\\xb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\x14\\xb6s\\x98\\x12\\xb6s\\xff\\xff\\xff\\xff\\xc8\\xda\\xb5s\\x08\\x00\\x00\\x00\\xcc\\x14\\xb6s\\x9c\\xde\\xbb\\x00\\xf8\\xe0\\xbc\\xde\\\\xdeL\\xde\\xc0\\xde\\x00\\x00\\xb4\\x05\\x00\\x00\\xf8\\xe0\\xbb\\x00\\xbc\\xde\\xbb\\x00\\xc0\\xde\\xbb\\x00\\x00\\x00\\x00\\x00p\\xde\\xbb\\x00\\xc4<\\xc4u\\xff\\xff\\xff\\xff\\x08\\x00\\x00\\x00\\x9c\\xde\\xbb\\x00"
              }
            ],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4691
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4692
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4695
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "EncodedCtl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl"
              }
            ],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07baa000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "EncodedCtl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl"
              }
            ],
            "repeated": 0,
            "id": 4699
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07bd9000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "EncodedCtl"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "0\\x83\\x02\\xe4\\xcf\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x83\\x02\\xe4\\xbf0\\x83\\x02\\xe4\\xba\\x02\\x01\\x011\\x0f0\r\\x06\t`\\x86H\\x01e\\x03\\x04\\x02\\x01\\x05\\x000\\x83\\x02\\xd5(\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x83\\x02\\xd5\\x180\\x83\\x02\\xd5\\x130\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\t\\x02\t\\x14\\x01\\xdc\\x16\\xc3\\x8d\\xc3\\xb8\\x9e\\x17\r250826195646Z0\t\\x06\\x05+\\x0e\\x03\\x02\\x1a\\x05\\x000\\x83\\x02\\xc3\\xfb0\\x82\\x01D\\x04\\x14\\xcd\\xd4\\xee\\xae`\\x00\\xac\\x7f@\\xc3\\x80,\\x17\\x1e0\\x14\\x800\\xc0r1\\x82\\x01*0\\x18\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bh1\n\\x04\\x08\\x00\\x80\\xc8+h\\x86\\xd7\\x010\\x18\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b~1\n\\x04\\x08\\x00\\x00\\xd9\\xb5D\\xc1\\xd2\\x010\\x1e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bi1\\x10\\x04\\x0e0\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x020 \\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x1d1\\x12\\x04\\x10\\xf0\\xc4\\x02\\xf0@N\\xa9\\xad\\xbf%\\xa0=\\xdf,\\xa6\\xfa0$\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x141\\x16\\x04\\x14\\x0e\\xac\\x82`@V'\\x97\\xe5%\\x13\\xfc*\\xe1\nS\\x95Y\\xe4\\xa400\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bb1\"\\x04 \\x88]\\xe6L4\\x0e>\\xa7\\x06X\\xf0\\x1e\\x11E\\xf9W\\xfc\\xda'\\xaa\\xbe\\xea\\x1a\\xb9\\xfa\\xa9\\xfd\\xb0\\x10-@w0Z\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0b1L\\x04JM\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x000\\x82\\x01,\\x04\\x14\\x18\\xf7\\xc1\\xfc\\xc3\t\\x02\\x03\\xfd[\\xaa/\\x86\\x1auIv\\xc8\\xdd%1\\x82\\x01\\x120\\x18\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bh1\n\\x04\\x08\\x00\\x006\\x04M\\xdf\\xd3\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07bd8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fde000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x800\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\t\\x02\t\\x14\\x01\\xdc\\x16\\xc3\\x8d\\xc3\\xb8\\x9e\\x17\r250826195646Z0\t\\x06\\x05+\\x0e\\x03\\x02\\x1a\\x05\\x00\\x00\\x00"
              },
              {
                "name": "Flags",
                "value": "0x00008004"
              }
            ],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07bd8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4705
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c08000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00fde000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x10\\xd80\\x82\\x10\\xd4\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x034\\x04\\x82\\x10\\xc40\\x82\\x10\\xc00\t\\x02\\x01\\x01\\x02\\x01\\x02\\x02\\x01\\x010Y0\\x13\\x06\\x07*\\x86H\\xce=\\x02\\x01\\x06\\x08*\\x86H\\xce=\\x03\\x01\\x07\\x03B\\x00\\x04 \\x82\\xa1\\xf9gh\\xa8\\xe4\\xdb\\x94\\x98\\xe2\\xe1h\\x87\\xe4\tm 538<\\xaf\\x14\\xaa\\xd7\\x08\\x18\\xf0\\xfd\\x16\\x9b\\xd3\\xff|'\\x82\\xd4\\x87\\xb7N$F;\\xfb\\xae\\xbe\\xc8#R +\\xaaD\\x05\\xfeT\\xf9\\xd5\\xf1\\x1dE\\x9a0Y0\\x13\\x06\\x07*\\x86H\\xce=\\x02\\x01\\x06\\x08*\\x86H\\xce=\\x03\\x01\\x07\\x03B\\x00\\x04\\xaf\\xe4\\xf3\\x94,\\xdf\\xa6'\\xb5\\xfe\\xb2a\\x83\\x19\\xc8!:#\\xa8\\xa9=T\\xaf\\xbc1\\x9a\\x1c\\xd3\\xc1\\xe3\\xb6\\xc2\\xf3\\x0f\\xc7\\xb9\\xca;\\x1dyea\"%\\x82VN\\x98\\xe8\\xaa&)6\\x1e(`o\\xeb\\x15n\\xf7|\\xd0\\xba0Y0\\x13\\x06\\x07*\\x86H\\xce=\\x02\\x01\\x06\\x08*\\x86H\\xce=\\x03\\x01\\x07\\x03B\\x00\\x04\\x07\\xfc\\x1e\\xe8c\\x8e\\xff\\x1c"
              },
              {
                "name": "Flags",
                "value": "0x00008004"
              }
            ],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-03-05 10:24:07,541",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4710
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllImportPublicKeyInfoEx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllImportPublicKeyInfoEx"
              }
            ],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1"
              }
            ],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllImportPublicKeyInfoEx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllImportPublicKeyInfoEx"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4719
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4720
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4722
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 4725
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllConvertPublicKeyInfo"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllConvertPublicKeyInfo"
              }
            ],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4727
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1"
              }
            ],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CryptDllConvertPublicKeyInfo"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllConvertPublicKeyInfo"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x82\\x02\n\\x02\\x82\\x02\\x01\\x00\\x9b\\xb1\\x96\\xa8\\xfa\\x12\\xb5\\xb85\\x93d\\xf5:=\\x00qf\\xa0\\xfbM\\xc9\r\\xf2\\xb3\\xe4\\xa2\\xf6R\\xfcK\\$\\xae-D\\xda\\xcbn\\xa9s\\x0c\\xe0;\\xbe@ \\xa9\\x15a_\\xa7\\xa8\\x16Q\\xa2!\\xcf-{M\\xe0\\xb1bK\\xado\\xaa\\x14k\\x18\\x93\\xe2S G}y\\xa6\\xbf\\x8cY+A{\\xe2\\xcfK\\xd2*&x\\xf0\\xb9\\x910\\x0ft\\x1e\\xdc?t\\xd1y\\x99B\\x12\\xef\\xfbq\\xfc\\x9bz7\\x86\\x81\\xb8\\x10%\\xc7\\xe9\\xd6\\xbdc1\\x15a\\xd3\\xbb\\x05\\xc9\"\\xed\\xff\\x7fe=\\xdfa9c[\\x08U\\xb8\\xee=\\xbf\\x19N\\x98\\x07\\xcc\\x02d\\xad\\xd4\\x00\\xbf{\\xe2\\x8f\\xa0\\x01Xj*.\\x125\\xce\\xc8\\xe6\\xda+R\\x84\\xb6\\xde\\xff\\xbd\\x07\\xb3\\xf1\\xc8n\\xbb\\x90\\x1dmK\\xf7\\x84=\\xff\\x0e\\\\xd7\\xfd\\xeb\tQ\\xcc\\xf2\\x99\t4\\x8c\\xfa\\xdd\\xf8\\x07u\\xb8\\xff7\\xba\\xd9{\\x1eN\\x1f\\xca\\x08`\\x029\\xbc\\xc0\\xd2\\x17n\\x08\\xa4\\x1cn\\x05\\xf1\\xc9$\rc|}\\xb8\\xc3\\xee\\x06"
              },
              {
                "name": "Flags",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 4734
          },
          {
            "timestamp": "2026-03-05 10:24:07,603",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptImportKey",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "\\x06\\x02\\x00\\x00\\x00\\xa4\\x00\\x00RSA1\\x00\\x10\\x00\\x00\\x01\\x00\\x01\\x00\\xa5q\\x92\\xa4b1\\xa0}\\x8f\\xb8\\x18\\x04&\\x9fL\\xbf\\x0e+b\\xf8\\x08\\x00\\x07\\xff\\x1a3\\xbd\\xac\\xb2@\\xd4\\xf6\\x96o+8\\x9e\\xd1\\xde\\xa4\\x81y\\x0e\\xfeL\\xa4c\\xd7-\\xb6\\x8b\\xa7W!B\\x16\\x97\\x10,\\x82\\x14Xr\\x920\\x15\\x7f\\x90\\xef\\xc7\\xb5\\x9a\\x99\\x86O\\xc6\\x0f\\xb6\\xd2\\x01\\x87k\\x96\\xcb\\x828\\xf4\\x06\\x1cy\\xcf\\x87\\x9d@\n|)s< \\xdc6\\xb4x\\x87\\xb8H\\xea\\x8f=\\xe4\\x13\\x82\\xab\\xcf\\x99\\xbf66J\\xfe\\xef\\x89I\\x13\\xfe\\xeb*\\x90Q\\xdc\\x83M\\xecO\\xaa\\x19\\x92kord\\xad\\xb6\\xd1K\\xc5\\xd2\\x91\\xfe\\xdf\t=\\x99\\x177$sl\\x0fd|\\x9bE\\xb8W\\x84\\xf4\\x9a\\xde(\\xde\\x9aF\\x9dZ\\x99gYQ\\x17UA\\x1e\\xac\\xb7\\x9b\\xb5_C/Y\\xd1J}\\x9e_e\\x8d\\x8a{\\x89\\x9e\\x05\\x90\\xd4cw\\xb1\\x13Z=\\xe6#\\x9bd'\\x82\\x94\\x04\\xeb\\xff\\xfe\\x9e\\xa0QhX\\x8fz\\x15\\xaa\\xa8G\\x13O"
              },
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "CryptKey",
                "value": "0x00f48888"
              },
              {
                "name": "Length",
                "value": "532"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-03-05 10:24:07,619",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateCertificateChain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fc1e70"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-03-05 10:24:07,619",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertDuplicateCertificateChainW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4737
          },
          {
            "timestamp": "2026-03-05 10:24:07,681",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FormatMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-03-05 10:24:07,681",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FormatMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091bc0"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000758"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 4741
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000758"
              }
            ],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000758"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4743
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000758"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08530000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbd5b0"
              },
              {
                "name": "ViewSize",
                "value": "0x0014f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4746
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08530000"
              },
              {
                "name": "RegionSize",
                "value": "0x0014f000"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000758"
              }
            ],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000758"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000075c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000758"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000075c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08530000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00bbd5b0"
              },
              {
                "name": "ViewSize",
                "value": "0x0014c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4752
          },
          {
            "timestamp": "2026-03-05 10:24:07,775",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000075c"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertVerifyCertificateChainPolicy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75facee0"
              }
            ],
            "repeated": 0,
            "id": 4754
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertVerifyCertificateChainPolicyW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4756
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Cryptography\\OID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID"
              }
            ],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0"
              }
            ],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CertDllVerifyCertificateChainPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllVerifyCertificateChainPolicy"
              }
            ],
            "repeated": 0,
            "id": 4760
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000750"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EncodingType 1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1"
              }
            ],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000754"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CertDllVerifyCertificateChainPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CertDllVerifyCertificateChainPolicy"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetLastError"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608dfa0"
              }
            ],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertFreeCertificateChain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fb30b0"
              }
            ],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertVerifyCertificateChainPolicy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75facee0"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-03-05 10:24:07,791",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-03-05 10:24:07,900",
            "thread_id": "5380",
            "caller": "0x07d8ef69",
            "parentcaller": "0x04569fbd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-03-05 10:24:07,900",
            "thread_id": "5380",
            "caller": "0x07d8ef69",
            "parentcaller": "0x04569fbd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertGetNameStringW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa6610"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-03-05 10:24:07,900",
            "thread_id": "5380",
            "caller": "0x07d8ef69",
            "parentcaller": "0x04569fbd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-03-05 10:24:07,916",
            "thread_id": "5380",
            "caller": "0x07d8ef69",
            "parentcaller": "0x04569fbd",
            "category": "crypto",
            "api": "CryptDecodeObjectEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CertEncodingType",
                "value": "0x00000001"
              },
              {
                "name": "Encoded",
                "value": "0\\x101\\x0e0\\x0c\\x06\\x03U\\x04\\x03\\x0c\\x05Myyre"
              },
              {
                "name": "Flags",
                "value": "0x00008005"
              }
            ],
            "repeated": 3,
            "id": 4775
          },
          {
            "timestamp": "2026-03-05 10:24:07,916",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-03-05 10:24:07,916",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75f70000"
              },
              {
                "name": "FunctionName",
                "value": "CertFreeCertificateContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75fa2850"
              }
            ],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569fbd",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x07d8f3c3",
            "parentcaller": "0x07d8f039",
            "category": "crypto",
            "api": "CryptGenRandom",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x02\\xc2\\xe33"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "QueryUnbiasedInterruptTime"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092120"
              }
            ],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77930000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76070000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryInformationThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a2ce0"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a2df0"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWaitableTimerExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76092fd0"
              }
            ],
            "repeated": 0,
            "id": 4787
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetWaitableTimerEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c50740"
              }
            ],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-03-05 10:24:07,931",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "46"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73092d10"
              },
              {
                "name": "Parameter",
                "value": "0x00bbe84c"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000770",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73092d10"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00bbe84c"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              }
            ],
            "repeated": 0,
            "id": 4791
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "4768",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "4768",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "4768",
            "caller": "0x75c51454",
            "parentcaller": "0x7311f41f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000778"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4795
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "4768",
            "caller": "0x75c4269a",
            "parentcaller": "0x7311f45f",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "4768",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-03-05 10:24:07,978",
            "thread_id": "5380",
            "caller": "0x04569c8b",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 4799
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000076e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4801
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000076c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4803
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4806
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "55000"
              }
            ],
            "repeated": 0,
            "id": 4807
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8fb17",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000752"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000752"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000752"
              }
            ],
            "repeated": 0,
            "id": 4811
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000750"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-03-05 10:24:07,994",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-03-05 10:24:08,009",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "DC12A687-737F-11CF-884D-00AA004B2E24"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-03-05 10:24:08,009",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-03-05 10:24:08,009",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4818
          },
          {
            "timestamp": "2026-03-05 10:24:08,009",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-03-05 10:24:08,197",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "WbemLocator_ConnectServer",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NetworkResource",
                "value": "\\\\.\\root\\SecurityCenter2"
              },
              {
                "name": "User",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4822
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4824
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000754"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc6\\x04\\xc6\\xf8\\xc5V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xc8\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4829
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000756"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 4831
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4832
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xc7\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4834
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xc5\\xc4\\xc4\\xb8\\xc4V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xc7\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xc5\\xc4\\xc4\\xb8\\xc4V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xc7\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xc5T\\xc5H\\xc5V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xf0\\xc7\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000756"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xc4l\\xc4`\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xc4\\x94\\xc4\\x88\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x020\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc4D\\xc48\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xc6\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xc4\\x94\\xc4\\x88\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x020\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x9c\\xc4L\\xc4@\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe8\\xc6\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xc7\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000756"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000756"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4V\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xc7\\xbb\\x00\\xdct\\xc3uV\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4884
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000756"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-03-05 10:24:08,228",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              }
            ],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4889
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4891
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4892
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4893
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-03-05 10:24:08,244",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4898
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4903
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4904
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000756"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              }
            ],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000754"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-03-05 10:24:08,306",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-03-05 10:24:08,384",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-03-05 10:24:08,384",
            "thread_id": "5380",
            "caller": "0x07d85ca3",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "displayName"
              },
              {
                "name": "Value",
                "value": "Windows Defender"
              },
              {
                "name": "Class",
                "value": "AntiVirusProduct"
              }
            ],
            "repeated": 1,
            "id": 4917
          },
          {
            "timestamp": "2026-03-05 10:24:08,462",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000756"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-03-05 10:24:08,462",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-03-05 10:24:08,462",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              }
            ],
            "repeated": 0,
            "id": 4920
          },
          {
            "timestamp": "2026-03-05 10:24:08,462",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000754"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-03-05 10:24:08,462",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-03-05 10:24:08,462",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-03-05 10:24:08,478",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-03-05 10:24:08,478",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "DC12A687-737F-11CF-884D-00AA004B2E24"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-03-05 10:24:08,478",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-03-05 10:24:08,494",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-03-05 10:24:08,494",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "WbemLocator_ConnectServer",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NetworkResource",
                "value": "\\\\.\\root\\cimv2"
              },
              {
                "name": "User",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4934
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xc6\\xb4\\xc5\\xa8\\xc5n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\xc8\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 4940
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xec\\xc4\\x9c\\xc4\\x90\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x028\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xc4t\\xc4h\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x10\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4947
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xc4t\\xc4h\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x10\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc5\\x04\\xc5\\xf8\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xa0\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc4\\x1c\\xc4\\x10\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4963
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc4D\\xc48\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4971
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00D\\xc4\\xf4\\xc3\\xe8\\xc3\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x90\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc4D\\xc48\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4978
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4980
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xc4\\xfc\\xc3\\xf0\\xc3\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000078e"
              }
            ],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4986
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xec\\xc4\\x9c\\xc4\\x90\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x008\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xec\\xc4\\x9c\\xc4\\x90\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x008\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4993
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-03-05 10:24:08,509",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-03-05 10:24:08,525",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-03-05 10:24:08,525",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-03-05 10:24:08,525",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-03-05 10:24:08,525",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-03-05 10:24:08,525",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5005
          },
          {
            "timestamp": "2026-03-05 10:24:08,525",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d04f9",
            "parentcaller": "0x04569769",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f530"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ace690"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090460"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAllocW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-03-05 10:24:10,197",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-03-05 10:24:10,212",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DuplicateTokenEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ad0230"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-03-05 10:24:10,212",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DuplicateTokenExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-03-05 10:24:10,212",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CheckTokenMembership"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75acf540"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-03-05 10:24:10,212",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CheckTokenMembershipW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-03-05 10:24:10,212",
            "thread_id": "5380",
            "caller": "0x082d096d",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x082d0c6e",
            "parentcaller": "0x04569769",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000756"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5022
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000756"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000754"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5024
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000754"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d8a8a1",
            "parentcaller": "0x07d8a3e9",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "DC12A687-737F-11CF-884D-00AA004B2E24"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-03-05 10:24:10,259",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-03-05 10:24:10,275",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-03-05 10:24:10,275",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-03-05 10:24:10,291",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d885fa",
            "parentcaller": "0x07d8b2f4",
            "category": "com",
            "api": "WbemLocator_ConnectServer",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NetworkResource",
                "value": "\\\\.\\root\\cimv2"
              },
              {
                "name": "User",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000476"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5035
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000476"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5038
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc6\\x04\\xc6\\xf8\\xc5n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xc8\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 5043
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xc5\\xc4\\xc4\\xb8\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 5051
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xc5\\xc4\\xc4\\xb8\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xc5\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xc5T\\xc5H\\xc5n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xf0\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5062
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xc4l\\xc4`\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08\\xc7\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xc4\\x94\\xc4\\x88\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x020\\xc7\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5072
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5073
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5074
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc4D\\xc48\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5075
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5077
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xc4\\x94\\xc4\\x88\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x020\\xc7\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-03-05 10:24:10,322",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x9c\\xc4L\\xc4@\\xc4\\x8e\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe8\\xc6\\xbb\\x00\\xdct\\xc3u\\x8e\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000078e"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5091
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 5092
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000076e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xbb\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4n\\x07\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xc7\\xbb\\x00\\xdct\\xc3un\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000076e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              }
            ],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5100
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d87d48",
            "parentcaller": "0x07b2fc81",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-03-05 10:24:10,337",
            "thread_id": "5380",
            "caller": "0x07d8829b",
            "parentcaller": "0x07d8c695",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5110
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000078c"
              }
            ],
            "repeated": 0,
            "id": 5114
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5116
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\AMSI\\Providers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "KeyInformation",
                "value": "\r\\xff9d\\xff91\n\\x12\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000078c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000078c"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-03-05 10:24:10,759",
            "thread_id": "5380",
            "caller": "0x07d8cba6",
            "parentcaller": "0x07d8c963",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000076e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076e"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000076c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000076c"
              }
            ],
            "repeated": 0,
            "id": 5127
          },
          {
            "timestamp": "2026-03-05 10:24:10,884",
            "thread_id": "5380",
            "caller": "0x07d821e9",
            "parentcaller": "0x07d8ce4f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-03-05 10:24:10,900",
            "thread_id": "5380",
            "caller": "0x07d85ca3",
            "parentcaller": "0x07d8bcd2",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Caption"
              },
              {
                "name": "Value",
                "value": "\\x41c\\x430\\x439\\x43a\\x440\\x43e\\x441\\x43e\\x444\\x442 Windows 10 Pro"
              },
              {
                "name": "Class",
                "value": "Win32_OperatingSystem"
              }
            ],
            "repeated": 1,
            "id": 5129
          },
          {
            "timestamp": "2026-03-05 10:24:10,900",
            "thread_id": "5380",
            "caller": "0x082d165c",
            "parentcaller": "0x0456979a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-03-05 10:24:10,900",
            "thread_id": "5380",
            "caller": "0x082d165c",
            "parentcaller": "0x0456979a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090e50"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-03-05 10:24:10,900",
            "thread_id": "5380",
            "caller": "0x082d165c",
            "parentcaller": "0x0456979a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-03-05 10:24:10,900",
            "thread_id": "5380",
            "caller": "0x082d165c",
            "parentcaller": "0x0456979a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f550"
              }
            ],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-03-05 10:24:10,900",
            "thread_id": "5380",
            "caller": "0x082d165c",
            "parentcaller": "0x0456979a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "IsWow64Process"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760906e0"
              }
            ],
            "repeated": 1,
            "id": 5134
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "5380",
            "caller": "0x045697b7",
            "parentcaller": "0x07f3e4a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "5380",
            "caller": "0x082d1d17",
            "parentcaller": "0x045697b7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "5380",
            "caller": "0x082d1d17",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000001a",
                "pretty_value": "CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "5380",
            "caller": "0x082d3945",
            "parentcaller": "0x045697b7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "5380",
            "caller": "0x082d3945",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000001c",
                "pretty_value": "CSIDL_LOCAL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "5380",
            "caller": "0x082d3945",
            "parentcaller": "0x045697b7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002ac"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xc9\\x008\\x13\\x00\\x00\\x04\\x15\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5380"
              }
            ],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-03-05 10:24:11,056",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x73145aea",
            "parentcaller": "0x73093f76",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x082d4e1c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000794"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x731b4e6b",
            "parentcaller": "0x71fcb890",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00fb7c80"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x731c08cb",
            "parentcaller": "0x727d4574",
            "category": "crypto",
            "api": "CryptDestroyKey",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00f496c8"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5146
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "216",
            "caller": "0x75c427d9",
            "parentcaller": "0x73081401",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-03-05 10:24:11,072",
            "thread_id": "5380",
            "caller": "0x082d4ec4",
            "parentcaller": "0x082d334e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5154
          },
          {
            "timestamp": "2026-03-05 10:24:11,087",
            "thread_id": "5380",
            "caller": "0x082d4ec4",
            "parentcaller": "0x082d334e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x082c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-03-05 10:24:11,087",
            "thread_id": "5380",
            "caller": "0x082d4ec4",
            "parentcaller": "0x082d334e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x082c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5156
          },
          {
            "timestamp": "2026-03-05 10:24:11,087",
            "thread_id": "5380",
            "caller": "0x082d5520",
            "parentcaller": "0x082d5473",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-03-05 10:24:11,541",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-03-05 10:24:11,541",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 5161
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5162
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "RoGetParameterizedTypeInstanceIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x766d2c70"
              }
            ],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d610e",
            "parentcaller": "0x082d5ccd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76c00000"
              },
              {
                "name": "FunctionName",
                "value": "GetHashInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76c15880"
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-03-05 10:24:11,556",
            "thread_id": "5380",
            "caller": "0x082d61c4",
            "parentcaller": "0x082d6126",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d6212",
            "parentcaller": "0x082d6126",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\combase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "combase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "RoGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76738b30"
              }
            ],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsCreateStringReference"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76730470"
              }
            ],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000007a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 5179
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000007a4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              }
            ],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00D\\x00i\\x00a\\x00g\\x00n\\x00o\\x00s\\x00t\\x00i\\x00c\\x00s\\x00.\\x00A\\x00s\\x00y\\x00n\\x00c\\x00C\\x00a\\x00u\\x00s\\x00a\\x00l\\x00i\\x00t\\x00y\\x00T\\x00r\\x00a\\x00c\\x00e\\x00r\\x00\\xff97w\\x01\\x00\\x00\\x00\\xffae^\\xff97w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x01\\xffb4\\x07\\x08\\x01\\xffb4\\x07\\xffa0{\\xfffc\\x00\\x08\\x01\\xffb4\\x07H\\xffd4\\xffbb\\x00\\xffe4\\xffc1\\xff96s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00J8=\\xffd0^]-\\x08\\x00\\x00\\x00\\x00\\xffafT-\\x08\\x19\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffbc\\x00\\x00\\x00\\x00\\x00x\\xffd4\\xffbb\\x00\\xffe4\\xffc1\\xff96s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00z8=\\xffd0^]-\\x08\\x00\\x00\\x00\\x00\\xffafT-\\x08\\x1b\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffbc\\x00\\x00\\x00\\x00\\x00@\\xffd4\\xffbb\\x00\\xff98\\xffe5\\xffbb\\x00\\xffb8\\xffdc\\xffbb\\x00^]-\\x088,\\xffb8s\\xffafT-\\x08\\xffb8\\xffd4\\xffbb\\x006\\xffa7\\xff96s$\\xff99\\xffb5s\\xffa28=\\xffd0\\xffe0\\xffcf\\xffbb\\x008,\\xffb8s\\xffb8\\xffdc\\xffbb\\x00\\xffd0\\xffa9\\xffabs\\xffba\\xffba1\\xffa3\\xfffe\\xffff\\xffff\\xffff\\x04\\xffd5\\xffbb\\x00\\xffdf)\\xff98sI\\x00\\x00\\x00X\\x1e\\xffb6sP$\\xffb6s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00I$\\xffb6sl#\\xffb6s\\xffa8\\xff9f\\xfffd\\x00\\xffc8\\xffda\\xffb5s\\x19\\x01\\x02\\x00\\x14$\\xffb6s\\xffa0\\x07\\x00\\x00\\xfffc#\\xffb6sT\\xffd5\\xffbb\\x00tz!\\xffd4\\xfff0\\xffd3\\xfffd\\x00\\xffa0\\x07\\x00\\x00\\xffa8\\xff9f\\xfffd\\x00\\xffa8\\xff9f\\x00\\x00\\xffe0\\xffd4\\xffbb\\x00\\xfff0\\xffd3\\xfffd\\x00\\xffb8\\xffdc\\xffbb\\x00\\x00\\xffae\\xff9awpe9\\xffa3\\xfffe\\xffff\\xffff\\xffff8\\xffd5\\xffbb\\x00ayxv\\x00\\x00\\x00\\x00\\xffa0\\x07\\x00\\x00\\xfff0{\\xfffc\\x00\\x18\\x00\\x00\\x00\\xffa0\\x07\\x00\\x00T\\xffd5\\xffbb\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00l\\xffd5\\xffbb\\x00\\xffc93sv\\x19\\x01\\x02\\x00\\xffa8\\xff9f\\xfffd\\x00\\xffe0Pxv\\xffa0\\xff9f\\xfffd\\x00\\xffa8{\\xfffc\\x00h\\xffd5\\xffbb\\x00\\x0f\\xfff3yv\\xfff0{\\xfffc\\x00\\xff80\\xffd5\\xffbb\\x00\\xffa0\\xff9f\\xfffd\\x00\\xff84\\xffd5\\xffbb\\x00-Qxv\\xffa4\\x07\\x00\\x00\\x00\\xff9f\\xfffd\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5182
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server"
              }
            ],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5188
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5192
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5194
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007a8"
              }
            ],
            "repeated": 0,
            "id": 5196
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x766da300"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76791280"
              }
            ],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsDeleteString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76730230"
              }
            ],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-03-05 10:24:11,697",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x082e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5203
          },
          {
            "timestamp": "2026-03-05 10:24:11,712",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5204
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5209
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsCreateString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76724360"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x02c1d834",
            "parentcaller": "0x082d5d5e",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5211
          },
          {
            "timestamp": "2026-03-05 10:24:11,775",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5212
          },
          {
            "timestamp": "2026-03-05 10:24:11,822",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b598c8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1560"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-03-05 10:24:11,822",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000007b4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b598c8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1560"
              }
            ],
            "repeated": 0,
            "id": 5214
          },
          {
            "timestamp": "2026-03-05 10:24:11,822",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007b4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1560"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-03-05 10:24:11,853",
            "thread_id": "1560",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-03-05 10:24:11,853",
            "thread_id": "1560",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-03-05 10:24:11,853",
            "thread_id": "1560",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73092e70"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5856"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000007bc",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73092e70"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "5856"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "5380",
            "caller": "0x082d5d5e",
            "parentcaller": "0x082d54af",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007bc"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "1560",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "1560",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75e30000"
              },
              {
                "name": "FunctionName",
                "value": "CoUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7670d120"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "1560",
            "caller": "0x75c54faa",
            "parentcaller": "0x73159614",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73848000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-03-05 10:24:11,869",
            "thread_id": "1560",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5225
          },
          {
            "timestamp": "2026-03-05 10:24:11,900",
            "thread_id": "5856",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-03-05 10:24:11,900",
            "thread_id": "5856",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007d0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "1560",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59978"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "996"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "1560",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000007d4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59978"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "996"
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "1560",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007d4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "996"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "1560",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007b4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xcc\\x008\\x13\\x00\\x00\\x18\\x06\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1560"
              }
            ],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "1560",
            "caller": "0x73084f5c",
            "parentcaller": "0x7309a58d",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5232
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "996",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "996",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "996",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007d4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xcc\\x008\\x13\\x00\\x00\\xe4\\x03\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "996"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-03-05 10:24:11,916",
            "thread_id": "996",
            "caller": "0x73084f5c",
            "parentcaller": "0x7309a58d",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 16,
            "id": 5236
          },
          {
            "timestamp": "2026-03-05 10:24:11,962",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FindFirstFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-03-05 10:24:11,962",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FindFirstFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093220"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-03-05 10:24:11,962",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FindClose"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760931a0"
              }
            ],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-03-05 10:24:11,962",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Chromium\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Google\\Chrome\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbb39d0dd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbb39d0dd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FindNextFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FindNextFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093270"
              }
            ],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbb39d0dd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\BrowserMetrics\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc211434"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\BrowserMetrics\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc211434"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbba9dfd6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbba9dfd6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbba9dfd6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5260
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-03-05 10:24:11,978",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbba9dfd6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-03-05 10:24:11,994",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5263
          },
          {
            "timestamp": "2026-03-05 10:24:11,994",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcdd6d3e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-03-05 10:24:11,994",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-03-05 10:24:11,994",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcdd6d3e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5266
          },
          {
            "timestamp": "2026-03-05 10:24:11,994",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Iridium\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\7Star\\7Star\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\CentBrowser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Chedot\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Vivaldi\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Kometa\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Elements Browser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Epic Privacy Browser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-03-05 10:24:12,072",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*"
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Coowon\\Coowon\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\liebao\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\QIP Surf\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Orbitum\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Comodo\\Dragon\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Amigo\\User\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Torch\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Comodo\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\360Browser\\Browser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Maxthon3\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5290
          },
          {
            "timestamp": "2026-03-05 10:24:12,087",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\K-Melon\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Nichrome\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\CocCoc\\Browser\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Uran\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Chromodo\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*"
              }
            ],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "1560",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 5298
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-03-05 10:24:12,103",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbd19086a"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbd19086a"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\wasm\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbd29b7c4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\wasm\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbd29b7c4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5319
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-03-05 10:24:12,166",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\GrShaderCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5323
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5324
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\GrShaderCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfc6d22"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\GrShaderCache\\GPUCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbd0f7f49"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5327
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\GrShaderCache\\GPUCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbd0f7f49"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Safe Browsing\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfecfa3"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Safe Browsing\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbcfecfa3"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\ShaderCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc9f74f3"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\ShaderCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc9f74f3"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\ShaderCache\\GPUCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc9f74f3"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\ShaderCache\\GPUCache\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc9f74f3"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5341
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\SmartScreen\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc938468"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\SmartScreen\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc938468"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5345
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5346
          },
          {
            "timestamp": "2026-03-05 10:24:12,181",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\SmartScreen\\local\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc938468"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00f48c88",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\SmartScreen\\local\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xbc938468"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d7325",
            "parentcaller": "0x082d6584",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007dc"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d36e5",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\atomic\\Local Storage\\leveldb"
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d4192",
            "parentcaller": "0x045697b7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Bitcoin\\Bitcoin-Qt"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Bitcoin\\Bitcoin-Qt"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d39b5",
            "parentcaller": "0x045697b7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Dash\\Dash-Qt"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Dash\\Dash-Qt"
              }
            ],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d3840",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Electrum\\wallets"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d45b9",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Ethereum\\keystore"
              }
            ],
            "repeated": 0,
            "id": 5355
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d3e29",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Exodus\\exodus.wallet"
              }
            ],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-03-05 10:24:12,197",
            "thread_id": "5380",
            "caller": "0x082d444e",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\com.liberty.jaxx\\IndexedDB"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-03-05 10:24:12,212",
            "thread_id": "1560",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 5358
          },
          {
            "timestamp": "2026-03-05 10:24:12,228",
            "thread_id": "5380",
            "caller": "0x082d33f8",
            "parentcaller": "0x045697b7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Litecoin\\Litecoin-Qt"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Litecoin\\Litecoin-Qt"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-03-05 10:24:12,228",
            "thread_id": "5380",
            "caller": "0x082d3f4c",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Zcash"
              }
            ],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-03-05 10:24:12,244",
            "thread_id": "1560",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 5361
          },
          {
            "timestamp": "2026-03-05 10:24:12,259",
            "thread_id": "5380",
            "caller": "0x082d3c11",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00fc6498",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc85bcc7b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-03-05 10:24:12,275",
            "thread_id": "1560",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 10,
            "id": 5363
          },
          {
            "timestamp": "2026-03-05 10:24:12,306",
            "thread_id": "5380",
            "caller": "0x082d3c11",
            "parentcaller": "0x045697b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02cdc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-03-05 10:24:12,306",
            "thread_id": "5380",
            "caller": "0x082d3c11",
            "parentcaller": "0x045697b7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007e4"
              }
            ],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-03-05 10:24:12,306",
            "thread_id": "5380",
            "caller": "0x082d407f",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-03-05 10:24:12,306",
            "thread_id": "5380",
            "caller": "0x082d1a3f",
            "parentcaller": "0x045697b7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-03-05 10:24:12,306",
            "thread_id": "5380",
            "caller": "0x082d1a3f",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000026",
                "pretty_value": "CSIDL_PROGRAM_FILES"
              },
              {
                "name": "Path",
                "value": "C:\\Program Files (x86)"
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-03-05 10:24:12,306",
            "thread_id": "1560",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 37,
            "id": 5369
          },
          {
            "timestamp": "2026-03-05 10:24:12,322",
            "thread_id": "5380",
            "caller": "0x082d1b4b",
            "parentcaller": "0x045697b7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\Ledger Live\\Ledger Live.exe"
              }
            ],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-03-05 10:24:12,322",
            "thread_id": "5380",
            "caller": "0x082d7bc4",
            "parentcaller": "0x045697c7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetLastInputInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769e3d90"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-03-05 10:24:12,322",
            "thread_id": "5380",
            "caller": "0x082d7d99",
            "parentcaller": "0x082d7bc4",
            "category": "system",
            "api": "GetLastInputInfo",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-03-05 10:24:12,322",
            "thread_id": "5380",
            "caller": "0x082d7f1d",
            "parentcaller": "0x045697ef",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000007ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 5373
          },
          {
            "timestamp": "2026-03-05 10:24:12,322",
            "thread_id": "5380",
            "caller": "0x082d7f1d",
            "parentcaller": "0x045697ef",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007ec"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-03-05 10:24:12,322",
            "thread_id": "1560",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 43,
            "id": 5375
          },
          {
            "timestamp": "2026-03-05 10:24:12,337",
            "thread_id": "1560",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-03-05 10:24:12,337",
            "thread_id": "1560",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-03-05 10:24:12,337",
            "thread_id": "996",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 49,
            "id": 5378
          },
          {
            "timestamp": "2026-03-05 10:24:12,337",
            "thread_id": "996",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-03-05 10:24:12,337",
            "thread_id": "996",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-03-05 10:24:12,416",
            "thread_id": "5856",
            "caller": "0x76091e6a",
            "parentcaller": "0x73092f76",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-03-05 10:24:12,416",
            "thread_id": "5856",
            "caller": "0x730943d1",
            "parentcaller": "0x7309426d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-03-05 10:24:12,416",
            "thread_id": "5856",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007d0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-03-05 10:24:12,900",
            "thread_id": "5856",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-03-05 10:24:12,900",
            "thread_id": "5856",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007d0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-03-05 10:24:13,306",
            "thread_id": "5380",
            "caller": "0x04569bdb",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5386
          },
          {
            "timestamp": "2026-03-05 10:24:13,306",
            "thread_id": "5380",
            "caller": "0x04569bdb",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74f50000"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-03-05 10:24:13,400",
            "thread_id": "5856",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-03-05 10:24:13,400",
            "thread_id": "5856",
            "caller": "0x75c4269a",
            "parentcaller": "0x7309435b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007d0"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-03-05 10:24:13,400",
            "thread_id": "5856",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5856"
              }
            ],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-03-05 10:24:13,400",
            "thread_id": "5856",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-03-05 10:24:14,259",
            "thread_id": "5380",
            "caller": "0x082d8f6a",
            "parentcaller": "0x04569bdb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769f4920"
              }
            ],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-03-05 10:24:14,259",
            "thread_id": "5380",
            "caller": "0x082db109",
            "parentcaller": "0x082d8f6a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-03-05 10:24:14,275",
            "thread_id": "5380",
            "caller": "0x082db109",
            "parentcaller": "0x082d8f6a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-03-05 10:24:14,603",
            "thread_id": "5380",
            "caller": "0x082dbe03",
            "parentcaller": "0x082d980c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayMonitors"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a01440"
              }
            ],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dcc61",
            "parentcaller": "0x082dca1e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dcc61",
            "parentcaller": "0x082dca1e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769f2980"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dd36a",
            "parentcaller": "0x082dccfd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76160000"
              }
            ],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dd36a",
            "parentcaller": "0x082dccfd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dd36a",
            "parentcaller": "0x082dccfd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dd36a",
            "parentcaller": "0x082dccfd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDCW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761653a0"
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dd43c",
            "parentcaller": "0x082dd36a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-03-05 10:24:14,634",
            "thread_id": "5380",
            "caller": "0x082dd43c",
            "parentcaller": "0x082dd36a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-03-05 10:24:14,650",
            "thread_id": "5380",
            "caller": "0x082dcd13",
            "parentcaller": "0x082dca1e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76165ec0"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-03-05 10:24:14,650",
            "thread_id": "5380",
            "caller": "0x082dda21",
            "parentcaller": "0x082dcd3e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76166790"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-03-05 10:24:14,650",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a017d0"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-03-05 10:24:14,650",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-03-05 10:24:14,650",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769ebd50"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-03-05 10:24:14,650",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-03-05 10:24:14,681",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000814"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b598a8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3936"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-03-05 10:24:14,681",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000814",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b598a8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3936"
              }
            ],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-03-05 10:24:14,681",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000814"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3936"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-03-05 10:24:14,681",
            "thread_id": "5380",
            "caller": "0x082d980c",
            "parentcaller": "0x082d8f6a",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5413
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5415
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093960"
              }
            ],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandlerW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5418
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769edf90"
              }
            ],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769ef1d0"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-03-05 10:24:14,697",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769ef220"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x02cbd252",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x02cbd252",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779b7fa0"
              }
            ],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x7798112f",
            "parentcaller": "0x7797f0c9",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000824"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 5426
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x779812bc",
            "parentcaller": "0x77981427",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000824"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000d4000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x7798009f",
            "parentcaller": "0x77980824",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75e18000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x77991ee8",
            "parentcaller": "0x77991e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-03-05 10:24:14,775",
            "thread_id": "3936",
            "caller": "0x77991ee8",
            "parentcaller": "0x77991ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x77969ddb",
            "parentcaller": "0x7797b530",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75e14000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797f149",
            "parentcaller": "0x779823c8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000824"
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x77980da0",
            "parentcaller": "0x7796e523",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75e14000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x77980f7a",
            "parentcaller": "0x77980dc2",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\r\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x0f%\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x07\\x12\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00XM\\x07\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00XM\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x11\\x04 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x009\\x07\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdd\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\xd0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06(\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\xdc\\xff\\xff"
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9699",
            "parentcaller": "0x74bc940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5435
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9699",
            "parentcaller": "0x74bc940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5436
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9699",
            "parentcaller": "0x74bc940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5437
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9851",
            "parentcaller": "0x74bc8c22",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9890",
            "parentcaller": "0x74bc8c22",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000824"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msctf.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9931",
            "parentcaller": "0x74bc8c22",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000824"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x74bc9931",
            "parentcaller": "0x74bc8c22",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x75d50000"
              }
            ],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797de02",
            "parentcaller": "0x77981903",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\msctf"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d50000"
              },
              {
                "name": "InitRoutine",
                "value": "0x75d9e040"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7756d000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7756d000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5444
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x779862aa",
            "parentcaller": "0x75c5c59a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000082c"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x779862d1",
            "parentcaller": "0x75c5c59a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000830"
              }
            ],
            "repeated": 0,
            "id": 5446
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7756d000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7756d000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5449
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76093080"
              }
            ],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "MsgWaitForMultipleObjectsEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769fbfa0"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-03-05 10:24:14,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5453
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880a5d",
            "parentcaller": "0x08880a07",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\\gdiplus"
              },
              {
                "name": "DllBase",
                "value": "0x70b70000"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880a5d",
            "parentcaller": "0x08880a07",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70b70000"
              }
            ],
            "repeated": 0,
            "id": 5456
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880a5d",
            "parentcaller": "0x08880a07",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x70b70000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880a5d",
            "parentcaller": "0x08880a07",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdiplusStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70be5d90"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b10000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e0000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b10000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d0000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08be0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5461
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5462
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 1,
            "id": 5463
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              }
            ],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769f4e90"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetAncestor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a014a0"
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769e41e0"
              }
            ],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayMonitors"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a01440"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayDevicesA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769e95a0"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08be1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "78"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "79"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7617f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "ExtTextOutW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76163a60"
              }
            ],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "GdiIsMetaPrintDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7616a680"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-03-05 10:24:14,900",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\\GdiPlus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70b70000"
              }
            ],
            "repeated": 0,
            "id": 5480
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000838"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x70be7810"
              },
              {
                "name": "Parameter",
                "value": "0x08be1298"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "7152"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "gdiplus.dll"
              }
            ],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x08880bdd",
            "parentcaller": "0x08880a5d",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000838",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x70be7810"
              },
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "Parameter",
                "value": "0x08be1298"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "7152"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x08880888",
            "parentcaller": "0x082ddc2e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateBitmapFromScan0"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bb0ee0"
              }
            ],
            "repeated": 0,
            "id": 5484
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x08880e28",
            "parentcaller": "0x08880d38",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImagePixelFormat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70be0d50"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x08880d5c",
            "parentcaller": "0x082d8fe9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageGraphicsContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bb3df0"
              }
            ],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-03-05 10:24:14,916",
            "thread_id": "5380",
            "caller": "0x082d912d",
            "parentcaller": "0x04569bdb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08869000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "5380",
            "caller": "0x08881da9",
            "parentcaller": "0x08881d7f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769fe9f0"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "5380",
            "caller": "0x088822a5",
            "parentcaller": "0x0888194d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76166d50"
              }
            ],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "5380",
            "caller": "0x088824a8",
            "parentcaller": "0x08881615",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b95ec0"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "5380",
            "caller": "0x08881644",
            "parentcaller": "0x08881054",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "BitBlt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76166ce0"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x7796939b",
            "parentcaller": "0x77969802",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\SystemResources\\gdiplus.dll.mun"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 1,
            "id": 5495
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x779862aa",
            "parentcaller": "0x75c5c59a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000850"
              }
            ],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x779862d1",
            "parentcaller": "0x75c5c59a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000854"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x75c43cc4",
            "parentcaller": "0x70be7bfc",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000834"
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x75c41446",
            "parentcaller": "0x70be7c16",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "26"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-03-05 10:24:14,931",
            "thread_id": "7152",
            "caller": "0x75c4269a",
            "parentcaller": "0x70be7c29",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000834"
              }
            ],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-03-05 10:24:14,978",
            "thread_id": "5380",
            "caller": "0x0888262f",
            "parentcaller": "0x088825d8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b95cb0"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-03-05 10:24:14,978",
            "thread_id": "5380",
            "caller": "0x088829ec",
            "parentcaller": "0x088829b4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0886a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-03-05 10:24:14,978",
            "thread_id": "5380",
            "caller": "0x08882a01",
            "parentcaller": "0x088829b4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769fe390"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-03-05 10:24:14,994",
            "thread_id": "5380",
            "caller": "0x088830cf",
            "parentcaller": "0x0888303b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteGraphics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bad8c0"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-03-05 10:24:14,994",
            "thread_id": "5380",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-03-05 10:24:14,994",
            "thread_id": "5380",
            "caller": "0x088831c6",
            "parentcaller": "0x082d9231",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetInterpolationMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bb5da0"
              }
            ],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-03-05 10:24:14,994",
            "thread_id": "5380",
            "caller": "0x08883275",
            "parentcaller": "0x082d9280",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDrawImageRectI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bb8690"
              }
            ],
            "repeated": 0,
            "id": 5507
          },
          {
            "timestamp": "2026-03-05 10:24:15,009",
            "thread_id": "5380",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09f70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-03-05 10:24:15,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5509
          },
          {
            "timestamp": "2026-03-05 10:24:15,025",
            "thread_id": "5380",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08be2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-03-05 10:24:15,041",
            "thread_id": "5380",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08be9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5511
          },
          {
            "timestamp": "2026-03-05 10:24:15,056",
            "thread_id": "5380",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09f70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-03-05 10:24:15,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-03-05 10:24:15,072",
            "thread_id": "5380",
            "caller": "0x08883ba9",
            "parentcaller": "0x082d948e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090460"
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-03-05 10:24:15,072",
            "thread_id": "5380",
            "caller": "0x08883c16",
            "parentcaller": "0x082d9501",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageDecodersSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bde870"
              }
            ],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-03-05 10:24:15,072",
            "thread_id": "5380",
            "caller": "0x08883c31",
            "parentcaller": "0x082d9501",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a62000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-03-05 10:24:15,072",
            "thread_id": "5380",
            "caller": "0x08883c31",
            "parentcaller": "0x082d9501",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageDecoders"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bde6e0"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-03-05 10:24:15,134",
            "thread_id": "5380",
            "caller": "0x08884d48",
            "parentcaller": "0x082d9443",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSaveImageToStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70bdefb0"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-03-05 10:24:15,134",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\WindowsCodecs"
              },
              {
                "name": "DllBase",
                "value": "0x6f890000"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "WindowsCodecs.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f890000"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WindowsCodecs.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6f890000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6f8ea840"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5523
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              }
            ],
            "repeated": 0,
            "id": 5526
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5529
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              }
            ],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5534
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5535
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              }
            ],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5541
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              }
            ],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5547
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              }
            ],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5553
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5559
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              }
            ],
            "repeated": 0,
            "id": 5562
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5565
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5571
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              }
            ],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5577
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5583
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              }
            ],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5589
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5590
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              }
            ],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              }
            ],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5595
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              }
            ],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5601
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              }
            ],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5607
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              }
            ],
            "repeated": 0,
            "id": 5610
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-03-05 10:24:15,150",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5613
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000834"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              }
            ],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000836"
              }
            ],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5619
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5625
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000858"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5630
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              }
            ],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000085a"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08f30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08f30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08f42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08885557",
            "parentcaller": "0x088854c4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b70000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDisposeImage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70be5080"
              }
            ],
            "repeated": 0,
            "id": 5640
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-03-05 10:24:15,166",
            "thread_id": "5380",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-03-05 10:24:15,181",
            "thread_id": "5380",
            "caller": "0x0888561d",
            "parentcaller": "0x04569cac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetForegroundWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a015b0"
              }
            ],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-03-05 10:24:15,181",
            "thread_id": "5380",
            "caller": "0x0888561d",
            "parentcaller": "0x04569cac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetForegroundWindowW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-03-05 10:24:15,181",
            "thread_id": "5380",
            "caller": "0x08885659",
            "parentcaller": "0x04569cac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-03-05 10:24:15,181",
            "thread_id": "5380",
            "caller": "0x08885659",
            "parentcaller": "0x04569cac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769f9d50"
              }
            ],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-03-05 10:24:15,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-03-05 10:24:15,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5648
          },
          {
            "timestamp": "2026-03-05 10:24:15,259",
            "thread_id": "5380",
            "caller": "0x07b2eb09",
            "parentcaller": "0x088879fc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x067c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-03-05 10:24:15,259",
            "thread_id": "5380",
            "caller": "0x08886cc0",
            "parentcaller": "0x05525ecf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0886d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-03-05 10:24:15,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-03-05 10:24:15,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-03-05 10:24:15,353",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrcompression.dll"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-03-05 10:24:15,353",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibrary"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-03-05 10:24:15,353",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760916c0"
              }
            ],
            "repeated": 0,
            "id": 5655
          },
          {
            "timestamp": "2026-03-05 10:24:15,353",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "FreeLibrary"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090ae0"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-03-05 10:24:15,369",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrcompression"
              },
              {
                "name": "DllBase",
                "value": "0x70b50000"
              }
            ],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 5659
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 5661
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrcompression.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70b50000"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f550"
              }
            ],
            "repeated": 0,
            "id": 5664
          },
          {
            "timestamp": "2026-03-05 10:24:15,384",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "deflateInit2_"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5ad00"
              }
            ],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-03-05 10:24:15,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-03-05 10:24:15,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "deflate"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5a420"
              }
            ],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "deflateEnd"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5ac40"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "inflateInit2_"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5d1b0"
              }
            ],
            "repeated": 0,
            "id": 5670
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "inflate"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5bc80"
              }
            ],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "inflateEnd"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5d150"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrcompression.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b50000"
              },
              {
                "name": "FunctionName",
                "value": "zlibCompileFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70b5efd0"
              }
            ],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5676
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b04",
            "parentcaller": "0x04569a2a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x758e0000"
              },
              {
                "name": "FunctionName",
                "value": "select"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758f5e50"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b04",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885cb3",
            "parentcaller": "0x04569a2a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetEnvironmentVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885cb3",
            "parentcaller": "0x04569a2a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetEnvironmentVariableW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090860"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885cb3",
            "parentcaller": "0x04569a2a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "EncryptMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c559a0"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885cb3",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\t"
              },
              {
                "name": "SequenceNumber",
                "value": "1"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885cb3",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xde\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "2"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885cb3",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xaers3\\xca\\x85dK0\\xae\\x04\\x98O\\xeeF\\xc3\\x0e0\r\\xf2\\xd0\\xc1\\\\xb9\\xcb\\xab\\x06o\\xe4\\x964\\xb7\\x17\\x03\\x01\\x00 )\\x9c\\xd7\\xa7Mx+sM\\xbd \\xbfH\\x942\\x8e4\\x01\\x9d\\x98\\x13\\x7f)8\\xd577\\xb0\\x8cw?\\xf7"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885c41",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "3"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9c\\xfa\\x05T\\x9c[\\xd3-\n7\\xae\\xc1\\x02\\x04\\x82C\\x13\\x9c\\xe0\\xee\\xde\\xb8\\x134\\xb8\\xbb\\xbb\\x05\\x08\\x10\\xb4q\\x82K\\x80`\\xc1=\\xb8\\xbb\\xbb[p\\x87\\x10\\xec6\\xd9;\\xef\\xbb\\xf7\\xf7\\x7fg\\xfc\\xe7\\xde\\xce \\xa3{U\\xad\\xaa\\x9a\\xb3d\\xad\\xa7G#\\xc7\\xae\\xc2 \\x93\n\\x8b\\xb0q\\x8bq\\x8a\\xb3p\\xb1\\x8apI\\x88\\x8aq\\xb1s\\x88qs\\xb0\\x89\\xb0\\xb3p0\\x8bq\\xb0\\x8as\\x92chX\\xd8\\x1a\\xdb\\xb99\\x91\\x8a\\x99\\x98\\x9a\\xd8\\x1a\\x9b8\\xd2\\xfeg\\x85\\x99\\x89\\x14\\xa2j\\xe1\\xcc\\x02\\xc7\\xc6\\xc8\\xc6\\xc8\\xc4\\xf3B\\xd8\\xd8\\xc6\\xc2\\xd6\\xc2\\xc9\\xd9\\xd1\\xc0\\xd9\\xceQ\\x04\\xcb\\xc8\\xc0\\xdeD[L\\EFUA\\x91AQ\\x94\\x89YWj\\x9eC\\x19\\x95\\x8b\\x9b\\x91\\x85\\x95\\x91\\x99\\x89\\x95\\x91\\x83I\\x0bF\\xfe\\xad\\xb0>\\xac#\\x8c:3\\x97'\\xb7(\\x8f\\x8e\\x9a\\x93\\x89\\xa3\\x93\\xce\\xf3N\\x1da{{1\\x03g\\x03\\x1dY;#\\x03k\\x1dU\\x13\\x1b{\\x1d.N&vVc&\\x03c.f\\x03#VV\\x0eN\\x13SvF\\x13w\\x93@(T&cR&sR&\\x1bRfN\\xa7p\\xa8\\xdce\\x98\\xa7\\xb9\\xa75\\x00\\x86\\xb4\\x04H\\x02\\x00\\x05\\x05\\x05\\xd0\\x87\\xfc\\x03<-\\x02D\\x01/\\x90\\x90Q\\x90\\x11_\\xa0\\xa0\\xa0\\xa0\\xa3\\xbd\\xc0\\xc0&\\xc3\\xc1\\xc6\\xc2\\xc2\\xa6&\"\\xc6#c\\xa2ea~K\\xcb\\xc8\\xc0\\xc6+#\\xc4\\xc6%\\xc9\\xcd\\xc0(\\xa2)\")\\xaf\\xa8\\xaa\\xa6\\xca*\\xa8k\\xa4\\xa3l(\\xa3\\xa2\\xaa\\xf4l\\x04\n\r\\x1d\\x1d\\x1b\\x13\\x9b\n\\x07\\x87J\\x89\\x83\\x91C\\xe9\\xff\\xf5\\xeb\\xa9\r\\x80\\x89\\x08\\xb5\\x06\\xed\\x0f\\x03E\\x0e\\x80\\xc6\\x84\\x82\\xc1\\x84z\\xea\\x02\\x90\\x00\\x00PpP\\xbf_\\x80\\xbf_P\\xd00\\xb0p\\xf0\\x08\\x88\\x90\\xa0!\n5\\x18\\x00h(\\x18\\x18hX\\x1888XX\\x88\\xd4\\x07\"\\x07\\xc0b\\xc2a\\x911\\x0b\\xc3\\xbfT2@ w\\xc0f\t\\x88\\xcdF\\xa4\\x10\\xa9h\\xc7Q\\x1e?\\x05\\xb2\\x1a:\\x06\"!\\xe3\\xbe\\xc2\\xc3\\x7fM\\xf9\\x86\\x8a\\x9a\\x86\\x96\\x8d\\x9d\\x83\\x93\\x8b\\x9bGTL\\BR\n$\\xad\\xa2\\xaa\\xa6\\xae\\xf1NS\\xcb\\xc8\\xd8\\xc4\\xd4\\xcc\\xdc\\xc2\\xd2\\xc9\\xd9\\xc5\\xd5\\xcd\\xdd\\xc3\\xf3CPp\\xc8\\xc7\\xd0\\xb0pp\\|BbRrJjNn^\\xfe\\x97\\x82\\xc2\\xa2\\xaf\\x95U\\xd55\\xb5u\\xf5\r\\x8d\\x1d\\x9d]\\xdd=\\xbd}\\xfd\\x03\\x13\\x93S\\xd33\\xb3s\\xf3\\x0b\\xeb\\x1b\\x9b[\\xdb;\\xbb?\\xf6\\xf6\\xcf\\xce/.\\xaf\\xaeo~\\xde\\xfez\\xc6\\x05\\x05\\x80\\x81\\xfa\\xf3\\xfa_qaBpA\\xc3\\xc2\\xc2\\xc0\"<\\xe3\\x82\\x82v{V\\xc0\\x84\\x85#c\\x86\\xc7\\x12VB0pxI\\xce\\x12\\x80\\x88-\\x12\\x9b]\\xd1\\x8eD\\xc1\\xaa|\\x8ac\\xe88\\x8e\\x8c\\x0bd[\\xa7<{\\x86\\xf6\\x1b\\xd9\\xff\\x1d\\xb0\\xc0\\xffO\\xc8\\xfe\\x03\\xec\\xbf\\xb8\\x16\\x00\\xa80P\\x90\\xe4\\xc1`\\x02\\x04\\x01\\x11\\xa9\\xac\\xc2\\xc5\\x8d\"\\xb9\\xba8\\xce\\xa8\\xc8if5>\\xf4\\xdb\\x83\\xaf(\\xb6h:3\\xa4\\xf9\\x07\\xfaQ+}\\xfa\\xfa\\x89\\xeb\\xbf\\xf4\\x13\\xc6\\xa6\\xf1\\xe0\\x08l\\xd4-\\xf4\\xcb\\xc0k\"^\\xdb\\xfaiI\\x08\\xa5h\\x129\\xec\\xdd\\xb4Jo\\xbf\\xabjX+\\xcd1\\xe3\\xbfU\\xd2p\\xc1\t\\x90\\xf6P:\\xa4\\xe2\\xe6>\\xf8\\xa9F\\xbb\\x1f4\\xb59\\x14E\\x1b\\xe3\\xbc\\xb5\\xd1\\x111.\\xae\t\\x95*;.\\x0e\\x83:.\\x8e\r0\\x05\\x87S\\x03\\x86\\xf1s\\xc0\\x01!\\xe6\\xc3\\xd8\\x8a\\xd0\\xa6\\x11\\xcf\\x92\t\\xd3D\\xc8\\x82\\x05\\xab\\x0cH\\x08I\\x9c\\x81\\x12\\xb2\\xa0\\xbc\\x01\\xf6G\\x96\\xd6\\x92\\x86\\xa7\\xc4\\xae\\x8eG\\x95\\x96\\xd6Q\n\\x87\\xa7\\xa4d\\xa4\\xa1\\xc6\\x8b7\r\\x97\\x86\\xc7\\x8e\\xff\\xbd\\xeaB\t\\xf3\\x92-%?/\\xcbPYy\\\\xa8+\\x0f\\xf2.\\x9b\\x86\\xc6\\x02\\xa2\\xa4<\\xa1\\xc8\\xfc\\x82\\x12b\nY\\x9a:\\xcb\\x00\\x041\\xdc\\xc9\\x06\\xd9\\x03P\\x86\\x08\\x98~\\xfb\\x0f\\x86\\x0f\\x97\\x06P?\\xbf\\xc1\\xcf\t\\x07\\xd0P\\xe7\\x04\\x04C\\xf4\\x01\\xd8J\\xe200 H\\xa4J\\xe2\\xd8\\xa8{\\x91\\x9a\\x93\\xc9\\xa5\\x87\\xee\\xfb\\x8e\\x08\\xdbj\\xc3\\x02\\x08\\xe7\\xbb\\x92\\x87%/\\xc4\\xa67\\xc67U\\xbc+e\\xabP\\x0f^2lU%\\xe7\\xb3`\\xd2\\xbbS\\xb9\\x8d\\xa9G\\x8e\\xfe\\xba.\\x02\\xdb\\xf0\\x1c\\x16\\x19F\\x0c8\\xc2D\t\\x17\\x96k\\x01S>q\\x91D\\xba_\\xd1\\xbe9\\x9cN\\xb9\\xc4\\xdec+K5\\xefo\\xe5NF\\x17V\\xb3\\xd4\\xfe\\x88%?\\xc4c\\x16\\x1e\\xd5b)=&uZ,\\x93\\x9a\\x97\\x99\\x1c\\xaf$\\xa3\\x85\\x8f$\\x0e!G\t\\x12v\\x0781\\x1c \\xfd\\x17\\xa6q!$\\x90|\\xde\\x17h\\xa5p-j\\xbc\\x05\\x1a\\xf3,\\xd8\\xbc\\xfc\\x9c\\x800\\x90\\x8c8\\x0c\\x818\\x036\\xe0y\\xc9\\xc8\\x82f\\xea\\x99\\x9a\\xdf\\x1a\\x16\\xcc\\x10R\\xd8\\xfe\\xa6\n\\xeeEN\\x12vr\\x96\\xe1\\xeb\\xdf\\xb2g\\xee\\xb0\\xc0\\xf1\\x10\\x9a\\xfe\",~_\\x1a\\x19cB9\\xf5on\\x9f\\x17\\x01\\xbf\\xadC\\x02a\\xa6\\x860$M\\xfd\\xfc\\xe1\\x99\\xa1\\xbf\\xe4\\x10\\xef9\\xe1\\x7f1\r%\\x8e\\x8d\\x0c\\xef\\x82\\xb0'%\\xd4\\xe3\\xe54j\\xbb\\xbaA#\\xa7\\x91t\\x04\\x9bS\\xe2\\xd0(I\\x95\\x96\\x1d%\\xe0+(\\x0b\\xcd|\\xa2\\xa9\\x16\\x9fS\\x0e\\xe7\\xd4\\x9f\\x8b\\x07Z\\xb0\\xedZB\\xdb\\xbc\\xc8\\xfa\\xeeY\\xeb\\xfb%\\xeb\\xa2\\xec\\xdb\\xb8mr\\x13\\xa1q\\x7fZY\\x07K/\ts\\xfff\\x81\\xb0<\\xd8jy\\xb4\\x12\\xc8\\x1bM\\x7fn\\x12\\xdaq6\\x19\\xa5qU\\xc2\\xdf\"\\xf9\\x04`\\x1c\\xc9,\\x9e\\xd0\\xf2R\\x95\\x89=\\x10\\x17\\x01\\xb6\\xd0\\x90\\xb39| \\xb7^\\x8a\\x00\\x10\\xc6\\xdd8\\x9c,\\x12\\xd1z\\xbf^I\\xdb\\xe6\\xbd\\x90\\xe8\\xe5\\xd7\\xb2\\x0fn0q\\x80D?\\xd6\\xf5W\\xc0\\x89\\xbf\\xab\\xea\\x0f\\x972\\xe2\\x80\\xe7\\xf2\\xea\\x81\\xfc\\xa7\\x08\r\\xa9 \\xa9\\xdfe\\xf4\\xbc\\x0e\\xa1&1\\xdc\\x08+fb\\\\xa8g\\x1c\\x92\\x85\\xae\\xbc\\x02\\xe5g\\x95g\\xba^\\xf0\\x80\\x03\\xc2\\xa4 L\\xc0A4\\x85\\x9f\t\\xff\\x07\\xeb\\xd2\\xc8\\xcf;\\xe19>\\xfc\\xde\\x94\\xcf\\x06Y\\xfcM\\xaf\\xd2_\\x99\\x84\\x94\\xf3kj(H@\\x907J\\xcf+\\x7f\\xe2Q\\x12\\x87\\xf0\nY\t\\xa7\\xfeM+\\xfe\\xd4kj6Ewa\\x08\\xf9P\\xcf\\x7f\\xa9L\\xd491H\\xd1\\xd2\"\\x88\\x05J\\xa9\\xf0\\x1c\\xe1n\\xc4\\xf1\\xfa\\xaf\\xf59\\xc0\\xe9\\xd5\\x13\\x861]\\x90\\xbcB\\x8a\\x05R\\xb3\\xbf\\xcb\\x9e\\xba\\x9b\\x01\\x1bU\\xf6_H\\xf4))!k\\xd2\\x7f\\xf7\\x13\\xa4\\x06\\x9e\\x8b[\\xf4\\xb9+\\xba \\x94<W\\xd0\\xefhs\\x02\"\\xd9\\xe2\\xf7E\\x9f!C*\n$\\x13\\xfe\\x8c&]\\xca\\xfc5\\x01\\xa4\\xec =\\xf6ZK\\xda\\x04\\xe9\\xaf\\xb7\\xbf\\x1d=7\\xdes\\x8d\\xc2\\xfd\\xd5h*\\x10:\\x7f\\xfb\\xf9W\\xa5@\\xc0\n=\\x83%\\x02\\xe5\\x8bY\\xe0\\xd1F\\xa4\\x8a\\xca\\x81\\xf7\\xb2\\xde3bp\\xd6\\xd1\\xf7\\xd6\\xd5\\xc8\\xa6\\xc7nt\\xf0\\x8dt\\xb7[\\xfb{w\\xc5\\xc9\\\\x9b/\\x06\\xc4j\\x1e88\\xc4\\xde\\x9d\\x83\\x0e\\x85v\\xaa\\x19\\xf2Y\\xd0\\x93\r>*\\xe9\\xa8\\x99)\\xd3\\x0c\\xec\\x8c a(\\xd8\\x9e\\xc6f\\xa8^\\x92\\xe7\\x94~Dah\\xcau\\xc3\\x89\\x95@\\xc1\\xb9\n\\xad\\xbe\\x11S\\xfdH\na@\\xc3!\\xe67\\x17\\xd5\\x10:#&\\x94\\x84P\\xba\\xdf\\xac\\x8a\\x8ac\\xb7\\x89 \\x1e\\x893\\x9a\\x8fx\\x86\\x03l\\xb0\\x0f\\x91\\xe5\\xbe@`K[\\xd0\\xfc\\xae\\xe4\\x7f\\xe5\\x1d\\x9c\\xfc;/X\\xe1\\x7f\\xa6\\x8f\\xe8_\\x90\r\\x7f3\\x15\\x0e\\xe9\\x1b\\x02P\\xb8C\\xde\\x176H\\x92\\xa5\\xcc\\x9f;\\xc7\\x06\\x0e\\x11\\x92\\xff\\x90\\x98\\x9e\t\\x95\"j\\xbc\t\\x1aH-\\x0c<\\x1b\n\\x08\\xfdOY@\\x86\\x17\\xd7\\xc4\\xefF\\xfa\\x9dy\\xa4\\xdf]\\x05\\xe1\\xef\\xf7h\\x82\\xfb;;\\xcc\\xff]G\\xcb\\x9b\\xa6\\x89\\x9a_dw\\x9eYM\\xf0r\\xb0\\xf8\\xb28\\x97#\\xa1I,\\x99\\xe2\\xdf\\x0exXI\\xb7\\xcahyo\\x1c\\xc7wHDb\\xf5\\xa6|l\\x8b\\xbc\\x1e\\xa5\\xd0d\\x04\\xe3E\\xeeB\\xad\\xbe\\x8b\\x0e\\xd8s\\xc6-\\xcc`\\xb1l\\x85\\xcd\\x12\\xda\\xe3\\xa3?\\x8f\\xba\\xb5\\x06'RP\\xd8\\xea\\x9cK\t\\x95e\\xf5\\xadI\\x8e\\x99\\xd8\\x0f=\\x8dO\\x8b\\xa2E^1\\x151\\x05\\xc035\\xda\\xf44\\xa7\\x0f;KR\\xdd\\xa1m:\\xa7\\xb43\\xfb\\xcd\\x8c\\xc4x\\xee5\\xc4-#\\xafK\\x1b\\xb4n\\x88\\xc49\\xeds]\\t\\x06:\\x8bh8\\x95\\xea"
              },
              {
                "name": "SequenceNumber",
                "value": "4"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 5\\xd0\\xd2\\xd28\\x94U\"\\x9c\\x00Wm\\xfb\\xa5\\x0e+\\x1d\\x9a\\xabYz\n\\xb5\\xe4\\xee\\x0f:D:\\x14\\x7f\\xb2\\x17\\x03\\x01?\\xd0\\xa8j\\xec/]\\x03.}\\xb1Q\\xe5i\\x92\\xf3\\xbd6Z\\xc7\\x14nw7\\xa5F\\x1e\\x15\\xde\\xc7\\xde$0\\xcdB\\xfb\\x17b\\x13\\xa48\\x82.\\xf0\\xc9?\\xcd\\xfa\\xed\\x11\\xf1\\x87\\xfb\\x1c\tI\\xe1(\\xa1u\\xb6H`{\\x10\\x05\\xc7Zi'\\xd8<A\\xd5e\\xf4/Rc\\x10\\x1dq\\xdb\\xcae\\xb1/\\x15\\xf9\\xcb\\xc1\\xa4d\\xad6b!Y\\xc8c\\xc4(\\xfcG\\x83{\\x19\\xe8\\xa9vu\\xc1\\xda\\x11e\\xdf\\xd3\\xdb\\xdav\\x1a\\xe9Pd(\\x9c\\xcfm\\xe2<a\\x0f\\xb8%R\\xbf\\x99x\\x90Z\\xdb\\x11\\xfe\\xb7Pz\\x81\\x1dz\\x80J\\xd5r/\\x1aY\\x9b\\x95\\x0c\\xd7\\xb1n\\xe8J\\xbdz\\xc7\\x88\\xed&\\xb4FF\\xcd\\x04\\x1c\\x1f\\x11Z\\xdc\\xfaSC\\xdeT\\xe8\\x89oQ\\x89#+\\x1e\\x14\\x00\\xd2\\xeeI=\\xb0\\x17C\\xb3\\xa9\\xee\\x9c\\xb0-\\xdd\\x10\\xf5\\xab\\xc3\\x8d`s"
              }
            ],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xd6"
              },
              {
                "name": "SequenceNumber",
                "value": "5"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8e4\\x15U\\xf3\\xe6AH\\x9bc7Y\\xbbx;\\xf9\\x1c\\xa7j\\xf6\"\\x0byR\\xa2B\\x01h\\x14\\x13\\xa5J\\x92\\xdd\\xad\\xadM\\xbd\\x138\\x9ds\\xfbZ\\x98,6y\\x0b\\x90\\x16\\x17\\xe1\\xe9Z\\xa0\\xb3\\xb8$\\xe7a_\\xb5L\\x0f\\xee$I\\xa9\\xffp\\x11a\\x16\\xc5\\x7f7A6\\xfd\\x9aW?\\xd3\\x9c\\x1a\\xfd\\x18:\\xea\\xe7\\xd1OE\\x98Y\\xc9\\x94\\x19\t\\x10f\\xc2\\xcb!\\x95@\\x98\\xc8\\xa6\\xfaK\\xae#\\xe5\\xc8\\x97\\xce\\xfa\\xf4\\x03\\xc6\\xea\\x0e\\xcc\\xed\\x0b\\x9f]\\xcf\\x8e\\x1d\\xa7\\x95\\xad\\xd2E\\x10\\x12i\\xbe\\xa4\\xe0\\xdf\\xba\\x18\\xcdR\\xdc\\xd3.\\x88\\x16\\xf7\\xcd\\x0c\\xdd`e\\xfb\\xb4s\\x82\\xa5\\xfd\\xa1\\xa8\\x88\\x83\\x0c\\xfd\\xc9m\\x98Dm\\x1c/\\xa4\\xbfHM:\\xd2:\"\\xae\\xbc\\xe2\\xde\\x8b\\xaa\\x81\\xcf,\\x00\\x15J\\x19\\x85~\\xdd$\\x8cy\\xfe\\xa9\\x86r\\xb1%\\xcb\\x82\\x8d\n\\xabv\\xdf\\xdc\\x02\\xfa\\xc0\\x90\\x82\\xac\\xdbN:*O~\\xc90!\r\\x9f2\\x06~\\x82;\\xd7\\xa1_:\\x80\\xe5x\\x86\\xce\\x9d!O&\\x9ayGn\\x9b\\x03\\xb3\\x0e\\xcc\\xf3\\x88c\\xd8+\\xad]La\\x7f~\\x08\\xac\\x97O\\x1e(;\\xf6J\\xbbs.\\xfcR;%^Sm\\x0bfS\\xbe\\x1f+\\xe4\\xde\\xda\\xad\\xdb\\x95\\x97\\xb1\\x91 \\xc0O\\x15d6\\RWU\\x99\\x04\\x10f\\xb6\\x8d\\xc1\\x8e\\x9b\\xd7\\xdbL\\xca~\\x7f\\x9f\\xb0{\\xff\\x11\\xf6\\x8b\\x10\\x02C\\xdb\\xc1\\xd5F\\xc9\\x13\\xa0\\x83\\x83\\xf3\\x96|\\xcb#o\\x1b\\x1d\\xcfd\\xb5\\xae@\\xe7\\xe6\\xf2H\\xd3\\xc6\\xc5\\x0f%/\\x92\\xado\\x88\\xaf\\x1bx\\x85\\xd0\\xba\\x19=\\x91\\x01\\x9f\\xb5\\xe0\\x9e,C\\x16\\x90\\xdf3\\xb6\\x94t\\x90\\xe6\\x03\\xb9\\xbb\\x8f)\\xa0wl\\xbf?\\x02\\x8am+\\x12\\x16Qw\\xc5\\xf6\\xff\\xf0t&\\xbc\\x88\\x9a\\xd6Z\\x95\\xab\\xfd|\\xb8?J\\xcbW\\xc9Bx\\xd4\\x8e\\x8c&u\\xb9\\x0b\\x93\\xe9\\xe9\\xb9h\\xc5\\xe0\\xf1\\xfa\\xb62\\xac@\\xb8\\xfe\\xf8\\xae\\x18\\x0c\\x7f\"/\\xfcU\\x84\\xee\t\\xb0\\xd4X\\xd2\\xfb\\x93\\x9cb2\\x03\\xe1@\\x08\\xeb35\\\\xfc,\\xd4\\x9cM\\x9ca43\\xf3$\\xf7\\xe8\\x99/\\x0e\\xef\\x1e\\x13\\xf0z\\x9fX\\x13\\xcb\\xcc\\x18\\x0e\\xf9\\B\\xc0`v\\xbb\\xfdd\\x14G\\xe4\\x18\\xbf\\x94\\xe0\\xb0\\xb2\\x96\\xf9\\xe3\\x02: FPG\\xf5\\x04\\xadx\\xe7\\xcd\\xcfc\\x98J\\x1c\\x9d\\x08\\xef\\xfa-_\\xc9\\xab,$m\\x85j\\xa6*q\\xbef1S\\xd4\\x01\\x8ex\\xf4\\xba\\x822\\xee\\x07\\x9aN\\xa9\\xe023an\\xe6\\xde\\xed\\xa0\\xe5`33|\\x98z\\x1c\\x1d\\xc6/\\xd6\\xa7\\xb8~Ubs\\xbd\\xe2*\\x99g\\x0f\\x96\\x16\\xf2\\xe5\\xd7{\\xb1\\xa6\\x19\\x9a\\xb1\"}\\xfd\\x19\\xc9}$\\xbb\\xa7Y(\\xcc?\\xbdY\\x18M\\xc9\\x15\\xbf\\x9e3j\\x00q\\x18z\\x0bd\\x9d\\xae\\x8e\\x84O\\xef\\xbddPbD\\x03\r\\xac#\\xec\\x03\\xbe\\xf9x^\\xff\\x9a\\xf1\\xaa\\xcd\\x7f\\xd1\\x8c\\xc5+\\x1fS4$\\xeb\\x0e\\x13\\xc5\\xfcS\\x19\\xd8\\x184.\\xdfw\\xf1\\xff\\xb0\\xf7\\xd6oQ\\xb6\\xef\\xba\\xf8C\\xa7\\x94\\x80C\\xc7\\x0c\\x82\\x94\\x94t\\xf7\\x00R\\xd2%\\xdd\\xddC\\x87\\xa0\\xe0\\x103t\\x83tw\t( \\xdd%H\\x08H\\x8d\\xb4\\x80\\x80\\xa4\\xdb\\xf7]\\xef\\xde\\xc7\\xda{\\xad\\xb5\\xf7g\\xfd\\xfa=\\xbe\\xff\\xc03\\xc73\\xd7\\xfd\\xdc\\xf7y]g\\xdc\\xa2B|\\xeb?B>F\\x01\\x86\\x1fg\\xc0M\\xbc\tMXcq\\xe4YWK\\xd28\\xc2&\\xe7\\x93\\xea\\xcdyNh\\xed\\x1d\\xd1XLj\\x7f}\\xb4\\x8f\\xab\\xcdB\\x1d\\x8c4\\xf0\\xde#\\x15\\x10:\\xa0\\xe5\\x10w\\xdc\\xc3_\\xd4\\xd6\\xa2\\xc1+\\xa9\\x1b;,C \\xf3\\x8a\\x90 \\xd7n\\xe7\\x00\\xbbX ^\\xb9:S\\xdf\\xc0\\xda[A;4\\xa0\\xf3/e\\xc9\\xe7\\x0e\\x0e%\\xbf\\x08U\\xa8\\x99 \\x92u\\x8b^\\xael+\\x98\\x18\\xe7\\xe4\\x9dX\\xb0\\xde\\x91\\xa5\\xea\\x10\\xc4\\xe7\\xf4\\x0c\\xec\\xc2M\\x14\\xa2\\xb5\\x9f\\xcd0\\x82\\xe0\\xaa=t\\x99~\\xb5\\x8b/\\x86q\\xf9C3\\xe5\\x0f,\\x82\\xff\\x01Qk\\x86)\\xd0\\xad\\xf6\\x8c\\xa2\\xf680\\xe4\\xe1,+}v\\xacu\\xa6\\x98<\\xcagLQ\\x00\\xa2\\xfc\\xcdx\\x9b1\\x1cn\\x95\\xd7\\xc9\\xae\\x17\\xa9G:Jc\\x82r_\\xb2:\\xe3\\xb3\\xc6\\xcf?\\xd9CG\\xc4R\\xce\\xea\\xc5\\xca0\\xb6-#\\x97\\x8b\\xce\\x84\\xf5\\xd6yX\\x17R\\xf21\\xd3\\x14\\xa4\\x9c\\x90\\xa0\\x12i9\\xb2\\x8au\\x94\\xb9KG\\xcc\\x80\\xe8E\\x99\\xbeR\\xd6\\xd1\\xd00m\\x16\\xc1\\x9b\\x93T\\xf1\\xcd0\\xd1\\xcf\\x91\\x0e\\xd5.>|\\xd0v\\xeb\\x95\\xe9\\xe3\\xab\\xc6\\x0e\\x9a\\x0fY\\x1d\\xf7\\xcf\\xccv\\xcfiDH\\x86=\\x07\\xc7\\xd4\\x8abo\\xc2Mr_\\xefg\\x02\\xd6\\xbe\\xa9G.t\\xdb\\xa7\\x05\\xe9\\x14~\\xffSV\\xb2+\\xd0\\xaa\\xc5\\x01\\x87xl\\xe5l\\x91\\x15\\xba\\xae{\n3^\\xf4\\x13\\xb8\\x95\\x1b+`\\xf7\\xb97\\xe6\\xf1I\\xb4\\x89\\x88'|\\x82\\xcf>n{/\\x9f\\xbbdc\\xc1YU\\xa2g\\xe9'(J\\xac\\xa6\\x899\\xbd\\x0bE\\xb1\\xabzW\\xc4\\x11(C\\xe4\\xff\\x80\\x06a\\x9c.\\x12\\xfb\\xd3IB/\\xcei\\xac\\xe4oB\\x1e\\x88\\x0e\\xd7P\\xc9\\xaf\\x0e6\\x91\\x06\\xf1G\\x10\\x0b\\xde\\x9c?\\xc8\\x97\\xc8\\x1d\\x17U\\xba\\x90\\xf9Z4\\xd9\\x83\\xf7\\xee\\xfa\\x1dt\\x92\\xc1\\xe7\\xec\\xdaK\\x9a\\xf2c}*G\\xdb\\xe1N\\xdb\\x03\\xd4\\x13\\xb6\\x93l\\xaf\\xdd\\xe8\\xad\\x8bu]\\xffC\\x97\\x0f\\x93N\\x02\r\\xca\\xb9\\xceY A\\x1c\\xba/\\x81\\x18\\xfb\\xda\\xec\\x8ek\\x9d\\xf4\\xd6\\xbd\\xf2K\\x1d\\xfcg\\x16\\x8d\\xb3\\xb3\\x05e\\xd6\\xd4\\xf0\\x8b\\x1fJ\\xcc\\xe3\\x10\\xa5\\xed\\x18\\xe5\\xa1k\\xe2\\xf9\\xb0\\xc7\\xaf\\xd5\\x145\\xb8\\xf5\\xbd\\xdb\\x9e\\xb2\\x03\\xc0\\x12>\\x00;\\x1e7\\x14\\xa5U<\\xb10\\xb4\\xed^\\xb1\\x06\\x11\\xf6(\\xf2t\\x13\\xf5\\xfd\\xf9\\x19\\x9dZ\\x9b\\x8f-~-\\xb9\\xdf\\xeem\\xf4|p\"S\\xe8B\t\\xedv\\x9f;\\x99*+\\xcb\\xc9\t\\xc3\\xaeD0\\x1f\r\\x8a\\xdf'\\xa3\\x89/\\x99\\xf8^`;ly#\\xfc\\xac=\"\\xe4\\x0e\\xd9\\xc5P\\xb4;\\x15{$r.\\xfe?z'F\\xf2=\\x7fM(O\\xbaU\\x8bl\\xcc\\xd9\\xbe\\xf0bV\\xdb\\xe0\\x8f8\\xbce\\x95\\xbc\\xff\rTK\\x1e\\xad\\xde\\x07\\xeejk\\xf0\\xed\\xd8w\\xafv\\xd3cK|G\\x9b\\x7f\\xef91_\\x9fj~\\x06\\x1e\\xf3\\x88'\\xb1\\x0b\\xcfE9\\x94\\xae\\xec\\xd2\\x1bMr\\xea\\xe3N\\xf5\\xbdebEb\\x10\\xc6g\\xd3\\xfbo\\xee\\xcf\\xbc\\xc3+\\xab\\xd2\\xeb0OQ\\xb6\\xdaRF#\\xf4\\x9a\\xc0i}q5\\xc7\\xb7\\xb2\n\\x817<g\\x0c\\xca\\xe9n\\xf5\\xe4\tUgC\\xbf5\\xa2\\x89:cM\"\\xc5\\xe4\\xfcre`^\\x06\\xdeY\\x0f\\xfe6\\xae\\xf1\\x1b\\xc0]_\\xdb&\\xc8[MJ\\x16\\xb7H\\xfbG=\\xa6\\xa7U6\\x0cs\\xa3~)\\xd6\\xd8\\xbf\\x03\\x8e\\x08\\xd1\\x05g\\xc3\\xed\\x9au\\xe1{|\\xcbe\\x8a\\xe9\\xbd\\xa7\\x1eg\\xee/\\xa56\\xa5\\x89\\xe6\\x0e\\x90\\xe3\\xefx\\x87L!\\xda\\xee\\xca,\\xca\\x10\\x12\\xe5\\xcdf\\xb5%M\\x0f\\xd2\\x08o\\x16\\x04\\x01\\xd8\\x8e)\\x03\\x8aQ\\x1aduZ\\xf1>\\xd6L\\xc9w8\\xc8`\\xac\\x93n\\xf0\\x998qP\\xc8\\xc0\\xda\\xb3\\x01<\\x1ei\\xa8\\x94_\\xa1\\xb9/\\xc3\\xd4\\x14\\x86\\xf5\\xec\\x0c\\x07\\xb4\\x08\\xf9\\x1d\\xaf\\xd0G\\x83\\x93I<\\x85\\x95\\xea|\\x93\\x823\\x93\\xb3\\xde\\x04\\xc2g\"[\\xb5\\xdc\\xc0?\\x04\\xa6\\xb5\\xfah&\\x01+\\x1b\\xffPR\\xf7uBOA\\xf6K\\x1e\\x840)i\\xe87 \\xe1h\\xbf>\\x97\\xa9j\\x87\\\\xef==R\\x86G\\xe6\\x02\\x929\\xbf\\xf2\\xf1m\\xbf\\x10@\\x8b\\xae^%*\\x93~\"\\xb4\\xa6\\xdd\\x8c\\x1fd\\xaeh\\xc5\\xf7\\xda\\xd5\\xfb2\\xb4\\xa4\\x958Tl\\x16\\xbaJ\\xe4G9 \\xc3Z@\\x17*\\x1a\\xbf!\\xd6n\\x9b6ahf\\xf3|\\xb2#\\x15\\x1f\\xe7\\xc5!\\\\x13\\xe7\\xa3\\xc3\\xbfG\\xf0\\xeb\\xf7\\x7f!\\xf8\\xc9\\x7f\\x10\\xfc\\xce?\\xc0\\xff\\x1b\\xc3}\\x04G\\xe4\\xaf\\xb8\\xdf\\x00S\\xa5\\xd4\\xf5\\xe5o`1\\xce\\xe7OO\\x03\\x87;\\xdd\\x12\\xbePxRT\\xeb\\xfe\\xeb$\\xc1\\x046\\xb7\\xd3\\x9a\\xcb\\xfb _\\x8e@\\xe8\\xf9\\x9a\\xe4A\\x84\\xf29\\xf8c+\\xc5\\x17\t/\\x8d\\xea\\xde4\\xb4\\x13\\xd6\\x0c\\xdaz\\xf8!\\x0e[\\xfeV\\xb0\\xa7\\xbad\\xf3\\x8e\\xd5\\xfd\\xf0\\xe1\\xb6\\x94\\xdb\\x96]K1\\xe7\\x0f\\x93\\x9d9\\xc1\\x1f\\x153\\x11\\x8b\nth\\x92\\x19\\xa8\\xdc\\x92\\x0c\\xafJ\r\\xb1\\xca\\x9a/\\x19\\x06\\xed\\x1c\\x13\\x06ax(\\xe1\\xdd\\x99\\xaa\\xc1\\xb2\\xee\\xb7g"
              },
              {
                "name": "SequenceNumber",
                "value": "6"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 }\\xa8+\\xd5\\x8ad\\xd11\\xdb_[h\\xedNC\\xf1\\xcc\\x0e\\xcb;A\\xb6\\xa3 \\xf6Ys\\x8f\\xbf\\x02E'\\x17\\x03\\x01?\\xd0\\x00\\xa8(x\\x16q\\xd3o\\x99\\x13\\xa6\\xf5Lw\\xb2iF<\\xb0\\xc3\\xcf\\x04\\xb9\\xc0(\\xc8$&\\xbdo8\\xde\\x89-\\xf1\\xf5v\\x15\\x90\\xb3.\\xb2\\xec\\xaf\\xb9\\xc6\\x07\\\\xa5T\\x10\\x08\\x16y\\x14\\xf9\\xde\\xe9.G\\xb5K,\\xbf\\xcd\\xb1\\x1475;.\\x0e\\x12\\x94\\xd4\\xdej\\xdb\\xb0\\xb6\\x11Z/#\\xcff*\t\\xe1\\xe9Q_\\x10H9\\xbf\\xd3\\x7f\\xaao'\\xd0xE\\x91\\x97\\xd2\\xa2R\\x8d_(\\x9c2g\\x82\\xe7aF\\x0f\\x18W\\xb9\\xde \\xb6m\\x80\\xe1\\xdd\\xee2~\\xdb\\x92t\\xadKb\\x82>pN\\xd1R\\xc4\\xdd\\xb3\\xb3mK\\xef\\xab\\xb3\\xb7\\x86\\x88\\xd8\\xf5\\xc9\\xac\\xc0\t5\\x11\\xc6H\\xf4\\x13\\xbc\\x1f\\x91\\x0f\\x9c\\xb9E\\x1eH\\xe9\\xef\\xc9\\x99]F\\xa8\\x8d\\x10:W\\\\xd5Bm\\xa3<^O)\\x8b\\x8f\\xbe8}3>\\xdcrT)\\x7f\\xf2\\x08\\x9b\\xc7"
              }
            ],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": ","
              },
              {
                "name": "SequenceNumber",
                "value": "7"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5697
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "M\\xa1\\xaf#\\xa9\\x15\\xc6\\x18\\x83\\xfb\\x85\\x96L\\xe5\\xf1a\\xb7\\x95\\xb0\\xb0\\xc4\\x03\\x89f\\x87\\xb8\\xbb\\xb1\\x8b\\x1f\\x11\\xc8\\xda\\xd4\n\\x9d\\x9c\\x0f\\xaf\\xac~5&\\xfd\\xca,\\xeb}Vg\\xde\\x8a?\\x8e\n\\xaa?\\xb8z3\\xb8\\xcaZv\\xad\\x1b\\xf7\\xf4\\x05u\\x90\\xb3\\xe0v\\xa6\\x8e\\xd5\\xa04\\xff\\xd0\\xe5N\\x18\\xd3sE\\xfb\\x9d\\xb8\\x1fE\\x10\\xd9\\x87T\\xacN\\xdc\\xb8=\\xb7\\xe3<_\\x11\\x84S\\xfd\\xa0\\xf8'*9\\x051\\x03\\xfc\\xf7\\xcf\\x8a\\xdc~N\\x13\\xaa\\x90\\xc6\\x18\n\\xb5|\\x0f\\x1f\\xeaY\\xf9\\x18\\xaf`\\xfbR\\x95\\xfc\\xd2\r\\x02vv\\x89+o\\xa5Q\\x14\r\\xdc\\\\xe8\\x024\\``v\\xe3\\xea\\xb6\\xecd^\\x8a\\xe1\\xd1\\x1a?\\xb4Aw\\x05Q.K\\x03-\\xb02#i>\\x8d\\xbe\\x1bc\\xf4\nQ\\xc0y%A\\xb0\\xdd\\xc5\\xb2\\xa1j\\x8a\\x8el\\x03\\xd6+\\x17q+ \\xf4|\\x0f\\x97\\xdb\\xe5]c<\\xab\\x17\\x8fa\\xa4\\xb8-\\xa3\\x10\\x9b\\x04\\x86\\x0f\\x15J\\xea\\xcf\\x06'a\\xb4N5\\xf6j\\x18\\x05\\x14\\x1ds4\\xa1\\xabc\\x8by\\xcd\\x14\\xb6v\\xa5\\x82\\xb4\\x85\\xe7\\x1e\\xe9\\xb1\\x80\\xc2\\xbe\\x10\\xf2|\\xc2Y\\x88\\xcd==Zu*\\xf5oy\\x97n\\xc8\\xc7Le\\xb5\\xcc\\xf8\\xf3\\xe7P\\x85/\\x12&\\xa4\\x05\\xdd\\x1106\\x16\\x9b\\xb3\\x8e%\\xe1\\xdb\\xdfKK\\xb8h5\\xf0\\xa5\\x12\\xf6\\x8c\\x95\\x1dD4\\x9dL\\x91\\x89e\"|\\xc4^\\xa5\\xf2>\\x88\\x81\\x0bHj\\xc6\\x10\\xdc\\x8e.p\\xacx\\xf2#\\x8e\\xf5\\x1e\\xe97&\\x1c\\x1a\\xeb\\x16=\\xe5l\\xe0\\xde\\xba\\xf96\\xc0\\xa3\\xe8\\xce\\xbb\\xe7u\\xa8-\\xd9n}0B\\xda\\xfba\\x83\\xb6|\\xcc\\xfaPx\\x1f)i\\xd6G\\x94\\xad\\x89\\xadV\\xcc\\xfa4\\x90\\xbfch2U\\x03\\xf2\\x8a\\xf5\\xa6\\xa3Q/\\xb4\\xe9h\\xe6\\xc2\\xf0]\\x93}1\\x9b\\xa4L\\x07.\\x8e\\\\x82\\xccR-]\\xc8T\\x1e\\xff\\xc1!rM\\xc0\\x7f=\\x81\\xdf\\xf7\\x00\\x05\\xdc\\xd3\\x05n\\xbcZp\\x9e\\x0e\\xfb28\\xba\\xa4\\xf7\\xbc\\x94+\\xda\\xaa\t\\x8e\\xfa\\xf5\\x1e\t;\\x94\\xa6\\xf2XUN4b7\\xe29\\xfd\\x9a\\x01\\xd13\\xb7f-\\xbb7}b;W\\xec\\xe1\\x9dd\\\\x9b%H\\x91\\xc5Y\\x95O\\x88u\\xed\\xce\\xa1\\xf0l\\x94\\xb1>\\x12\\x03\\x8bI\\x8e\r\\xe7\\xd2\\xfa\\x89Id^H$\\xdd\\xcd\\xbcb\\xa9w\\x9a_\\xb4\\x0e\\x08\\x8d\\x82\\x1f\\xee\\xda=\\xe0!\\xfd\\x90\\xbb\\x1a\\xf2\\x1cC\\x06S\\xebJ\\x19\\xdcs\\xf5\\xa9\\xcce\\x05\\xb56\\x93t\\xa35\\xcfL\\x86\\x8b\\x94{\\x9ammv\\x98\r\\xaf\\x95\\xc5\\xb1\\xd0a\\xcb\\x7f@|\\xa8\\xe7\\xd0\\xb9\\xe8R\\xe0{\\x1a\\x14/)\\x13\\xc1\\xa3AwU\\xecb\\xfbm#V\\xc8\\x0c\\xbc\\x84\\xa7o\\xc3In\\xee\\xbd\\xfb\\xcb\\xa7j\\xc9\\x08\\x98\n\\xb6\\xdd\\xee\\x1b\\xd1&C\\x96\\x9b\\x90c\\xc2\\xc3\\xf8\\x93\\x86\\x851\\x92\\xe4\\x03\\xca\\xe3\\x95i\\x0e\\x86z\\xb1\\x980:\\xc8\\x8a.q$\\xea\\xbb\\xbfsH\\xc6\\x02S\\xf7\\x0b\\xe9K\\x04V\\xd4\\xe9\\x03\\x8a\\x04B\\xec\\xc6\\x1e/&\\xc5/\\xf7cC/\\xc6\"\\xbem\\x1b{k\\xf6\\xe3>\\x1f\\x8f\\xe2\\xc8iC\\xe5O\\xaa\\xa7d(\\x00P\\xc2\\xe3\\x07#&lX\\xd3\\x97\\xf0x\\xbcJ\\xde=Im\\x8a\\xf8\\xd5g@}\\xc2\\x0e\\xeb\\xe8\n\\xcf\\x9a\\x99\\x84c\n9\\xda\\xb3\\xea\\x9eV>\\x0c\\xeaa\\xda\\x98\\xfa\\xe9\\x18**\\x9c\\xb2\\xef\\x9eX\\xc6o\\xf5S\\xc9\\x95gp1\\xed\\xb1?/\\x0f1\\xb5\\xdaI\\x04\\xcc\\xfb\\x90\\xa3\\x05H\\xe8\\xfd\\xb3\\xa8\\x88'\\xf4\\xed1\\xb3\t}Q\\xc5\n\\x0f\\x16c\\xd9\\xa6\n\\xdc\\xd8e\\xbf\\xf7\\x8c \\x10CC\\xb7\\x0f\\xf4\\xde\\x85=\\x1d\\xae\\xa0\\xd2\\xde\\x92h\nDus\\x83\\xa2\\x01B\\xb4\\xe3YV\t\r#\\xec\\xb2eJ\\xb0k\\x1c\\x89l\\x16\\xd5\\x17$\\x1f\\xb1\t\\x8aJkP\\xfd/Kj\\xa3W0K\\xb7\\xbb\\x96\\xd5\\xd9c~\\xc1\\xb1S\r\\x8dn\\xaf\\x84j\\xb5\\xf7M\\x95\\xe2\\xb3\\x9d\\xbc#\\xa6}\\x1d\\x06\\xd9\\x1c\\x84\\x9b\\x1f\\xdb7\\xca\\xb4\\xffq\\xf5i\\x88\\xcc\\xbah\\xfc'\\xf0\\xf9X\\xe0?\\x80n\\xfe\\xff\\x05\\xba\\xff\\xba6/%4\\x1cI\\xad\\xf2\\x02j\\xf6\\xed\\xa4\\x90\\xbe\\xdd\\xba\\xb9\\x85\\x0bg\t\\x89\\xf5\\x14\\x9c\\xd8\\x1d\\xf9\\xe5\\x90x\\x12\\x92W\"E\\xbd\\x97\\xdb\\xd6\\xf7w\\xe6\\x99x\\xec)\\xf4\\xb1n\\xc4m\\x8f\\xcc?\\x96\\x9c\\x1d[\\x06\\xebK\\xbe\\xbc\\xe6\\xd3;hik\\xf3b D\\xb3\\xd7\\x8a\\xb4l\t\\xff\\xd8P\\x10\\xbe\\x99\\x0b\\xfc\\x0f\\xd2\\xde:,\\xaa\\xf7]\\xfb^tJ\\xa3 \rCH\tC\\x0e\\x1d\\x12Cw\\x83t7\\x02\"\\xd2!\\xe0\\x103\\x944\\x08Hw\\x0bHww\\x0c 8 \\xd2\\x92J\\xe9\\xa3\\xfb}\\xf6~\\x9ew\\xef\\xdf~\\x8f\\xef>\\xde?\\xe6\\xdf9f\\xadY\\xf7u\\xdf\\xeb\\xbc\\xae\\xf3\\xfclg;\\xcc\\x16,\\xf0\\x1c\"\\x94#u\\x8a\\xb4\\xb7Ce\\x88\\x8c=\\xf9\\xd6|\\xa6$\\x9d\\x92\\xf7\\xd2Ni\\x12?\\xf3\\x93\\xf6\\xd7\\x17\\x9e\\xb6\\xc0\\x93\\x8a~\\x80N\\x87\\x16\\xdf\\xcf7^\\xd6q\\x92\\xde\\x8d\\xf3+Y\\xbe\\xdc\\xe0\\x87'\\xac\\xbb\\x8cK\\xd6\\xafy.\\xff\\x06\\xac\\xdf\\xd0\\x9bN\\x1a\\x86{\\xc1\\xd9~\\xa1\\x8dL\\xe2_\rJ\\xee7\\x17>\\xa8m\\xd5\\xa2c\\x92\\xd2\\xe2.\\xcf\\xb8\\xbe\\xde\\x8c\\x02\\x11OV\\xbc\\xb5\\xbd\\xa5\\xf5\\x11\\xb0\\xdaI\\x1f\\x93\\xd3\\xa0\\x94\\x19\\x84\\xde\r\\x1d\\xe8\\xfe\\x06\\x1c\\x8at\\xcd\\x14@Y0O\\xc1\\x18=J\\xe2\\x84M\\x14\\xfc\\xee\\x1b\\x86\\xcc?\\x87\\xe2\\x81\\x1e;\\xb5\\x9ea\\xea\\x16\\x04\\xb4\\xbc\\x8eR\\xe6\\xa4\\xb0\\xcd\\xf3\\x1a\\x90\\xf5uws\\x7fL\\xf6\\xed'\\x10\\xad\\xdb\\x83i\\x1f*\\xf4xC\\xa8\\xbd\\x8e\\xcb\r\\xbf\\xb0\\x970\\x06\\xbf\\x0b\\x02\\x994\\xad\\xe6\\xdf(S%\\x0c\\xb6\\xcdU)\\x0c):\\x94\\xff\\x1a_\\xe4G%\\x81\\xba/\\xcf\\xe4\\x11\\x9eU\\xcd\\x12\\x85\\xcd\\x0e]\\x85!*\\xf3k/\\xa4\\xbaoo\\xf4\\xb9\\x94\\xd3\\x02\\x87\\x99\\\\x8f\\x10\nrJ\\x05\\xa2\\xf9\\x0f\\x9a\\x9a\\xe7\\x96\\xb4m[\\x85\\x87{y\\xf2mcVj\\xbdQ\\xd4{\\xdd\\xf4\\x9d.\\x9c\\xab\\xa0uG5.&\\x7f\\xa6\\x08e\\xbee\\xc9!\\xac\\x10\\xfa&\\x91+y\\x81\\xe0//s\\x05\\x86]I\\xcf\\x8e9\\xa1\\xa8|\\xe6$''.\\x13%\\xac\\xd1\\x11\\xd6~{\\xb9b\\xdcUl\\xef\\xa0_G\\x04\\xadR\\x03\\xffz\\xe2\\xa2\\xc4\\xc9}\\xdaB\\xf6*%\\xd6\\x1a!-\\x98!c\\xd5\\xb0D\\xdf\\xa1\\xcd\\x966S\\xb4\\xadI\\xf3NF\\\\xf7+\\x884{\\xf3\\x05}\\xd3\\x835Y\\x9d\r;{\\xbb\\x0c\\x81\\xf3\\xec$\\xd9\\x1e\\x06\r\\xd1|\\x82\\xd3\\xb7\\xd0\\xaa\\x87\\x0e\\xe1\\xa2\\xc9\\x13c\\x8c\\x04\\x19h!\\x1fK T\\xf4\\xcb\\xa8*\\x83\\x05\\x04fk\\xbc\\xd5J\\xbb\\xc3\t\\xa6K\\x93\\xbc\\xed\\xd5\\xc8Q\\A\\x1c\\x07\\x86\\xf6?5\\xeaM9\\x15\\xbfD\\xb0\\xc13\\x05'\\x17\\xd8\\xa3\\xa6\\x8a\\x95dhb\\xff\\x9bi\t\\xe9/\\x86~\\xc5\\x14\\xae\\x19|\\xa2\\xac>\\xed,\\xd2Q\\xda\\xdd\\x17e\\x12{\\xcf\\xe8\\x95\\xdem\\x18\\x1c!\\x05\\x06\\x83\\x1c1\\xe4\\xa1\t\\x8fb\\xc7\\xe1\\xdd?S12\\x94ilv\\xbdh\\xef\\xc5\\xf4\\x9b\\xc2\\xa7\\xa6\\xea\\xf1\\xe1T\\xc6DP\\xfd\\xeb,\\xa7A\\x8d\\xc3\\xe4lOO.\\x0c\n\\xcbWZ\\xd8\\x17\\xff\\xb3I\\x07\\xca\\xf80E\\x9cb\\x00\\xfaO\\s\\xb9E\\x03\\x80\\xfb\\xff\\x04#\\x97\\x9a\\x15\\xb6\\xa7\\x00X\\xfc\\xc3\\xb9\\x83\\xdeA\\xc7\\xee|\\xa2\\xd8\\xc6N\\xbe\\x9a\\x0cR?\\x98\\xdb\\x83\\xdb\\xcb\\xfb\r\\xe8\\x18yB_\\x93\\x90\\xdbEl\\x97'\\xfe\\xe0(\\xcb:\\x9bW\\xfb\\x8e$\\xe4\\xd8+O\\xa5\\x87\\xb0\\x07\\x1f\\x9b\\xc9(\\\\xc9&!e\\x15\\xf8\\x9c\\xa81\\xab2Lo\\xa882\\xb8'\\x83\\xec>\\xfa\\x8cp\\xc6\\xe3n\\xfc\\x19!\\x9e\\xc6\\xa4?Z>\\x8e\\x97B\\xe8\\xe6z5\\xa9I\\xbf\\x90\\x18\\xb6\\xa7\\xc8\\x81!g\\x1a(}\\xb8\\xdb\\x113\\x8c}NV\\xc8\\xc7\\xee\\xe7M<\\xe7q\\xa0\\xef\\x0e\\xb7i\\xb5UX\\xc5\\x16\\xdd`h)\\xdd\\x9c{lLGJ\\xbd\\xfc\\xde\\xc19\\xb9\\xf7\\xfeI#Z\\xfd\\xcc\\xde9OUyLde\\xe9\\xc0\\xd2\\x0e\\xf2l'B\\xc4[C*\\x05\\xf9\\x96\\x80j`n\\x88\\x05\\xdcM\\xb1)\nY\\xeb\\x00\\x82\\xb2 W\\x95\\xafB2\\xd8\\x11L\\x1b\\x1bF\\xe2\\xcd\\x0e\\xb0\\x9bi\\xec\\xc6\\xb42\\xeeZ\\xeaT\\xea_\\xa3E\\x8a\\x08N\\x0fOOY\\x96PO\\x9f\\x9f\\xba\\xe9js\\xe3`\\xfev-\\xccv\\xed\\xfe\\x88\\xe3\\x13`;\\x08O"
              },
              {
                "name": "SequenceNumber",
                "value": "8"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\x9a\\x0e:\\x89\\xf8\\x06B~\\xe9\\x04\\x9f1\\xd9\\x914\\x91\\x1b1\\xe1V\\x03\r\\x8d\\xe4d\\x0b\\xb8\\x94\\x91\n8W\\x17\\x03\\x01?\\xd0\\xab\\xab\\xcf\\x91e\\x0eL\\xa4mA\\xdc\\xce\\xc6h#\\x05G\\x7fH)\\x98!\"\\x84z?oO\\xa1\\xe8\\xd2\\xc1\\x94\\xaa\\xa2)\\xc5\\xb3\\xca\\xadk\\xc3\\x0b\\x90\\x9a\\x03\\xab\\x12f<C\\x1bwnN\\x16\\xee\\xbc\"\\x84\\xea=M\\x94\\xda\\xe2\\x89\\xcb\\x9c\\x11\\xe6\\xdeZ\\x14\\x19\\xc6\\xaaU\\xf8{\\x8d\\x80v\\x98\\x1a\\xbfn\\x1d\\xf4\\x087\\x96@\\xcb\\xe9\\x0f\\xda\\xb7E\\x9f\\x95\\xd5\\x07\\xe8\\xd5\\x9e:\\x8b\\x8f!_\\xf3]\\x82:\\xc0P\\xc2\\xcb\\xbb\\x94{\\xd5S\\x80\\V\\x83\\xc1\\x15\\xb3\\x86\\\\xf2\\xd9\\x11x'\\xa4\\x1f\\xbd\\xbd\\x99\\x17@\\xdf\\)\\xf0\\xc9}xZ;\\x98\\x1ft\\x8c\\xa1e\\x1e\\xf2m\\xbd\\xe6\\xbd\\xd3\\x88\\x08\\xe2\\x7f\\x92t\\xa6)\\xdd_ie\\x12\\x8dV\\xad.\rJk\\x9e7D\r>\\xa5\\xee\\xbd\\xf0\\xcc\\x86\\x12#\\xe5\\x9d\\xd95q\\xaa/\\x8d\\xb8\\x852\\x1a\\x8c|"
              }
            ],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x81"
              },
              {
                "name": "SequenceNumber",
                "value": "9"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xd9\\xe6\\xe9R\\x8dJ\\xadPF\\xc7X\\x00\\xbe\\xfbK\\xbd\\xea\\xd7\\x83\\xc06i\\xb6C\\xc4\\x94\\xb6\\x0c\\xc1?\\xec\\xcaGT\\xaa\\x8c?\\x1fI|\t\\x1a\\xbc\\x86\\xa8\\x95\\xea\\x84\\xac\\x8a\\xd2i\\xbeb\\xfd\\x94\\xf9]>\\x8bq\\x1f\\xe4\\xb0\\xda>\\xec\\xc7\\xe8~2T\\x8dS\\x058\\x10y%t\\xd6\\x99\\xe4Y/\\xb0d\\x14\\x80#\\x83b\\xb2G\\x96<\\xc5\\xb5\\x18,:\\xf4\tl\\xc0\\x9a\\xb4IO\\xc0,\\xf1]\\xbc\\xc1\\xee\\x0b/\\\\x0c\\x9f\\x88d\\xd5\\x0b\\xc1\\xb5\\x14\\x85\\xe3\\xf3I\\xa7\\x93\\xc42\\x01\\x16s\r#\\xb7\\x15\\xde\\x16f\\xba\\xb2X\\xe9\\xf9M\\xf2\\xa9\\x12\\xeaR\\xf7\\xf7]q\\xaaQ\\xef\\x86W\\xf0gk!\\x068\\xa9\\xec\\xc8\\xd9\\x927:\\xada<\\x84\\xc2\\x81\\x12\\x9d=F\\xee\\xfdE0\\x91/AJj\\xf85^^<\\xf3g\\xb1\\x8c\\xe3\\xc5r\\xa1\\xfe\\xee\\xb0\\xa7\\xe7\\xa8jGtqe\\xbb\\xbc\t\\xd2Qx\\xa9\\xe6\\xc6#\\xb7Bw\\x99\\x9e;/\\x1dU\\xb7\\x00\\xcc$\\x05&N\\xe4\\xa8\\xa2H\\xd0,M^\\x89\\x10]\\xceP\\x8a\\xad&\\xa3F}uo\\x86T\\xfe\\xd5\\x8d~l\\x13^5)[\\xda\\xb2\\xc0\\xd0\\x13\\xbb\\x14w\\x80L\\x16\\xb9\\xb7\\x1a\\xca\\x8c8\\xbb\\xe4\\x05}\\xf6a\\xcf\\x18w\\xf7w`\\xa4Oe{*\\x91%@q\\xc4{\\xdf\\x0b\\xd2FDz*\\xb1|\\xde\\xd36\\xably\\x04\\x163\\x86\\xd2\\x04\\xed*\\x10.\\xb3g\\x9f\\xcf~H8S\\xdej~V\\xbf\\xe5_*-r\"O\\xc8\\xf7\\x1b\\xb8\\xd4\nu\tq\\xfa\r\\x14a\\x9f\\xdf\\xdb\\xdf\\xd8t5K\\xab\\xe8:\\x94\\xc6\\xbcw\\xab\\xb7\\xd7\\xe7/\\xf7_\\xe6\\x0b\\xe1U0RW9b~\\xc7\\x1aC\\xd02\\xb6^\\xd7\\xe5\\xd7\\xee\\xb7\\x99gu\\xa0\\xbc:\\xfe}\\xb4{u\\x88Z\\xbcca\\x04\\xeb\\xade\\xf2\\x94\\xe6G\\x0et\\\\xd4|p\\x0f?1\\xb7\\xdf\\xf4\\x99,\\x88\\xf0\\x98\\x96x(\\xd3V\\xd7Y\\x84\\xfcQ4\\xb4(\\xc5*Vw\\x8aN:\\xa3\\x8cA'\\xf3\\xcb\\x86\\x9d#\\xe5r\\xc1\\x03~P}Y\\xd0g\\x8d\\xce=\\xee\\x1a\\xfbY\\x87\\xd7\\xc8\\x82\\xe4\\x1d\\xd1$\\x12C\\xda\\xc4)A@M\\x88\\xcb\\xc8\\xed\\x03|[yx\\x9d\\xc0\\xd6k\\xe9O\\x15\\x1e\\x10\\xa3\\x9c?a\t\\x98\\xf5wu\\x97\\xe8\\x1a_~\\x9e\\x85\\xd15\\x06\\xbb\\xd5{\\xc4\\xc3\\xd4\\xd4L\\x86<\\xec\\x85\\xd3v\\xc4\\x1f \\xbc\\xf6\\xe6\\xe7\\xd3>V^5\\xbb9\\x87\\xa9 \\xc6K@\\x96\\xf0\\x88K\\xd4R1`\\xdc\\x90\\xa5\\x15\\xfd-`\\x99p\\xdfZ\\xd7S\\xe5\\x07-:dJ\\xc5\\x07\\xb9\\xdf\\x10\\x8b\\xfe\\x91\\x93\\xda?@\\xbb\\x16\\x9f\\xe8\\xbe\\xfdM\\xf3\\xf1\\xa5\\xd9\\xbe\\x8f\\xaa\\x97\\xfb\\x01:5\\x13\\xbd\\x19\\xa3\\xed\\x11Uo\\xe2k_\\x8a\\x9fB\\xa6c\\x81\\xa2(R;&\\xb7\\x82I\\xaf\\x1f-n\\x92\r\\xb9\\xf7^2\\xf8\\xd3\\xce`\\x0bn\\x8f\\xd7\\xd1\\x06h3\\xb0\\x92\\x07\\xb0\\xcd\\x04q\\x9f=\\xed\\xdf\\x80\\xc3\\xf31\\x0fR\\x90\\xa0|\\x12\\xc1)\\xfdV;\\xfb\\x1c\\xa3}\\x96p\\xb1P?B\\xacW\\x84\n\\x16Xo\\x9c\n\\x1d\\x81H\\xfc\\x18\\xd4\\x945\\xb0Z\\xf4\\x05\\x92\\x02<\\x1f\\xaeb\\x06\\xa0\\xc5x\\xa2Q]\\xe0\\xe0\\xb4\\x08\\xa2\\x91\\xcc\tQ!\\x1c\\xe7\\xa2X\\xbcd>\\x1f\\xc8\\xd0\\xd4\\xe3\\xbcF\\x7f\\x00A-\\x1c\\xad\\xf2\\xd4\\x0f\\x1f\\xb1\\xb4j\\xd3\\xb8_\\xff\\xdc \\xeeR\\x9bC\\x1a\\xcdcz\\x17D\\xa5\\xb0\\xcb\\xc9\\xdbsWo\\x04\\xbd\\xfc\\xf5\\xe3/\\x0fFn\\xff\\xca\\xf1\\xf5\\x81\\xdc]\\x86D\\x87\\xc8\t\\x1e\\xd5\\xf01\\x0e\\x1d\\x0e\\x05\\x9a,\\xe1\\m\\x94*\\x04~\\xf6h!\\x91\\xbal\\x81\\xb7\\xca\\x0e\\xce\\xf3\\x95\\xc8\\x8f\\x9c)\\xaa\\xe5Aaup*V\\xc3\\x18\\xe5\\xbc&.\\x9b\\xbe\\xa7\\x9e\r\\x04\\xb2\\x17\\xf7:\\xb9\\xdf\\xce\\xef!|\\x10?u\\x99\\xfa\\x93\\xee\\xc1RK\\x89\nPK\\x94\\xaf\\x83\\x95\\xb0\\xb3\\x82\\x19\\xfc\\xe2\\xa5{\\x98\\xcf\\xdc\\x9a7\\x07\\x82\\xeb\\xd4\\x83\\xb5?\\x99O\\x0b#WS\\xfc\\x97\\xc5:\\x11\\x0e\\xe4\\x83\\xf1>\\xd8\\xf8\\xbd\\xb5\\x90uT\\x06\\x81Ch\\x1f\\xce\rCi\\xc9TyVT\\xdeD\\x0b\\xacc\\xb8\\xdc\\x88\\x9f\n\\xb9F\\#\\x08\\xacT5A\\xec\\xe2\\x9eled'&\\x89\\xeeb\\xd4\\\\x1c<k6<\\xfd\\xd4C\\x9bP;lc\\xa0\\xb6)\\x1c\\x18,\\xc4\\xb2\\xef\\x83\\x03wh\\x96ce]\\xa1a\\x11o\\xce\\x1b\\xdb\\xa1(1~7j\\x7f\\xc6|\\x0e\\xbd]\\xbb_G6\\xa3\\xa4:o\\xa61\\x0ek|)\\xc8\\x94ki\\xc2\\x18\t\\xcd\\x87\\xec\\xd8\\xf7\\xe0\\xc9\\xd3\\x97\\xa5-\\xce\\x84\\xb5\\x98\\xad\\xac\\x06\\x02\\x82\\xb2\\x1a\\xe8a\\xd9a'Kq>.\\xe0\\x8e\\xf6\\x8d\r\\x963\\xd7\\x95\\xe4\\xc63M\\x96\\xae\\xe7\\xb3\\x05\r\\xf3\\x163Z\\xdc\\xceG4\\xfcr\\xeb-\\xbc\\xb8\\xbf\\x94\\xf69\\xd0\\xce\\x94B\\xb6\\xa1>\\xdc\\xc7\\x00Z\\x02\\x14tr\\x1dB\\x84\\x13<o\\xba\\xb2\\xcf\\xa7\\xe6W\\x81\\x14I3j\\xb8+t\\x1c\\xf4\\xb9\\x8ec_x\\xbc\\xe5p\\xeeV\\xf8\\x14\\xcc\\x99F\\xa8(\\xfcch)S\\xba\\xc9V \\xa0\\x86\\x84\\x1b\\xe4\\x84\\xbdd\\xc7\\xd8\\x8c\\xa3\\x15T\\x8a\\x16&D=\\xff>\\xc36\\xc1aM\\xc3\\xbb\\xba\\x1f\\x05\\x91\\xba(\\xa3[(h#Y\\x0b\\x9d)=\\xc7t\r\\xa0\\xee9Z\\xfe\r\\x88\\x19\\x0b\\x89\\xa4=\\x8a\\xda\\x84\r\\x81\\xa2\r\\xf4G\\xef\\xae\\xf7\\xf9\\xe7\\x128\\x82\\xa0\\xdb\\x1f\\x13\\xeca\\x94\\xca\\xe3\n\\x04d\\xc6\\x1a\\xde\\x04\\xf4\\x9a\\xcfwd\\x08\\xd0\\x9d\\x13N#\\x9d\\x92\\xe8\\x8a\\x8d\\x13(\\xac\\xa0\\xb4\\xf7\\x02:\\xd0\\x87e\\xb4\\x86\\xbcs-\\xa9=\\xf0\\x08\\x04\\x03#\\xbd\\xe8\\x05\\xcbl\\xe1[}\\x04\\xa8E\\x16\\xd3\\x8e\\xe7|'\\CQ\\x91&Owi9\\xe1\\xc9Q\\xe5\\xf8mO,\\xf6\\x17\\xcf\\x15P\\xb5\\xde\\x13\\xf6\\xbcw\\x9b\\xfe'2\\xa4\\xc8\\xa9rs5\\xa9)\\xd6\\xfeY\\xe6\\xbc\\xf6\\x11\\x8c\\xbb/\\xb1\\x86\\xda\t\\xd3\\x19v\\xa9\\x86S\\xc8\\x1d\\x84OWu\\x88\\xf4\\xe2\\xdb\\xc0\\xa2\\xb9\\x95\\xdc\\xc5\\xe7\\xa2\\xad\\xab\\xf2\\x83\\x86\\x00\\xed\\xcd\\\\xd1\\x82\\xf9\\xd9g\\x87x\\xbb\\xf34\\xb7\\xcd\\*O\\xd1\\xbd8@K(\\xad-\\xe9\\xe9\\xaa\\x1a\\xf2\\x7f5v\\xe5\\xd1P\\xbe\\xed\\x7fPD\\xb6|\\xc9n\\x142T\\x14\\xb2\\x85\\xb1|\\x11b\\x905E\\xf6\\xadI\\xc8\\x1a\\xc6Rh,cW\\xc8.d\\xcb\\x1e*d_\"\\xfbN\\xb6F\\x18\\xdb\\x88\\x981~\\xcfL\\xf5\\xed}\\xcf\\xef=\\xefy\\xff0g\\xce}]\\xd7\\xe7\\xf3\\xb9\\xae\\xfbv\\xdf\\xd7\\xf3\\x9cy\\xce\\xa3\\xe8\\xe7\\xd1q\\xff\\xd0\\xe0\\xf2\\xd9\\x9c\\xcb\\xef\\xceT\\xe8|\\x8e\\x0fO\\x88\\x16\\xc7\\x1c\\x0e\\x99o\\xc5\\xca\\xb61>\\xb9i\\x98\\xea\\xfcW0\\xbd\\x1b\\xc3\\xe2-:}E\\xe6\\x03M\\xf0\\xf2\\xecj/\\xfb^\\xa4\\xe8P\\xd9\\x83*2.\\xd7Uj\\xda.\\x0eM>s\\x01\\x1ai<\\x82\\xa6>\\xa9\\xfe\\xa3\\x06k\\xb2\\xc4\\x07\\x1f\\xb5\\xe7B\\x9d\\xc2\\xa7\\xba\\x96\"m\\xb6\\x9b^w\\x18\\xba\\x99Dx'V\\xb4\\xd1,\\xf9\\xd8&;.fur\\xe3\\x86\\x95\t\\xb0*\\xfe>\\xe4\\xbc\\xd5\\x0e\\x92\\xe9\\xa1\\xf1\\x83\\xb9~f\\xb2\\xf3\\x16s.\\xb5\\xb5w\\xcaCo\\x86wl\\xd7`\\xa6\\x0f\\xb1:Q\\xdf9CS\\xd0}\\x1e<\\xa6\\x9e\\xd6i,T\\x99x\\xa7*\\xa9\\xd3\\xa7\\xf9r\\xa9\\xeb\\x04\\x98.2\\xb9\\x07\\xe1\\xa1\\xb0\\xd1\\x12\\x85\\xd2\\xc1Ns3\\x93\\xd4\\xabl\\x81'\n@h\\xc1\\xe8c\\xd0\\xbc\\xe2\\x99w\\xbe\\xa9S*\\x7f\\x95\\xb4(\\xb6\\xfah\\xba\\x87t\\xb0\\xe1\\xc5\\xb5S\\xb5\\x1b\\x9e\\xcd\\xf8%\\xf9#\\xf3\\x90\\x91O;\\xa9\\xc0%\n\\xf2\\xfa\\x06_Z#\\xf3\\x0cO\\xc9,\\x9d\\xbc\\x88j\\xfd\\x0b\\x067W[2k\\xcdS:\\xc3\\x08\\xdb\\xd8\\xc9\\xd2\\x91A\\x07\\xca~>\\xf9wU],2\\x97\\xde\\x84)\\xd7:\\x8b[U\\xb5\\xbav}R\\xcb\\x9e\\x8d\\xdb\\xfd\\xb6\\xbe\\xb3\\xbb\\x86\\xf0u%\\xb6S&\\x18ec\\x99\\x0e\\x0b\\xbd\\x8e5\\xc3\\x92\\x8d\\x1c\\xad\\x82eo\\x16W\\xe9\\x84*?F\\xf1}E\\xa0\\xde\\x8fn\\x1b\\xee&\\x0b=\\x80\\xcfp\\xbfqk\t\\xa4n\\x87U_\\x19\\x9f\\x86\\x07f\\xb3s\\xf8O\\x9dQ\\xe2_(\\xeb/\\xfe\\xbbVxo\\xeb\\x12R\\xb2f\\xec\\xa4\\xa1\\xa9\\x06o \\x03\\xec\\xf9\\xf6\\x9a\\xee\\xed\\xd5\\xabj\\xf0\\xd6\\xa4\\x96\\xfb\\xca7\\x13\\xad\\x93\\xa6s\\xc1\\xf9\\xd2\\xdf\\x14Y\\xa2\\x12\\x8a\\x981\\x82\\x1b\\xb3t\r9\\xf7\\xbc\\xee\\xa5Q|\\xd36\\xbb\\xfe\\xca?xVy\\x82\\x8fmC\\x96"
              },
              {
                "name": "SequenceNumber",
                "value": "10"
              },
              {
                "name": "BufferSize",
                "value": "7919"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-03-05 10:24:15,462",
            "thread_id": "5380",
            "caller": "0x08885b22",
            "parentcaller": "0x04569a2a",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00001f3a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\x9f}\\x86\\x95\\xcd%X\\xe9\\x0fMI\\xcf\\xdd\\x81\\x97w\\xfa\\xd3`\\x0fR\\x12n\\xed\\x1c\\xbe!@t\\xa5\\x98g\\x17\\x03\\x01\\x1f\\x10\\x9e\\x0f\\x0f\\xf4r\t`\\xeci\\xd83?\\xe5+\\xb9:\\xd5\\xc1\\xd2\\xff\\x9b\\x7f\\xd6\\xc00th\\xa3\\xff\\xf5\\xab\\xd6\\xf7\\xbahD|\\xbdJH\\xe3\\xfc\\xb5\\xd4\\x92\\x80\\xe1\\xbb\\xa1?\\x93\\xae\\xb6r\\xaf\\xc1h\\xfeF\\xd4S\\x10\\x16\\x88\\xf7\\x89\\x8a\\xa43\\x106\\x91t\\xea\\x1d*\\xb5\\x0b\\xde\\xf3\\x7f\\xe8\\xdd\\xa6\\xcb~g\\x7f\\xb7\t\\xcbx\\x0e\\xe8\\x9doi\\xda\\xb14+jv\\xba\\x01\\xfaH\\xb9\\x05\\xd1\\x858&\\xa7-b\\xcf\\xa8\\xc7j1l7~Z\\x85&\\xedE\\x84\\x18^.Z.\\x16@\\xa6\\xd2U\\xcf\\xb5:\\xff\\x8e\\xfc\\xbd?@\\xf8\\xf3\\xe6\\xb8\\xd0\\x9c_C\\xc6\\xff\\xac\\xd2\\xab\\x94\\xef\\xcdP\\xb1B\\xb34\\x80\\x9dC#\\xff)\\x0e\\xdb/$\\xee\\x1df\\xc1\\x17/\r7\\xf6\\\\x9a\\xeb\\x9d\\x1a\\x15%T\\xebp~@\\xdbV]O\"\\xa2\\xeb\\xc9\\xe8[\\x1b=="
              }
            ],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-03-05 10:24:15,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-03-05 10:24:15,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-03-05 10:24:15,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5705
          },
          {
            "timestamp": "2026-03-05 10:24:15,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-03-05 10:24:15,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-03-05 10:24:15,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-03-05 10:24:15,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-03-05 10:24:16,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-03-05 10:24:16,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-03-05 10:24:16,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-03-05 10:24:16,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-03-05 10:24:16,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-03-05 10:24:16,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-03-05 10:24:16,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-03-05 10:24:16,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-03-05 10:24:16,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-03-05 10:24:16,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-03-05 10:24:16,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-03-05 10:24:16,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-03-05 10:24:16,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-03-05 10:24:16,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-03-05 10:24:16,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5724
          },
          {
            "timestamp": "2026-03-05 10:24:17,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-03-05 10:24:17,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-03-05 10:24:17,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5727
          },
          {
            "timestamp": "2026-03-05 10:24:17,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-03-05 10:24:17,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-03-05 10:24:17,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-03-05 10:24:17,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-03-05 10:24:17,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-03-05 10:24:17,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-03-05 10:24:17,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-03-05 10:24:17,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-03-05 10:24:17,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-03-05 10:24:17,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-03-05 10:24:17,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-03-05 10:24:17,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-03-05 10:24:17,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-03-05 10:24:18,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-03-05 10:24:18,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-03-05 10:24:18,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-03-05 10:24:18,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-03-05 10:24:18,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-03-05 10:24:18,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-03-05 10:24:18,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-03-05 10:24:18,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-03-05 10:24:18,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-03-05 10:24:18,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-03-05 10:24:18,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5751
          },
          {
            "timestamp": "2026-03-05 10:24:18,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-03-05 10:24:18,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-03-05 10:24:18,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-03-05 10:24:18,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-03-05 10:24:18,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-03-05 10:24:19,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-03-05 10:24:19,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-03-05 10:24:19,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-03-05 10:24:19,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-03-05 10:24:19,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-03-05 10:24:19,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-03-05 10:24:19,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-03-05 10:24:19,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-03-05 10:24:19,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-03-05 10:24:19,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-03-05 10:24:19,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-03-05 10:24:19,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-03-05 10:24:19,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-03-05 10:24:19,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-03-05 10:24:19,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-03-05 10:24:20,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-03-05 10:24:20,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-03-05 10:24:20,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-03-05 10:24:20,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-03-05 10:24:20,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-03-05 10:24:20,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-03-05 10:24:20,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5779
          },
          {
            "timestamp": "2026-03-05 10:24:20,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-03-05 10:24:20,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-03-05 10:24:20,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-03-05 10:24:20,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-03-05 10:24:20,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-03-05 10:24:20,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-03-05 10:24:20,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-03-05 10:24:20,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-03-05 10:24:20,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-03-05 10:24:21,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5789
          },
          {
            "timestamp": "2026-03-05 10:24:21,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-03-05 10:24:21,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-03-05 10:24:21,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-03-05 10:24:21,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-03-05 10:24:21,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-03-05 10:24:21,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-03-05 10:24:21,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-03-05 10:24:21,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-03-05 10:24:21,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5798
          },
          {
            "timestamp": "2026-03-05 10:24:21,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5799
          },
          {
            "timestamp": "2026-03-05 10:24:21,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-03-05 10:24:21,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-03-05 10:24:21,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-03-05 10:24:21,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-03-05 10:24:21,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-03-05 10:24:22,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-03-05 10:24:22,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-03-05 10:24:22,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5807
          },
          {
            "timestamp": "2026-03-05 10:24:22,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-03-05 10:24:22,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5809
          },
          {
            "timestamp": "2026-03-05 10:24:22,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5810
          },
          {
            "timestamp": "2026-03-05 10:24:22,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5811
          },
          {
            "timestamp": "2026-03-05 10:24:22,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5812
          },
          {
            "timestamp": "2026-03-05 10:24:22,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5813
          },
          {
            "timestamp": "2026-03-05 10:24:22,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-03-05 10:24:22,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-03-05 10:24:22,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-03-05 10:24:22,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-03-05 10:24:22,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-03-05 10:24:22,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-03-05 10:24:22,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5820
          },
          {
            "timestamp": "2026-03-05 10:24:23,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-03-05 10:24:23,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-03-05 10:24:23,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-03-05 10:24:23,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-03-05 10:24:23,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-03-05 10:24:23,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-03-05 10:24:23,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-03-05 10:24:23,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-03-05 10:24:23,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-03-05 10:24:23,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-03-05 10:24:23,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-03-05 10:24:23,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-03-05 10:24:23,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-03-05 10:24:23,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-03-05 10:24:23,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5835
          },
          {
            "timestamp": "2026-03-05 10:24:23,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-03-05 10:24:24,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-03-05 10:24:24,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-03-05 10:24:24,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-03-05 10:24:24,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5840
          },
          {
            "timestamp": "2026-03-05 10:24:24,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-03-05 10:24:24,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-03-05 10:24:24,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-03-05 10:24:24,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5844
          },
          {
            "timestamp": "2026-03-05 10:24:24,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-03-05 10:24:24,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-03-05 10:24:24,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-03-05 10:24:24,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-03-05 10:24:24,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-03-05 10:24:24,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-03-05 10:24:24,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-03-05 10:24:24,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-03-05 10:24:25,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-03-05 10:24:25,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-03-05 10:24:25,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-03-05 10:24:25,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-03-05 10:24:25,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-03-05 10:24:25,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-03-05 10:24:25,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-03-05 10:24:25,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-03-05 10:24:25,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-03-05 10:24:25,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-03-05 10:24:25,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-03-05 10:24:25,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-03-05 10:24:25,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-03-05 10:24:25,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-03-05 10:24:25,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-03-05 10:24:25,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-03-05 10:24:26,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-03-05 10:24:26,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-03-05 10:24:26,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-03-05 10:24:26,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5872
          },
          {
            "timestamp": "2026-03-05 10:24:26,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-03-05 10:24:26,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-03-05 10:24:26,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-03-05 10:24:26,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-03-05 10:24:26,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-03-05 10:24:26,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-03-05 10:24:26,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-03-05 10:24:26,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-03-05 10:24:26,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-03-05 10:24:26,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-03-05 10:24:26,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-03-05 10:24:26,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-03-05 10:24:27,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-03-05 10:24:27,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-03-05 10:24:27,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-03-05 10:24:27,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-03-05 10:24:27,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-03-05 10:24:27,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5890
          },
          {
            "timestamp": "2026-03-05 10:24:27,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5891
          },
          {
            "timestamp": "2026-03-05 10:24:27,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-03-05 10:24:27,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-03-05 10:24:27,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5894
          },
          {
            "timestamp": "2026-03-05 10:24:27,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-03-05 10:24:27,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-03-05 10:24:27,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-03-05 10:24:27,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-03-05 10:24:27,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-03-05 10:24:27,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5900
          },
          {
            "timestamp": "2026-03-05 10:24:28,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-03-05 10:24:28,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-03-05 10:24:28,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5903
          },
          {
            "timestamp": "2026-03-05 10:24:28,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-03-05 10:24:28,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-03-05 10:24:28,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-03-05 10:24:28,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-03-05 10:24:28,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-03-05 10:24:28,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-03-05 10:24:28,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-03-05 10:24:28,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-03-05 10:24:28,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-03-05 10:24:28,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-03-05 10:24:28,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-03-05 10:24:28,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-03-05 10:24:28,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-03-05 10:24:29,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-03-05 10:24:29,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-03-05 10:24:29,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-03-05 10:24:29,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-03-05 10:24:29,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-03-05 10:24:29,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-03-05 10:24:29,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-03-05 10:24:29,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-03-05 10:24:29,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-03-05 10:24:29,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-03-05 10:24:29,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5927
          },
          {
            "timestamp": "2026-03-05 10:24:29,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-03-05 10:24:29,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-03-05 10:24:29,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-03-05 10:24:29,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-03-05 10:24:29,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-03-05 10:24:30,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-03-05 10:24:30,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-03-05 10:24:30,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-03-05 10:24:30,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-03-05 10:24:30,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-03-05 10:24:30,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-03-05 10:24:30,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-03-05 10:24:30,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-03-05 10:24:30,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-03-05 10:24:30,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5942
          },
          {
            "timestamp": "2026-03-05 10:24:30,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-03-05 10:24:30,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-03-05 10:24:30,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-03-05 10:24:30,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-03-05 10:24:30,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-03-05 10:24:30,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-03-05 10:24:31,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-03-05 10:24:31,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-03-05 10:24:31,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-03-05 10:24:31,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-03-05 10:24:31,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-03-05 10:24:31,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5954
          },
          {
            "timestamp": "2026-03-05 10:24:31,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-03-05 10:24:31,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-03-05 10:24:31,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-03-05 10:24:31,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-03-05 10:24:31,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-03-05 10:24:31,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-03-05 10:24:31,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-03-05 10:24:31,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-03-05 10:24:31,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-03-05 10:24:31,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-03-05 10:24:32,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-03-05 10:24:32,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-03-05 10:24:32,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-03-05 10:24:32,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1560"
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1560"
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c44500"
              }
            ],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "1560",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "996",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "996"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "996",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "996",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "996"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-03-05 10:24:32,337",
            "thread_id": "996",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-03-05 10:24:32,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5981
          },
          {
            "timestamp": "2026-03-05 10:24:32,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-03-05 10:24:32,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-03-05 10:24:32,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-03-05 10:24:32,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-03-05 10:24:32,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-03-05 10:24:32,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-03-05 10:24:32,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-03-05 10:24:32,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-03-05 10:24:32,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-03-05 10:24:32,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-03-05 10:24:33,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-03-05 10:24:33,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-03-05 10:24:33,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-03-05 10:24:33,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-03-05 10:24:33,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-03-05 10:24:33,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-03-05 10:24:33,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-03-05 10:24:33,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-03-05 10:24:33,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-03-05 10:24:33,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-03-05 10:24:33,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-03-05 10:24:33,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-03-05 10:24:33,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-03-05 10:24:33,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6005
          },
          {
            "timestamp": "2026-03-05 10:24:33,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-03-05 10:24:33,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-03-05 10:24:34,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6008
          },
          {
            "timestamp": "2026-03-05 10:24:34,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-03-05 10:24:34,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-03-05 10:24:34,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-03-05 10:24:34,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-03-05 10:24:34,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-03-05 10:24:34,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6014
          },
          {
            "timestamp": "2026-03-05 10:24:34,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-03-05 10:24:34,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-03-05 10:24:34,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-03-05 10:24:34,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-03-05 10:24:34,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-03-05 10:24:34,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-03-05 10:24:34,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-03-05 10:24:34,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-03-05 10:24:35,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-03-05 10:24:35,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-03-05 10:24:35,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-03-05 10:24:35,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-03-05 10:24:35,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-03-05 10:24:35,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-03-05 10:24:35,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-03-05 10:24:35,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-03-05 10:24:35,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-03-05 10:24:35,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6033
          },
          {
            "timestamp": "2026-03-05 10:24:35,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-03-05 10:24:35,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-03-05 10:24:35,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-03-05 10:24:35,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-03-05 10:24:35,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-03-05 10:24:35,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6039
          },
          {
            "timestamp": "2026-03-05 10:24:36,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-03-05 10:24:36,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6041
          },
          {
            "timestamp": "2026-03-05 10:24:36,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-03-05 10:24:36,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6043
          },
          {
            "timestamp": "2026-03-05 10:24:36,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-03-05 10:24:36,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-03-05 10:24:36,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-03-05 10:24:36,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-03-05 10:24:36,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-03-05 10:24:36,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xdd\\x0b\\xf01\\xc3lI\\x95\\xdfq\\xa1\"\\x92Z\\xff\\xb3\\xb5\\xe2\\x01\\xfd\\xff\\x91\\x1f\\xferLAw\\xf4\\xc6\\x8an"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71a50000"
              },
              {
                "name": "FunctionName",
                "value": "DecryptMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74c55a00"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x17"
              },
              {
                "name": "SequenceNumber",
                "value": "1"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": ";\\xfc\\xe6 v.\\xe6\\xc9\\x1d\\xd1\\x89\\x04\\xd2IJ\\xeb\t:\\x80\\xe1j\\x922\\x93\\xf6\\xa0\rd;_\\xd7\\x94"
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-03-05 10:24:36,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "2"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6057
          },
          {
            "timestamp": "2026-03-05 10:24:36,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "8\\xfb\\xcf\\xfdbR\\xb2s\\xa6\\xa1\\xfcj\\xee\\xcbV\\x8a\\x01\\x8b\\x18\\xe5N<\\xc0\\xe3~\\x1e\\xbd\\xd0\\x1b\\xe9\\xdc\\xb1"
              }
            ],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "3"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x9d\\x1aG8Z\\x03\\xb5\\xd0\\xc8\\xe8\\xab:\\x0f\\x03z\\xb3,.\\x94\\xcf\\x99`\\x8d\\xdd\\x97D\\xc5\\x8b\\x84(\\xaf\\xef\\x8e\\xf5\\x82`.\\xd1d-\\x84\\x92\r\\xf0\\xdb\"\\x8a\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6063
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9b\\xc5\\xc4\\x00\\x00\\xb6\\x86\\xf3=\\x03\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "4"
              },
              {
                "name": "BufferSize",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-03-05 10:24:36,806",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000864"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b598c8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1460"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000864",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b598c8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1460"
              }
            ],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000864"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1460"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 6069
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6070
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "1460",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-03-05 10:24:36,853",
            "thread_id": "1460",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-03-05 10:24:36,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-03-05 10:24:36,916",
            "thread_id": "1460",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-03-05 10:24:36,916",
            "thread_id": "1460",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1460"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-03-05 10:24:36,916",
            "thread_id": "1460",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-03-05 10:24:36,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-03-05 10:24:36,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-03-05 10:24:37,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-03-05 10:24:37,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-03-05 10:24:37,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-03-05 10:24:37,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-03-05 10:24:37,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-03-05 10:24:37,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6084
          },
          {
            "timestamp": "2026-03-05 10:24:37,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-03-05 10:24:37,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6086
          },
          {
            "timestamp": "2026-03-05 10:24:37,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-03-05 10:24:37,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-03-05 10:24:37,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6089
          },
          {
            "timestamp": "2026-03-05 10:24:37,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-03-05 10:24:37,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-03-05 10:24:37,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-03-05 10:24:37,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-03-05 10:24:37,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-03-05 10:24:38,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6095
          },
          {
            "timestamp": "2026-03-05 10:24:38,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6096
          },
          {
            "timestamp": "2026-03-05 10:24:38,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6097
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-03-05 10:24:38,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6099
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6101
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-03-05 10:24:38,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6107
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6108
          },
          {
            "timestamp": "2026-03-05 10:24:39,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-03-05 10:24:39,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-03-05 10:24:39,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6113
          },
          {
            "timestamp": "2026-03-05 10:24:39,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-03-05 10:24:39,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-03-05 10:24:39,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-03-05 10:24:39,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-03-05 10:24:39,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-03-05 10:24:39,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6119
          },
          {
            "timestamp": "2026-03-05 10:24:39,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-03-05 10:24:39,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-03-05 10:24:39,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-03-05 10:24:40,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-03-05 10:24:40,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-03-05 10:24:40,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6125
          },
          {
            "timestamp": "2026-03-05 10:24:40,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-03-05 10:24:40,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-03-05 10:24:40,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-03-05 10:24:40,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6129
          },
          {
            "timestamp": "2026-03-05 10:24:40,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-03-05 10:24:40,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6131
          },
          {
            "timestamp": "2026-03-05 10:24:40,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-03-05 10:24:40,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-03-05 10:24:40,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-03-05 10:24:40,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-03-05 10:24:40,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-03-05 10:24:41,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6137
          },
          {
            "timestamp": "2026-03-05 10:24:41,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-03-05 10:24:41,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6139
          },
          {
            "timestamp": "2026-03-05 10:24:41,197",
            "thread_id": "3188",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3188"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-03-05 10:24:41,197",
            "thread_id": "3188",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6141
          },
          {
            "timestamp": "2026-03-05 10:24:41,197",
            "thread_id": "3292",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3292"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-03-05 10:24:41,197",
            "thread_id": "3292",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-03-05 10:24:41,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-03-05 10:24:41,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-03-05 10:24:41,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-03-05 10:24:41,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-03-05 10:24:41,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-03-05 10:24:41,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6149
          },
          {
            "timestamp": "2026-03-05 10:24:41,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-03-05 10:24:41,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-03-05 10:24:42,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-03-05 10:24:42,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-03-05 10:24:42,416",
            "thread_id": "6528",
            "caller": "0x76918f18",
            "parentcaller": "0x76918dcd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-03-05 10:24:42,416",
            "thread_id": "6528",
            "caller": "0x76918f18",
            "parentcaller": "0x76918dcd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-03-05 10:24:42,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-03-05 10:24:42,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6164
          },
          {
            "timestamp": "2026-03-05 10:24:42,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-03-05 10:24:42,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6166
          },
          {
            "timestamp": "2026-03-05 10:24:42,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6167
          },
          {
            "timestamp": "2026-03-05 10:24:42,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-03-05 10:24:42,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6169
          },
          {
            "timestamp": "2026-03-05 10:24:42,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-03-05 10:24:43,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6173
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-03-05 10:24:43,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6175
          },
          {
            "timestamp": "2026-03-05 10:24:43,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-03-05 10:24:43,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6177
          },
          {
            "timestamp": "2026-03-05 10:24:43,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6178
          },
          {
            "timestamp": "2026-03-05 10:24:43,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6179
          },
          {
            "timestamp": "2026-03-05 10:24:43,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-03-05 10:24:43,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6181
          },
          {
            "timestamp": "2026-03-05 10:24:43,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6185
          },
          {
            "timestamp": "2026-03-05 10:24:43,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6186
          },
          {
            "timestamp": "2026-03-05 10:24:44,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-03-05 10:24:44,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-03-05 10:24:44,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-03-05 10:24:44,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-03-05 10:24:44,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6191
          },
          {
            "timestamp": "2026-03-05 10:24:44,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-03-05 10:24:44,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-03-05 10:24:44,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-03-05 10:24:44,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-03-05 10:24:44,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6197
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-03-05 10:24:44,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-03-05 10:24:45,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-03-05 10:24:45,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-03-05 10:24:45,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6203
          },
          {
            "timestamp": "2026-03-05 10:24:45,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-03-05 10:24:45,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-03-05 10:24:45,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-03-05 10:24:45,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-03-05 10:24:45,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6209
          },
          {
            "timestamp": "2026-03-05 10:24:45,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-03-05 10:24:45,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-03-05 10:24:45,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6215
          },
          {
            "timestamp": "2026-03-05 10:24:46,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-03-05 10:24:46,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-03-05 10:24:46,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6228
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6230
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6232
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6234
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6235
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6236
          },
          {
            "timestamp": "2026-03-05 10:24:47,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6237
          },
          {
            "timestamp": "2026-03-05 10:24:47,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6238
          },
          {
            "timestamp": "2026-03-05 10:24:48,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6239
          },
          {
            "timestamp": "2026-03-05 10:24:48,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6240
          },
          {
            "timestamp": "2026-03-05 10:24:48,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6241
          },
          {
            "timestamp": "2026-03-05 10:24:48,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6242
          },
          {
            "timestamp": "2026-03-05 10:24:48,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6243
          },
          {
            "timestamp": "2026-03-05 10:24:48,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6244
          },
          {
            "timestamp": "2026-03-05 10:24:48,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6245
          },
          {
            "timestamp": "2026-03-05 10:24:48,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6246
          },
          {
            "timestamp": "2026-03-05 10:24:48,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6247
          },
          {
            "timestamp": "2026-03-05 10:24:48,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6248
          },
          {
            "timestamp": "2026-03-05 10:24:48,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6249
          },
          {
            "timestamp": "2026-03-05 10:24:48,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6250
          },
          {
            "timestamp": "2026-03-05 10:24:48,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6251
          },
          {
            "timestamp": "2026-03-05 10:24:48,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6252
          },
          {
            "timestamp": "2026-03-05 10:24:49,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6253
          },
          {
            "timestamp": "2026-03-05 10:24:49,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6254
          },
          {
            "timestamp": "2026-03-05 10:24:49,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6255
          },
          {
            "timestamp": "2026-03-05 10:24:49,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6256
          },
          {
            "timestamp": "2026-03-05 10:24:49,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6257
          },
          {
            "timestamp": "2026-03-05 10:24:49,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6258
          },
          {
            "timestamp": "2026-03-05 10:24:49,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6259
          },
          {
            "timestamp": "2026-03-05 10:24:49,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6260
          },
          {
            "timestamp": "2026-03-05 10:24:49,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6261
          },
          {
            "timestamp": "2026-03-05 10:24:49,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6262
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6263
          },
          {
            "timestamp": "2026-03-05 10:24:49,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6264
          },
          {
            "timestamp": "2026-03-05 10:24:49,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6265
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6266
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6267
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6268
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6269
          },
          {
            "timestamp": "2026-03-05 10:24:50,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6270
          },
          {
            "timestamp": "2026-03-05 10:24:50,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6271
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6272
          },
          {
            "timestamp": "2026-03-05 10:24:50,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6273
          },
          {
            "timestamp": "2026-03-05 10:24:50,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6274
          },
          {
            "timestamp": "2026-03-05 10:24:50,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6275
          },
          {
            "timestamp": "2026-03-05 10:24:50,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6276
          },
          {
            "timestamp": "2026-03-05 10:24:50,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6277
          },
          {
            "timestamp": "2026-03-05 10:24:50,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6278
          },
          {
            "timestamp": "2026-03-05 10:24:50,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6279
          },
          {
            "timestamp": "2026-03-05 10:24:50,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6280
          },
          {
            "timestamp": "2026-03-05 10:24:50,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6281
          },
          {
            "timestamp": "2026-03-05 10:24:50,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6282
          },
          {
            "timestamp": "2026-03-05 10:24:50,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6283
          },
          {
            "timestamp": "2026-03-05 10:24:50,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6284
          },
          {
            "timestamp": "2026-03-05 10:24:51,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6285
          },
          {
            "timestamp": "2026-03-05 10:24:51,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6286
          },
          {
            "timestamp": "2026-03-05 10:24:51,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6287
          },
          {
            "timestamp": "2026-03-05 10:24:51,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6288
          },
          {
            "timestamp": "2026-03-05 10:24:51,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6289
          },
          {
            "timestamp": "2026-03-05 10:24:51,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6290
          },
          {
            "timestamp": "2026-03-05 10:24:51,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6291
          },
          {
            "timestamp": "2026-03-05 10:24:51,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6292
          },
          {
            "timestamp": "2026-03-05 10:24:51,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6293
          },
          {
            "timestamp": "2026-03-05 10:24:51,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6294
          },
          {
            "timestamp": "2026-03-05 10:24:51,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6295
          },
          {
            "timestamp": "2026-03-05 10:24:51,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6296
          },
          {
            "timestamp": "2026-03-05 10:24:51,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6297
          },
          {
            "timestamp": "2026-03-05 10:24:51,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6298
          },
          {
            "timestamp": "2026-03-05 10:24:51,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6299
          },
          {
            "timestamp": "2026-03-05 10:24:51,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6300
          },
          {
            "timestamp": "2026-03-05 10:24:52,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6301
          },
          {
            "timestamp": "2026-03-05 10:24:52,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6302
          },
          {
            "timestamp": "2026-03-05 10:24:52,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6303
          },
          {
            "timestamp": "2026-03-05 10:24:52,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6304
          },
          {
            "timestamp": "2026-03-05 10:24:52,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6305
          },
          {
            "timestamp": "2026-03-05 10:24:52,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6306
          },
          {
            "timestamp": "2026-03-05 10:24:52,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6307
          },
          {
            "timestamp": "2026-03-05 10:24:52,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6308
          },
          {
            "timestamp": "2026-03-05 10:24:52,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6309
          },
          {
            "timestamp": "2026-03-05 10:24:52,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6310
          },
          {
            "timestamp": "2026-03-05 10:24:52,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6311
          },
          {
            "timestamp": "2026-03-05 10:24:52,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6312
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6313
          },
          {
            "timestamp": "2026-03-05 10:24:52,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6314
          },
          {
            "timestamp": "2026-03-05 10:24:52,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6315
          },
          {
            "timestamp": "2026-03-05 10:24:52,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6316
          },
          {
            "timestamp": "2026-03-05 10:24:53,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6317
          },
          {
            "timestamp": "2026-03-05 10:24:53,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6318
          },
          {
            "timestamp": "2026-03-05 10:24:53,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6319
          },
          {
            "timestamp": "2026-03-05 10:24:53,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6320
          },
          {
            "timestamp": "2026-03-05 10:24:53,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6321
          },
          {
            "timestamp": "2026-03-05 10:24:53,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6322
          },
          {
            "timestamp": "2026-03-05 10:24:53,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6323
          },
          {
            "timestamp": "2026-03-05 10:24:53,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6324
          },
          {
            "timestamp": "2026-03-05 10:24:53,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6325
          },
          {
            "timestamp": "2026-03-05 10:24:53,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6326
          },
          {
            "timestamp": "2026-03-05 10:24:53,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6327
          },
          {
            "timestamp": "2026-03-05 10:24:53,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6328
          },
          {
            "timestamp": "2026-03-05 10:24:53,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6329
          },
          {
            "timestamp": "2026-03-05 10:24:53,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6330
          },
          {
            "timestamp": "2026-03-05 10:24:53,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6331
          },
          {
            "timestamp": "2026-03-05 10:24:53,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6332
          },
          {
            "timestamp": "2026-03-05 10:24:54,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6333
          },
          {
            "timestamp": "2026-03-05 10:24:54,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6334
          },
          {
            "timestamp": "2026-03-05 10:24:54,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6335
          },
          {
            "timestamp": "2026-03-05 10:24:54,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6336
          },
          {
            "timestamp": "2026-03-05 10:24:54,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6337
          },
          {
            "timestamp": "2026-03-05 10:24:54,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6338
          },
          {
            "timestamp": "2026-03-05 10:24:54,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6339
          },
          {
            "timestamp": "2026-03-05 10:24:54,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6340
          },
          {
            "timestamp": "2026-03-05 10:24:54,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6341
          },
          {
            "timestamp": "2026-03-05 10:24:54,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6342
          },
          {
            "timestamp": "2026-03-05 10:24:54,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6343
          },
          {
            "timestamp": "2026-03-05 10:24:54,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6344
          },
          {
            "timestamp": "2026-03-05 10:24:54,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6345
          },
          {
            "timestamp": "2026-03-05 10:24:54,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6346
          },
          {
            "timestamp": "2026-03-05 10:24:55,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6347
          },
          {
            "timestamp": "2026-03-05 10:24:55,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6348
          },
          {
            "timestamp": "2026-03-05 10:24:55,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6349
          },
          {
            "timestamp": "2026-03-05 10:24:55,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6350
          },
          {
            "timestamp": "2026-03-05 10:24:55,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6351
          },
          {
            "timestamp": "2026-03-05 10:24:55,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6352
          },
          {
            "timestamp": "2026-03-05 10:24:55,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6353
          },
          {
            "timestamp": "2026-03-05 10:24:55,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6354
          },
          {
            "timestamp": "2026-03-05 10:24:55,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6355
          },
          {
            "timestamp": "2026-03-05 10:24:55,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6356
          },
          {
            "timestamp": "2026-03-05 10:24:55,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6357
          },
          {
            "timestamp": "2026-03-05 10:24:55,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6358
          },
          {
            "timestamp": "2026-03-05 10:24:55,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6359
          },
          {
            "timestamp": "2026-03-05 10:24:55,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6360
          },
          {
            "timestamp": "2026-03-05 10:24:55,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6361
          },
          {
            "timestamp": "2026-03-05 10:24:55,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6362
          },
          {
            "timestamp": "2026-03-05 10:24:56,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6363
          },
          {
            "timestamp": "2026-03-05 10:24:56,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6364
          },
          {
            "timestamp": "2026-03-05 10:24:56,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6365
          },
          {
            "timestamp": "2026-03-05 10:24:56,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6366
          },
          {
            "timestamp": "2026-03-05 10:24:56,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6367
          },
          {
            "timestamp": "2026-03-05 10:24:56,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6368
          },
          {
            "timestamp": "2026-03-05 10:24:56,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6369
          },
          {
            "timestamp": "2026-03-05 10:24:56,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6370
          },
          {
            "timestamp": "2026-03-05 10:24:56,541",
            "thread_id": "5168",
            "caller": "0x75c51454",
            "parentcaller": "0x7691b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000448"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 6371
          },
          {
            "timestamp": "2026-03-05 10:24:56,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6372
          },
          {
            "timestamp": "2026-03-05 10:24:56,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6373
          },
          {
            "timestamp": "2026-03-05 10:24:56,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6374
          },
          {
            "timestamp": "2026-03-05 10:24:56,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6375
          },
          {
            "timestamp": "2026-03-05 10:24:56,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6376
          },
          {
            "timestamp": "2026-03-05 10:24:56,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6377
          },
          {
            "timestamp": "2026-03-05 10:24:56,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6378
          },
          {
            "timestamp": "2026-03-05 10:24:56,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6379
          },
          {
            "timestamp": "2026-03-05 10:24:57,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6380
          },
          {
            "timestamp": "2026-03-05 10:24:57,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6381
          },
          {
            "timestamp": "2026-03-05 10:24:57,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6382
          },
          {
            "timestamp": "2026-03-05 10:24:57,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6383
          },
          {
            "timestamp": "2026-03-05 10:24:57,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6384
          },
          {
            "timestamp": "2026-03-05 10:24:57,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6385
          },
          {
            "timestamp": "2026-03-05 10:24:57,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6386
          },
          {
            "timestamp": "2026-03-05 10:24:57,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6387
          },
          {
            "timestamp": "2026-03-05 10:24:57,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6388
          },
          {
            "timestamp": "2026-03-05 10:24:57,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6389
          },
          {
            "timestamp": "2026-03-05 10:24:57,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6390
          },
          {
            "timestamp": "2026-03-05 10:24:57,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6391
          },
          {
            "timestamp": "2026-03-05 10:24:57,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6392
          },
          {
            "timestamp": "2026-03-05 10:24:57,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6393
          },
          {
            "timestamp": "2026-03-05 10:24:57,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6394
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6395
          },
          {
            "timestamp": "2026-03-05 10:24:58,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6396
          },
          {
            "timestamp": "2026-03-05 10:24:58,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6397
          },
          {
            "timestamp": "2026-03-05 10:24:58,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6398
          },
          {
            "timestamp": "2026-03-05 10:24:58,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6399
          },
          {
            "timestamp": "2026-03-05 10:24:58,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6400
          },
          {
            "timestamp": "2026-03-05 10:24:58,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6401
          },
          {
            "timestamp": "2026-03-05 10:24:58,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6402
          },
          {
            "timestamp": "2026-03-05 10:24:58,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6403
          },
          {
            "timestamp": "2026-03-05 10:24:58,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6404
          },
          {
            "timestamp": "2026-03-05 10:24:58,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6405
          },
          {
            "timestamp": "2026-03-05 10:24:58,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6406
          },
          {
            "timestamp": "2026-03-05 10:24:58,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6407
          },
          {
            "timestamp": "2026-03-05 10:24:58,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6408
          },
          {
            "timestamp": "2026-03-05 10:24:58,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6409
          },
          {
            "timestamp": "2026-03-05 10:24:59,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6410
          },
          {
            "timestamp": "2026-03-05 10:24:59,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6411
          },
          {
            "timestamp": "2026-03-05 10:24:59,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6412
          },
          {
            "timestamp": "2026-03-05 10:24:59,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6413
          },
          {
            "timestamp": "2026-03-05 10:24:59,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6414
          },
          {
            "timestamp": "2026-03-05 10:24:59,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6415
          },
          {
            "timestamp": "2026-03-05 10:24:59,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6416
          },
          {
            "timestamp": "2026-03-05 10:24:59,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6417
          },
          {
            "timestamp": "2026-03-05 10:24:59,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6418
          },
          {
            "timestamp": "2026-03-05 10:24:59,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6419
          },
          {
            "timestamp": "2026-03-05 10:24:59,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6420
          },
          {
            "timestamp": "2026-03-05 10:24:59,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6421
          },
          {
            "timestamp": "2026-03-05 10:24:59,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6422
          },
          {
            "timestamp": "2026-03-05 10:24:59,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6423
          },
          {
            "timestamp": "2026-03-05 10:25:00,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6424
          },
          {
            "timestamp": "2026-03-05 10:25:00,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6425
          },
          {
            "timestamp": "2026-03-05 10:25:00,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6426
          },
          {
            "timestamp": "2026-03-05 10:25:00,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6427
          },
          {
            "timestamp": "2026-03-05 10:25:00,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6428
          },
          {
            "timestamp": "2026-03-05 10:25:00,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6429
          },
          {
            "timestamp": "2026-03-05 10:25:00,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6430
          },
          {
            "timestamp": "2026-03-05 10:25:00,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6431
          },
          {
            "timestamp": "2026-03-05 10:25:00,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6432
          },
          {
            "timestamp": "2026-03-05 10:25:00,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6433
          },
          {
            "timestamp": "2026-03-05 10:25:00,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6434
          },
          {
            "timestamp": "2026-03-05 10:25:00,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6435
          },
          {
            "timestamp": "2026-03-05 10:25:00,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6436
          },
          {
            "timestamp": "2026-03-05 10:25:00,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6437
          },
          {
            "timestamp": "2026-03-05 10:25:01,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6438
          },
          {
            "timestamp": "2026-03-05 10:25:01,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6439
          },
          {
            "timestamp": "2026-03-05 10:25:01,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6440
          },
          {
            "timestamp": "2026-03-05 10:25:01,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6441
          },
          {
            "timestamp": "2026-03-05 10:25:01,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6442
          },
          {
            "timestamp": "2026-03-05 10:25:01,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6443
          },
          {
            "timestamp": "2026-03-05 10:25:01,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6444
          },
          {
            "timestamp": "2026-03-05 10:25:01,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6445
          },
          {
            "timestamp": "2026-03-05 10:25:01,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6446
          },
          {
            "timestamp": "2026-03-05 10:25:01,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6447
          },
          {
            "timestamp": "2026-03-05 10:25:01,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6448
          },
          {
            "timestamp": "2026-03-05 10:25:01,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6449
          },
          {
            "timestamp": "2026-03-05 10:25:01,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6450
          },
          {
            "timestamp": "2026-03-05 10:25:01,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6451
          },
          {
            "timestamp": "2026-03-05 10:25:02,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6452
          },
          {
            "timestamp": "2026-03-05 10:25:02,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6453
          },
          {
            "timestamp": "2026-03-05 10:25:02,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6454
          },
          {
            "timestamp": "2026-03-05 10:25:02,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6455
          },
          {
            "timestamp": "2026-03-05 10:25:02,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6456
          },
          {
            "timestamp": "2026-03-05 10:25:02,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6457
          },
          {
            "timestamp": "2026-03-05 10:25:02,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6458
          },
          {
            "timestamp": "2026-03-05 10:25:02,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6459
          },
          {
            "timestamp": "2026-03-05 10:25:02,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6460
          },
          {
            "timestamp": "2026-03-05 10:25:02,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6461
          },
          {
            "timestamp": "2026-03-05 10:25:02,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6462
          },
          {
            "timestamp": "2026-03-05 10:25:02,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6463
          },
          {
            "timestamp": "2026-03-05 10:25:02,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6464
          },
          {
            "timestamp": "2026-03-05 10:25:02,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6465
          },
          {
            "timestamp": "2026-03-05 10:25:03,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6466
          },
          {
            "timestamp": "2026-03-05 10:25:03,025",
            "thread_id": "4768",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6467
          },
          {
            "timestamp": "2026-03-05 10:25:03,056",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000087c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59978"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2908"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 6468
          },
          {
            "timestamp": "2026-03-05 10:25:03,056",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000087c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59978"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "2908"
              }
            ],
            "repeated": 0,
            "id": 6469
          },
          {
            "timestamp": "2026-03-05 10:25:03,056",
            "thread_id": "4768",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000087c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2908"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 6470
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6471
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "2908",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6472
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "2908",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6473
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "2908",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6474
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "2908",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6475
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "2908",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000087c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x90\\xcd\\x008\\x13\\x00\\x00\\\\x0b\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2908"
              }
            ],
            "repeated": 0,
            "id": 6476
          },
          {
            "timestamp": "2026-03-05 10:25:03,072",
            "thread_id": "2908",
            "caller": "0x08888fb7",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 6477
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000884"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73092e70"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3344"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 6478
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000884",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73092e70"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "3344"
              }
            ],
            "repeated": 0,
            "id": 6479
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "4768",
            "caller": "0x75c4269a",
            "parentcaller": "0x73092c45",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000884"
              }
            ],
            "repeated": 0,
            "id": 6480
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6481
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "55000"
              }
            ],
            "repeated": 0,
            "id": 6482
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "3344",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6483
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "3344",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6484
          },
          {
            "timestamp": "2026-03-05 10:25:03,103",
            "thread_id": "3344",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000884"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6485
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6486
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6487
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6488
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885b04",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6489
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x16"
              },
              {
                "name": "SequenceNumber",
                "value": "11"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6490
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "12"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6491
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 ?\\xf0\\x1c\\xaaA\\x8f\\xc9\\xac0\\x83\\x0bKa1\\xd3J~\\xacK\\xeb5\\x07z3\\xe8\\x86i\\xd5J\\x0c\\x0b*\\x17\\x03\\x01\\x00 \\xc8\\xb2>\\x1c\\x16\\xc5\\xde\\xc8\\xd7-\\x06\\xb0\\xb4\\xbf\\x0fEG\\xc0WVS\\xb4\\x18\\x83\\x0f\\xd9k\\x9c3\\x83Q\\xfe"
              }
            ],
            "repeated": 0,
            "id": 6492
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885c41",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6493
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "13"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6494
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "14"
              },
              {
                "name": "BufferSize",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 6495
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000005a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xeb\\x1ds\\x8b\\xe7\\xb1\\xbdP*\\xce\\xfa\\x0e\\x8aI\\x82v\\xdd:\\x85P@\\x02\\x9bK\\xa2BO\\xeb\\xbe\\x02\\xeb\\xb6\\x17\\x03\\x01\\x000\\xe7\\x91\\x02\\x00\\xfc\\x95!X\\x0b\\xa4\\xd3=\\xf9\\x9e\\x0f\\xedR\\x92\\xcb\\xd0\\x00\\xac\\xf2\\xe7\\xf4x\\xb1(\\xf27\\xcc\\x96\\xf8\\xf5\\x9b\\xbfW\\x19=h\\x96(\\xdb\\xc8/\\x17\\x89\\x1c"
              }
            ],
            "repeated": 0,
            "id": 6496
          },
          {
            "timestamp": "2026-03-05 10:25:03,119",
            "thread_id": "2908",
            "caller": "0x08888f71",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "40"
              }
            ],
            "repeated": 0,
            "id": 6497
          },
          {
            "timestamp": "2026-03-05 10:25:03,181",
            "thread_id": "2908",
            "caller": "0x08888e7f",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6498
          },
          {
            "timestamp": "2026-03-05 10:25:03,181",
            "thread_id": "2908",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6499
          },
          {
            "timestamp": "2026-03-05 10:25:03,197",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 6500
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6501
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6502
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "2908",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59978"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3780"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 6503
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "2908",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000008a4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59978"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3780"
              }
            ],
            "repeated": 0,
            "id": 6504
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "2908",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008a4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3780"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 6505
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01164000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6506
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6507
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6508
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6509
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6510
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6511
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 98,
            "id": 6512
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6513
          },
          {
            "timestamp": "2026-03-05 10:25:03,212",
            "thread_id": "3780",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 6514
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "2908",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6515
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "3780",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6516
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6517
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6518
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "3780",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6519
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "3780",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008a4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xf0\\xcd\\x008\\x13\\x00\\x00\\xc4\\x0e\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3780"
              }
            ],
            "repeated": 0,
            "id": 6520
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "3780",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6521
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6522
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 94,
            "id": 6523
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "2908",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6524
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "2908",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 6525
          },
          {
            "timestamp": "2026-03-05 10:25:03,228",
            "thread_id": "3780",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 25,
            "id": 6526
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6527
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "3780",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6528
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6529
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6530
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 58,
            "id": 6531
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6532
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x07\\xa6\\x04\\xb5qRW^\\xeb\\xce\\x8aB\\x0c\\x13\\xf3\\x03\\xadh\\x99\\x91O\n\\xa9\\xe3\\xfeG9O0\\xc4n\\x9c"
              }
            ],
            "repeated": 0,
            "id": 6533
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x16"
              },
              {
                "name": "SequenceNumber",
                "value": "5"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6534
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6535
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xb7\\x04\\xeb\\xfe\\xed\\xa8\\xd6\"\\xbd\\x17\\xdb\\x04e\\x9c,\\x8e\\x9am\\xe8\\x19\\x8b\\xdcz\\x9e\\x89?\\xb9\\x91Y\\xa9\\xf1\\x13"
              }
            ],
            "repeated": 0,
            "id": 6536
          },
          {
            "timestamp": "2026-03-05 10:25:03,244",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "6"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6537
          },
          {
            "timestamp": "2026-03-05 10:25:03,259",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6538
          },
          {
            "timestamp": "2026-03-05 10:25:03,259",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6539
          },
          {
            "timestamp": "2026-03-05 10:25:03,259",
            "thread_id": "2908",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6540
          },
          {
            "timestamp": "2026-03-05 10:25:03,259",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 6541
          },
          {
            "timestamp": "2026-03-05 10:25:03,275",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6542
          },
          {
            "timestamp": "2026-03-05 10:25:03,275",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 15,
            "id": 6543
          },
          {
            "timestamp": "2026-03-05 10:25:03,291",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6544
          },
          {
            "timestamp": "2026-03-05 10:25:03,322",
            "thread_id": "2908",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6545
          },
          {
            "timestamp": "2026-03-05 10:25:03,322",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6546
          },
          {
            "timestamp": "2026-03-05 10:25:03,322",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 6547
          },
          {
            "timestamp": "2026-03-05 10:25:03,322",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6548
          },
          {
            "timestamp": "2026-03-05 10:25:03,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6549
          },
          {
            "timestamp": "2026-03-05 10:25:03,337",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6550
          },
          {
            "timestamp": "2026-03-05 10:25:03,337",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6551
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "2908",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6552
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6553
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6554
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "xZ\\x8c\\xc8e\\xbc$\\xb1\\xff\\xacA\\x15\\x82\\xd7\\xff\\xcf\\x0f^^\\xff\\xe69\\x11\\x82\\x06\\x9f\\x1a\\xc6\\xd6m\\x80\\x08"
              }
            ],
            "repeated": 0,
            "id": 6555
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "7"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6556
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 6557
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "*\\x85a\\xb8\\x06\\xddcf\\xca\\x97\\xce2j\\xec=\\xad1\\x9d\\x06H\\xbd\\xc4\\xf2Rt\\xd7\\x08\\xd4\\x00\\x9aY\\xe4\\x0e\\xd5\\xd1Dg\\x0c\\x84\\x19\\x07=\\xb3\\xdc,\\x0f\\xb4\\xfc"
              }
            ],
            "repeated": 0,
            "id": 6558
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "8"
              },
              {
                "name": "BufferSize",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 6559
          },
          {
            "timestamp": "2026-03-05 10:25:03,400",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6560
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6561
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6562
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "6364"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 6563
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000008bc",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "6364"
              }
            ],
            "repeated": 0,
            "id": 6564
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008bc"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "6364"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 6565
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6566
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01165000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6567
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x7796138f",
            "parentcaller": "0x7796110a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 6568
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x779613ac",
            "parentcaller": "0x7796110a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008c4"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 6569
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x779613c2",
            "parentcaller": "0x7796110a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008c4"
              }
            ],
            "repeated": 0,
            "id": 6570
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x7795f04b",
            "parentcaller": "0x7795ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01330000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6571
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x7795f092",
            "parentcaller": "0x7795ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01330000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6572
          },
          {
            "timestamp": "2026-03-05 10:25:03,431",
            "thread_id": "6364",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01167000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6573
          },
          {
            "timestamp": "2026-03-05 10:25:03,447",
            "thread_id": "6364",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6574
          },
          {
            "timestamp": "2026-03-05 10:25:03,447",
            "thread_id": "6364",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6575
          },
          {
            "timestamp": "2026-03-05 10:25:03,447",
            "thread_id": "6364",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6576
          },
          {
            "timestamp": "2026-03-05 10:25:03,447",
            "thread_id": "6364",
            "caller": "0x082d7d99",
            "parentcaller": "0x082d7bc4",
            "category": "system",
            "api": "GetLastInputInfo",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 6577
          },
          {
            "timestamp": "2026-03-05 10:25:03,447",
            "thread_id": "6364",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6578
          },
          {
            "timestamp": "2026-03-05 10:25:03,462",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6579
          },
          {
            "timestamp": "2026-03-05 10:25:03,462",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6580
          },
          {
            "timestamp": "2026-03-05 10:25:03,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6581
          },
          {
            "timestamp": "2026-03-05 10:25:03,509",
            "thread_id": "6364",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6582
          },
          {
            "timestamp": "2026-03-05 10:25:03,509",
            "thread_id": "6364",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6583
          },
          {
            "timestamp": "2026-03-05 10:25:03,525",
            "thread_id": "2908",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 6584
          },
          {
            "timestamp": "2026-03-05 10:25:03,525",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 6585
          },
          {
            "timestamp": "2026-03-05 10:25:03,525",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "54610"
              }
            ],
            "repeated": 0,
            "id": 6586
          },
          {
            "timestamp": "2026-03-05 10:25:03,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6587
          },
          {
            "timestamp": "2026-03-05 10:25:03,525",
            "thread_id": "6364",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 6588
          },
          {
            "timestamp": "2026-03-05 10:25:03,525",
            "thread_id": "6364",
            "caller": "0x08885022",
            "parentcaller": "0x08884d48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08f45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6589
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 6590
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 6591
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6592
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6593
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b04",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6594
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x9c"
              },
              {
                "name": "SequenceNumber",
                "value": "15"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6595
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xb3\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "16"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6596
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xec@\\x87%\\xb6U\\x15T\\xc7\\x7f\\xb0~\\xd4\\xc8BwO\\x91\\xa3\\xeb\\xed\\xe8g~\\xd3\\x8c\\xfc\\xdat\\xcc\\xea\\xa8\\x17\\x03\\x01\\x00 H\\x18-\\xac*$\\xc1({\\xae\\x93\\x83\\xa1\\xd9\\xaan<l\\x18\\xd0y>\\xa9z\\xf8\\x8d.eCRa}"
              }
            ],
            "repeated": 0,
            "id": 6597
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885c41",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6598
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "17"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6599
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\xec\\xbauT\\x94]\\xf77~\r\\x03\\x0c\\x8d \\xdd\\x1dCHI\\xb7\\xd2JI\\x87twI\\x89\\x84\\x82\\x80C\r\\xa14\\xd2)\\xdd\\xa8t7H\\xa7CH+)\\x82\\xf0\\x1b\\xf4\\xbe\\x9f\\xe7~\\xbe\\xef7\\xee\\xe7]\\xeb\\xf7\\xc7\\xfb\\xaewX\\x8b5s\\xce>{\\xef\\xcfg\\xefs\\xae\\xeb\\xecs\\x08\\xbb\\xe2\\xc1\\x18\\xe8\\xb7@\\x0c\\xf8\\xea\\xee.6\\xeefNt\\x0f\\xcd\\x9c\\xcdl\\xac\\xdc\\xa18<\\x96t<\\xb6t<Nt|<\\x1e|\\x19\\xf1\\xe0\\xeb\\x99\\xeb\\x15\\xe0\\x96\\xb2\\xbc\\x92<\\x00\\x02\\x81\\x00S\\xe4\\x1fp=\\x0f\\xdc\\x03p1\\xb1\\xb0\\xb10p\\xb1\\xb1\\xb1\\xf1\\xf1po\\x11\\xd1\\x13\\x13\\x11\\x12\\x12\\xb1Q\\xd3\\x90\\xd1\\xf3@\\xf9x\\xef@\\xb9\\xb9\\x04\\xc4T\\xa4\\x05\\x84\\x15D\\xb8\\xb8e\\xf5e\\x15T\\xd5\\xb5\\xb4\\xb5\\xf8\\xa5\\x8c-\\x8c4\\xcdU\\x1eii\\xdc(\\x01\\xe1\\xe1\\xe3\\x13\\x11\\x10\\xb1\\x12\\x13\\xb3j\\x08r\\x0bj\\xfc\\xdb\\x9f\\xebV\\x80\\x00\\x03\\xb4\\x82\\x12\\x04\\x061\\x00(\\x04 0\\x01\\xe8\\xba\\x13\\xa0\\x05\\x00\\x10\\x1a\\xe8\\xd7\\x07\\xf8\\xe3\\x03B\\x01\\xa3\\xa2\\xa1C0\\x90N#\\x05jo\\x01( 0\\x18\\x05\\x15\\x8c\\x86\\x86\\x8a\\x8a\\xec\r@\\xf6\\x03\\xa8\\x04h\\x84\\xf4\\xbc2\\xe8\\xb75\\xcc \\x0cnD|\\xc1qo1\\x18e+\\xdb\\x885\\xc7\\xbe2\\xf1\\x9b\\xbb\\x87`b\\x91\\x90\\x92\\x91S0\\xb3\\xb0\\xb2\\xb1C\\x05\\xee\n\n\t\\x8b\\x88\\xde\\xbb/'\\xaf\\xa0\\xa8\\xa4\\xfcHK[GWO\\xdf\\xc0\\xc2\\xd2\\xca\\xda\\xc6\\xd6\\xce\\xde\\xc3\\xd3\\xeb\\x89\\xb7\\x8f\\xaf\\xdf\\xf3\\x17\\xa1a/\\xc3#\"\\xe1\\xf1\t\\x89I\\xaf\\xdf$\\xa7d\\xe7\\xe4\\xe6\\xe5\\x17\\x14\\x16\\x15WU\\xd7\\xd4\\xd6\\xd5746\\xb5wtvu\\xf7\\xf4\\xf6\\xf5\\x8fOL~\\x9a\\x9a\\x9e\\x99\\x9d[\\xfd\\x8cX[\\xdf\\xd8\\xfc\\xb2\\xb5\\xfd\\xed\\xf0\\xe8\\xf8\\xe4\\xf4\\xec\\xfb\\xf9\\x8f\\x1b\\ \\x00\\x0c\\xfa\\xf3\\xf3\\x9f\\xe2\"@\\xe2BAE\\x05\\xa3Bnp\\x81P\\xbco\\x04\\x08P\\xd1\\xe8y\\xd1\te4 fn\\xb7\\x19\\xf8\\x821\\x88d\\xe3\\xdeV\\xb6a2\\xf2k~%6w\\x1f\\xc3\"a\\x12Xe\\xfev\\x03\\xed\\x17\\xb2\\xbf\\x07,\\xe4\\x7f\\x0b\\xd9?\\x80\\xfd\\x13\\xd7\\x1c\\x80\\x03\\x06!\\x83\\x07&\\x00\\xa4\\x00X\n\\xbfLI\\x93l\\x8e1\\xb1'\\x0eV\\x9aMm\\x00\\xe7\\xfa\\x00)\\xe3\\x1a{G\\x86\\xb2D\\x7f\\x1fNU@o\\x1fMC~\\x1fU\\\\x9a(\\xb1\\xe4\\xe7\\xfa\\xb9>\\x15t%\\x8cS\\xe7@\\x03y\\xe9d}j\\xb7\\xad\\xb3\\x8f\\xcakz\\xd5\\x8d+e\\xd96\\x12\\xe7\\x1a\\xba\\xb5\\xc4\\xc1\\xca\\xbe\\x1a\\xbb\\xac\"\";\\xdf\\xb5)v^L\"\\x06\\xa3\\xa1\\xb1\\x9ek\\x9f\\xdbacr\\xfa\\xa0\\x94\\x07cr`\\x9c19\"\\xc0\\x1a\\x1e\\xc9\\x06\\x0c\\x91g\\xc3\\x83\\xc3l\\x87\\x88\\xd4Q\\xaca7=\\xe3\\xd6I\\xc8\\x06;~\\x15%iL9.fd\\x83\\xe6gx\\x10\\x96\\xb2\\x812:3QM\\x02\\x8e\\xb2\\xb2\\x91F$:337;\\x1bY\\x82u\\xa42:Q\\xc2\\xafV/f\\xf0m\\x81\\xe4\\xbc\\xdc,sM\\xcd1\\xe9\\xce\\\\xe4\\xb7\\xb7\\xec\\xecvH!\\xcdqu^\\f\\xa4*,e\\xb6,3%\\xa4\\xe2\\x0e\\x01\\xe4\\x18@\\x13\\xd9\\xc1\\xf3\\xcb~(z\\xa42\\xc0v\\xf3\\x85<;\\x12`g\\xcb\\x0e\\x0eE\\xca\\x03D\\x1ar`\\xb0\\x12\\xd2S\r9\"\\x9c\\xad(\\xfd\\x897e\\xbb>\\xdb\\xee\\x90u\\xed!I\\xc8\\xe1\\xa6\\xc2n)\\xee\\xfdO\\x9f\\xc7\\x10\\x8f\\x9eV=\\xa8\\xc6\\xd9\\xb9\\xcd\\xb5V\\xfd&\\x8f\\x8f\\x80\\xd3\\x87\\xd5{T'j\\xe4\\xc7i\\x11\\xdcIt\\xb7\\xc8\\x1c\\xd6\\xef\\x0e\\x8e\\x96),7`J~%L\\x1b\\xe5s\\x02e\\xd9\\xfd\\x94|L\\xb4%\\xf0.\\xc5\\xb6\\xef\\xa3\\xe30$\\xab\\xb8\\x96\\xab#\\x82\\xd5\\x9a\\x9a\\xbfK\\xe1\\xf1{f[&\\x1f\\xed\\xbc!M\\xb5Ae\\xb6\\xbc\\x12>\\xc2H\\xb6,\\xd4l$+H\\xa7\\x88\\x80_p\\xd8\\xf2\\xb2\\x83\\x08\\xe1\\xe9J\\x0fPs\\x88j\\xd4yk\\x90\\x881\\x95T\\xe4\\xc0\\x84\\xf0\\xa4Ht\\xc1H\\x036\\xd0MS\\xf7\\xf8\\xa3\"$\\xfe\\x84_\\x12\\xe3\\xe6\\xc1\\x11\\x8av7|$l+cQ\\xcaq\\xb3\\xf3Jw\n\\xfc\\xeaC6 \te\\xffE\\x1dR9;\\xfbd\\x02\\x11}n\\x9e@\\x02\\xce/\\x02o\\x1aA\\xbf\\xb4#\\x1d1Gr\\x01$h\\xdc\\xfc0P\\x06\\xfe\\xe8GZ\\x97#\\xba\\xf1*7\\x0b%\\x92\\x8d\\x08g\\x1b\\x7f<6\\x18v\\xba\\x99\\xb1\\xf8\\xb1S3\\xa5\\xfc\\xce\\x1c\\xa6\\x9c\\x1e\\xc23ZM\\xe4\\x1e\\xd5\\xd3\\xcbgoP-\\x96\\xaaJ\\xd8\\xe5\\x1ecm\\xc6\\xcb\\xf3\\xc4\\xd7,F4P\\xf7l\\xca<=q\\xfc\\xf9Pf\\xd3\\xd8,{\\x91\\xf7\\x89p_\\xbc\\x88\\xf1\\x0b\\xabhI\\x8b\\xf8\\x1e\\xd5\\x90t\\xa6\\xe9\\xe6LKEo\\x1a\\xfd\\xb5\\x01\\x82PD\\x01U\\xf9\\x8e\\x9e\\xbf_\\xcc\\x95q\\xba\\x94nn\\xcdi\\xe1k\\xc6\\xa9\\xc8\\x17J~\\x9a\\xf7m\\x11\\xe8\\xf7g\\x1b\\xc9\\x00\\x11\\xd6}\\xc4r\\x9d\\xa8\\xd6\\xf7\\xbb\\xefE\\xfa\\xbd7\\xa2\\xa2\\xfdjV\\xb1\\xdd\\xfb?k\\xc8\\x11\\xbf\r\\xff\\xed\\xefM|o\\xd0\\xff\\xa62)\\x12Pf\\xb7c\\x87)\\xb3\\xdbf\\xa1\\xe6\\xe6e\\xc7\"\\x13\\xe8w;\\x92\\x19.\\xa2nf\\xfa\\xbc\\xec\\xe0\\xa8\\x9b D(\\xa9\\xe6\\xde\\x88\\xdc\\xb0E\\x81L:\\xc2X$\\x11XH\\xc9\\xe7H\\xbe\\xffJz\\x02\\xd1\\xcdH\\x1c'\\xf4_\\x83\\x94\\xff\\xcc\\xc4_iv\\xd3\\xa1\\xcc&\\xa0\\x8er\\x93Y\\xca\\xff\\xc8\\xb7_\\xfe\\xfc\\x99\\x81D\\x1a\\xbfX\\xe5/\\x14P\\xb7\\xcd\\xfa\\x1a\\x82\\xe4\\x1e\\xc9m\\x16X\\xc0TC\\x8e\\xee6M\\xc2\\x0b\\x02\\xd5\\x1c\\x01\\x1c'\\xa2}\t\\xb6V\\x81V'f1\\xbb\\xdc.\\xfa\\x089\\xee\\x9b\\\\x89d\\x03\\xdd\\xc4\\xc2\\\\x03\\x99\tdo\\xfe\\x05I\\xab\\xb2\\xb2\\xc1o\\xf7p\\x90\\x80\\x91)\\x80\\x14&\\x0b\\x83\\xdf\\xf8x3\\xdb\\x08\\x7f}\\xbb\t6\\x85\\x1d\\xfbd\\xd8\rddB\\xc1_\\x13\\xdd\\xa0\\x11\\x8d\\x1d\\x15\\x10Df\\x1drv\t\\xd4$\\xf4\\x13\\xfe\\xfe\\xfa\\xcb\\x10rRu\"\\xd9\\xf9=O\\x89\\x12\\xf2\\x91t\\xfe\\xb2\\xf3/\\x89\\x82\\x04\\x1b\\x84\\x04\\x1b$\\x1a\\xaf\\x1c>\\xce\\xa3M.\\x10\\x96\\xca<!\\xfd\\xc1\\x88\\xce\\xc5Y?\\xc6\\xc5>Y\\x8c\\xb1\\xeb\\x85o\\xfa\\xab\\x90Y\\xe0<\\x82\\xe5\\xf5\\xeeX=\\x98\\xa1z\\xea3\\x82\\xf1l-~&x\\xc8\\xd6P\\xd9\\x92\\x96\\xa7\\x03/\\xbb\\xa1x8\\xf7Q\\xe2P\\x1a!]\\xc6\\xe2*\\xa3x\\xd1\\x1799C<\\x12Co\\xf9}\\x0e\\x06\\x18\t\\xc7\\x0e\\x81\\xdd~x\\x11\\x9e\\x0c\\x92\\x81w\\x08\\xba\\x1b.\\xd8m\\x91t\\x92\\xe7f\\x07\\x91F>\\xfc\\x10\\x16\\xc9\\x1e\\xf4\\x82`.\\xd2h,\\xed\\x84\\x08\\x98c\\x9f!J}\\x88\\x84\\x9d0\\xaeI\\xf6\\xc7\\xc2\\xf1O\\xb6\\x98y\\x7f\\xc5\\xe5\\xf7\\xbas\\x83 \\xec7\\xe4\\xae\\x1b\\xa6\\xe2\\x89\\x90\\xd3F0\\x9e\\x08\\xa1\\xf4\\xc0\\x16\\x19\\xe4\\xd8\\xd1\\x9b\\x893\\x87u\\x0b\\x19\\x7f\\\\xfa\\xa8\\xdc\\x02Mu\\xde\\\\xcdGE\\xec\t7\\x8a\\xc0\\xb7\\xfe\\x91\\x16\\xc8\\xb5\\xca-\\xf7\\xd7<\\xba\\x89|\\xd0\\xefI\\x85\\xe4\\xaf\\x1d\\xfe\\x9b\\xbf_R\\xe6\\xffl\\xa7V*~D]]g\\xbfU\\xf6\\x11z\\xfay\\xe2a}\\xe5}X\\x95x\\x0c?(\\x04t\\xf1^tZ\\xc2\\xefC\\x1f\\x8b\\xef\\x8c\\xa8\\xe4\\xd4C\\x93\\xb7\\xbdr\\xae\\xa4\\xea\\x03it\\x94\n\\xb5\\x8e\\xad\\xdb\\x8dL'\\xa5\\x07\\x84\\x1d\\xf5\\xc6-\\xb6\\x93\\xa8G\\xf8\\x80g\\xe9\\xcc;\\xee\\xdb\\x98\\xb7?V\\xec\\xe8\\xa9~\\xb2;\\x1c\\xb8?\\x1c1\\xdaRNZ\\xf7R\\xf3\\x8c\\xde\\x82^U\\xe9s\\xb1\\xb6\\x98\\xf0&d\\xa8!\\xee\\x15AP\\xe3\\x8av\\xd9'\\x1f#q\\x9eo\\xf6\\x12\\xfeiw\r\\xddk\\xf7E#\\x9dW\\xe5\\xb7\\xb7\\x1b\\x13_jj:\\xe7\\xb8f\\xafp\\x11\\xa5\\x86\\xb2ls\\x8b\\xe1e\\xa76EM\\x1aq\"\\x7f\\x17.\\xca\\xb5\\xb7\\x8f)5\\xc5{\\x91R\\xdf\\x88\\x119g\\xaf\\x9a\\xcd\n\\xb8\\xfa?\\xf2\\xd6h\\xd0p\\xadh\\x0e\\xc0\\xa5\\xd7\\x14\\xbbi?\\xcbF`)\\x1b_\\xb5\\x8c%\\xfe\\xb8Yt\\x02\\xa9\\xc6o\\xefH\\xa3\\xb3\\xb3-\\xb0\\xf3K\\xefr1\\x93\\xe7.Jw\\xe5\\xe6.\\xcao{\\x93i(\\xa5<\\x9c\\xc41P\\xe6WJ\\xe1\\xe6\\xb5\\xe3\\x95\\xdf\\x16\\xd2p%\\x84\\xa9\\x1b \\x8d\\x90ij4\\xc1\"\\xb9\\x91\n\\x94r\\x87H\\xd9\\x90\\x8f\\x87\\xf1\\xdbr\\xdd\\xccD"
              },
              {
                "name": "SequenceNumber",
                "value": "18"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 6600
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xd8\\xff\\xf0\\x82\\xb8U\\x87-\\xcf\\xd5\\xbey\\xaa\\x17\\x89K\\xd6\\xf1\\xca\\xb4\\x84\\x91\\xc6G{\\xaei=\\x88\\x11c\\x95\\x17\\x03\\x01?\\xd0>|\\xcb\\xd5\\xb23\\xd7\\xb1\\xd7\\x16\\xc5\\xf8\\xdc\\x12DFy\\x89\\x8f\\xf6\\xe3\\xcd\\x9aw4\\xc9\\x96\\xa0\\x06\\xf1\\xa8\\xc2\\x81\\x83t\\x15?\\xbc\\x0b\\xf8\\xc6\\x91\\xdc\\x85\\x0c\\xabd\\xfa\\x00`L2\\xf5\\xee\\xab/$\\xf2\\xb3\\x01\\x97\\xb8,v\\xde/c\\xa1\\xce\\x04>nU\\x88m[\\xc4F\\xa3\\xe7\\xdd!\\x89V\\xddn2\\xc4\\xd7\\x04\\xd2\\x04\\xfc\\xfdk\\xfb~\\xc7c\\xc2 $\\xa7 \\xf8\\\\xc1>T\\xff\\xe5\\xe2\\x06\\x1c\\xa0~\\x03\\xed\\x14/\\xee\\xe5\\xb5\\x1f&\\x0f\\xaa/\\x8e\\xb5\\xd4\\xcaIX\\xf3#\\xa6\\xca\\x19\\xb7}\\xe8\\xb5\\xc6\\xbe\\xb1q\\xb6'3,'e\\x7f\\xf0\\xb4\\x1a\\x06\\xf4Z\\xf9&\\xe7\\xd5\\xeb\\xf2\\xec\\xae\\x9d\\xf9\\xd6\\xde\\x00s\\x8b\\xfesK%b\\xcf\\x95\\x0c3\\x07\\x8e\\xeb\\x00\\x18\\x80\\xe0be$H\\xaa\\x18'\\x04\\xcfs\\xf4\\xbc\\xbf\\xf2C\\x19&\\xd53\\xb1(T2"
              }
            ],
            "repeated": 0,
            "id": 6601
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "W"
              },
              {
                "name": "SequenceNumber",
                "value": "19"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6602
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xbc\\x0f\\x94\\xee\\xaew\\x8dE<n\\xad#\\xcf\\x9f\\x01\\xaf\\x0exIv|\\xa4\\xfe\\x02\\x16\\x91\\xdf\\x00\\xd3Y\"X\\xb3J^\\xe5+O\\xe42\\xf8;\\x1d\\xd2y\\xfe\\xdc\\xc4\\xc1\\x0bx\\xdf\\xfc\\xc9\\x84E\\xbd\\x19\\xc6G\\x0cA\\xdd\\x13\\x1e\\xc9\\xb7G<\\xf4\\x99&\\xe5\\x0b\\x88\\xeb\\x84\\xb3\\x0cb\\xcc\\x9f\\xd9\\xfb\\xac<Y1\\x0f\\xe2HUz6B\\xd5\\xaf\\xf1i\\x86\\x0ec\\x96>FZ\\xe1\\xbd\\xec\\x97\\xde\\xdd\\xe8<}U\\x0c\t\\x99\\xe3\\x12w#\\x81\\xa4\\xba\nl\\xae\\xc2\\x97\\xeb\\x1c\\xcd\\x84\\x19\\xd7\\x80f@qsi\\x98\\x12\\xb5\\x99%\\xd6,\\x1d\\xf8\\xc5\\xe6\\xdb\\x11\\xb5\\xee \\x96\\x00\\xd1u\\xebCm\\x1d\\xfd\n\\x15\\x05\\xf2\\x85\\xbe\\xe8\\xc6\\xe3\\xc2\\xb9\\xf1u\\x82\\xf4\\xb25\\xac\\xb2\\x1a\\xf8{\\xfc\\x07\\xda\\xc9\\xdc\\x9bIv\\xe4\\x8eu\\x0f=(!P\\xca;\\x19\\xb9\\xf8\\x1d\\xb5\"^b\\xb5U\\x8as|[\\x94\\x16\\xfe6\\xb8G\\xcesK-\\xa3\\xa8\\xec\\xf9&\\xc2\\xafIv\\xc5\\xf3\\xf0ZW\\U\\x85O\\xf2\\xefYx\\xb0\\xc7\\x10\\xec*\\xf1i/\\x87\\xae\\x10\\xfa\\xfe\\x00\\xeb\\xec\\xdf\\xd9\\xe7f\\xf1J\\xea$X;w\"!\\xbb\\xd5\\o3\\xe9\\xa1\\xd8\\xf4\\xa9?\\x97\\x0emP\\x99\\x88\\xea\\xabk\\x9e\\xbcB!z\\x10G_\\xfe\\x12\\xcb!\\x9d\\x1d\\x01`\\xfe\\xedr \\x84\\x0f\\xefY\\xda\\xc4\\xb3\\x0e\\xdf\\xf7\\xb7w\\xc7\\x9d\\xdd\\x12\\xc9\\xb6\\xd9\\xfcw^\\xbe\\xb2P\\xecj\\x19\\xe1\\x7f\\xe6;\\xcc{n^*X\\xba\\xd7Bi[\\xa7\\xd4\\xd0\\xdf(%\\xe2h\\xb9)\\xeeI\\xcd\\x86R0\\xeb,^\\xcd\\x1a\\xbb\\x0ev\\xea\\xa5>\\x82=\\xf3DXyRO\\xf4\\x06\\xf4\\xf2u\\\\xe4,\\x15P\\xa4e\\x0f9\\xc9:\\xdd\\x97\\xe2\\x9e\\xa2\\xdb[l\\xa6\\xb9<+\\x08\\xb4\\xaf\\x9f\\xa31\\xa9\\x96\\xf7\\xa6\\x93\\xcd\\x85S.~l\\xf1=\\x90\\xbeE\\x89\\x1d\\x8b9\\x9b\\xe6\\xf8\\xc5o\\x9f\\x9c(\\xac\\xfb+'\\xcc)\\x17\\x9bvY\\xcc\\xe71\\xffec\t{\\xa9\\x117\\xb8\\xb8\\x8fl6|\\x01\\x9ec\\x1f\\xcb#\\xe6\\x95\\x9b\\xaa\\x97\\xa1/\\xf4\\x06A\\xed\\x8a\\xee\\x9f\\xa5\\xb6\\xc6\\x06\\xaa\\xdc\\xd2\\xc5]\\xc3\\xc4x1\\xacG\\xe7\\xea\\xae\\x08\\x9c\\x9e\\x0ci\\xab\\xd8-\\x11@e7\\xf8\\x9e\\x84\\x81a\\x9f\\x0e\\xf6\\xdcm\\xa2-\\xec\\x08\\xd8\\xf6X\\x84x\\x16\\xf6`\\xf1#\\xf5\\xca\\x96~5c\\xf3\n(t\\xd8\\x94V\\xae=\\xf9{\\xf3j\\x85C\\x80.\\xbc\\x7f\\x9b\\x95\\x9d\\xb9%\\xb2M%V76\\xa7\\xa8p\\x156\\xc4w\\xbf\\xb4\\xd8(\\x14-\\x1a\\xdd\\xae{\\xa5\\x06.\\x1e\\xc9\\xb4\\xdc\\x0c\\x8ah\\x87{\\xc4=\\x0c\\x91\\xc1\\xf9\\xd6\\xaf.\\xd9\\x8d[\\x93fC\\xab\\x0c$\\xefr\\xeb\\x0es\\x90\\xc7\\xd13?V<WWxlg\\xa2\\xda\\xa4\\xc6\\xe4k\\x95\\xa1\\xcdy\\x0bO\\x1aBuZ\\x90\\xaet&\\xa2\\xa8\\xa1\\x9d\\xa1\\xd0\\xad\\xd4\\xe65g\\xafwB\\\\xadhQ7X\\Y%\\xe25\\xdf\\xeca\\x13\\xdd\\xd0\\x8d\\x06<2\\x14{m\\xdc\\x0e\\xe9\\xfe\\x99\\xccH+\\x94\\xa7\\xfc\\xc3i\\xd0\\xc3H\\x0e\\xea\\xeb\\x84B\\xfa\\xf4\\xa8\\xf5\\x87\\xa6\\xd1\\xf2\\xddAS\\x152;\\xe2W\\x9c\\xa1\\xd1\\xf2\\xaa\\x8a\\x92-g\\x05Q2\\x92\\x13\\xe2\\x1b\\xc3|\\x13%\\x1c\\xb8{\\xb0zM6\\x14\\xe2\\xaaf\\xaf\\xa8\\xa49y\\xc2\\x80\\xc1;K\\x07\\x1a*D\\xb1\\xbd\\xff\\x1f{o\\x15\\x15W\\xb7m\\x0b\\x17N\\x80@\\xd0\\x14\\xc1\\xa1\\x08Np(\\xdc5\\xb8[\\x82{\\xa1A\n\\xf7\\x00\\x81\\xc2\\xbd\\xb0\\xe0\\x1a\\\\x82\\x04\\xaf\\xc2\t\\x96@\\x01\\xc15\\x90\\xe0As\\xf3\\xedv\\xce\\xfd\\xf79{\\x9f\\xfb\\xef\\xfdx[\\xbb\\x0f\\xf3\\xadZ\\xab\\xb9\\xe6Zs\\x8e>\\xc7\\xe8\\xbd\\x8f\\xcf\\xa3Q4\\xfe\\x95\\x07\\xec\\x07\\x07\\x8dU\\x96\\x96\\xf1`\\xad\\xbak\\xb0;Y\\xc5\\x8d\\x05\\xed\\xbc\\xce\\x86]\\xbe\\xf4w\\x00\\x03\\xb9\\xc89\\x06\\xddL\\xe8s\\x88\\xe4\\x9ej2H\\x1d\\x94\\x00\\xcct\\x8aH\"\\xaae\\x9d\\xad\\x93D~!\\x8c\\x8f\\xa3\\x1b\\xd3g\\x1dl\\xf2\\x7f\\xb3yR\\x9a\\xaa\\xb5\\x1cf\\xdd\\xa6\\x8cH\\xdd\\x82\\xf3\\x82\\xcdv?\\xf9\\x1b\\xccs\\x13\\xbc\\x97iQ\\x86O\\xe2\\x88,{ f\\xe3\\x00\\xb5\\xe2\\xa4\\xa6=#\\xc5\\x0e(\\xca\\x01\\xc2\\xb9ugw\\x03>\\x86@\\xb5+\\x91\\xdbo\\xaa\\xa6\\xd5\\x05\\xcdP\\xa7\\x06N\\xeda\\=\\x1d\r>O\\xa8\\xe4N\\x8d\\\\xd5\\x08z/\t\\xe89\\xf5zV\\x06\\xe8\\x89\\x0c\\xed@~\\x1a\\x1a\\xd1\\xa5\\xf7Z[\\x86\\x17\\x06flx\\x8f\\x7fD\\xfcy\\xd9\\xe2\\x92Z\\x80{}\\x7fIj\\x8a\\xc6#<\\x1c\\x10\\/\\xf5u\\xf3!\\xdf\\xd8\\x13\\x0f\\x06\\x1da\\xdeQr P\\xe2\\x97\\x04;\\x95\\xe9\\xdb\\x96,5\\xba\\xd5\\xbe\\xd7\\xe3\\xc4\\xf7\\x0ehG\\xb6\\xee\\x18\\xa2\\xf2?\\x80\\x90\\xb0\\xfe'\\x8f&Ei\\xfd\\xe7\\xbcPS.\\xeb,Q\\x1bV|\\x18\\x04\\xfaY\\xde`\\x86X2\\xf9\\x04F@\\xb8\\xac\\x86\\xcf\\xf1J\\xfc\\x9b\\xc3\\xd5\\xaa1\\x8e1&\\xb1\\x14O\\x95a\\x7f\\x9b\\xad\\x8dP\\x90\\x90\\xa1\\xa5\\xb55\\xe4\\xf9b\\xf0:\\xea\\xaa\\xf3D\\xdd\\xd94\\xd2=\\x01#\\x1a\\x14\\xca;\\x07S7yk\\x98\\x8fc\\xa0\\xa7\\x81\\xfe\\x02\\xbc\\xc5\\x9e~/#\\xf0\\x1bpT\\x1d\\x9a\\xc2\\x92\\x11)\t\\xb5R\\xd1\\xd2{\\x81\\x83\"CS\\xc4\\x87\\xd6\\xbd\\xb6!\\x16\\xa8\\x8d_W\\xf4\\xbb(\\xbf\\x8f\\xfe1\\xc6\\x17\\x94c\\x1ez\\xc4\\xe2x\\x08\\xb7>\\xdb\\xc8\\xb3\\xf6 o+\\xd8\\x19\\xb41fd}\nB\\xf7$\\x02\\x05\\xb1+\\xcds\\xbf\\xda`;%\\xdf\\xb4\\xb3\\x8c_\\xdbn\n\\x97`Eg\\xb2\\xf6\\x019L4\\x87\\xcd\\xfb\\x12\\xc3\"\\x16rZ39\\x1b\\x1a\\xfb\\x18H\\xa8\\x190~\\xe8G\\xcf\\xc9\\xc9B&jB\\xec\\xd9\\x01\\xf1\\xfc\\xee\\x9e\\x1a^\\xf0\\x8b\\xe7po\\xe8\\x92\\x08q\\xe6\\xbd\\xc6\\xb7\\x8f\\xdb\\xbe\\x10 \\x8dD\\x05zeK;>\\x13\\xd0\\xd4\\xc5\\x9e0\\x00C\\xa1\\xb4\\xa6-\\x13\\x1fS\\xcc\\xb7M}\\x9cL\\xef\\xa8\\x92\\xc24\\xec\\xd2/\\xb4\\xe0\\x17t\\xa9\\xcb\\x9a\\xfe\\xcdT\\xb7\\x9c\\xad\\xd7\\xa5X\\xfb\\xb1xi\\xda\\xb0'y,\\x86T\\x14@\\x850\\xdbW\\x1c\\xdd!\\x89G\\x84\\xc1\\xeb\\xccZ\\xcc+\\xf1\\xe5\\x89N\\xc2\\xb3\\x93,\\xb4mrz\\xf2\\xa0\\xdf\\x00\\x0e\\x9b$\\x9e\\xe0\\xc2\\xd9\\xa2\\x85c\\x8bh\\x91\"}\\x19\\xe2kB\\x95\\xfe\\xbf\\xd6T\\xfc\\xea0\\xce\\xefK\\x1df\\xe9]\\x1a\\x13\\x06\\xa0\\xc9cD\\x1c\\xbe\\x15\\xae)\\x87P\\x05\\x8c;\\x94(/(\\xca\\x12\\x9f\\x92\\xc7\\xacm\\xd6\\xb1+\\x1f\\xd9\\x04\\xf8\\x14\\xbcq\\x042+^\\xf6Ya+\\x93\r\\xbb\\x7f~\\x1f3\\xaf\\x9a\\xa2Fp\\xb7x\\xb9\\x8fhQ\\xcd4j\\xbe\\x15H*\\x89\\x036\\xf2\\x82\\xc8@\\x16\\xe7\\x87\\xd3Z\\x18\\xd6\\xcd\\xd9(\\xd7\\x99\\x1ak\\xbeB\\xb7M\\xed\\xfdk\\xbaQx\\xabnc\\xb4>&\\xf0n\\xda\\x0b%rw_Y\\xe9n\\x95O\\xf9^A\\xf1\\x1d\\xcd#\\xb1\\x98c\\xafC\\x03\\x94aH\\xa3\\xe0{\\xd40=}\\x05%\\x18\\xd0\\xea\\x7f/r\\xa3\\x85\\xf9\\xa2l\\x05?\\xd6\\x02\\xf6<\\xfd\\xfd\\xf0i\\x9c\\x1fr\\xca_~\\xf68\\xff\\xabF\\x83\\xd0\\x82E\\x0c\\xef\\x98=K\\xa2+\\xbb\\xc1\\xfc\\xeb#l\\xa3\\xa3\\xcd\\x97]\\xae\\x86\\xa0\\xf8rU\\xf7\\xf9\\xadGm\\xdfOH\\xa4I\\x844\\xcc\\xb08`]\\xee\\x01ZXJ\\xcd\\x1dJ\\xb8?\\x95kT\\x00\\xc4_0X\\xce\\xcb\\xb9\\xd2\\xfb\\x82\\xe2\\xa3\\xa8\\x8b\\x92\\xf5?\\xd6c\\x88\\x07l\\xd4>v\\xb2\\x8dzo\\xc4\\x88k\\xe8t\\xc1\\x8c\\xbdR\\x88q\\x14?\\xc7\\xe7\\xc4'\\xbepZ\\xe3\\x94\\x88\\xc3\\xd0h\\x9c{\\xa0\\xa9-\\xfd\\x84\\xb9v0\\xb9&\\x16\\xbf\\x91\\x1f\\xa2\\x83\\xb3*\\x19\\xb1\\x10\\xe6\\xe8\\xb9\\xa7\\xda\\xbb\\x05\\xe1\\x82{\\xc4oJeU\\xa3_\\x07\\xa6\\xba6\\xc4\\x14\\xf3\\xb9\\x19\\x8ex=\\x05_+\\xb9\\x1d\\xeahV\\xdb]n\\xbc\\x89\\x14\\xf0\\xe4\\x9eOH\\x1c\\x05\\\\xd0\\x10\\x89?\\x08\\xa0\\x1d\\xfb\\xff\\x1d\\x0f\\xe0o\\xc8\\xb5\\xe6\\xef\\xe5<\\x04\\x7f\\xf1\\x11\\x89\\x7f\\x03\\xf6\\x18\\xdb\\xa5b~\\x03N)\\x9b~\\x03>\\x84\\xdcg\\xfd'\\xe5\\x10\\xf1\\x8c\\xed/X\\xbb!L\\x8e\\xec\\xf9\\x8f\\xca\\x8c\\xa9\\xe7\\xde\\xe7k\\xeb\\xf9\\xfa\\xde\\xaba%\\xda\\xf9/\\xdd\\x9e#\\xce.&D- \\xbcWJ\\x0ca8\rKt\\xf9*R/\\x83\\x05w\\xac\\x1fF\\x8em\\xa5\\xdc\\xb6\\x18\\x9d\\x96\\xfcK*\\x16\\xf6|SS\\xeaa~\\x18\\xe2\\xa7bsOV\\x978\\x8ccY\\xb28\\xf1\\x06\\x1b\\xd9\\xa8b\\xfb\\x00g\\xf9\\xc5"
              },
              {
                "name": "SequenceNumber",
                "value": "20"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 6603
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xf4\\x84\\x03\\x8e\\x8c\\x07\\xd7T9\\xdd\\x06\\xe7\\xbd8\\xc2ODQ\\x06\\xa1\\x17i\\xe2F\\R\\x92\\x08\\xca\\xd6E)\\x17\\x03\\x01?\\xd0\\x0e\\xbe\\xb6X\\xe8\\xf9\\x81\\xccQ\\x81\\xc8\\x15\\x83\\xd3\\x94\\xf8\\x9d\\x98\\xb2$\\xfb\\xc7\\xe3\\xb27~\\xd3\\xbe\\xd7\\xeb\\x15\\x14\\xc6\\xadu\\x9b\\xfa\\xc5N\\xd5\\x14b\\xb0\t`)\\xae\nr\\xa2\\xc1\\x9d\\x03\\x84\rE\\xde\\xad3\\xa2\\xc3n'\\xa4b\\xeb\\xb1fh(\\xed\\x19\n\\xafR\\x0c\\xba!\\x9b\\x16\\xf1\\x1f\\xe2\\xb4\t\\x88\\xd4&\\x9a\\xfb\\xe7\\xce\\x1f\\xc8\n\\x87.\\xed\\xb4-\\x9d\\x9a\\x07\\x0c_|]\\x96\\x06;m\\x95f+\\xf7J\\xb0\\xdd\\xd1N\\xf9\\xb8\\xbeG\\x8c\\xf2\\xa7 %a\\x15\\x10r\\x07U\\xf5T.\\xc6\\x8b\"\\xf7|L\\x0f6\\xfc}\\xcb\\xb6\\xea\\xc2\\xdb\\xcf\\xfc!\\x92Z\\x89S\\xd8\\xbe\\xeb\\xd2\\xd1\\x95\\x13,\\x8b\\x108\\x912F\\x0c\\x9c\\x95\\xeb\\xd7\\xa1 \\xa0\\xb2D\\xef\\xb2\\xe0\\x8e\\xb42B\\x8b\\x86\\xef\\xdfl\\x8d\\x90\\xe7\\xa9\\xe3\\xf4\\x08\\xc5\\xe5\\x9d\\x02\\xcas\\x01\\x17\\x14\\xd7\\x94"
              }
            ],
            "repeated": 0,
            "id": 6604
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1d"
              },
              {
                "name": "SequenceNumber",
                "value": "21"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6605
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "?\\x1cPb\\x7fek\\x01n\\x1b'(Dx\\x84\\x1f\\x16\\xe5\\x13\\x8d\\x8a\\xbf\\xb9=\\xaf,i\\x9c\\xc7P#\\x98\\x8d\\xd2{\\xf1\\xe9\\xcd\\xa7\\x17\\xd2F\\xb7\\xbb\\x8c\\x85<\\xab\t\\xe2\\x1f\\xf2\\x1f\\xf7\\xe0_\\xcb\\s\\xc0]\\x11e\\x0e\\xe8pd\\x03R\\xdf\\xdc\\x06\\xe3W(=\\xddd\\x8b\\xa9\\x82\\x9c\\xdb\\x0e\\xf34'9M\\x18\\x9d;9s\\x13\\xcc\\xef\\xe8\\xd08S2$\\xff\\x9b\\xd3\\xb7\\x9d\\x93\\xce\\x90W\\xf0\\xe0\\xacj+\\x1a\\xc5\\x17\\xcfm\\xa1\\x18\\xcb\\xe4_\\xd1\\xc4r\\xe9|Q\\xa5\\x00\\xb6\\x19jE\\x9b[y%\\xfafk\\x1cn\\xf4\\xe3)\r\\x11\\x89}]\\xcd\\xd6\\x14\\xbf\\xcd[\\xa5\\x8c\\x04'\\xbb\\x17\\xcd\\xad\\xca\\x98\\xe7\\x08\\x1av\\xfc\\x91\\x17\\xf4\\x9d\\x19\\x94\\xc7\\xc0\\xd1\\x1a\\xb9'\\xd7\\x98\\xc9\\x11\\x11\\xe7\\x1bu\\x12=5\\x82\\xc0\\xa2\\x14c\\xcc\\x18\\\\x98.\\x1c\\x80#\\xd2;)5\\x1cJ\\x1f\\xa1\\x91>\\xe8)\\xe7\\x1e.\\xf7V\\x1a\r\\xc7\\xf5\\xa8\\xb3\t\\x95\\xbf\\xe2\\xd4\\xbd\\xfd\\x115Qo\\xa6\\x04\\xdee\\xe6\\xef\\xc3\\xc1\\xa4\\x9e\\xdb\\xbdUy\\xb3\\xd5\\xfe\\x8d\\xbe\\xc5\\x17\\xf4d\\xd9\\x15\\x93z\\xf3P\\xdb\\xd4x\"\\xa0\\xfb\\xf3&\\x8e\\xdf\\xeb\\xbc\\x9f\\xc6\\xb9\"\\x18\\xcbk\\xd3\\x18\\xd1\\xf9j\\xf2\\xd16\\xc6\\xa0\\xc4\t\\xdb\\xbekR\\xca\\x11\\x89_\\xdf\\xd9uKDb>-1\\xd2\\x87\\x7f\\x8e\\xa7\\x83c=\\xce\\x87\\xbb\\x07\\xcc\\xea9\\xa1;;[rp\\x1c}{\\xb2r\\xa5$\\x95)7d\\xe0\\xdc\\x99\rl\\xd2d\\xa2\\x189\\xfc\\xc2\\x84s\\xbe\\x11* \\xd5TKq0\\xf3u\\xb4\\xceV\\xfaxt7\\xc5\\x90>hU\\xb2k\\xdevvy\\xbf\\xc0\\xd5Q_+\\xbe*]JX\\xcc\\xff|\\xaa\\xadT\\xed2\\xc8d\\xe6\\x94\\xa7\\x9a}\\x19jm)\\x97\\xda\\x86\\xf1\\xc9\\x95W=Hvm1\\x17'\\xd6+\\xa5$\\xc9\\xd7\\xdeG\\x93\\x86?\\xff\\x1c0!4\\x83\\x1f!6\\xc5X%G\\x19T\\x1a\\x97\\xb1E\\xd8.\\xee\\xa5\\xa3T\"^S\\xd5$_\\xe3\\xf3C\\xb7`%Zg\\x80\\x85\\xfa\\xa7\\x98\\x9e]\\xff\\xa5X\\xecZ\\x14\\xadl(g\\xbe\\x91H\\xdf.\\x8e\\xd4n\\\\xf0\\x8a\\xdaw\\x9f\\xef\\xcci\\xc5\\xbc\\xcaI\\xa4\\xf9yJk\\xea\\x00\\xdd|\\x818\\xf5Jv\\xd5vL\\xd17\\xbb\\x87&O\\xf6\\xe9\\x97\\x05\\xf8\\x9b\\x9aj$\\x9dAF\\x17@\\xaaD\\x9c\\x88\\x9c\\xd2K\\xb1$\\xd08!\\xe6\\xeb\\x90\\xc4N\\x9d\\x95\\x81\\x00\\x1b\n\\xfc\\x84\\xbdRI\\xfd\\x95\\xe4\\xe6\\xb5\\xcdk-\\xcc\\xa9\\x92\\xf0u\\xcb\\xae\\xb0q\\xd8\\xc8\\x130V/\\xa4\\xe3\\xfc7\\xe0y1D\\x00\\xf4|m\\x19q\t\\xe9 \\xc1r\\xd5P\\x1e\\xe6\\xcd/\\x9c\\xb3\\xe2Hl\\x18r\\xa7i\\x8d\\x15oO\\xb3\\xa7\\xbf\\xd8<)\\xd7\\xf4\\xaa\\x90s_}3SS\\xea\\xd3\\xba\\x89\\x9a\te\\x16\\x95\\x7fGM\\x04\\xfa\\xa9\\xb4\\x0bY\\xcf\\xa5\\x92#\\x88\\xf8\\xb3\\xbf\\x0e*P\\xea\\xee\\x998\\xe3\\x94\\xa1\\xa7\\xb9\\x84\\x1b\\xbc\\xf0\\xcd\\xfa\\xabR\\x8f\\x002\\x9f\\xb5Iaw\\xab\\x18\\x1e\\xee\\xc2\\xf3\\xcdoR\\xb5L\\xdd?\\xc3}\\xa1\\xcb\\xc1gc\\xd9*\\xd7M\\xb0\\x87e\\xeb\\x9f\\x85\\xb8\\xe7\\x87\\x0eu?\\xac\\xdb2\\x14\\x13lD\\xb0\\x0cY\\x04\\x83\\xc7\\xe4\\x9e\\x1a\\xd4\\xb7\\xe7\\xda4=>\\x10\\xe9\\xa3\\xba<?,\\x98m1\\x14\\xca\\xc9\\xc8\\xf3\t,I\\x07i\\xb9\\x9f\\xc0\\x8aaJ;\\xec8\\xed]:\\x0b\\xa7\\x9a\\x8cV/\\x1bSC\\xa9$BD\\x01s\\xeax+y\\x1e\\xee\\xeb\\xd4\\x00\\x00G\\xd2P\\r~\\xe4\\xc9\\xb4g\\x08\\xdeH\\x1c\\x1b\\xf71\\xa6\\xed5\\x9e\\xe7TA\\xba\\x9e\\xfd9F\\xa9\\x03\\x82\\xf0\\x03\\xf3\\xc8\\xe9\\xf1\\x95x\\\\xbb\\x07\\x0b\\x11\\xfc\\x08\\xe3[\\x84\\x96\\\\xd9\\x01qZ{L\\xa4\\x85\\xa2\\x91$\\x01\\x14s\\xbb[\\x04s\\x1a}\\xf9+J\\x8e\\x06);\\xfeY\\x89\\xb485\\xd4\\xd7Z\\xdcz5\\x9d\\x13R\\xea\\xf2\\x96\\xa7\\xb2\\x85\\xd4\\x16\\xf6]\\xe8\\xbb\\x0f\r\\x9b+\\xd3\\x02\\x93i\\x18C\\xde&=\\xa5\\x99g\r\\x0f\\xee\\xee'`\\xc5\\xce\\xc3\\xe7\\x9cmH\\xd7\"\\x8b\\x1b'\\xd6\\x92\\x1f\\xab{\\x08w\\x1a@\\xa5d\\x84\\xf6\\xe7\\x99<\\xc8\\xacA\\xb7\\xe0#\\x95\\xeb\\xf7\\xf3C\\xd57\\xed\\x9b\\xb7\\xca9{,\\xa9\\xc0d#E\\xe5\\xc0V\\x91\\xcb\\xab\\xd2\\x8e\\xa7\\xf5r\\xf4)\\xe7\\x8d\\xa5}0\\x85\\x11\\x11\\xd7\\x8e+j\\xbb\\xd8\\xa8sCaN\\xee\\xb1\\x11\\xbc\\xc7\\xe3%wH\\x8fi\\xebr\\xc6Pv\\xe3\\xa5\\x11_\\xcf$\\xa5\\xd0\\x89\\xd4\\xd4Y\\x80\\xcdCxMk:c\\xe9@\\xec\\x86m\\x1b\\xa0\\x83R\\x9c\\xf8\\xf4!H\\xa2s\\xe6\\x1dD\\x861*2W\\x9fl\\x04\\xef\\xc7\\x16\\xba0I\\xf1\\xf5l\\xcfTe\\x16\\xc1\\x83+S\\x9f\\xef\\xf5I\\x1b\\x13\\x1d\\xcfQ\\xf2\\x10\\x80d\\xeft\\xc0\\x8b\\xbc+U\\x11\\x94\\x94\\x86\\x06\\x1d\\x80!P\\xf9-\\x7f&\\xd4\\x12t\\xfc^>(\n\\x87\\xe50?\\xab\\xf6i\\xe3\\xfc\\xe3\\xe9h\\xe3y\\x1b\\xac\"\\x82\\x19\\xefk\\x19&\\xa6\\xd6\\xc7\\x06\\xa6j\\xc5.\\xc95q:J\\xe3\\x1e8\\xdb\\x93>\\xc7\\x18\\xe7\\x13\\xff\\xab\\xb3\\xaf\\x0e\\x8b\\xea\\xeb\\xfe\\x1d\\x1a\\x91\\x90\\x92\\x1a\\x18b\\xe8\\x90\\x12\\xe9\\x10I\\xa5\\xbb[B\\xe9.\t\\x01\\x05\\x87\\xeeF\\xba\\xbb\\x14$$\\x86\\x1e\\x05\\xa4K\\x07\\x18iI\\xa5\\xef\\x0c\\xea\\xfb\\xfd\\xdd\\xe7w\\x7f\\xef}\\xef\\xfd\\xe3<\\xcfy\\xceZ\\xeb\\xb3>{\\xed}\\xce\\xdeg\\x9f\\xb3\\xd7\\x06\\xf0\\xcf-\\xb14e\\xac{\\xc5\\x81\\x9f\\x97b\\x9a['\\xe6\\x9a.hYD\\x91\\x82\\xe9\\x9ew\\x82!:\\xc1\\x98d\\xdb\\xb7v\\xf6t\\xb7w\\xee\\xe9\\xfa\\xea\\xce\\xad\\x00\\xca\\xd2MIL\\xa4q\\xdev\\xad\\xae\\x97\\xc6\\x8a\\x06\\xa6l\\x9a\\x1a\\x93\\x10\\xe3H\\xf8\\xad\\xa0~v\\x9ax`$\\xb4\\xf1\\xd0\\xb8\\xb0\\x9e\\xa5\\x1f6\\xda\\xe4\\xe6z\\xf6\\xc5\\x7f\\x9e\\xa5\\xe1Nj<h\\xccd\\xa3E\\xbc\\xc6\\xea\\xd7\\x99\\xbfNE\\xd8$C\\xc4\\x9aM\\x1b}^t!\\xc4v\\x1d\\x1f@[\\xf7\\x9d@\\xce\\x95\\xa9w\\xf0$\\x85\"\\x92\\xf1\\x96\\x9e;o\\xb7\\x84\\x9a\\x93O\\x1eV\\xed\\xc4\\xf8\\x19\\x17\\x18\\xd2\\xe0\\x1b\\x956\\xc0\\x84\\x19\\x92\\xe5I\\xebwT\\xb1\\x91\\xf7\\xb0\\xcfl\\x87\\x8b\\xd1\\xad\\x94P;\\xd9Rq\\xf5HB\\x94\\xd0\\x17\\xea0\\xf0@s\\xe7 A>\\x8av>\\x94]\\xd8l\\xd3a\\xe1\\xa56\\xc5D\\xa1\\xd6\\xa8xT\\x9e\\x184G\\x1b\\x12\\x8b\\x90&\\x1d\\xcc\\xdby\\x1dTX>$\\x94\\xba8\\xb4R\\xf6\\x1c\\xe2>\\xdfiX\\xc4\\xfd:\\x86\\xbd\\xb9\\xe3\\x94q\\xe6\\x94\\x96Z\\x08\\x08\\x0cT\\xbc\\xf8n\\xb6\\xc3\\x12q\\xa7\\xc37\\x96\\xd9\\x12\\xa3\\x84\\xfe\\x87\\x14\\xfeU\\xe3FU\\xcd\\xceZ\\\\xdc\\xb6.}=\\xef*\\x16\\x87\\xb0\\x94L\\x14\\xa06\\xc3\\x98x\\xd8\\x198fm\\xcf\\x9c\\xc0.D\\xfb\\x16/\\xe4S\\xfc\\xd8\\xadr% \\x8e\\xaaQ\\x84\\xee\\x12\\x0b\\xee\\x8cS\\xb9\\xbc\\x0fm,\\xb9\\xe0\\xc4\\xe6\\xd4(Y\\xc3\\xa0;\\x15\\xe0\\xf5\\xec\\xb9\\xc7\\x98\\x94\\xb2U&l{{\\xd0\\x05\\x93\\x84\\xe4\\x1b\\x8b\\x93Y\\x8e>Q\\x15@\\_\\xee\\xa4\\xa2\\xd4\\xf0)\\x9d\\xb1\n\\xd7#\\x1e\\xef\\xe0\\x07\\xf8W\\xe4n\\xdch\\xd6Q\\x02\\x88\\xecs]\\x05\\xe3\\x1a\\x0e\\xf5\\x16\\xbal>\\xd8t\\x93f\\xf41.f\\x9b\\x8d\\x8f)nh\\xbd\\x87c\\xd85\\x80'\\xc8\\xd0\\xbf\\xaf\\xbc7e\\xde\\xf0\\xa9\\xca\\xdb\\xaf\\xecY\\xf8\\x90\\xfd_\\xb6\\xa8}n\\xedj\\x0b5[[\\x9f\\x9ezC!nBN\\xd7\\x80\\x10?\\xd7\\x89*[\\xfb\\x1f\n\\xee\\xfe@\\xfe:\\x9d\\xe7\\xe7\\xb61\\xe9\\xddE\t\\xebgL`7\\x15\\xfet\\x11O\\xabi\\xa6\\x0b\\x8eI\\xdeMFE\\x9b\\x88\\x1dy\\xa6\\x8f\\xca\\xe0\\xafd@\\xab\\x12`\\xfc\\xe9',Ws\\x95\\xd7\\xef\\x0f?\\xd9xow\\x0f\\x98\\xcc\\xbboL7)\\x94~L\\xf9\\xe9\\xd6G\\xccL\\x86O\\xe2\\x9e\\x15\\x1c\\x88Se\"\\xfa\\xa2\\xf2\\x01Q\\xa6_v\\xb1\\xc4\\xb2\\xd0\\x03\\xb8\\xf0\\xd1\\xa2\\xc6\\xd2\\xac\\x83\\xfb\\xe0\\xbar\\x8d\\xc7\\x13\\xff\\xb0\\xb2C\\xf4\\xf6\\x98\\xce\\x90\\x8bR\\x8cE\\xc1\\xbdS\\xec\\xb9\\xa0i\\xcck\\xc0'9\\x97 \\xe2k\\xc0\\xaa\\x80\\xed5\\xc0\\xf4\\x1ap\\xceW}\\xa8z\r\\x88\\xb3)\\xb9t\\x89\\xfd\\xefS\\xc5\\xefk\\x83\\xfa\\xe4\\xefw`\\x8b\\xa3r\n7\\xc0#$\\\\xa1\\x1a\\xad\\xa1\\xeb\\xe0\\xd0OL\\xbd&\\x11\\xb7_\\xfc\\x00\\xeeZJ(\\xee\\xcd\\x93\\xcf|p\\xad5\\xed!\\xff(>\\xa2\\xab\\x08NF\\x9bmc\\xeb\\x82\\xc7\\xfcb-\\xf9\\xe0\\x9bv\r\\xf8\\xfb["
              },
              {
                "name": "SequenceNumber",
                "value": "22"
              },
              {
                "name": "BufferSize",
                "value": "13365"
              }
            ],
            "repeated": 0,
            "id": 6606
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000347a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xa9S\\xe1\\xed\\xae!B\\x0c\\xaf\\xbe\\xab\\xa5\\xc2\\xff\\x19k\\xc8\nu\\x18\\xba\\x1b\\xa2AL\\xec\\x92\\xc4\\x8fd\ty\\x17\\x03\\x014P\\xd5\\xe1\\x02\\xfdV\\x8d\\x02\\xd5)\\x06\\xa6\\xf2\\x07\\x90\t\\xe7\\x14)\\xdf\\xe3e0\\x07C\\xf1Y\\xb5\\xe1\\xfbX\\xaa\\xd7\\x8e\\xcb\\xb7\\xd1\\xc6\\x1a\\xe7\\x93\\xfe%q\\x1bw2\\xf4\\xcfW\\x19\\x07\\x88\\x1d|k\\x06D\\x187\\xf5\\\\xfd\\xab\\x07\\xb7=\\x9eB\\x8b\\xac\\x89I\\x14\\xa5\\xff\\xb4 \\xdc\\x91T\\x8e\\x01\\xe9L\\x1b\\x14\\xe5\\xf1[\\x0fp\\x00\\xc0\\x99D\"\\x93\\xa1\\xe9\\xf7\\x97kd`\\xe5\\x7fbM\\xb6\\xd9\\xc9\\x16\\x1f|\\xa8\\x8bJD\\x16O\\xc5e\\x11\\xf8\\xdf8h\\xd7\\x99y\\x18N\\xd7\\x87\"9\\x9a:I\\xf8,l\\xdct\\xb6\\x1c\\xbd{[\\x12\\xfc|\\xf6\r@Z\\x15W\\x8eL\\x95'\\x12\\x8f\\x1c\\xfc\\xd9\\xa6+\\xeaM\\x18y+^\\x05\\xb1\\xfe\\xe1_\\xd4!\\xd2\\x88\\xc8\\xf4\\xee+\\xb9\\xc0\\x1e\\xeb9\\x9e\n8\\xa6f\\x8e\\xf5\\xa1\\xc0$l\\x96\\x8fUC\\xc9T\\xe4\\xae\\x99\\xaa"
              }
            ],
            "repeated": 0,
            "id": 6607
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 6608
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6364"
              }
            ],
            "repeated": 0,
            "id": 6609
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x742bad94",
            "parentcaller": "0x742ba15c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008cc"
              }
            ],
            "repeated": 0,
            "id": 6610
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x775545ae",
            "parentcaller": "0x7755442c",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 6611
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x75c4269a",
            "parentcaller": "0x758e5041",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008d0"
              }
            ],
            "repeated": 0,
            "id": 6612
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "6364",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6613
          },
          {
            "timestamp": "2026-03-05 10:25:03,556",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 5,
            "id": 6614
          },
          {
            "timestamp": "2026-03-05 10:25:03,587",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6615
          },
          {
            "timestamp": "2026-03-05 10:25:03,587",
            "thread_id": "3936",
            "caller": "0x75c4978d",
            "parentcaller": "0x7608f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769c0000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769fb400"
              }
            ],
            "repeated": 0,
            "id": 6616
          },
          {
            "timestamp": "2026-03-05 10:25:03,587",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 6617
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "3780",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6618
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "3780",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 6619
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "3344",
            "caller": "0x76091e6a",
            "parentcaller": "0x73092f76",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6620
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "3344",
            "caller": "0x730943d1",
            "parentcaller": "0x7309426d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6621
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "3344",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000884"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6622
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6623
          },
          {
            "timestamp": "2026-03-05 10:25:03,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 1,
            "id": 6624
          },
          {
            "timestamp": "2026-03-05 10:25:03,634",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 86,
            "id": 6625
          },
          {
            "timestamp": "2026-03-05 10:25:03,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6626
          },
          {
            "timestamp": "2026-03-05 10:25:03,759",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6627
          },
          {
            "timestamp": "2026-03-05 10:25:03,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6628
          },
          {
            "timestamp": "2026-03-05 10:25:03,775",
            "thread_id": "2908",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 4,
            "id": 6629
          },
          {
            "timestamp": "2026-03-05 10:25:03,837",
            "thread_id": "2908",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6630
          },
          {
            "timestamp": "2026-03-05 10:25:03,837",
            "thread_id": "2908",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 6631
          },
          {
            "timestamp": "2026-03-05 10:25:03,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6632
          },
          {
            "timestamp": "2026-03-05 10:25:03,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6633
          },
          {
            "timestamp": "2026-03-05 10:25:04,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6634
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6635
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3344",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6636
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3344",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000884"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6637
          },
          {
            "timestamp": "2026-03-05 10:25:04,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6638
          },
          {
            "timestamp": "2026-03-05 10:25:04,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6639
          },
          {
            "timestamp": "2026-03-05 10:25:04,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6640
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6641
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6642
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6643
          },
          {
            "timestamp": "2026-03-05 10:25:04,666",
            "thread_id": "3344",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6644
          },
          {
            "timestamp": "2026-03-05 10:25:04,666",
            "thread_id": "3344",
            "caller": "0x75c4269a",
            "parentcaller": "0x7309435b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000884"
              }
            ],
            "repeated": 0,
            "id": 6645
          },
          {
            "timestamp": "2026-03-05 10:25:04,666",
            "thread_id": "3344",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3344"
              }
            ],
            "repeated": 0,
            "id": 6646
          },
          {
            "timestamp": "2026-03-05 10:25:04,666",
            "thread_id": "3344",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6647
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6648
          },
          {
            "timestamp": "2026-03-05 10:25:04,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6649
          },
          {
            "timestamp": "2026-03-05 10:25:04,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6650
          },
          {
            "timestamp": "2026-03-05 10:25:04,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6651
          },
          {
            "timestamp": "2026-03-05 10:25:05,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6652
          },
          {
            "timestamp": "2026-03-05 10:25:05,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6653
          },
          {
            "timestamp": "2026-03-05 10:25:05,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6654
          },
          {
            "timestamp": "2026-03-05 10:25:05,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6655
          },
          {
            "timestamp": "2026-03-05 10:25:05,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6656
          },
          {
            "timestamp": "2026-03-05 10:25:05,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6657
          },
          {
            "timestamp": "2026-03-05 10:25:05,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6658
          },
          {
            "timestamp": "2026-03-05 10:25:05,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6659
          },
          {
            "timestamp": "2026-03-05 10:25:05,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6660
          },
          {
            "timestamp": "2026-03-05 10:25:05,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6661
          },
          {
            "timestamp": "2026-03-05 10:25:05,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6662
          },
          {
            "timestamp": "2026-03-05 10:25:05,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6663
          },
          {
            "timestamp": "2026-03-05 10:25:05,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6664
          },
          {
            "timestamp": "2026-03-05 10:25:05,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6665
          },
          {
            "timestamp": "2026-03-05 10:25:05,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6666
          },
          {
            "timestamp": "2026-03-05 10:25:05,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6667
          },
          {
            "timestamp": "2026-03-05 10:25:06,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6668
          },
          {
            "timestamp": "2026-03-05 10:25:06,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6669
          },
          {
            "timestamp": "2026-03-05 10:25:06,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6670
          },
          {
            "timestamp": "2026-03-05 10:25:06,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6671
          },
          {
            "timestamp": "2026-03-05 10:25:06,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6672
          },
          {
            "timestamp": "2026-03-05 10:25:06,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6673
          },
          {
            "timestamp": "2026-03-05 10:25:06,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6674
          },
          {
            "timestamp": "2026-03-05 10:25:06,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6675
          },
          {
            "timestamp": "2026-03-05 10:25:06,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6676
          },
          {
            "timestamp": "2026-03-05 10:25:06,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6677
          },
          {
            "timestamp": "2026-03-05 10:25:06,744",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6678
          },
          {
            "timestamp": "2026-03-05 10:25:06,744",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "<\\x7f\\xbc\\x98\\xbe\\xca\\xb4\\x1af\\xad/(\\xf8\\x10\\x19\\xb1c5\\xc1\\xe0\\xf1\\xf8\\xb7\\xd49I\\x1a\\xbb\\xa8\\x99\\x0c\\xc9"
              }
            ],
            "repeated": 0,
            "id": 6679
          },
          {
            "timestamp": "2026-03-05 10:25:06,744",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x17"
              },
              {
                "name": "SequenceNumber",
                "value": "9"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6680
          },
          {
            "timestamp": "2026-03-05 10:25:06,744",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6681
          },
          {
            "timestamp": "2026-03-05 10:25:06,744",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xe0?Y\\xbc+5=M\\xf9\\xd3!\\xfcVF\\xe2\\x1c%u)n\\x08k\nk\\x15\\x9bU\\x86Zk\\xb2\\x08"
              }
            ],
            "repeated": 0,
            "id": 6682
          },
          {
            "timestamp": "2026-03-05 10:25:06,744",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "10"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6683
          },
          {
            "timestamp": "2026-03-05 10:25:06,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6684
          },
          {
            "timestamp": "2026-03-05 10:25:06,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6685
          },
          {
            "timestamp": "2026-03-05 10:25:06,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6686
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 6687
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "i\\xa0\\x04\\xa0\\xff\r\\xea\\xd7B\\x89\\xb6\\xa1^X\\xcd!7\\xd2\\xcf\\xa7\\x15i\\xa8\\x8f\\x82\\xa0r\\x83Cy\\x83b"
              }
            ],
            "repeated": 0,
            "id": 6688
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "11"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6689
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 6690
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xe16I\\xff\\xc4Y\\xbbz\\x951L\\xde\\x16\\xa8\\xe7\\xafHw\\x1aH\\xc3\\x8dm\\x1e\\xd94$$\\x14^Y\\x18\\x19Q\\x9fS\\xb0\\x98L\\xf3I\\xd3Q\\xa5SE\\xe3("
              }
            ],
            "repeated": 0,
            "id": 6691
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9b\\xc5\\xc4\\x00\\x00\\xb6\\x86\\xf3=\\x03\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "12"
              },
              {
                "name": "BufferSize",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 6692
          },
          {
            "timestamp": "2026-03-05 10:25:06,900",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6693
          },
          {
            "timestamp": "2026-03-05 10:25:06,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5360"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 6694
          },
          {
            "timestamp": "2026-03-05 10:25:06,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000008e4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5360"
              }
            ],
            "repeated": 0,
            "id": 6695
          },
          {
            "timestamp": "2026-03-05 10:25:06,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008e4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5360"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 6696
          },
          {
            "timestamp": "2026-03-05 10:25:06,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6697
          },
          {
            "timestamp": "2026-03-05 10:25:06,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6698
          },
          {
            "timestamp": "2026-03-05 10:25:06,931",
            "thread_id": "5360",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01168000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6699
          },
          {
            "timestamp": "2026-03-05 10:25:06,947",
            "thread_id": "5360",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6700
          },
          {
            "timestamp": "2026-03-05 10:25:06,947",
            "thread_id": "5360",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6701
          },
          {
            "timestamp": "2026-03-05 10:25:06,947",
            "thread_id": "5360",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6702
          },
          {
            "timestamp": "2026-03-05 10:25:06,947",
            "thread_id": "5360",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 6703
          },
          {
            "timestamp": "2026-03-05 10:25:06,947",
            "thread_id": "5360",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5360"
              }
            ],
            "repeated": 0,
            "id": 6704
          },
          {
            "timestamp": "2026-03-05 10:25:06,947",
            "thread_id": "5360",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6705
          },
          {
            "timestamp": "2026-03-05 10:25:07,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6706
          },
          {
            "timestamp": "2026-03-05 10:25:07,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6707
          },
          {
            "timestamp": "2026-03-05 10:25:07,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6708
          },
          {
            "timestamp": "2026-03-05 10:25:07,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6709
          },
          {
            "timestamp": "2026-03-05 10:25:07,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6710
          },
          {
            "timestamp": "2026-03-05 10:25:07,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6711
          },
          {
            "timestamp": "2026-03-05 10:25:07,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6712
          },
          {
            "timestamp": "2026-03-05 10:25:07,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6713
          },
          {
            "timestamp": "2026-03-05 10:25:07,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6714
          },
          {
            "timestamp": "2026-03-05 10:25:07,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6715
          },
          {
            "timestamp": "2026-03-05 10:25:07,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6716
          },
          {
            "timestamp": "2026-03-05 10:25:07,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6717
          },
          {
            "timestamp": "2026-03-05 10:25:07,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6718
          },
          {
            "timestamp": "2026-03-05 10:25:07,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6719
          },
          {
            "timestamp": "2026-03-05 10:25:07,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6720
          },
          {
            "timestamp": "2026-03-05 10:25:07,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6721
          },
          {
            "timestamp": "2026-03-05 10:25:08,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6722
          },
          {
            "timestamp": "2026-03-05 10:25:08,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6723
          },
          {
            "timestamp": "2026-03-05 10:25:08,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6724
          },
          {
            "timestamp": "2026-03-05 10:25:08,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6725
          },
          {
            "timestamp": "2026-03-05 10:25:08,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6726
          },
          {
            "timestamp": "2026-03-05 10:25:08,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6727
          },
          {
            "timestamp": "2026-03-05 10:25:08,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6728
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6729
          },
          {
            "timestamp": "2026-03-05 10:25:08,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6730
          },
          {
            "timestamp": "2026-03-05 10:25:08,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6731
          },
          {
            "timestamp": "2026-03-05 10:25:08,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6732
          },
          {
            "timestamp": "2026-03-05 10:25:08,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6733
          },
          {
            "timestamp": "2026-03-05 10:25:09,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6734
          },
          {
            "timestamp": "2026-03-05 10:25:09,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6735
          },
          {
            "timestamp": "2026-03-05 10:25:09,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6736
          },
          {
            "timestamp": "2026-03-05 10:25:09,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6737
          },
          {
            "timestamp": "2026-03-05 10:25:09,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6738
          },
          {
            "timestamp": "2026-03-05 10:25:09,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6739
          },
          {
            "timestamp": "2026-03-05 10:25:09,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6740
          },
          {
            "timestamp": "2026-03-05 10:25:09,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6741
          },
          {
            "timestamp": "2026-03-05 10:25:09,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6742
          },
          {
            "timestamp": "2026-03-05 10:25:09,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6743
          },
          {
            "timestamp": "2026-03-05 10:25:09,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6744
          },
          {
            "timestamp": "2026-03-05 10:25:09,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6745
          },
          {
            "timestamp": "2026-03-05 10:25:09,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6746
          },
          {
            "timestamp": "2026-03-05 10:25:09,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6747
          },
          {
            "timestamp": "2026-03-05 10:25:09,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6748
          },
          {
            "timestamp": "2026-03-05 10:25:09,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6749
          },
          {
            "timestamp": "2026-03-05 10:25:10,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6750
          },
          {
            "timestamp": "2026-03-05 10:25:10,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6751
          },
          {
            "timestamp": "2026-03-05 10:25:10,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6752
          },
          {
            "timestamp": "2026-03-05 10:25:10,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6753
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6754
          },
          {
            "timestamp": "2026-03-05 10:25:10,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6755
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6756
          },
          {
            "timestamp": "2026-03-05 10:25:10,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6757
          },
          {
            "timestamp": "2026-03-05 10:25:10,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6758
          },
          {
            "timestamp": "2026-03-05 10:25:10,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6759
          },
          {
            "timestamp": "2026-03-05 10:25:10,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6760
          },
          {
            "timestamp": "2026-03-05 10:25:10,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6761
          },
          {
            "timestamp": "2026-03-05 10:25:10,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6762
          },
          {
            "timestamp": "2026-03-05 10:25:10,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6763
          },
          {
            "timestamp": "2026-03-05 10:25:10,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6764
          },
          {
            "timestamp": "2026-03-05 10:25:10,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6765
          },
          {
            "timestamp": "2026-03-05 10:25:11,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6766
          },
          {
            "timestamp": "2026-03-05 10:25:11,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6767
          },
          {
            "timestamp": "2026-03-05 10:25:11,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6768
          },
          {
            "timestamp": "2026-03-05 10:25:11,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6769
          },
          {
            "timestamp": "2026-03-05 10:25:11,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6770
          },
          {
            "timestamp": "2026-03-05 10:25:11,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6771
          },
          {
            "timestamp": "2026-03-05 10:25:11,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6772
          },
          {
            "timestamp": "2026-03-05 10:25:11,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6773
          },
          {
            "timestamp": "2026-03-05 10:25:11,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6774
          },
          {
            "timestamp": "2026-03-05 10:25:11,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6775
          },
          {
            "timestamp": "2026-03-05 10:25:11,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6776
          },
          {
            "timestamp": "2026-03-05 10:25:11,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6777
          },
          {
            "timestamp": "2026-03-05 10:25:11,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6778
          },
          {
            "timestamp": "2026-03-05 10:25:11,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6779
          },
          {
            "timestamp": "2026-03-05 10:25:11,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6780
          },
          {
            "timestamp": "2026-03-05 10:25:12,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6781
          },
          {
            "timestamp": "2026-03-05 10:25:12,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6782
          },
          {
            "timestamp": "2026-03-05 10:25:12,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6783
          },
          {
            "timestamp": "2026-03-05 10:25:12,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6784
          },
          {
            "timestamp": "2026-03-05 10:25:12,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6785
          },
          {
            "timestamp": "2026-03-05 10:25:12,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6786
          },
          {
            "timestamp": "2026-03-05 10:25:12,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6787
          },
          {
            "timestamp": "2026-03-05 10:25:12,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6788
          },
          {
            "timestamp": "2026-03-05 10:25:12,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6789
          },
          {
            "timestamp": "2026-03-05 10:25:12,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6790
          },
          {
            "timestamp": "2026-03-05 10:25:12,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6791
          },
          {
            "timestamp": "2026-03-05 10:25:12,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6792
          },
          {
            "timestamp": "2026-03-05 10:25:12,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6793
          },
          {
            "timestamp": "2026-03-05 10:25:12,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6794
          },
          {
            "timestamp": "2026-03-05 10:25:12,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6795
          },
          {
            "timestamp": "2026-03-05 10:25:13,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6796
          },
          {
            "timestamp": "2026-03-05 10:25:13,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6797
          },
          {
            "timestamp": "2026-03-05 10:25:13,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6798
          },
          {
            "timestamp": "2026-03-05 10:25:13,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6799
          },
          {
            "timestamp": "2026-03-05 10:25:13,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6800
          },
          {
            "timestamp": "2026-03-05 10:25:13,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6801
          },
          {
            "timestamp": "2026-03-05 10:25:13,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6802
          },
          {
            "timestamp": "2026-03-05 10:25:13,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6803
          },
          {
            "timestamp": "2026-03-05 10:25:13,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6804
          },
          {
            "timestamp": "2026-03-05 10:25:13,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6805
          },
          {
            "timestamp": "2026-03-05 10:25:13,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6806
          },
          {
            "timestamp": "2026-03-05 10:25:13,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6807
          },
          {
            "timestamp": "2026-03-05 10:25:13,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6808
          },
          {
            "timestamp": "2026-03-05 10:25:13,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6809
          },
          {
            "timestamp": "2026-03-05 10:25:13,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6810
          },
          {
            "timestamp": "2026-03-05 10:25:13,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6811
          },
          {
            "timestamp": "2026-03-05 10:25:14,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6812
          },
          {
            "timestamp": "2026-03-05 10:25:14,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6813
          },
          {
            "timestamp": "2026-03-05 10:25:14,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6814
          },
          {
            "timestamp": "2026-03-05 10:25:14,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6815
          },
          {
            "timestamp": "2026-03-05 10:25:14,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6816
          },
          {
            "timestamp": "2026-03-05 10:25:14,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6817
          },
          {
            "timestamp": "2026-03-05 10:25:14,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6818
          },
          {
            "timestamp": "2026-03-05 10:25:14,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6819
          },
          {
            "timestamp": "2026-03-05 10:25:14,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6820
          },
          {
            "timestamp": "2026-03-05 10:25:14,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6821
          },
          {
            "timestamp": "2026-03-05 10:25:14,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6822
          },
          {
            "timestamp": "2026-03-05 10:25:14,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6823
          },
          {
            "timestamp": "2026-03-05 10:25:14,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6824
          },
          {
            "timestamp": "2026-03-05 10:25:14,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6825
          },
          {
            "timestamp": "2026-03-05 10:25:14,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6826
          },
          {
            "timestamp": "2026-03-05 10:25:14,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6827
          },
          {
            "timestamp": "2026-03-05 10:25:15,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6828
          },
          {
            "timestamp": "2026-03-05 10:25:15,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6829
          },
          {
            "timestamp": "2026-03-05 10:25:15,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6830
          },
          {
            "timestamp": "2026-03-05 10:25:15,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6831
          },
          {
            "timestamp": "2026-03-05 10:25:15,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6832
          },
          {
            "timestamp": "2026-03-05 10:25:15,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6833
          },
          {
            "timestamp": "2026-03-05 10:25:15,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6834
          },
          {
            "timestamp": "2026-03-05 10:25:15,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6835
          },
          {
            "timestamp": "2026-03-05 10:25:15,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6836
          },
          {
            "timestamp": "2026-03-05 10:25:15,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6837
          },
          {
            "timestamp": "2026-03-05 10:25:15,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6838
          },
          {
            "timestamp": "2026-03-05 10:25:15,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6839
          },
          {
            "timestamp": "2026-03-05 10:25:15,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6840
          },
          {
            "timestamp": "2026-03-05 10:25:15,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6841
          },
          {
            "timestamp": "2026-03-05 10:25:15,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6842
          },
          {
            "timestamp": "2026-03-05 10:25:16,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6843
          },
          {
            "timestamp": "2026-03-05 10:25:16,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6844
          },
          {
            "timestamp": "2026-03-05 10:25:16,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6845
          },
          {
            "timestamp": "2026-03-05 10:25:16,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6846
          },
          {
            "timestamp": "2026-03-05 10:25:16,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6847
          },
          {
            "timestamp": "2026-03-05 10:25:16,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6848
          },
          {
            "timestamp": "2026-03-05 10:25:16,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6849
          },
          {
            "timestamp": "2026-03-05 10:25:16,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6850
          },
          {
            "timestamp": "2026-03-05 10:25:16,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6851
          },
          {
            "timestamp": "2026-03-05 10:25:16,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6852
          },
          {
            "timestamp": "2026-03-05 10:25:16,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6853
          },
          {
            "timestamp": "2026-03-05 10:25:16,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6854
          },
          {
            "timestamp": "2026-03-05 10:25:16,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6855
          },
          {
            "timestamp": "2026-03-05 10:25:16,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6856
          },
          {
            "timestamp": "2026-03-05 10:25:16,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6857
          },
          {
            "timestamp": "2026-03-05 10:25:17,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6858
          },
          {
            "timestamp": "2026-03-05 10:25:17,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6859
          },
          {
            "timestamp": "2026-03-05 10:25:17,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6860
          },
          {
            "timestamp": "2026-03-05 10:25:17,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6861
          },
          {
            "timestamp": "2026-03-05 10:25:17,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6862
          },
          {
            "timestamp": "2026-03-05 10:25:17,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6863
          },
          {
            "timestamp": "2026-03-05 10:25:17,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6864
          },
          {
            "timestamp": "2026-03-05 10:25:17,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6865
          },
          {
            "timestamp": "2026-03-05 10:25:17,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6866
          },
          {
            "timestamp": "2026-03-05 10:25:17,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6867
          },
          {
            "timestamp": "2026-03-05 10:25:17,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6868
          },
          {
            "timestamp": "2026-03-05 10:25:17,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6869
          },
          {
            "timestamp": "2026-03-05 10:25:17,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6870
          },
          {
            "timestamp": "2026-03-05 10:25:17,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6871
          },
          {
            "timestamp": "2026-03-05 10:25:17,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6872
          },
          {
            "timestamp": "2026-03-05 10:25:17,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6873
          },
          {
            "timestamp": "2026-03-05 10:25:18,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6874
          },
          {
            "timestamp": "2026-03-05 10:25:18,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6875
          },
          {
            "timestamp": "2026-03-05 10:25:18,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6876
          },
          {
            "timestamp": "2026-03-05 10:25:18,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6877
          },
          {
            "timestamp": "2026-03-05 10:25:18,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6878
          },
          {
            "timestamp": "2026-03-05 10:25:18,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6879
          },
          {
            "timestamp": "2026-03-05 10:25:18,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6880
          },
          {
            "timestamp": "2026-03-05 10:25:18,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6881
          },
          {
            "timestamp": "2026-03-05 10:25:18,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6882
          },
          {
            "timestamp": "2026-03-05 10:25:18,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6883
          },
          {
            "timestamp": "2026-03-05 10:25:18,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6884
          },
          {
            "timestamp": "2026-03-05 10:25:18,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6885
          },
          {
            "timestamp": "2026-03-05 10:25:18,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6886
          },
          {
            "timestamp": "2026-03-05 10:25:18,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6887
          },
          {
            "timestamp": "2026-03-05 10:25:18,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6888
          },
          {
            "timestamp": "2026-03-05 10:25:18,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6889
          },
          {
            "timestamp": "2026-03-05 10:25:19,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6890
          },
          {
            "timestamp": "2026-03-05 10:25:19,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6891
          },
          {
            "timestamp": "2026-03-05 10:25:19,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6892
          },
          {
            "timestamp": "2026-03-05 10:25:19,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6893
          },
          {
            "timestamp": "2026-03-05 10:25:19,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6894
          },
          {
            "timestamp": "2026-03-05 10:25:19,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6895
          },
          {
            "timestamp": "2026-03-05 10:25:19,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6896
          },
          {
            "timestamp": "2026-03-05 10:25:19,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6897
          },
          {
            "timestamp": "2026-03-05 10:25:19,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6898
          },
          {
            "timestamp": "2026-03-05 10:25:19,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6899
          },
          {
            "timestamp": "2026-03-05 10:25:19,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6900
          },
          {
            "timestamp": "2026-03-05 10:25:19,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6901
          },
          {
            "timestamp": "2026-03-05 10:25:19,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6902
          },
          {
            "timestamp": "2026-03-05 10:25:19,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6903
          },
          {
            "timestamp": "2026-03-05 10:25:19,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6904
          },
          {
            "timestamp": "2026-03-05 10:25:19,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6905
          },
          {
            "timestamp": "2026-03-05 10:25:20,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6906
          },
          {
            "timestamp": "2026-03-05 10:25:20,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6907
          },
          {
            "timestamp": "2026-03-05 10:25:20,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6908
          },
          {
            "timestamp": "2026-03-05 10:25:20,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6909
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6910
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6911
          },
          {
            "timestamp": "2026-03-05 10:25:20,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6912
          },
          {
            "timestamp": "2026-03-05 10:25:20,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6913
          },
          {
            "timestamp": "2026-03-05 10:25:20,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6914
          },
          {
            "timestamp": "2026-03-05 10:25:20,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6915
          },
          {
            "timestamp": "2026-03-05 10:25:20,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6916
          },
          {
            "timestamp": "2026-03-05 10:25:20,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6917
          },
          {
            "timestamp": "2026-03-05 10:25:20,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6918
          },
          {
            "timestamp": "2026-03-05 10:25:20,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6919
          },
          {
            "timestamp": "2026-03-05 10:25:20,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6920
          },
          {
            "timestamp": "2026-03-05 10:25:20,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6921
          },
          {
            "timestamp": "2026-03-05 10:25:21,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6922
          },
          {
            "timestamp": "2026-03-05 10:25:21,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6923
          },
          {
            "timestamp": "2026-03-05 10:25:21,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6924
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6925
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6926
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6927
          },
          {
            "timestamp": "2026-03-05 10:25:21,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6928
          },
          {
            "timestamp": "2026-03-05 10:25:21,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6929
          },
          {
            "timestamp": "2026-03-05 10:25:21,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6930
          },
          {
            "timestamp": "2026-03-05 10:25:21,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6931
          },
          {
            "timestamp": "2026-03-05 10:25:21,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6932
          },
          {
            "timestamp": "2026-03-05 10:25:21,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6933
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6934
          },
          {
            "timestamp": "2026-03-05 10:25:21,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6935
          },
          {
            "timestamp": "2026-03-05 10:25:21,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6936
          },
          {
            "timestamp": "2026-03-05 10:25:22,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6937
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6938
          },
          {
            "timestamp": "2026-03-05 10:25:22,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6939
          },
          {
            "timestamp": "2026-03-05 10:25:22,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6940
          },
          {
            "timestamp": "2026-03-05 10:25:22,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6941
          },
          {
            "timestamp": "2026-03-05 10:25:22,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6942
          },
          {
            "timestamp": "2026-03-05 10:25:22,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6943
          },
          {
            "timestamp": "2026-03-05 10:25:22,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6944
          },
          {
            "timestamp": "2026-03-05 10:25:22,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6945
          },
          {
            "timestamp": "2026-03-05 10:25:22,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6946
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6947
          },
          {
            "timestamp": "2026-03-05 10:25:22,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6948
          },
          {
            "timestamp": "2026-03-05 10:25:22,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6949
          },
          {
            "timestamp": "2026-03-05 10:25:22,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6950
          },
          {
            "timestamp": "2026-03-05 10:25:22,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6951
          },
          {
            "timestamp": "2026-03-05 10:25:22,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6952
          },
          {
            "timestamp": "2026-03-05 10:25:23,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6953
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6954
          },
          {
            "timestamp": "2026-03-05 10:25:23,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6955
          },
          {
            "timestamp": "2026-03-05 10:25:23,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6956
          },
          {
            "timestamp": "2026-03-05 10:25:23,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6957
          },
          {
            "timestamp": "2026-03-05 10:25:23,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6958
          },
          {
            "timestamp": "2026-03-05 10:25:23,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6959
          },
          {
            "timestamp": "2026-03-05 10:25:23,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6960
          },
          {
            "timestamp": "2026-03-05 10:25:23,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6961
          },
          {
            "timestamp": "2026-03-05 10:25:23,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6962
          },
          {
            "timestamp": "2026-03-05 10:25:23,619",
            "thread_id": "3780",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3780"
              }
            ],
            "repeated": 0,
            "id": 6963
          },
          {
            "timestamp": "2026-03-05 10:25:23,619",
            "thread_id": "3780",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 6964
          },
          {
            "timestamp": "2026-03-05 10:25:23,619",
            "thread_id": "3780",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3780"
              }
            ],
            "repeated": 0,
            "id": 6965
          },
          {
            "timestamp": "2026-03-05 10:25:23,619",
            "thread_id": "3780",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6966
          },
          {
            "timestamp": "2026-03-05 10:25:23,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6967
          },
          {
            "timestamp": "2026-03-05 10:25:23,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6968
          },
          {
            "timestamp": "2026-03-05 10:25:23,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6969
          },
          {
            "timestamp": "2026-03-05 10:25:23,837",
            "thread_id": "2908",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2908"
              }
            ],
            "repeated": 0,
            "id": 6970
          },
          {
            "timestamp": "2026-03-05 10:25:23,837",
            "thread_id": "2908",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 6971
          },
          {
            "timestamp": "2026-03-05 10:25:23,837",
            "thread_id": "2908",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2908"
              }
            ],
            "repeated": 0,
            "id": 6972
          },
          {
            "timestamp": "2026-03-05 10:25:23,837",
            "thread_id": "2908",
            "caller": "0x742bad94",
            "parentcaller": "0x742ba15c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000088c"
              }
            ],
            "repeated": 0,
            "id": 6973
          },
          {
            "timestamp": "2026-03-05 10:25:23,837",
            "thread_id": "2908",
            "caller": "0x75c4269a",
            "parentcaller": "0x758e5041",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000890"
              }
            ],
            "repeated": 0,
            "id": 6974
          },
          {
            "timestamp": "2026-03-05 10:25:23,837",
            "thread_id": "2908",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6975
          },
          {
            "timestamp": "2026-03-05 10:25:23,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6976
          },
          {
            "timestamp": "2026-03-05 10:25:23,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6977
          },
          {
            "timestamp": "2026-03-05 10:25:24,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6978
          },
          {
            "timestamp": "2026-03-05 10:25:24,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6979
          },
          {
            "timestamp": "2026-03-05 10:25:24,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6980
          },
          {
            "timestamp": "2026-03-05 10:25:24,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6981
          },
          {
            "timestamp": "2026-03-05 10:25:24,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6982
          },
          {
            "timestamp": "2026-03-05 10:25:24,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6983
          },
          {
            "timestamp": "2026-03-05 10:25:24,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6984
          },
          {
            "timestamp": "2026-03-05 10:25:24,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6985
          },
          {
            "timestamp": "2026-03-05 10:25:24,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6986
          },
          {
            "timestamp": "2026-03-05 10:25:24,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6987
          },
          {
            "timestamp": "2026-03-05 10:25:24,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6988
          },
          {
            "timestamp": "2026-03-05 10:25:24,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6989
          },
          {
            "timestamp": "2026-03-05 10:25:24,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6990
          },
          {
            "timestamp": "2026-03-05 10:25:24,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6991
          },
          {
            "timestamp": "2026-03-05 10:25:25,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6992
          },
          {
            "timestamp": "2026-03-05 10:25:25,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6993
          },
          {
            "timestamp": "2026-03-05 10:25:25,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6994
          },
          {
            "timestamp": "2026-03-05 10:25:25,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6995
          },
          {
            "timestamp": "2026-03-05 10:25:25,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6996
          },
          {
            "timestamp": "2026-03-05 10:25:25,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6997
          },
          {
            "timestamp": "2026-03-05 10:25:25,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6998
          },
          {
            "timestamp": "2026-03-05 10:25:25,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6999
          },
          {
            "timestamp": "2026-03-05 10:25:25,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7000
          },
          {
            "timestamp": "2026-03-05 10:25:25,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7001
          },
          {
            "timestamp": "2026-03-05 10:25:25,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7002
          },
          {
            "timestamp": "2026-03-05 10:25:25,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7003
          },
          {
            "timestamp": "2026-03-05 10:25:25,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7004
          },
          {
            "timestamp": "2026-03-05 10:25:25,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7005
          },
          {
            "timestamp": "2026-03-05 10:25:25,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7006
          },
          {
            "timestamp": "2026-03-05 10:25:25,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7007
          },
          {
            "timestamp": "2026-03-05 10:25:26,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7008
          },
          {
            "timestamp": "2026-03-05 10:25:26,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7009
          },
          {
            "timestamp": "2026-03-05 10:25:26,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7010
          },
          {
            "timestamp": "2026-03-05 10:25:26,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7011
          },
          {
            "timestamp": "2026-03-05 10:25:26,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7012
          },
          {
            "timestamp": "2026-03-05 10:25:26,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7013
          },
          {
            "timestamp": "2026-03-05 10:25:26,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7014
          },
          {
            "timestamp": "2026-03-05 10:25:26,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7015
          },
          {
            "timestamp": "2026-03-05 10:25:26,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7016
          },
          {
            "timestamp": "2026-03-05 10:25:26,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7017
          },
          {
            "timestamp": "2026-03-05 10:25:26,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7018
          },
          {
            "timestamp": "2026-03-05 10:25:26,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7019
          },
          {
            "timestamp": "2026-03-05 10:25:26,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7020
          },
          {
            "timestamp": "2026-03-05 10:25:26,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7021
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7022
          },
          {
            "timestamp": "2026-03-05 10:25:26,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7023
          },
          {
            "timestamp": "2026-03-05 10:25:27,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7024
          },
          {
            "timestamp": "2026-03-05 10:25:27,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7025
          },
          {
            "timestamp": "2026-03-05 10:25:27,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7026
          },
          {
            "timestamp": "2026-03-05 10:25:27,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7027
          },
          {
            "timestamp": "2026-03-05 10:25:27,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7028
          },
          {
            "timestamp": "2026-03-05 10:25:27,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7029
          },
          {
            "timestamp": "2026-03-05 10:25:27,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7030
          },
          {
            "timestamp": "2026-03-05 10:25:27,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7031
          },
          {
            "timestamp": "2026-03-05 10:25:27,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7032
          },
          {
            "timestamp": "2026-03-05 10:25:27,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7033
          },
          {
            "timestamp": "2026-03-05 10:25:27,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7034
          },
          {
            "timestamp": "2026-03-05 10:25:27,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7035
          },
          {
            "timestamp": "2026-03-05 10:25:27,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7036
          },
          {
            "timestamp": "2026-03-05 10:25:27,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7037
          },
          {
            "timestamp": "2026-03-05 10:25:27,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7038
          },
          {
            "timestamp": "2026-03-05 10:25:27,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7039
          },
          {
            "timestamp": "2026-03-05 10:25:28,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7040
          },
          {
            "timestamp": "2026-03-05 10:25:28,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7041
          },
          {
            "timestamp": "2026-03-05 10:25:28,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7042
          },
          {
            "timestamp": "2026-03-05 10:25:28,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7043
          },
          {
            "timestamp": "2026-03-05 10:25:28,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7044
          },
          {
            "timestamp": "2026-03-05 10:25:28,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7045
          },
          {
            "timestamp": "2026-03-05 10:25:28,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7046
          },
          {
            "timestamp": "2026-03-05 10:25:28,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7047
          },
          {
            "timestamp": "2026-03-05 10:25:28,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7048
          },
          {
            "timestamp": "2026-03-05 10:25:28,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7049
          },
          {
            "timestamp": "2026-03-05 10:25:28,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7050
          },
          {
            "timestamp": "2026-03-05 10:25:28,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7051
          },
          {
            "timestamp": "2026-03-05 10:25:28,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7052
          },
          {
            "timestamp": "2026-03-05 10:25:29,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 2,
            "id": 7053
          },
          {
            "timestamp": "2026-03-05 10:25:29,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7054
          },
          {
            "timestamp": "2026-03-05 10:25:29,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7055
          },
          {
            "timestamp": "2026-03-05 10:25:29,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7056
          },
          {
            "timestamp": "2026-03-05 10:25:29,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7057
          },
          {
            "timestamp": "2026-03-05 10:25:29,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7058
          },
          {
            "timestamp": "2026-03-05 10:25:29,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7059
          },
          {
            "timestamp": "2026-03-05 10:25:29,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7060
          },
          {
            "timestamp": "2026-03-05 10:25:29,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7061
          },
          {
            "timestamp": "2026-03-05 10:25:29,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7062
          },
          {
            "timestamp": "2026-03-05 10:25:29,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7063
          },
          {
            "timestamp": "2026-03-05 10:25:29,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7064
          },
          {
            "timestamp": "2026-03-05 10:25:29,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7065
          },
          {
            "timestamp": "2026-03-05 10:25:29,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7066
          },
          {
            "timestamp": "2026-03-05 10:25:29,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7067
          },
          {
            "timestamp": "2026-03-05 10:25:30,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7068
          },
          {
            "timestamp": "2026-03-05 10:25:30,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7069
          },
          {
            "timestamp": "2026-03-05 10:25:30,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7070
          },
          {
            "timestamp": "2026-03-05 10:25:30,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7071
          },
          {
            "timestamp": "2026-03-05 10:25:30,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7072
          },
          {
            "timestamp": "2026-03-05 10:25:30,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7073
          },
          {
            "timestamp": "2026-03-05 10:25:30,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7074
          },
          {
            "timestamp": "2026-03-05 10:25:30,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7075
          },
          {
            "timestamp": "2026-03-05 10:25:30,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7076
          },
          {
            "timestamp": "2026-03-05 10:25:30,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7077
          },
          {
            "timestamp": "2026-03-05 10:25:30,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7078
          },
          {
            "timestamp": "2026-03-05 10:25:30,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7079
          },
          {
            "timestamp": "2026-03-05 10:25:30,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7080
          },
          {
            "timestamp": "2026-03-05 10:25:30,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7081
          },
          {
            "timestamp": "2026-03-05 10:25:30,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7082
          },
          {
            "timestamp": "2026-03-05 10:25:30,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7083
          },
          {
            "timestamp": "2026-03-05 10:25:31,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7084
          },
          {
            "timestamp": "2026-03-05 10:25:31,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7085
          },
          {
            "timestamp": "2026-03-05 10:25:31,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7086
          },
          {
            "timestamp": "2026-03-05 10:25:31,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7087
          },
          {
            "timestamp": "2026-03-05 10:25:31,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7088
          },
          {
            "timestamp": "2026-03-05 10:25:31,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7089
          },
          {
            "timestamp": "2026-03-05 10:25:31,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7090
          },
          {
            "timestamp": "2026-03-05 10:25:31,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7091
          },
          {
            "timestamp": "2026-03-05 10:25:31,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7092
          },
          {
            "timestamp": "2026-03-05 10:25:31,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7093
          },
          {
            "timestamp": "2026-03-05 10:25:31,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7094
          },
          {
            "timestamp": "2026-03-05 10:25:31,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7095
          },
          {
            "timestamp": "2026-03-05 10:25:31,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7096
          },
          {
            "timestamp": "2026-03-05 10:25:31,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7097
          },
          {
            "timestamp": "2026-03-05 10:25:31,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7098
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7099
          },
          {
            "timestamp": "2026-03-05 10:25:32,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7100
          },
          {
            "timestamp": "2026-03-05 10:25:32,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7101
          },
          {
            "timestamp": "2026-03-05 10:25:32,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7102
          },
          {
            "timestamp": "2026-03-05 10:25:32,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7103
          },
          {
            "timestamp": "2026-03-05 10:25:32,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7104
          },
          {
            "timestamp": "2026-03-05 10:25:32,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7105
          },
          {
            "timestamp": "2026-03-05 10:25:32,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7106
          },
          {
            "timestamp": "2026-03-05 10:25:32,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7107
          },
          {
            "timestamp": "2026-03-05 10:25:32,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7108
          },
          {
            "timestamp": "2026-03-05 10:25:32,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7109
          },
          {
            "timestamp": "2026-03-05 10:25:32,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7110
          },
          {
            "timestamp": "2026-03-05 10:25:32,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7111
          },
          {
            "timestamp": "2026-03-05 10:25:32,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7112
          },
          {
            "timestamp": "2026-03-05 10:25:33,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7113
          },
          {
            "timestamp": "2026-03-05 10:25:33,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7114
          },
          {
            "timestamp": "2026-03-05 10:25:33,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7115
          },
          {
            "timestamp": "2026-03-05 10:25:33,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7116
          },
          {
            "timestamp": "2026-03-05 10:25:33,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7117
          },
          {
            "timestamp": "2026-03-05 10:25:33,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7118
          },
          {
            "timestamp": "2026-03-05 10:25:33,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7119
          },
          {
            "timestamp": "2026-03-05 10:25:33,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7120
          },
          {
            "timestamp": "2026-03-05 10:25:33,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7121
          },
          {
            "timestamp": "2026-03-05 10:25:33,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7122
          },
          {
            "timestamp": "2026-03-05 10:25:33,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7123
          },
          {
            "timestamp": "2026-03-05 10:25:33,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7124
          },
          {
            "timestamp": "2026-03-05 10:25:33,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7125
          },
          {
            "timestamp": "2026-03-05 10:25:33,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7126
          },
          {
            "timestamp": "2026-03-05 10:25:34,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7127
          },
          {
            "timestamp": "2026-03-05 10:25:34,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7128
          },
          {
            "timestamp": "2026-03-05 10:25:34,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7129
          },
          {
            "timestamp": "2026-03-05 10:25:34,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7130
          },
          {
            "timestamp": "2026-03-05 10:25:34,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7131
          },
          {
            "timestamp": "2026-03-05 10:25:34,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7132
          },
          {
            "timestamp": "2026-03-05 10:25:34,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7133
          },
          {
            "timestamp": "2026-03-05 10:25:34,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7134
          },
          {
            "timestamp": "2026-03-05 10:25:34,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7135
          },
          {
            "timestamp": "2026-03-05 10:25:34,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7136
          },
          {
            "timestamp": "2026-03-05 10:25:34,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7137
          },
          {
            "timestamp": "2026-03-05 10:25:34,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7138
          },
          {
            "timestamp": "2026-03-05 10:25:34,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7139
          },
          {
            "timestamp": "2026-03-05 10:25:34,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7140
          },
          {
            "timestamp": "2026-03-05 10:25:34,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7141
          },
          {
            "timestamp": "2026-03-05 10:25:35,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7142
          },
          {
            "timestamp": "2026-03-05 10:25:35,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7143
          },
          {
            "timestamp": "2026-03-05 10:25:35,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7144
          },
          {
            "timestamp": "2026-03-05 10:25:35,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7145
          },
          {
            "timestamp": "2026-03-05 10:25:35,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7146
          },
          {
            "timestamp": "2026-03-05 10:25:35,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7147
          },
          {
            "timestamp": "2026-03-05 10:25:35,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7148
          },
          {
            "timestamp": "2026-03-05 10:25:35,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7149
          },
          {
            "timestamp": "2026-03-05 10:25:35,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7150
          },
          {
            "timestamp": "2026-03-05 10:25:35,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7151
          },
          {
            "timestamp": "2026-03-05 10:25:35,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7152
          },
          {
            "timestamp": "2026-03-05 10:25:35,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7153
          },
          {
            "timestamp": "2026-03-05 10:25:35,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7154
          },
          {
            "timestamp": "2026-03-05 10:25:35,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7155
          },
          {
            "timestamp": "2026-03-05 10:25:35,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7156
          },
          {
            "timestamp": "2026-03-05 10:25:35,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7157
          },
          {
            "timestamp": "2026-03-05 10:25:36,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7158
          },
          {
            "timestamp": "2026-03-05 10:25:36,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7159
          },
          {
            "timestamp": "2026-03-05 10:25:36,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7160
          },
          {
            "timestamp": "2026-03-05 10:25:36,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7161
          },
          {
            "timestamp": "2026-03-05 10:25:36,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7162
          },
          {
            "timestamp": "2026-03-05 10:25:36,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7163
          },
          {
            "timestamp": "2026-03-05 10:25:36,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7164
          },
          {
            "timestamp": "2026-03-05 10:25:36,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7165
          },
          {
            "timestamp": "2026-03-05 10:25:36,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7166
          },
          {
            "timestamp": "2026-03-05 10:25:36,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7167
          },
          {
            "timestamp": "2026-03-05 10:25:36,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7168
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7169
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7170
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xc0\\xa5n\\xb3\\x8d)D\\xff\\xda\\xc4\\x0c\\x13<br\\xe6/m\\xa5N,\\xcaK\\x98\\xb7\\xcb\\x1a\\xf7\n\\x8b\\xcd\\x85"
              }
            ],
            "repeated": 0,
            "id": 7171
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x17"
              },
              {
                "name": "SequenceNumber",
                "value": "13"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7172
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7173
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xa9\\x94f\t\\x0f\\x98\\xe9\\x9cz7hFl\\xd9&\\xb45G\\x00\\xf7\\xa2~=~~\\x10\\xf8\\xbb\\xc5\\xce\\xa03"
              }
            ],
            "repeated": 0,
            "id": 7174
          },
          {
            "timestamp": "2026-03-05 10:25:36,759",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "14"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7175
          },
          {
            "timestamp": "2026-03-05 10:25:36,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7176
          },
          {
            "timestamp": "2026-03-05 10:25:36,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7177
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7178
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xa3.\\xa2\\x1b\\xaa;\\xb9!\\xad\\x9f%#\\xd3\\xdd\\x07R-v\\x06\\xd1\\xc0\\xe9W\\xa4P\\x1e\\xec\\xed\\xab\\x1f\\xa1j"
              }
            ],
            "repeated": 0,
            "id": 7179
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "15"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7180
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 7181
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "e\\xdd1J\\xcff\\xf2\\xd1\\xbb\\xd8\\x95/s\\xf2\\x02\\xa8\\xcc\\xbc:\\xd0\\xfe\\xb9\\xc0\\xfa)\\xbd\\x8as\\x82[6jj\\x9ch%?\\x06\\x0eYg\\xa2\\xc8a\\xc91\\xb6\\xe2"
              }
            ],
            "repeated": 0,
            "id": 7182
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9b\\xc5\\xc4\\x00\\x00\\xb6\\x86\\xf3=\\x03\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "16"
              },
              {
                "name": "BufferSize",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 7183
          },
          {
            "timestamp": "2026-03-05 10:25:36,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7184
          },
          {
            "timestamp": "2026-03-05 10:25:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2704"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7185
          },
          {
            "timestamp": "2026-03-05 10:25:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000008c4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "2704"
              }
            ],
            "repeated": 0,
            "id": 7186
          },
          {
            "timestamp": "2026-03-05 10:25:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008c4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2704"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 7187
          },
          {
            "timestamp": "2026-03-05 10:25:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 7188
          },
          {
            "timestamp": "2026-03-05 10:25:36,962",
            "thread_id": "2704",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7189
          },
          {
            "timestamp": "2026-03-05 10:25:36,962",
            "thread_id": "2704",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7190
          },
          {
            "timestamp": "2026-03-05 10:25:36,978",
            "thread_id": "2704",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 7191
          },
          {
            "timestamp": "2026-03-05 10:25:36,978",
            "thread_id": "2704",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2704"
              }
            ],
            "repeated": 0,
            "id": 7192
          },
          {
            "timestamp": "2026-03-05 10:25:36,978",
            "thread_id": "2704",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7193
          },
          {
            "timestamp": "2026-03-05 10:25:36,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7194
          },
          {
            "timestamp": "2026-03-05 10:25:37,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7195
          },
          {
            "timestamp": "2026-03-05 10:25:37,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7196
          },
          {
            "timestamp": "2026-03-05 10:25:37,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7197
          },
          {
            "timestamp": "2026-03-05 10:25:37,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7198
          },
          {
            "timestamp": "2026-03-05 10:25:37,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7199
          },
          {
            "timestamp": "2026-03-05 10:25:37,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7200
          },
          {
            "timestamp": "2026-03-05 10:25:37,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7201
          },
          {
            "timestamp": "2026-03-05 10:25:37,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7202
          },
          {
            "timestamp": "2026-03-05 10:25:37,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7203
          },
          {
            "timestamp": "2026-03-05 10:25:37,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7204
          },
          {
            "timestamp": "2026-03-05 10:25:37,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7205
          },
          {
            "timestamp": "2026-03-05 10:25:37,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7206
          },
          {
            "timestamp": "2026-03-05 10:25:37,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7207
          },
          {
            "timestamp": "2026-03-05 10:25:37,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7208
          },
          {
            "timestamp": "2026-03-05 10:25:37,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7209
          },
          {
            "timestamp": "2026-03-05 10:25:38,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7210
          },
          {
            "timestamp": "2026-03-05 10:25:38,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7211
          },
          {
            "timestamp": "2026-03-05 10:25:38,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7212
          },
          {
            "timestamp": "2026-03-05 10:25:38,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7213
          },
          {
            "timestamp": "2026-03-05 10:25:38,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7214
          },
          {
            "timestamp": "2026-03-05 10:25:38,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7215
          },
          {
            "timestamp": "2026-03-05 10:25:38,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7216
          },
          {
            "timestamp": "2026-03-05 10:25:38,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7217
          },
          {
            "timestamp": "2026-03-05 10:25:38,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7218
          },
          {
            "timestamp": "2026-03-05 10:25:38,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7219
          },
          {
            "timestamp": "2026-03-05 10:25:38,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7220
          },
          {
            "timestamp": "2026-03-05 10:25:38,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7221
          },
          {
            "timestamp": "2026-03-05 10:25:38,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7222
          },
          {
            "timestamp": "2026-03-05 10:25:38,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7223
          },
          {
            "timestamp": "2026-03-05 10:25:38,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7224
          },
          {
            "timestamp": "2026-03-05 10:25:38,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7225
          },
          {
            "timestamp": "2026-03-05 10:25:39,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7226
          },
          {
            "timestamp": "2026-03-05 10:25:39,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7227
          },
          {
            "timestamp": "2026-03-05 10:25:39,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7228
          },
          {
            "timestamp": "2026-03-05 10:25:39,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7229
          },
          {
            "timestamp": "2026-03-05 10:25:39,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7230
          },
          {
            "timestamp": "2026-03-05 10:25:39,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7231
          },
          {
            "timestamp": "2026-03-05 10:25:39,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7232
          },
          {
            "timestamp": "2026-03-05 10:25:39,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7233
          },
          {
            "timestamp": "2026-03-05 10:25:39,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7234
          },
          {
            "timestamp": "2026-03-05 10:25:39,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7235
          },
          {
            "timestamp": "2026-03-05 10:25:39,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7236
          },
          {
            "timestamp": "2026-03-05 10:25:39,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7237
          },
          {
            "timestamp": "2026-03-05 10:25:39,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7238
          },
          {
            "timestamp": "2026-03-05 10:25:39,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7239
          },
          {
            "timestamp": "2026-03-05 10:25:39,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7240
          },
          {
            "timestamp": "2026-03-05 10:25:39,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7241
          },
          {
            "timestamp": "2026-03-05 10:25:40,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7242
          },
          {
            "timestamp": "2026-03-05 10:25:40,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7243
          },
          {
            "timestamp": "2026-03-05 10:25:40,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7244
          },
          {
            "timestamp": "2026-03-05 10:25:40,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7245
          },
          {
            "timestamp": "2026-03-05 10:25:40,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7246
          },
          {
            "timestamp": "2026-03-05 10:25:40,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7247
          },
          {
            "timestamp": "2026-03-05 10:25:40,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7248
          },
          {
            "timestamp": "2026-03-05 10:25:40,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7249
          },
          {
            "timestamp": "2026-03-05 10:25:40,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7250
          },
          {
            "timestamp": "2026-03-05 10:25:40,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7251
          },
          {
            "timestamp": "2026-03-05 10:25:40,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7252
          },
          {
            "timestamp": "2026-03-05 10:25:40,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7253
          },
          {
            "timestamp": "2026-03-05 10:25:40,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7254
          },
          {
            "timestamp": "2026-03-05 10:25:40,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7255
          },
          {
            "timestamp": "2026-03-05 10:25:40,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7256
          },
          {
            "timestamp": "2026-03-05 10:25:40,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7257
          },
          {
            "timestamp": "2026-03-05 10:25:41,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7258
          },
          {
            "timestamp": "2026-03-05 10:25:41,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7259
          },
          {
            "timestamp": "2026-03-05 10:25:41,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7260
          },
          {
            "timestamp": "2026-03-05 10:25:41,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7261
          },
          {
            "timestamp": "2026-03-05 10:25:41,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7262
          },
          {
            "timestamp": "2026-03-05 10:25:41,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7263
          },
          {
            "timestamp": "2026-03-05 10:25:41,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7264
          },
          {
            "timestamp": "2026-03-05 10:25:41,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7265
          },
          {
            "timestamp": "2026-03-05 10:25:41,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7266
          },
          {
            "timestamp": "2026-03-05 10:25:41,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7267
          },
          {
            "timestamp": "2026-03-05 10:25:41,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7268
          },
          {
            "timestamp": "2026-03-05 10:25:41,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7269
          },
          {
            "timestamp": "2026-03-05 10:25:41,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7270
          },
          {
            "timestamp": "2026-03-05 10:25:41,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7271
          },
          {
            "timestamp": "2026-03-05 10:25:41,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7272
          },
          {
            "timestamp": "2026-03-05 10:25:42,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7273
          },
          {
            "timestamp": "2026-03-05 10:25:42,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7274
          },
          {
            "timestamp": "2026-03-05 10:25:42,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7275
          },
          {
            "timestamp": "2026-03-05 10:25:42,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7276
          },
          {
            "timestamp": "2026-03-05 10:25:42,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7277
          },
          {
            "timestamp": "2026-03-05 10:25:42,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7278
          },
          {
            "timestamp": "2026-03-05 10:25:42,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7279
          },
          {
            "timestamp": "2026-03-05 10:25:42,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7280
          },
          {
            "timestamp": "2026-03-05 10:25:42,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7281
          },
          {
            "timestamp": "2026-03-05 10:25:42,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7282
          },
          {
            "timestamp": "2026-03-05 10:25:42,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7283
          },
          {
            "timestamp": "2026-03-05 10:25:42,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7284
          },
          {
            "timestamp": "2026-03-05 10:25:42,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7285
          },
          {
            "timestamp": "2026-03-05 10:25:42,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7286
          },
          {
            "timestamp": "2026-03-05 10:25:42,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7287
          },
          {
            "timestamp": "2026-03-05 10:25:43,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7288
          },
          {
            "timestamp": "2026-03-05 10:25:43,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7289
          },
          {
            "timestamp": "2026-03-05 10:25:43,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7290
          },
          {
            "timestamp": "2026-03-05 10:25:43,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7291
          },
          {
            "timestamp": "2026-03-05 10:25:43,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7292
          },
          {
            "timestamp": "2026-03-05 10:25:43,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7293
          },
          {
            "timestamp": "2026-03-05 10:25:43,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7294
          },
          {
            "timestamp": "2026-03-05 10:25:43,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7295
          },
          {
            "timestamp": "2026-03-05 10:25:43,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7296
          },
          {
            "timestamp": "2026-03-05 10:25:43,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7297
          },
          {
            "timestamp": "2026-03-05 10:25:43,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7298
          },
          {
            "timestamp": "2026-03-05 10:25:43,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7299
          },
          {
            "timestamp": "2026-03-05 10:25:43,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7300
          },
          {
            "timestamp": "2026-03-05 10:25:43,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7301
          },
          {
            "timestamp": "2026-03-05 10:25:43,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7302
          },
          {
            "timestamp": "2026-03-05 10:25:43,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7303
          },
          {
            "timestamp": "2026-03-05 10:25:44,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7304
          },
          {
            "timestamp": "2026-03-05 10:25:44,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7305
          },
          {
            "timestamp": "2026-03-05 10:25:44,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7306
          },
          {
            "timestamp": "2026-03-05 10:25:44,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7307
          },
          {
            "timestamp": "2026-03-05 10:25:44,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7308
          },
          {
            "timestamp": "2026-03-05 10:25:44,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7309
          },
          {
            "timestamp": "2026-03-05 10:25:44,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7310
          },
          {
            "timestamp": "2026-03-05 10:25:44,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7311
          },
          {
            "timestamp": "2026-03-05 10:25:44,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7312
          },
          {
            "timestamp": "2026-03-05 10:25:44,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7313
          },
          {
            "timestamp": "2026-03-05 10:25:44,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7314
          },
          {
            "timestamp": "2026-03-05 10:25:44,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7315
          },
          {
            "timestamp": "2026-03-05 10:25:44,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7316
          },
          {
            "timestamp": "2026-03-05 10:25:44,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7317
          },
          {
            "timestamp": "2026-03-05 10:25:44,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7318
          },
          {
            "timestamp": "2026-03-05 10:25:44,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7319
          },
          {
            "timestamp": "2026-03-05 10:25:45,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7320
          },
          {
            "timestamp": "2026-03-05 10:25:45,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7321
          },
          {
            "timestamp": "2026-03-05 10:25:45,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7322
          },
          {
            "timestamp": "2026-03-05 10:25:45,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7323
          },
          {
            "timestamp": "2026-03-05 10:25:45,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7324
          },
          {
            "timestamp": "2026-03-05 10:25:45,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7325
          },
          {
            "timestamp": "2026-03-05 10:25:45,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7326
          },
          {
            "timestamp": "2026-03-05 10:25:45,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7327
          },
          {
            "timestamp": "2026-03-05 10:25:45,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7328
          },
          {
            "timestamp": "2026-03-05 10:25:45,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7329
          },
          {
            "timestamp": "2026-03-05 10:25:45,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7330
          },
          {
            "timestamp": "2026-03-05 10:25:45,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7331
          },
          {
            "timestamp": "2026-03-05 10:25:45,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7332
          },
          {
            "timestamp": "2026-03-05 10:25:45,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7333
          },
          {
            "timestamp": "2026-03-05 10:25:45,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7334
          },
          {
            "timestamp": "2026-03-05 10:25:45,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7335
          },
          {
            "timestamp": "2026-03-05 10:25:46,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7336
          },
          {
            "timestamp": "2026-03-05 10:25:46,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7337
          },
          {
            "timestamp": "2026-03-05 10:25:46,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7338
          },
          {
            "timestamp": "2026-03-05 10:25:46,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7339
          },
          {
            "timestamp": "2026-03-05 10:25:46,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7340
          },
          {
            "timestamp": "2026-03-05 10:25:46,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7341
          },
          {
            "timestamp": "2026-03-05 10:25:46,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7342
          },
          {
            "timestamp": "2026-03-05 10:25:46,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7343
          },
          {
            "timestamp": "2026-03-05 10:25:46,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7344
          },
          {
            "timestamp": "2026-03-05 10:25:46,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7345
          },
          {
            "timestamp": "2026-03-05 10:25:46,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7346
          },
          {
            "timestamp": "2026-03-05 10:25:46,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7347
          },
          {
            "timestamp": "2026-03-05 10:25:46,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7348
          },
          {
            "timestamp": "2026-03-05 10:25:46,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7349
          },
          {
            "timestamp": "2026-03-05 10:25:46,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7350
          },
          {
            "timestamp": "2026-03-05 10:25:47,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7351
          },
          {
            "timestamp": "2026-03-05 10:25:47,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7352
          },
          {
            "timestamp": "2026-03-05 10:25:47,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7353
          },
          {
            "timestamp": "2026-03-05 10:25:47,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7354
          },
          {
            "timestamp": "2026-03-05 10:25:47,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7355
          },
          {
            "timestamp": "2026-03-05 10:25:47,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7356
          },
          {
            "timestamp": "2026-03-05 10:25:47,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7357
          },
          {
            "timestamp": "2026-03-05 10:25:47,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7358
          },
          {
            "timestamp": "2026-03-05 10:25:47,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7359
          },
          {
            "timestamp": "2026-03-05 10:25:47,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7360
          },
          {
            "timestamp": "2026-03-05 10:25:47,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7361
          },
          {
            "timestamp": "2026-03-05 10:25:47,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7362
          },
          {
            "timestamp": "2026-03-05 10:25:47,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7363
          },
          {
            "timestamp": "2026-03-05 10:25:47,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7364
          },
          {
            "timestamp": "2026-03-05 10:25:47,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7365
          },
          {
            "timestamp": "2026-03-05 10:25:48,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7366
          },
          {
            "timestamp": "2026-03-05 10:25:48,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7367
          },
          {
            "timestamp": "2026-03-05 10:25:48,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7368
          },
          {
            "timestamp": "2026-03-05 10:25:48,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7369
          },
          {
            "timestamp": "2026-03-05 10:25:48,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7370
          },
          {
            "timestamp": "2026-03-05 10:25:48,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7371
          },
          {
            "timestamp": "2026-03-05 10:25:48,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7372
          },
          {
            "timestamp": "2026-03-05 10:25:48,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7373
          },
          {
            "timestamp": "2026-03-05 10:25:48,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7374
          },
          {
            "timestamp": "2026-03-05 10:25:48,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7375
          },
          {
            "timestamp": "2026-03-05 10:25:48,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7376
          },
          {
            "timestamp": "2026-03-05 10:25:48,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7377
          },
          {
            "timestamp": "2026-03-05 10:25:48,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7378
          },
          {
            "timestamp": "2026-03-05 10:25:48,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7379
          },
          {
            "timestamp": "2026-03-05 10:25:48,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7380
          },
          {
            "timestamp": "2026-03-05 10:25:48,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7381
          },
          {
            "timestamp": "2026-03-05 10:25:49,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7382
          },
          {
            "timestamp": "2026-03-05 10:25:49,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7383
          },
          {
            "timestamp": "2026-03-05 10:25:49,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7384
          },
          {
            "timestamp": "2026-03-05 10:25:49,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7385
          },
          {
            "timestamp": "2026-03-05 10:25:49,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7386
          },
          {
            "timestamp": "2026-03-05 10:25:49,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7387
          },
          {
            "timestamp": "2026-03-05 10:25:49,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7388
          },
          {
            "timestamp": "2026-03-05 10:25:49,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7389
          },
          {
            "timestamp": "2026-03-05 10:25:49,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7390
          },
          {
            "timestamp": "2026-03-05 10:25:49,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7391
          },
          {
            "timestamp": "2026-03-05 10:25:49,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7392
          },
          {
            "timestamp": "2026-03-05 10:25:49,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7393
          },
          {
            "timestamp": "2026-03-05 10:25:49,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7394
          },
          {
            "timestamp": "2026-03-05 10:25:49,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7395
          },
          {
            "timestamp": "2026-03-05 10:25:49,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7396
          },
          {
            "timestamp": "2026-03-05 10:25:49,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7397
          },
          {
            "timestamp": "2026-03-05 10:25:50,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7398
          },
          {
            "timestamp": "2026-03-05 10:25:50,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7399
          },
          {
            "timestamp": "2026-03-05 10:25:50,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7400
          },
          {
            "timestamp": "2026-03-05 10:25:50,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7401
          },
          {
            "timestamp": "2026-03-05 10:25:50,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7402
          },
          {
            "timestamp": "2026-03-05 10:25:50,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7403
          },
          {
            "timestamp": "2026-03-05 10:25:50,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7404
          },
          {
            "timestamp": "2026-03-05 10:25:50,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7405
          },
          {
            "timestamp": "2026-03-05 10:25:50,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7406
          },
          {
            "timestamp": "2026-03-05 10:25:50,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7407
          },
          {
            "timestamp": "2026-03-05 10:25:50,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7408
          },
          {
            "timestamp": "2026-03-05 10:25:50,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7409
          },
          {
            "timestamp": "2026-03-05 10:25:50,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7410
          },
          {
            "timestamp": "2026-03-05 10:25:50,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7411
          },
          {
            "timestamp": "2026-03-05 10:25:50,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7412
          },
          {
            "timestamp": "2026-03-05 10:25:50,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7413
          },
          {
            "timestamp": "2026-03-05 10:25:51,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7414
          },
          {
            "timestamp": "2026-03-05 10:25:51,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7415
          },
          {
            "timestamp": "2026-03-05 10:25:51,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7416
          },
          {
            "timestamp": "2026-03-05 10:25:51,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7417
          },
          {
            "timestamp": "2026-03-05 10:25:51,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7418
          },
          {
            "timestamp": "2026-03-05 10:25:51,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7419
          },
          {
            "timestamp": "2026-03-05 10:25:51,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7420
          },
          {
            "timestamp": "2026-03-05 10:25:51,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7421
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7422
          },
          {
            "timestamp": "2026-03-05 10:25:51,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7423
          },
          {
            "timestamp": "2026-03-05 10:25:51,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7424
          },
          {
            "timestamp": "2026-03-05 10:25:51,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7425
          },
          {
            "timestamp": "2026-03-05 10:25:51,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7426
          },
          {
            "timestamp": "2026-03-05 10:25:51,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7427
          },
          {
            "timestamp": "2026-03-05 10:25:52,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7428
          },
          {
            "timestamp": "2026-03-05 10:25:52,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7429
          },
          {
            "timestamp": "2026-03-05 10:25:52,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7430
          },
          {
            "timestamp": "2026-03-05 10:25:52,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7431
          },
          {
            "timestamp": "2026-03-05 10:25:52,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7432
          },
          {
            "timestamp": "2026-03-05 10:25:52,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7433
          },
          {
            "timestamp": "2026-03-05 10:25:52,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7434
          },
          {
            "timestamp": "2026-03-05 10:25:52,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7435
          },
          {
            "timestamp": "2026-03-05 10:25:52,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7436
          },
          {
            "timestamp": "2026-03-05 10:25:52,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7437
          },
          {
            "timestamp": "2026-03-05 10:25:52,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7438
          },
          {
            "timestamp": "2026-03-05 10:25:52,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7439
          },
          {
            "timestamp": "2026-03-05 10:25:52,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7440
          },
          {
            "timestamp": "2026-03-05 10:25:52,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7441
          },
          {
            "timestamp": "2026-03-05 10:25:52,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7442
          },
          {
            "timestamp": "2026-03-05 10:25:52,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7443
          },
          {
            "timestamp": "2026-03-05 10:25:53,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7444
          },
          {
            "timestamp": "2026-03-05 10:25:53,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7445
          },
          {
            "timestamp": "2026-03-05 10:25:53,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7446
          },
          {
            "timestamp": "2026-03-05 10:25:53,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7447
          },
          {
            "timestamp": "2026-03-05 10:25:53,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7448
          },
          {
            "timestamp": "2026-03-05 10:25:53,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7449
          },
          {
            "timestamp": "2026-03-05 10:25:53,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7450
          },
          {
            "timestamp": "2026-03-05 10:25:53,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7451
          },
          {
            "timestamp": "2026-03-05 10:25:53,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7452
          },
          {
            "timestamp": "2026-03-05 10:25:53,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7453
          },
          {
            "timestamp": "2026-03-05 10:25:53,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7454
          },
          {
            "timestamp": "2026-03-05 10:25:53,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7455
          },
          {
            "timestamp": "2026-03-05 10:25:53,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7456
          },
          {
            "timestamp": "2026-03-05 10:25:53,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7457
          },
          {
            "timestamp": "2026-03-05 10:25:53,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7458
          },
          {
            "timestamp": "2026-03-05 10:25:53,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7459
          },
          {
            "timestamp": "2026-03-05 10:25:54,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7460
          },
          {
            "timestamp": "2026-03-05 10:25:54,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7461
          },
          {
            "timestamp": "2026-03-05 10:25:54,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7462
          },
          {
            "timestamp": "2026-03-05 10:25:54,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7463
          },
          {
            "timestamp": "2026-03-05 10:25:54,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7464
          },
          {
            "timestamp": "2026-03-05 10:25:54,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7465
          },
          {
            "timestamp": "2026-03-05 10:25:54,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7466
          },
          {
            "timestamp": "2026-03-05 10:25:54,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7467
          },
          {
            "timestamp": "2026-03-05 10:25:54,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7468
          },
          {
            "timestamp": "2026-03-05 10:25:54,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7469
          },
          {
            "timestamp": "2026-03-05 10:25:54,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7470
          },
          {
            "timestamp": "2026-03-05 10:25:54,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7471
          },
          {
            "timestamp": "2026-03-05 10:25:54,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7472
          },
          {
            "timestamp": "2026-03-05 10:25:54,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7473
          },
          {
            "timestamp": "2026-03-05 10:25:54,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7474
          },
          {
            "timestamp": "2026-03-05 10:25:54,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7475
          },
          {
            "timestamp": "2026-03-05 10:25:55,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7476
          },
          {
            "timestamp": "2026-03-05 10:25:55,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7477
          },
          {
            "timestamp": "2026-03-05 10:25:55,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7478
          },
          {
            "timestamp": "2026-03-05 10:25:55,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7479
          },
          {
            "timestamp": "2026-03-05 10:25:55,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7480
          },
          {
            "timestamp": "2026-03-05 10:25:55,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7481
          },
          {
            "timestamp": "2026-03-05 10:25:55,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7482
          },
          {
            "timestamp": "2026-03-05 10:25:55,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7483
          },
          {
            "timestamp": "2026-03-05 10:25:55,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7484
          },
          {
            "timestamp": "2026-03-05 10:25:55,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7485
          },
          {
            "timestamp": "2026-03-05 10:25:55,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7486
          },
          {
            "timestamp": "2026-03-05 10:25:55,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7487
          },
          {
            "timestamp": "2026-03-05 10:25:55,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7488
          },
          {
            "timestamp": "2026-03-05 10:25:55,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7489
          },
          {
            "timestamp": "2026-03-05 10:25:55,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7490
          },
          {
            "timestamp": "2026-03-05 10:25:55,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7491
          },
          {
            "timestamp": "2026-03-05 10:25:56,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7492
          },
          {
            "timestamp": "2026-03-05 10:25:56,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7493
          },
          {
            "timestamp": "2026-03-05 10:25:56,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7494
          },
          {
            "timestamp": "2026-03-05 10:25:56,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7495
          },
          {
            "timestamp": "2026-03-05 10:25:56,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7496
          },
          {
            "timestamp": "2026-03-05 10:25:56,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7497
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "6528",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6528"
              }
            ],
            "repeated": 0,
            "id": 7498
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "6528",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c192",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 7499
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "6528",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c214",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7500
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "6528",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7501
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "3212",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3212"
              }
            ],
            "repeated": 0,
            "id": 7502
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "3212",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c192",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 7503
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "3212",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c214",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 7504
          },
          {
            "timestamp": "2026-03-05 10:25:56,431",
            "thread_id": "3212",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7505
          },
          {
            "timestamp": "2026-03-05 10:25:56,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7506
          },
          {
            "timestamp": "2026-03-05 10:25:56,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7507
          },
          {
            "timestamp": "2026-03-05 10:25:56,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7508
          },
          {
            "timestamp": "2026-03-05 10:25:56,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7509
          },
          {
            "timestamp": "2026-03-05 10:25:56,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7510
          },
          {
            "timestamp": "2026-03-05 10:25:56,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7511
          },
          {
            "timestamp": "2026-03-05 10:25:56,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7512
          },
          {
            "timestamp": "2026-03-05 10:25:56,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7513
          },
          {
            "timestamp": "2026-03-05 10:25:56,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7514
          },
          {
            "timestamp": "2026-03-05 10:25:56,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7515
          },
          {
            "timestamp": "2026-03-05 10:25:57,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7516
          },
          {
            "timestamp": "2026-03-05 10:25:57,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7517
          },
          {
            "timestamp": "2026-03-05 10:25:57,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7518
          },
          {
            "timestamp": "2026-03-05 10:25:57,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7519
          },
          {
            "timestamp": "2026-03-05 10:25:57,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7520
          },
          {
            "timestamp": "2026-03-05 10:25:57,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7521
          },
          {
            "timestamp": "2026-03-05 10:25:57,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7522
          },
          {
            "timestamp": "2026-03-05 10:25:57,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7523
          },
          {
            "timestamp": "2026-03-05 10:25:57,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7524
          },
          {
            "timestamp": "2026-03-05 10:25:57,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7525
          },
          {
            "timestamp": "2026-03-05 10:25:57,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7526
          },
          {
            "timestamp": "2026-03-05 10:25:57,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7527
          },
          {
            "timestamp": "2026-03-05 10:25:57,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7528
          },
          {
            "timestamp": "2026-03-05 10:25:57,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7529
          },
          {
            "timestamp": "2026-03-05 10:25:57,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7530
          },
          {
            "timestamp": "2026-03-05 10:25:57,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7531
          },
          {
            "timestamp": "2026-03-05 10:25:58,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7532
          },
          {
            "timestamp": "2026-03-05 10:25:58,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7533
          },
          {
            "timestamp": "2026-03-05 10:25:58,150",
            "thread_id": "4768",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7534
          },
          {
            "timestamp": "2026-03-05 10:25:58,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7535
          },
          {
            "timestamp": "2026-03-05 10:25:58,259",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5516"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7536
          },
          {
            "timestamp": "2026-03-05 10:25:58,259",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000004b4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5516"
              }
            ],
            "repeated": 0,
            "id": 7537
          },
          {
            "timestamp": "2026-03-05 10:25:58,259",
            "thread_id": "4768",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5516"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 7538
          },
          {
            "timestamp": "2026-03-05 10:25:58,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7539
          },
          {
            "timestamp": "2026-03-05 10:25:58,291",
            "thread_id": "5516",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7540
          },
          {
            "timestamp": "2026-03-05 10:25:58,291",
            "thread_id": "5516",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7541
          },
          {
            "timestamp": "2026-03-05 10:25:58,291",
            "thread_id": "5516",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7542
          },
          {
            "timestamp": "2026-03-05 10:25:58,337",
            "thread_id": "5516",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 7543
          },
          {
            "timestamp": "2026-03-05 10:25:58,337",
            "thread_id": "5516",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xb0\\xce\\x008\\x13\\x00\\x00\\x8c\\x15\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5516"
              }
            ],
            "repeated": 0,
            "id": 7544
          },
          {
            "timestamp": "2026-03-05 10:25:58,337",
            "thread_id": "5516",
            "caller": "0x08888fb7",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 7545
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7546
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7547
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885b04",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7548
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x16"
              },
              {
                "name": "SequenceNumber",
                "value": "23"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7549
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "24"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7550
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 O\\x03\\x80/F\\xcd\\x80\\xfa1D\\xed\\xb2\\xae\\xef+\\xe1G\\x87\\xf4\\x9f\\xbbpG6{h\\xc8 \\xeah\\x7f\\xea\\x17\\x03\\x01\\x00 \\xaa\\xee[\\x93\\xd5M\\x16\\x1b]\\xb2>7IwV\\x10Q\t)\\x9c\\x8e\\x15\\xf0`\\x10;\\x9a\t\\x87i\\x00P"
              }
            ],
            "repeated": 0,
            "id": 7551
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885c41",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7552
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "25"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7553
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "26"
              },
              {
                "name": "BufferSize",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 7554
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000005a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 Xc,\\xca\\x0e\\x10f:N\\xae\\xb7\\x82G\\xc3\\x85V\\xf1c\\xda>\\x10\\xe5{\\x925\\x1d\\x0e\\xf1\\x03\\xfe\\xb5\\xe7\\x17\\x03\\x01\\x000N\\xc5\\x13\\xdc\\xe5\\x15\\xd4\\xbb(\\xb3\\xce\\xfeW\\x12\\xa4\\xfd;!`\\xa4^\\xc1)\\x94\\xc9\\x87\\xca}\\xe1\\x1a\\x10\\x98\\x11\\xfc\\xfb%=\\xa1R\\x1d\\xc6t\\xf2\\xf2\\xce\\xb6\\xb4\\xd6"
              }
            ],
            "repeated": 0,
            "id": 7555
          },
          {
            "timestamp": "2026-03-05 10:25:58,353",
            "thread_id": "5516",
            "caller": "0x08888f71",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "40"
              }
            ],
            "repeated": 0,
            "id": 7556
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73092e70"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5444"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7557
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000008f8",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73092e70"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "5444"
              }
            ],
            "repeated": 0,
            "id": 7558
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "4768",
            "caller": "0x75c4269a",
            "parentcaller": "0x73092c45",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008f8"
              }
            ],
            "repeated": 0,
            "id": 7559
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7560
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "55000"
              }
            ],
            "repeated": 0,
            "id": 7561
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "5444",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7562
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "5444",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7563
          },
          {
            "timestamp": "2026-03-05 10:25:58,369",
            "thread_id": "5444",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008f8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7564
          },
          {
            "timestamp": "2026-03-05 10:25:58,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7565
          },
          {
            "timestamp": "2026-03-05 10:25:58,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7566
          },
          {
            "timestamp": "2026-03-05 10:25:58,447",
            "thread_id": "5516",
            "caller": "0x08888e7f",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 7567
          },
          {
            "timestamp": "2026-03-05 10:25:58,447",
            "thread_id": "5516",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7568
          },
          {
            "timestamp": "2026-03-05 10:25:58,462",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7569
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7570
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7571
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xc2h\\x82\\xe7\\xde\\xdf\\x8bl)h\\x12\\xa2\\x8aQ\\x9eQh\\x8c\\xe1c\\x05\\x9f\\x9e\\xf4\\x1a\\xb1z\\x9f\\xec\\x1d\\xa3N"
              }
            ],
            "repeated": 0,
            "id": 7572
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x16"
              },
              {
                "name": "SequenceNumber",
                "value": "17"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7573
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7574
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xb7C\\xf0\\x0f\\xe2\\xa0\\xc2\\xfd\\x9dk*\\x96X\\xeb\\x9e\\x8b\\x1bN\\x11\\xf8C\\x90\\x92]\\xd1v9\\x81\\xbb$\\x16B"
              }
            ],
            "repeated": 0,
            "id": 7575
          },
          {
            "timestamp": "2026-03-05 10:25:58,478",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "18"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7576
          },
          {
            "timestamp": "2026-03-05 10:25:58,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7577
          },
          {
            "timestamp": "2026-03-05 10:25:58,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7578
          },
          {
            "timestamp": "2026-03-05 10:25:58,556",
            "thread_id": "5516",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000918"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5212"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7579
          },
          {
            "timestamp": "2026-03-05 10:25:58,556",
            "thread_id": "5516",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000918",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5212"
              }
            ],
            "repeated": 0,
            "id": 7580
          },
          {
            "timestamp": "2026-03-05 10:25:58,556",
            "thread_id": "5516",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000918"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5212"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 7581
          },
          {
            "timestamp": "2026-03-05 10:25:58,587",
            "thread_id": "5212",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7582
          },
          {
            "timestamp": "2026-03-05 10:25:58,587",
            "thread_id": "5212",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7583
          },
          {
            "timestamp": "2026-03-05 10:25:58,587",
            "thread_id": "5212",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7584
          },
          {
            "timestamp": "2026-03-05 10:25:58,587",
            "thread_id": "5212",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7585
          },
          {
            "timestamp": "2026-03-05 10:25:58,587",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7586
          },
          {
            "timestamp": "2026-03-05 10:25:58,603",
            "thread_id": "5516",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 7587
          },
          {
            "timestamp": "2026-03-05 10:25:58,603",
            "thread_id": "5516",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 7588
          },
          {
            "timestamp": "2026-03-05 10:25:58,603",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7589
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7590
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xc3u\\xe6|\\xe4W\\x96\\x1c(\\xed\\x8aS\\x01\\xfb\\x0cF\\xf8&\\xeb\\x953\\xc4\\x15\\xf67G\\xec!\\xb1\\x9d\\x98\\x1c"
              }
            ],
            "repeated": 0,
            "id": 7591
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "19"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7592
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 7593
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xb5%\\xcd)\\x8a\\xbcoaE#J\\x86<\\xf0\\xcccb\\xd4Q\\xa4\\xae\\xc6Z\\xc3Y\\x82\\xee\\xfbk\\xdc.cP\\xf0&+\\xdeD/\\x19\\xbe\\xbc\\x9bF\\xac?j\\xd8"
              }
            ],
            "repeated": 0,
            "id": 7594
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "20"
              },
              {
                "name": "BufferSize",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 7595
          },
          {
            "timestamp": "2026-03-05 10:25:58,619",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7596
          },
          {
            "timestamp": "2026-03-05 10:25:58,650",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000930"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5560"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7597
          },
          {
            "timestamp": "2026-03-05 10:25:58,650",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000930",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5560"
              }
            ],
            "repeated": 0,
            "id": 7598
          },
          {
            "timestamp": "2026-03-05 10:25:58,650",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000930"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5560"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 7599
          },
          {
            "timestamp": "2026-03-05 10:25:58,650",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7600
          },
          {
            "timestamp": "2026-03-05 10:25:58,650",
            "thread_id": "5516",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 7601
          },
          {
            "timestamp": "2026-03-05 10:25:58,650",
            "thread_id": "5516",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7602
          },
          {
            "timestamp": "2026-03-05 10:25:58,681",
            "thread_id": "5516",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000948"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59b78"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "616"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7603
          },
          {
            "timestamp": "2026-03-05 10:25:58,681",
            "thread_id": "5516",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000948",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59b78"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "616"
              }
            ],
            "repeated": 0,
            "id": 7604
          },
          {
            "timestamp": "2026-03-05 10:25:58,681",
            "thread_id": "5516",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000948"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "616"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 7605
          },
          {
            "timestamp": "2026-03-05 10:25:58,681",
            "thread_id": "5516",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 7606
          },
          {
            "timestamp": "2026-03-05 10:25:58,681",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7607
          },
          {
            "timestamp": "2026-03-05 10:25:58,697",
            "thread_id": "5560",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7608
          },
          {
            "timestamp": "2026-03-05 10:25:58,697",
            "thread_id": "5560",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7609
          },
          {
            "timestamp": "2026-03-05 10:25:58,697",
            "thread_id": "5560",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7610
          },
          {
            "timestamp": "2026-03-05 10:25:58,697",
            "thread_id": "5560",
            "caller": "0x082d7d99",
            "parentcaller": "0x082d7bc4",
            "category": "system",
            "api": "GetLastInputInfo",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 7611
          },
          {
            "timestamp": "2026-03-05 10:25:58,697",
            "thread_id": "5560",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7612
          },
          {
            "timestamp": "2026-03-05 10:25:58,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7613
          },
          {
            "timestamp": "2026-03-05 10:25:58,712",
            "thread_id": "5560",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08890000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7614
          },
          {
            "timestamp": "2026-03-05 10:25:58,712",
            "thread_id": "5560",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7615
          },
          {
            "timestamp": "2026-03-05 10:25:58,728",
            "thread_id": "5560",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 7616
          },
          {
            "timestamp": "2026-03-05 10:25:58,744",
            "thread_id": "616",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7617
          },
          {
            "timestamp": "2026-03-05 10:25:58,744",
            "thread_id": "616",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7618
          },
          {
            "timestamp": "2026-03-05 10:25:58,744",
            "thread_id": "616",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7619
          },
          {
            "timestamp": "2026-03-05 10:25:58,744",
            "thread_id": "616",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 4,
            "id": 7620
          },
          {
            "timestamp": "2026-03-05 10:25:58,744",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7621
          },
          {
            "timestamp": "2026-03-05 10:25:58,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7622
          },
          {
            "timestamp": "2026-03-05 10:25:58,759",
            "thread_id": "5560",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08890000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 7623
          },
          {
            "timestamp": "2026-03-05 10:25:58,759",
            "thread_id": "5560",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 7624
          },
          {
            "timestamp": "2026-03-05 10:25:58,759",
            "thread_id": "5560",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7625
          },
          {
            "timestamp": "2026-03-05 10:25:58,759",
            "thread_id": "5560",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7626
          },
          {
            "timestamp": "2026-03-05 10:25:58,775",
            "thread_id": "5560",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00043000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7627
          },
          {
            "timestamp": "2026-03-05 10:25:58,775",
            "thread_id": "5560",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c2a000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7628
          },
          {
            "timestamp": "2026-03-05 10:25:58,775",
            "thread_id": "5560",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c2a000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7629
          },
          {
            "timestamp": "2026-03-05 10:25:58,775",
            "thread_id": "5560",
            "caller": "0x08885b04",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7630
          },
          {
            "timestamp": "2026-03-05 10:25:58,775",
            "thread_id": "5560",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x81"
              },
              {
                "name": "SequenceNumber",
                "value": "27"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7631
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xc8\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "28"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7632
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 q\\x8bF\\xc3\\xff\\xea\\x11\\xcd\\xd8\\xf3kA\\x94b\\xa1\\x87\\x9a1\\x82\\x88\\xdc\\x05J\\x1dM\\x05\\xce\\xf9>\\xc4C\\x8d\\x17\\x03\\x01\\x00 \\x19\\x1e\\xce.0\\x12\\xe2\\x94\\xdf\\x9d2\\x99\\xa2o\\x1c7\\_\\x8a\\xc4\\x8a*\\xafv\\x1e\\xfc\\xd6\\xf6?\\xbe\r\\x9a"
              }
            ],
            "repeated": 0,
            "id": 7633
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885c41",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7634
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "29"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7635
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9c\\xba\\x05X\\x94\\xed\\xd66|\\xd3 \\x08\\x02\\x83\\x82\\xb4\\x03\\xd2HI\\xb7\\xd2]\\x92\\xd2\\x92\\xd2\\xd2\\x9d\\x02\\x0e\\xdd!9\\xb4t\\x97\\x840t#\\xdd)--\\xfd\\x0f\\xfa<{?\\xfb}\\xf7w\\x1c\\xff\\xf7\\x8d\\x87\\x1e3\\xf7\\xb5\\xae\\xb5\\xd6y\\xaes\\xad\\xeb\\x9e\\xb9\\xc5k\\xaaBBG|\\x84\\xf0\\x0cG\\xd1\\xde\\xc6\\xd4\\xde\\xc0\\x8aB\\xce\\xc0\\xda\\xc0\\xf4\\x9d==6\\x07\\x8f1\\x05\\xb7\\x19\\x05\\x1b\\x9b\\x15\\x05\\x07\\x97\\x03[L\\x15\\xd2\\xdd\\xd4\\xdd\\x12\\xf0HZ\\J\\x1c@@@\\x00\\xf4\\xe1\\x7f\\x80\\xbbY\\xe0\\x15\\xf0\\x10\\xe3\\x01\\xe6\\x03\\xf4\\x87\\x98\\x98\\x988\\xd8\\x0f\\x1f\\x81(\t@xx ZR2BJ\\x16z6\\xd6\\x17\\xf4\\xccL\\x1c|2\\xc2\\x1c\\xdc\\x12<L\\xcc\\xa2\\x9a\\xa2\\x12\\xf2\\x8a\\xaaj\\xaa\\xecBo\\x8dt\\x94\reTT\\x95\\xee\\x9d `\\xe3\\xe0\\x80pA4\\x04\\x044J\\x9c\\xcc\\x9cJ\\xff\\xd7\\xaf\\xbbV\\x00\\x17\\x1da\t\\xd1\\x07\t\\xe1\\x19\\x80\\x88\\x8b\\x80\\x84\\x8bp\\xd7\\x01\\x90\\x03\\x00\\x02\n\\xc2\\xef\\x17\\xf0\\xd7\\x0b\\x01\\x11\t\\x19\\x05\\x15\r\\x1d\\x9e4\\xdc\\xa0\\xfa\\x11\\x80\\x88\\x80\\x84\\x84\\x88\\x8c\\x84\\x82\\x82\\x8c\\x0c_\\xf5\\x84\\xaf\\x03\\xc8\\xb8(x\\x94\\xac\"\\xa8\\xf8J\\x06h\\xcf\\xec@l\\xbeQ\\x99\\xe8`\\xd1\\xf26\\x02\\xe5\\x91\\x9fT\\xec\\x86\\xf6~\\x18\\x0f\\x1e?!$zJ\\xfd\\x9c\\x86\\x96\\x8e\\x9e\\xe3%'\\x177\\x0f\\xef\\xab\\xd7b\\xe2\\x12\\x92R\\xd2*\\xaajo\\xd454\\xb5\\x8c\\x8c\\xdf\\x99\\x98\\x9a\\x99[8|ptrvqu\\xf3\\x0f\\x08\\x0c\\xfa\\x18\\x1c\\x12\\x1a\\x1d\\x13\\x1b\\x17\\x9f\\x90\\x98\\x94\\x9c\\x95\r\\xcd\\xc9\\xcd\\xcb/(\\xac\\xa8\\xac\\xaa\\xae\\xa9\\xad\\xaboh\\xff\\xd6\\xd1\t\\xeb\\xea\\xee\\xe9\\x1d\\x1d\\x1b\\xff>195=\\xb3\\xbc\\xb2\\xba\\xb6\\xbe\\xb1\\xf9ck\\xfb\\xf0\\xe8\\xf8\\xe4\\xf4\\xec\\xfc\\xd7\\xc5\\xe5=.\\x04\\x00\t\\xe1\\xef\\xd7\\x7f\\xc5\\x85\\x0b\\xc7\\x85\\x88\\x8c\\x8c\\x84\\x8cv\\x8f\\x0b\\x01\\xd1\\xf9\\xde\\x00\\x17\\x19\\x85\\x92\\x15\\x15OD\t\\xcd\\xc0\\x0e\\xff\\x19\\x9b/:H4*\\xb3\\xbc\r\\x03\\xcc\\xae\\xfc\\x93\\xc0\\xd0~\\xe4\\xc1c*\\x8ee\\xea\\xc3{h\\xbf\\x91\\xfd\\xff\\x03\\xe6\\xf7\\xff\\x84\\xec_\\xc0\\xfe\\x8dk\\x06\\xc0BB\\x80\\x17\\x0f\t\\x17\\x10\\x02 \\xc9\\xec\"E\r\\xa2\\xd9o\t>`=H5\\xad\\xf6d\\\\xef{\\x02^\\xa3\\xfb\\x96&-\\xd0\\xdb\\x83U\\xe1\\xd9\\xddCV\\x97\\xdbC\\x12\\x95\\xcaK \\xb8R;\\xd3#\\x83*\\x85~f\\xed\\xad%.\\x9c\\xa4Ij\\xb7u\\xde\"\\xbd\\xa6QY\\xbfT\\x9ce*p\\xa1\\xa4^M\\xe0+\\xed\\xaa\\xb4K\\xc3\\xc3\\xb3\\xf3K\\xed\\xe9N\\xc0\\xf8j\\x7f8}\\xe4\\x87\\xb5\\x95v\\xc8\\x88\\x98&B\\xb2\\xec\\x88\\x18\\x12\\xd6\\x88\\x18\\x080\\x89\\x0e\\xa5\\x05\\x06\\x88\\xb2\\xa2}\\x83\\xcc\\x06@\\x8a\\x88&\\x90\\xfb\\x95Q\\x93x\\xf8\\x05sv\\x19)a\\x0c1&j\\xf8\\x05\\xe5\\x95h\\x9f\\x07\\xd2Z\\xd2\\xa8\\xd4\\xa0\\xaaX,ii\\x1d\\xa5PTjjf:Z\\xc2X\\x93PiTP\\xec\\xef\\xab\\x8e\\xd4H\\xf8\\x1cI9\\xd0\\x0cCe\\xe5\\x11\\xe1\\x0e(\\xfc]&\\x1d\\x9d9\\xdcHyT\\x91\\xf5!5\\xdc\\xd5\\x03i\\xda\\x0c\\x03)\\xb8\\xe3o\\x1c\\xf0=\\x802|\\x81\\xe5w\\xfc@\\xd4Pi\\x80\\xf6\\xfe\rQV(@G\\x9b\\xe5\\x1b\\x08\\xb7\\x07@JbHHR\\xf0L\\x95\\xc4@X[a\\x9ac\\x89\\xc5\\xbb.\\xdb\\xf6h\\xebj\\x03\\x82hG\\x9b\\x12\\xbb_\\x1e\\xbe\\xfe\\xbe2\\xb2\\xaa\\xe2Q![\\x89\\xb5\\x83\\xcf\\xb4V\\x99\\x98\\xc3\\x86\\xcb\\xe8B\\xe3<\\xfc&l\\xe8\\xf2\\xac \\xda\\x8aw\\xb7\\xc0\\x10\\xd2k\\x8f\\x14.\\x92_\\xaaE\\x95\\xf4\\x89\\x9b<\\xcc\\xe5\\x94\\xfe\\xf9\\xee\\xf7\\xa4\\x13\\xd0\\x16GI\\xb2YO\\xcb\\xfbA\\xb4\\x8c\\xc2j\\xa6o!4&\\xa4\\xec\\x9d\\x12\\xba\\xcd\\xd4fT.j9\\x03\\xca\n\\xfd\\xd2\\xb49Elx\\xa1\\xb4\\x19\\xc8YpV\\xe0I\\x81\\x80\\xdfphs\\xb2|\\xf0\\xa2?K\\xc9\"g\\x83\\xaa\\x14Y\\xab\\xe0\\x881\\xa4d\\xc4\\x90\\xf0\\xa2\\xe3CQ9C\\xb5h\\x11\\xee/\\xc1FU\n\\xe0\\xf8c\\x7f[\\x8c\\x1a\\xfa\\x86H\\x9a\\xdf\\xf3\\x11\\xbb-\\xfd\\x80X\\x8c\\x99\\x8eU\\xb8\\x83\\xe3\\xf7\\x1a\\xfc\\x02\\x9cP\\xba\\xdf\\xd4\\xc1\\x9d\\xd3\\xd1\\x8d\\xc7\\x82(\\xa19\\x1c\\xb1X\\xbf\t\\xbc\\xbf\\x88\\xf0\\xdb;<\\x11C8\\x17@\\xac\\xd2\\xfd\\x07-i\\xe0\\xafuxt1\\xd0}V\\xd0\\x0c\\xc4PZ\\x10\\xd66\\xceh\\xa4/\\xe4l3m\\xbe\\xa5C9\\xb9\\xf4\\xc5\\x0c\\x86\\x98\\xc6\\xea\\x87p\\x05\\x9eW$\\x1e\\xd7^\\x89\\xc8F\\x0b\\x15Etb\\xba\\x0f6c\\xc4Yb\\xaa\\xe6C\\xeaH\\xbb6E<N\\xdf\\xdf\\xc8\\x89l\\xbe5\\xc8\\x9agu\\xe2\\xee\\x89\\xe1y\\x1b\\xf0.\\\\xd0(\\xa6K\\xde\\xef3\\xd5dc\\xba\\xb1\\xa43\\x99\\xe6Z\\x1fn\\xe0j\\x1eI\\xe9\\x8e\\x86\\xbb[\\xc4\\xed\\xdb\\xcfB\\xea\\xd0\\xaa\\xb3\\xfc\\x04\\xf0Dh\\x80\\x94\\x9b\\xf2k\\xb3U\\xd4\\xd7\\xd3\\xf5\\x84\\x00\\x0f\\xcd\\xfe\\xeab\r\\xaf\\xea\\xaf\\x97\\xcd<\\xbd\\xce\\x1ba\\xe1nU\\xcb\\x98\\xf6\\xbd+Jb\\x04\\x99\\xc1\\x7f\\xf2\\xbd\\xaf\\xef=\\xfa?T\\xc6\\x87\\x02\\xd2t\\xe6t\\x10i:\\xb3\\x0cdhNV$\\@\\x7f\\xae\\xc3\\x99a\\x02\\xc1\\xa8)s\\xb2|\\xc3\\xee\\x8b\\x10\"%\\x0f\\xbd7\\xb9g\\xeb)\\tx\\x91p\"\\x1e\\xc0-\\xfd\\xe1|\\xff\\x93\\xf4X\\xd0\\xfdN,+\\xd4\\xdf\\x9b\\xa4\\xffV\\xe2o\\x99\\xdd/H\\xd3r(\"\\xde+K\\xfa_z\\xfb\\x9d\\xcf\\xdf\n\\x04)\\xfdf\\x95=\\x9fC\\xd1,\\xe3\\xa7\\x1f\\x9c{8\\xb7\\x19H\\x1c\\xfaJb\\x14\\xf8d\\xb1\\x01\\xb8\\xf2\\xd9\\x1cXV\\xa0}\\x01\\xdaV\\x8eV+j>sh'e\\x88\\x18\\xf3\\xbdVBi\\x11\\xeeka\\xa8\\x04W\\x02a\\xe2\\x7f i\\x95\\x96\\xd6\\xfa\\x93\\x1e\\x16\\x1c0\\\\x02pc\\xc2\\xa0\\xe8\\xfb\\x1c\\xef\\xbb\r\\xef\\xf7\\xbb\\xfbb?5\\xa7\\x1b\\x0f\\xba\\x87\\x0c\\x17Tt\\x02\\xe8\\x1e\ro\\xe40\\x07'\\u\\xf0\\xee\\xe2\\xa8\\x8a\\xed\\xc5\\xfb\\xf3\\xf6w xSu\\xc0\\xd9\\xf9\\xd3\\xa7\\xa0\\xd8\\8\\x9d\\xbf\\xe3\\xfc\\x87P\\xe0`}\\xe0`}xc\\xa4\\x83GY\\xd4\\x888\\x82R\\xa8\\xc7\\x84\\xbf\\xeaP\\xd8XkF\\xd8X$\\xf1\\x81;\\x03\\?\\x7f\\xf2\\x9b\\x06.B\\x9e'\\xec\\x8e\\xd4\"=\\xab\\x9cXY\\x05\\x9f\\xaf\\xc5L\\xf9\\x0e\\x98iK\\x1b\\x93\\xb3|\\xc3\\xce\\xaa+\\x1c\\x84\\xaa\\xc4\r\\xa4\\xe2Q\\xa4\\xcd/\\x83\\xf9\\x0b~\\x88\\x89ic?\\xd6v\\x16\\xdfgx\\x06y\\xcc\\xb0\\x83k\\xbe\\x1f\\\\x80-\\x02g\\xa0d\\x95\\xe2\\x9e\\x0b:38\\x9dD\\xd0,\\x9f'\\xa1r_\\x83B\\xe9|\\x02pgBuFROA\\xc0\\x0c\\xdd\\x14(E\\x0e\\x0e;vT\\x99\\xf0\\xaf\\xc1\\xf1o\\xb6\\xa8Y\\x7f\\xd7\\xe5\\xcf\\xdc\\xb9G\\x10\\xf4\\x07r\\xe7=S1 x\\xdbp\\xc6\\x80V\\xa5d\\xcd\\xe0E\\x8e\\x1c\\xbeo\\x9c\\x99\\x07\\x8f\\xe0\\xf5\\x7fH\\x19\\x06\\xcdSVd\\x85*\\xab\\x14\\xd0\\xc5\\xde;Bz\\xf4/Y\\xc0g\\x95\\x1d\\xf4w\\x1f\\xddW\\xde\\xe7OS\\xc1\\xf9k\\x8f\\xfe\\xc3\\xdfo+\\xc3\\x7f_'\\x95*T!\\xad\\xac\\xb1\\xd8*n\\xa1?[\\x19\\x93\\xab-\\x7f\r\\xa9\\xe0\\x8f`G\\xf0C\\xb8j\\xe6\\x9d\\x14p\\xfb\\xda\\xf3\\xdcu\\x8aWpBN/\\xb3[\\xcc\\xf6\\x89b_*\\x05\\xb1D\\xf5\\xfb\\xd6\\xedz\\xaa\\xd3/\\x07x\\xdfj\\xdf6\\x99\\x8d#\\x1f\\xe3\\x00\\x1f\\xbeL\\x95X\\xe3c\\xe0\\xb7\\x94\\xedh\\xc8\\x7f7?\\xea{=\\x182\\xdcT\\xfa\\xa4\\xe6\\xa3\\xf29\\xa5\\x11\\xa5\\xbc\\xd4J\\xa1\\x1a\\x1f\\xf7&\\xda@]\\xd4'\\\\x9f\\xfa%\\xb5\\xe2\\xef.:\\xfc,\\x87\\x16\\x02\\xee\\xa9/\\xb5\\xed\\xab\\xf7yC\\xad\\x97\\xc5\\xb7\\xb7\\xeb\\xe3>*+[g\\xdbf-1\\x81R\\x02\\x9fo3\\xf3ag\\xa54\\x84\\x8d\\xeb0\\xc2?\\xe7\\xcf\\x8b\\xb5\\xb7\\x8fH5\\xc48>!\\xbd7\\x03Yg-\\x1bLs\\xd8\\xba\\xab8+\\xd5)\\xd9\\x965z>\\xa4T\\xe6\\xbb\\xbf~\\x9e\\xb5\\xfa@\\xfa\\xedm\\xd3H\\xdc\\xe5\\xfd\\xd0\\xf1&\\x19\\xc5\\xdf\\x11F\\xa5\\xa3\\x9d\\xa3c\\x17\\xdee\\xa2&\\x82\\xce\\x0bwB\\xa1\\xf3\\xe2\\xdb\\xce\\x84JR\\xc9r\\xe3XZ\\xd2\\xecR\\xc9\\xcc\\xac\\xe6\\xac\\xe2\\xdb\\J\\xb6x\\x10E-x\\x10Be\\xa5\\x06H(3\\xdc\\x81\\x14t\\xe0\t-\\xfcx\\x18\\xc5\\x17\\x83Q\\x83L\"\\x93\\x99\\x15\\x13\\xb3"
              },
              {
                "name": "SequenceNumber",
                "value": "30"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 7636
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\x05\\xb9\\xc5\\x8f\\xe0s\\xef\\xc5\\xad\\xfe\\x8aj\\xa3\\x02Y\\xea\\x02\\x15D\\xbeM\\xfc\\/w[\\x12\\x1a\\x1c\\x10\\x07}\\x17\\x03\\x01?\\xd0\\xcb\\xe6n\\xf5\\xb2v\\x15ZsG\\xb5\\x1cQIWt\\xd7\\x95\\xcd\\xcee\\xb4\\xa3]S]\\x80\\xdcKl)\\x18\\x91\\xbb?\\x89D\\xf7WP\\xd6E\\xdemz\\xf6yR8F\\xa7v\\xf7\\x9a\\x0b\\xb4\\x9f\\xe0\\x90\\x18\\xa0\\x06\\xaf\\x17<l2\\xf1\\x17O[\\xa3\\x00\\xf1\\x19B\\xa0\\xee\\xb3\\xe7\\xc3\\xdc\\xa6\\xa4[i\\xbb\\xc1\\xf2\\xb6({\\xbd<\\xbf@Rb\\xa7\\xd1\\x90n\\xb6\rK\\xd5\\xc3\\xf5\\xb5\\x87\\xd8\\x93\\xb0\\xa2\\xf0I\\xde\\x1b\\xce\\xb2\\xf4C\\xdcu\\x0b\\x8f\\xc3\\x01\\xd3L\\xf9~A\\x99\\xee\\xbf\\x1d+\\xc6\\xe5\\xcaNnN\\x17niQ\\xaa,8\\xc5\\x9f>\\x998]j\\x82k\\xa6!\\x7fG\\x13/\\xbbI\\xa9W\\xcf\\x05\\xdf\\x98w\\xee\\xae\\xc3\\x99\\xf5#E\\x1d\\xe0\\x91\\xcb\\xc5[6\\x87f\\xd2\\xf4\\xd4\\xd8!\\xad-\\x81Qj$e<\\xa19:\\x9am{\\xcc[\\xa3\\x8e"
              }
            ],
            "repeated": 0,
            "id": 7637
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "="
              },
              {
                "name": "SequenceNumber",
                "value": "31"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7638
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x84#\\xfb\n\\xa7\\xcb\to\\xda\\xc8\\x7f\\x1d\\x96\\xc0F1\\xb4z\\xa7\\xfd\\xf0\\xb0\\xe8\\xee\\x9f\\xcf\\xaf\\xf2\\xbbA\\x92s\\x92\\xcb\\xda\\x8epn\\x03,\\x8b\\xfe\\xfc\\xc8j\\x0c\\x0bU\\x91\\xd2]>\\%\\xab;\\x1b\\xcf\\xadv\\xd1\\xe2S\\x0b3rE\\xac\\xd1\\xc63\\xa5\\x8c\\x98L\\xcb\\xce#\\x98\\x12\\xb0{\n\\x19\\xeeAV\\xfa\\x12\\x98\\x132\\xc7r\\xf4\\x93E\\x81\\xe4\\xbc\\xd35\\xe9\\xe3\\xb4@S\\xde\\x9e\\x87\\x9f\\x9cZN\\xb8\\xa3\\xcb\\xa3\\xaa\\x0c\\xe6\\x9b\\xbdzU\\xec'\\x02]\\x0ei\\xb9\\xd1\\x9bju\\x9f\\xbf\\x8f3\\xca\\x12\\xd63\\x0cj\\xf8`lro\\x8d\\xe6\\x8f\\xe8\\x1a\\xec%\\x04\\x15\tM\\xbd\\x19\\x89e\\x03\\xd4y\\xc0\\xf4\\xdav\\x84[\\x93-Z\\xef`\\x99\\x1c\\xa3\\x07z\\xf3\\xb7\\x07};uQ\\xfb\n4\\xc5\\xaaY>\\x1c\\xda\\x1au.\\x06a\\x93\\xc1\\xed~j\\xd32V\\x84\\xa4\\xbc^\\xa4\\x169\\xf3\\xdf\\xe6\\xe78\\xf6\\x11+\\xf5\\xf5\\xdd\\xb1\\xbch\\x162\\xb3|^x\\x9b\\xf9R7\\x16\\x97\\xbd\\xb2Ny\\xf2\\xfe\\x0b\\xc6\\xa6\\x80\\xc3\\xbeE\\xe3\\x1c\\x06i\\x9a$\\xd8\\xc4\\xdc\\x03\\x06\\x13\\x06_\\xd5\\x91\\xb6h\\x05\\x85\\x02#\\xb7\\x93\\x8e\\xcd\\x96P_\\xa5`\\x80\"\\xaa\\x06\\xf2\\x81p_\\xa0AM\\xb2\\x04Y\\x0e\\x1f\\xdd\\xc7\\xac\\x87:nZ\\xc6t\\xeeCW\\xf5+1@\\xcfJ\\xcb\\x84\\xeb\\xe1z\\xc9V\\x82\\xf9E\n`D\\x12\\x1e\\xb0Z\\xbf\\xc9?\\xf6\\xac\\xc9of\\x7fa\\x05SQ\\x96\\x96\\x8d4b\\xf0\\x0eX\\xe0\\xbeU\\x93\\x0f\\x05\\x1a\\x1a\\xa0}\\xd6V\\xdf\\xc1\\xb8k\\x04\\xed\\xd7\\xddH\\xa6\\x08\r\\xa7\\x02\\x16\\x0c;=6\\xef\\xd4c\\x00\\xfa=54nR\\xef\\xa4\\xc2\\x13E\\x14X}\\x00\\xf5'\\x14\\xe6\\x9ftX\\x10\\x16\\x9c~\\xc95r\\xb7\\xa7\\x17\\x1ao\\xef\\x80\\xac\\x0c.\\x1a\\xaa\\x03\\x9b\\x84\\xd4\\xc3_\\x97\\xdf\\x19G\\x87Qv\\xc2d\\xf6\\xf0\\x8a\\x04\\xbe\\x88!%=\\x15\\x18\\xf8h\\xc8\\x1a\\xed\\x90\\xf6-G\\xca\\xa8\\x88X\\xc3\\xc8\\xa7=M\\xc3\\xf6m\\xd7\\x02\\x05\\x8b\\xcdP\\xe8\\x00\\x9c(l\\xe8W\\xa3(\\x8b !\\xa6l1\\xe6EZC)\\x9e}y\\x0b\\x06\\xe2\\xfc\\xe2\\x8d\\x90\\x05@\\x14\rK5\\xf5\\xeb\\x92\\xf0\\x10\\xbf\\x91@a\\x0e\\x08\\xc1\\xdaS\\xd4\\xdcH\\xa3\\x15\\xb7\\xb0\\xec\\xdd\\x94B/\\xe2\\x1e\\xd2Q\\x81\\xf6\\x1b\\xa7\\x85\\x87U\\xdaTs\\xeft\\xd2Sk\\xd8\\x1c\\xd2x\\xb1\\xe3\\xd2\\xc5\\x00\\xdd\\xa7\\xa9Y\\x03V\\xa2V\\xaf\\x85\\x98'(\\xf6\\xe6\\x1b\\xc9\\xae\\xcf\\xf3\\xbc-jg\\xc8l*\\xc5\\x9d)\\x94\\xa1\\xd1\\xc4\\xf3-M^\\xd5pK\rW\\xc3\\xdb\\x81 \\x14Fc<\\xf6\\x1au\\xc0\\x18@u?\\xc9\\xc2\\xcc|X5|\\xf1\\xe0\\xd6Z\\xd0\\xb0\\x83\\xa0\\xad\\xbbp\\xbc\n\\x01z9?\\x06\\x06\n!2\\xd7\\xdb\\x92\\x06\\x8d\\xa485\\xdc\\xf9\\x0f\\xaf\\x83\\xfe?\\xca\\xde;\\xac\\xa9\\xee\\xdb\\x16\\x0e\\x04\\x08\\x02\\xd2\\xa4wH\\x90\\x8e\\x10zo\\x12z\\x97\\x8eH\\xef-\\xa1\\x83tA\\xc1\\x10 t\\xa4Jo\\xd2;J\\xef%J\\x93\\x0e\\x1a\\x8a\\x80\\x80tQ\\xc0\\xcf\\xf7\\x9c\\xdf\\xb9\\xf5\\xdc{\\xcf\\xf7\\xff~\\xd6\\xb3\\xf6z\\xd6\\x9es\\xec9\\xc6\\x1csq\\xd0\\xde\\x88\\x1d9\\xb4K\\x19\\xe8\\xc1%y~\\xb0^e\\xa0H\\x9a\\xbd\\xa0A\\xcco'\\x14\\x11\\xab\\xc1\\x16\\xee\\x1f,\\x16\\x1a\\xbb^Su\\xd2\\xf8\\xe2tL\\x12@B.'b\\xfe\\xf7$w\\xe69m\\xaa8\\x12\rTx+0\\x80\\xb2\\xc9p\\xe5\\xe4}\\xe0T\\xec\\xc2\\x82\\x10\\xf8U\\xbf\\xa9/\\xf9\\xb8\\x12\\xebK\\xa3\\x99JC}\\xfc\\x9f-\\x12\\xb1\\xe4\\x10\\x8a8\\xa5\\x16\\xb3\\xd4\\xe47m\\x9e7\\xbf/\\xaa\\xd0\\xe3\\xa7\\xa3\\xd3[\\xb9hx~\\xb6\\x94d\\x99\\x81\"-A\\xa1\\xca\\xe3\\x1d<\\xc1\\x94k\\xd5\\xc6p\\xbfa!5/\\x99\\x04_\\xb7\\xc6zc\nXUQ\\xfa\\x13\\xe7H#'\\x05\\xf6'.\\x85\\xc4)\\xfb\\xa4m\\xc9\\xabc\\x94\\xe3v\\x8a\t5\\x83\\xa4\\x04\"&\\x0cw\\xf3\\xcd\\xb6n\\x14\\x0b\\xfa\\x84t\\xac\\x87G\\xc3G\\x07\\x87\\x07\\xe6~\\xfax\\xf5V\\xb2\\xc4\\xd0r\r#\\xdb\\xdd\\xc2Q\\x85\\x99\\xda\\xb2Z~[\\xcd!\\xba\\xe7\\xdc\\x81c\\x13\\x87\\x86\\xc5{\\x91\\xa1&aT\\x00J]\tJ\\x1f!h\\xa8\\xf1\\xa7\\xaa\\xd5x\\x06\\xefL\\x8c\\xcbMY&S\\xfdh\\x9f\\\\xd30o:\\x15\\x8e\\xab?q\\xac{ \\xd9Y\\xbf\\x16\\xae\\x86L\\xbc\\xe7\\x88|\\xf7\\bE\\xdc\\x8b\\x957fw\\xd3Op\\xe8\\x9c6\\xb7rw\\xa5\\xf6u\\x0c\\xfe\\xb9\\x02u2j\\xb8\\xd0?\\x80\\xca\\x95+\\xabw\\x87\\xc5\\xc0\\xf2\\x16\\xe1\\x16\\x8e\t\\x1fy\\x0c\\xf9\\xdf\\x9fL2\\x19S\\xa4\\x03i\\xf6U\\xd5\\x13}\\xbcKS\\xf4\\x92\\xce\\x8ej}*\\xf2\\xa5~o\\xa4/*<\\xdd\\xc3]\\x84\\xb0\\xbb\\x87\\xe3\\xc1\\xd9\\xf1\\xde\\xe9\\xed\\xe1F`\\x99\\xefp\\x08\\xf6\\x9f{%F\\xda\\x85\\xe0\\xa2\\xe4\\x87\\xdb\\xd3\\xf1b\\xc3C.\\xb8\n\\xbe\\x8a\\xe5\\x91D\\xf3d(w\\xb5\\xe6n\n?\\x9b\\xf3\\xfb{r\\x0c\\x86\\xee\\xa6\\x94j\\xbcT\\xc6\\x94L\\xd1%\\xd1\\xd0\"=\\xb9S\\x90TI\\xfb\\x02g>+\\xb7\\x12\\x95{C\\xea\\xbd\\x82\\xaf\\xc3\\x11\\xe7\\x14\\xe6s\\xfa\\xf8-=>\\xad\\xdb_\\xcd!mac`a\\x8c\\xd5\\xe6\\xaf3#\\x95\\x1a+\\xc5\\x8aJ*.W\\x10\\x7fWS\\xf4\\x08\\xd3\\x1f@\\xb7\\xbbx\\x02`Q\\xc7\\x82*G\\xd62\\x856\\x83F\\xfbA\\x06;Q\\xd4\\xe7\\xa8)\\xfd\\x9c\\x83iA\\x0b<\\xbc\\xaa\\xb7\\xe4zG\\xfd\\xe7#\\xb2'\\x07\\xc6\\xdf\n\\xefK|\\x16\\xb4\\xd8\\x16T\\xaeH\\x87>\\xd9J\\xa6\\xdb\\xa4\\x01~\\xc6}\\x9b\\xfa$\\xe5\\xfb\\xdd\\xc46\\xafZjd\\x8d\\xda\\xb8e\\xc0\\x06<\\xa7\\xf8\\xef-\\xcd9\\xd9M\\xebn(\\xc6a\\xcd\\x88\\x1f\\xa5@-\\x8e\\x94\\xbf\\x87.|\\xa9u\\xa6\\xac\\xaa\\xf6yR\\xedg\\x03#\\xbcIT\\xd1R\\xa4ln(\\x10\\x12\\xe8d\\xf3\\xf0\\xbc\\x8e_J\\xd2\r\\xc6\\xbc\\xd7\\xa3\\xfe\\x03\\xc8\\xa4\\x1c\\xfe\\xc1_\\x08\\xb3\\x93\\xb2\\x83\\x96D\\x83X^^\\xcf\\xf3r\\x03\\x95u4\\x8e\\xecB\\x83\\xe7ix\\x1c\\xce\\x98\\xd3(U\\xfe\\x00\\x82H~\\xc1\\x13\\x1ch\\x85\\x17uv,\\x1brS\\x90\\xf5\\xdc\\xa0\\x06\\xc0\\xcd\\xc0\\xe2\\xbc47\\xd0D.\\xfcH\\xec\\x15\\xbe\\xd5\\xdbX\\xd9\\x82,\\x80\"\\xdda\\xdf\\xbe\\%\\xe3\\xd3.a\\xd9PS\\xd0\\xd1\\xf3\\x91\\xed\\xeb\\x80_7\\xab!W;\\x8d\\xdf\n\\x89\\x93*\\xb5\\xcf ]\\xc6\\xe6\\x0fEHBr\\x1d\\xc2$\\xcb\\xc5\\xdf\\xde\\xefR\\x14\\xb0_VR\\xd4bz\\xb1\\xd1\\xe5]n}\\x01K\\x00|\\xf0\\xe7t\\xaf,\\x17\\x87\\xef\\x98\\xdd4v\\xad\\x00\\xec\\xe9o\\x1a\\xf4\\xfb\\xc2 \\xe4UlOG'\r^\\x81p\\xe2\\xe8l~\\xcd\\xbbq\\x035Z*\\xf3\\x9c\t\\x08\\xd5r5d` \\xbe\\xb6dI\\xf9\\xa5o\\xae\\x98w\\xab\\xd9\\x14\\x0b\\xdc\\x99\\xde\\xfa\\xa6>`6l~LToM'7\\xae+\\x97\\xb9VS\\x1f}`\\xea$?T\\xf2\\xeeH\\xda\\xfe\\xa2\\x9a\\xd2\\xed\\x9dc\\xb0!\\xe1\\xac/l\\x1b\\xa1>N*=\\xcf\\xf0/\\x01\\xd8\"\\xd3\\xdeB\\xf9\\x02\\xd5\\x1f\\xc0GU\\x9f\\x02\\x8a\\x9e-\\x11\\xd7\\xffh\\xd0<\\xd6\\xfd\\x03H\\xf6,\\xbf\\xf5\\xd1\\xbb\\xc53\\x05\\xfd\\x9b\\x00;\\xe2\\xe2\\xf8\\x0f\\xa0\\x89a\\xbf\\xef\\x0f\\x80\\x9e\\xee\\xf3O:\\xac*A\\xc2\\x15Y\\x12\\xdd\\xfcDim\\x83{D\\x0b\\x84\\xc8Z\\x8d=\n\\xd4\\xb0\\xcc\\x9a\\xaf\\xa1\\xa0\\x1d.6'\\x07\\xb7\\xeb\\xa7?\\x06s\\x8e\\x0f=z\\xf3>\\xe9G\\xe7V\\xc1@\\xd1\\x8d\\xfb\\xe4\\xa4\\xfc\\xd8\\xe1\\xb6\\x82\\xfb\\x96y\\xfe\\xfag\\xc7\\xef)*\\xf7\\x90\\xb0b\\x17\\xbe\\xf7\\x0e\\xcb\"\\xa8  \\x1a^\\xa0\\xf9\\xf2I[\\xa3\\x06\\x07\\x85f\\x8a\\x1a\\x1a\\x07 \\xe5\\xd8;\\x00\\xc7\\xc8^Tal\\x99L\\xaeHg@~f\\xebr\\x1d\\x80\\xea\\xc0\\xad\\xd0\\xf3\\xaf\\xa5\\x9e\\xdc\\xaa>\\xf5\\xdd\\xdf\\x0e\\xd9\\x83\\xe6\\xca\\x14)\\x01\\x84 p\\xca(kb\\xf0\\xcbV=&q\\x85\\xc5\\xa2\\x91\\x8c\\xb3\\xf4\\xcd\\\\x07\\x8d\\x9eH\\x84o\\xf4\\xfb\\x86\\xa4\\x90\\xda\\x8a\\x01\\x0fA*\\x90\\xba^\\x1a1oYxx\\x10\\xbb\\x06\\xf0\\xac$F=\\xc7\\xdd\\xa5\\xfc\\x8cCO\\xf4\\x8bq\\x12\\xc4k\\xe5\\xe6\\xb7\\xe1\\xbb\\[S\\xcbR\\xde\\x1dP:\\xc0\\xc3\\x93\\xef\\xe0 \\x07\\xf0\\x81}\\xd6py>C4\\x1d\\xd5/\\xdc\\xc6\\xaf\\x99\\xb7\\xb9u\\x16\\x83jg\\x8eux6\\xdc`\\xad\\x9e\\xf0m\\xd3>k\\x8e\\x9b\\xc9\\xaf\\x17\\x9b\\xe4\\xd6"
              },
              {
                "name": "SequenceNumber",
                "value": "32"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 7639
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xb0\\xce\\xcb\\xd3u\\xe5\\x9aO\\xdd\\xce\\x99@>wz\\xe0\\xd0 \\xe2m$\\x1a\\x90O\\xdf\\xfeiud\\xbb_\\xf6\\x17\\x03\\x01?\\xd0\\xd1\\xd5\\xc7\r\\xdd\\xde\\xf8I\\xff\\xaaR5\\xc93&\\x89`Bd\\xbb\\x95\\x17\\xed\\xb3cG\\xe2\\x99\\xc8z.n\\x89`\\xfanLo\\xe0}\\xb0\\x9f\\xc2\\xae\\x16\r\\x80\\xc0\\xaa2pGc\\xbd\\x97\\xf5\\xa1io\\x06A\\x08\\x85\\xf3\\xac\\xf1)\\xc8\\x14\\x1f\\x9d\\x0bM\\xdcYV\\xdf\\x1f\\xfau\\x0c`#B][f\\xb21\\x86\\xd6\\xce\\xf1n\\x9eB\\xfe\\xd7\\xf20\\x88\\xec\\xcb)U\\x93\\x86>\\x15CEl\\xe4E/p\\x82\\xf4\\xc4X[E\"\\xd7\\x1d\\xc9\\\\xa6\\xb7_u\\x80J\\x91\\xba9\\xb2\\xf5\\xd5\\xe8\\xba\\xd9\\x8d&1\\x97S\\xbc\\xbd\\x02:\\xbc\\xae\\x94\\xe5\\x94\\xfay\\xc7\\xca\\x00\\x13\\xa7\\x96\\xe9w\\xa25\\xabhk\\xc2\\xae\\x16\\xf8p\\x1d\\xc1h\\x1d'R\\xe4/\\x99\\x8d\\x99{y:$\\xac\\xc3\\xe3\\x8ai\\xd6\\x85<O\\xb3DM]\\xa1l5\\xa7\\x89!Qm\\xb3\\x1d"
              }
            ],
            "repeated": 0,
            "id": 7640
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\t"
              },
              {
                "name": "SequenceNumber",
                "value": "33"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7641
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "t\\xc0\\x0b\\x1f\\xb5I\r\\xb6\\xbb\\xe2\\xa3\\x0b\\xb1Lw*\\xe8S\\x88\\xef\\xc4\\xd6\\xb0.\\xfd\\xe8\\xde\\xdd_\\x903=\\xbd\\xac#|\\xf4\\x90\\x84t\\xf7\\xe9\\x9d\r\\x8eO!J\\x06\\xad\\xcb\\x1b\\xd8\\x14\\xbb\\x1b\\x13\\xc2\\x86\\xbb\\xa4\\x8e\\xd4,\\xf6\\x05\\x8e\n\\x9cK\\xed\\xe6\\xc4\\x9eW'q\\x98ll\\x0f\\xd0sR\\xaa\\x81\\xe0\\xcb\\xa4JL\\x08\\xe1\\x98\\xf5\\x94fs\n\\xea\\xad\\x1c\\xc9\\x8f\\xc524F\\xa7\\x87\\x7f\\xc3[\\xc1W*\\x1c\\x96b&\\x0e\\xf7\\xf2xS\\x97vG\\x135\\xba\\x15\\x0cND\\x9df\\xaaZ\\xdc\\x82q\\x01\\x86\\xc8\\xca\\x93\\xb8\\xfd\\x1d\\xb5n\\xa08\\x99\\x15\\;IWI\\xaes\\xcc'\\xd6)\\xd3\\x0eol\\xbd\\xab\\xde\\x8c%\\xba\\xfc\\xa5\\x8a\\xc8\\x18\\x9b\\x06I|\\x93p\\xb3\\x8b\\xae%\\x04\\xe0;{\\x94\\xef\\x82\\xeb\"\\xd0\\xdc\\x84\\xff\\xf6\\xba~\\xfcq\\xe2\\x0e\\xf3\\x90\\xf9\\xf4d\\xd4(\\x80d\\xd3\\xe8n\\xcaN\\xe0(\\x9e\\x9cv\\xeb\\xacmK\\x06\\xfa\\x17(\\xac}\\x96\\x92\\x83?1R\\x0f\\xa6&\\xecxAY5M\\xe8\\xbd\\x16]\\x1a\\x17\\xb4\\x1b\\x19b,\\xf3\\xc6\\xde[H\\xa7_\\xd1\\xf8\\xa99\\x0c\\x07\\xcf\\xc1\\x7fO\\x91|f\\xa1\\xd8%\\x90\\xd8\\x97\\xb9-\\xef^\\xf6)\\xee\\xee\\xcf8\\xa8\\x02\\xf8s95\\xf1\\x1e*\\xc3\\xe9\\x1b\\x86>\\x89\\x8b\\xf95\\xb7gId\\xd8o}|\\x06\\xde\\xf9\\xa1\\x94\\xb6\\xac\\x11H\\x05(s\\x07ls\\x83\\xad\\x1f\\xd1\\xd7{\\x0f\\x1d_}j\\xf5j)\\xa1\\xc2$\\x80\\xcd\\xe1\\x8b\\x12\\x17\\xf0s\\x02 :!\\x1dMC)kHm\\x0c\\xa8\\x1a\\x95w\\xc2\\xb4c\\x13\\xda3\\xc8eF\\x87\\x8d\\x98\\x08Vu\\x18\\xdb$\\xb7pIA\\x92RT8y\\xaa\\xd6\\xed3\\xdbm\\xad\\x19\\x81\\x19\\xd0\\x06\\x8dmr\\x91\\xbc\\xbb\\x82L\\xa9\\xbb\\x16\\x96<O\\xea\\xb5\\x91T04\\x83\\x95\\x07\\xcf\\xff\\x17K\\xcf\\xdf\\x00b\\xfc\\xb6\\xf5\\xebG\\xbc\\x14\\xf6\\xb3W\\xa9n]\\xefL\\xd3y-\\x93t\\xb3v\\x0f\\x96\\xd3\\x9b\\xe9\\x06=\\xbe\\xee\\xf2\\xee[\\x80SP\\xe4\\xe2duV\\xf0\\x8bB\\x12i>\\xf5=e\\xa9\\x05\\xda<\\xabQ\\x0b1\\x9ed\\xbcH\\\\x9c\\xd1-\\x04\\x08k0d\\xd7c\\x93\\xb1\\xe3|\\xfd\"\\xdc\\xee\\xb1\\x08Z\"vL\\xae\\xeb#>\\x03\\x9f\\xb2\\x96\\x96cw\\xd7\\x0b\\xd0rr6X\\xe6\\x1a\\xe4\"{\\x82y\\xe6\\xe6As\\x0fq\\xd9\\x05Yb\\xaaZY<\\xab\\xaf\\xe0\\xec\\xd1\\xa6\\xb8($\\x125i\\xbb\\xe4c\\x0c\\xad\\x1c\\xc9\\xde~\\xeb\\xfd\\xd2e\\xad'\\x12\\xa1\\xceD\\xc2\\x10\\xfc\\xc9\\xce|\\t\\x1b-\\xd4\\xafF\\x02X\\x17NI\\xbd\n\\xbf2R\\xa4\\x9b\\xfb\\xc7N\\xba\\xac\\xf3\\x85\\xe5\\xda\\x04)\\xb6U\\x82\\xaf#\\x93\\x99\\x0cn\\xea0\\xb3\\xa0U\\x89M\\xf0\\x7f\\x8c|\\xfb\\xee\\x06=\\x14\\xf7\\xcf\\x0c\\xc8\\xfdB2\\xc4\\xffE\\xb4\\xd05%k\\xaf\\xd3\\x0c\\xba\\x0b*\\xbf\\x8b\\xe6\\x8b\\xf9\\x99\\xf4\\x07\\xc0\\xfeF\\xe1\\xd7\\xd5\\xdf\\x1c\\x9e\\xe8o\\xf3\\x07\\x80D\\xba\\xdf\\x90$\\xffK\\xd0 \\xe6s\\xd5\\xb8\\xf1\\x98=\\xe5\\xe8\\x99\\xab\\x93\\x10\n\\x11\\xc9\\xe4\\x13\\xc1p\\xc4\\xd2\\xae\\xb5d\\xf1\\x18\\x85\\xe3b\\xe4\\x91\\xd40\\xfc\\xf5\\x19W\\x81\\xd7Z\\xf5\\xbf\\x90\\xb3\\xf7\\xf6\\xaf\\xe47\\x07\\x8dh\\xf6\\x8e\\xe4\\x9a\\x97\\x82\\xf7\\xbe\\xa0\\x84o\\xaa\\xa4\\x8e\\xb8\\xda\\x89\\xb8\\xd2\\xb7\\x88\\x84\\xbaPp\\x1dau\\xe0\\x03\\xc6\\xc8\\x97\\xf7O\\x0b2\\x0f\\xf6\\xd4G\\xf7\\xab&\\x91@D\t\\x12x^'t9F\\xb3\\xf3\\x85\\x9d\\xbcf\\x9a\\x03\\xe4\\xa3}\\x92\\xe3q\\xa6\\xe5\\xf3{\\xc7\\x17lO\\xef\\xa6\\xc4\\x98\\xbeN\\x91\\xb0\\xeb\\xb5YN\\x7f\\xfekFZ\\xd6\\xc3\\xf8S\\xcaK\\xfd\\x01\\x82HN\\xdaLv{\\x03\\x99\\xc3\\xd7G$?Z\\x98\\xd0\\xb2\\x8d\\xa2h\\xa9@\\xaf\\x1a]\\x8dBU\\x1e\\xa2\\xc7\\xba*?\\xda\\x8d\\xce\\xc2\\xe4\\\\xe9\\xcd\\xe9\\xaa+M\\x98UH(\\x14iH\\x8b\\x82\\xcc\\xe9V;\\x84\\x13+\":\\xe5\\xf0\\x1f\\x0br\\x01q\\x9d\\x7f\\xdf9?\\xc3\\xde]-\\xe44h~\\xa7\\xb6\\x0b\\x808\\x00J\\xd0r\\xae\\xefO\\xd6#\\xf9\\xf3\\x94OJ\\\\xefO\\xc6.\\xda\\xbe\\x91-\\x18~\\xab\\x15\\x9f:\\xb1\\xc2\\x87C\\xc1\t\\xba\\xf2\\xfdL\\x15}o\\xa2\\x91\\xd0\\x81\\xbf;}\\x11!\\xff6\\xa7j\\xba\\xcf@K\\xf8\\x1b`L\\x14G\\xb8\\xbb\\x93\\x8f\\xe3M\\xbc\\xf0\\xa3\r\\xc6\\x0f\\x17\\x92\\xfb\\xb40\\xf55G\\xe1\\xff\\x8f\\xb8\\xf7\\x8ejj\\xdb\\xfa@C\\xef \\x08B\\xe8B\\x90\\x8e4\\x91^\\xa5\\x04\\x90\\xde\\x8bJo\\xd2\\xa5K\\x17D\\x0c-t\\x84\\x00\\xd2\\x91\"\\xbd\\x0b(\\x10:H\\x87P\\x94\\x16\\xe9J\\x15By\\xc1s\\xce\\xbd_9\\xf7~\\xde7\\xde\\x18\\xef\\x8f8B\\xe6\\x9as\\xfe\\xf6\\xdcs\\xaf\\xb5\\xd7Z\\xae\\xf9K[!\\xe7\\x1b\\xe6\\xcf\\xab\\x93\\xb7Hr\\x1d\\xd4!\\xc9\\x0eX\\x93\\xb9;=\\x96\\x115\\xc6\\xafg\\xe0-\\x85\t\\xc9\\x00\\xa4WV\\xcc\\xdd\\xe5\\xac\\x00Y\\xcf\\x9b:\\x88\\xa1g\\x91H\\xf5\\xc6F\\xd8\\xa6\\xa6\\xe0\\xb2A\\xf2\\x8f\\x98\\xa1i\\xca%.m\\xa64\\xcb\\xe0\\xbb(\\x84\\x86\\x8c\\xb8\\x137\\xe7'N\\xddoJ\\x1c\\x98\\x9d\\xad\\xf1l\\x8d\\xb2\\xac\\xd0\\xf9\\x1b\\xd5\\x9cb=\\xe03\\x1fa\\xba\\xadz\\x8ap\\xb7\\xd5\\x87\\x83\\x99\\x17W\\x80r\\x01g\\x17\\x9a\\x07\\x06\\xd4,\\xbaQ?Q\\xc8\\xb97kj\\xaf\\xc8Rf\\xe2^\\xae\\xec\\x1e\\xc4\\x06\\x8a\\xe5\\x10\\x98\\x9c\\xfd(\\x04g\\xac\\xeb\\x82\\x82\\xbd\\x1a<jM\\x97\\xe6\\x11Q\\x93w\\yi\\xf8!\\xd9I_\\x90\\xa7\\xd1\\xa1\\x9f\\xf3<b\\x0b\\x8c5\\xf0\\xa5\\x14\\xef\\x0bc\\xd8o\\xde\\x87y\\xf6\\xf3\\x99I\\x86;\\xdd\\xf0\\x8f\\xd3,`\\xab;\\xea\\xae\\xe9\\xea]\\x8dj\\xf0s\\\\xa0v\\xeb\\xec\\x96\\x8d\\xdaw\\xd9\\x9f\\xa8\\x1f5\\xfab\\x07\\xf0\\x12\\x9e\\x03@\\xc1\\xebo\\xa4\\x9f\\x96\\x9d:\\xc3\\xddGD{\\x82\\xb9RwN\">\\x0f\r\\x16\\xc4;\\xeb\\xb6\\xe4\\x94\\xce2\\xd6Z\\xfb\\x8fb/96\\xce\\xd6\\x0c;\\xb74X-U\\xa0\\x13\\xd7\\xa5e\\xf1\\xf1\\x0eYkL>\\xb2\\xe1\\xb0t6\\x8fu*\\x84= l*\\x01\\x81?\\xa9O\\xf3\\xe1\\x8b\\x86Q&\\xd9\\x06\\x98a\\xf0{\\xd7\\x0fen\\x90G\\xe0\\x11\\x03\\xdd\\xd6C{\\x1b\\x15\\xa8A\\xcc\\x0b\\xd7\\xac2e<\\x06\\x87[\\x9c\\x0cDe.\\xfdmF\\x9c\\xcc\\x81\\x0f\\x01*\\xd3><\\x11\\xb4~\\x84\\xd0\\xae\\xb0y\\xfa\\xa3\\xf3\\xef\\x9c\\xed\\x0e\\xd9\\xdbW\\x00\\xbb\\x83\\xec\\xbeao\\xbbh\\xc5H\\x03\\xe7\\xd7\\x94\\x11\\xcdO8\\xef\\xc4\\xc3\\x99u\\xd6\\xef\\x13\\x92\\x8e!40\\x0eG\\xca\\x01\\x14}\\xa01\\xea\\xe4\\x81\\xa6\\xcdA\\x0fMG\\xff\\x053P\\xa4\"L\\xd1\\x13\\x12\\xef'\\xbaq\\xaa\\xa7\\xd7\\xc2\\xf4$0\\xe6}&.\\x1c\\x1b\\xfd>o\\xd0\\xd2\\xe4\\xcd3\\xde\\x0b\\x06AM'\\x9e\\f\\xeaf\\x9c\\xed\\xe4\\xc7*\\xb8\\xdf\\xf6\\x8d$\\xaf\\xe9\\x8f\\x93\\xd3\\x9fU\\xad2\\xc0Q\\xd9\\xc4\\xef\\xa4\\xfcA\\.\\x13\\xcf\\xea\\xc9\\xe7^C\\x8fD\\xbf\\xc6Q\\xa7\\xca\\xcb\\xf0\\x98\\xa9\\xdc\\xf4\\xbe\\xc8\\xf9\\x91\\x89\\x94\\xc9\\xbeG\\xc0\\x96V%\\x06Z\\xcd6\\x91\\xc0\\x9a9)\\x02y\\x88Z&\\xb4\\xe0\\xac&\\xeb\\xa0;$\\x82[\\xfbk\\x06\\xf7\\x8c\\xe7\\xf1cu\\xb3[\\x0es+v\\xcd_\\x0b\\xefS\\x80A)G42ET\\xb7\\xa6@$E\\xec\\xf1\\x02S\\xd0\\x90;\\xd1\\xbb\\xcb@\\x03#\\xe4\\xb3\\x04C\\xfb'~XcE\\xce\\x1a\\xb6\\xefQ\\xac,T\\xab.b#\\xecbpu\\xd4$+\\xfc\\x91tm\\x12`\\xcd[\\xb6\\xd3(\\xe4\\x93\\x93U\\xe3aI\\xd0\\xacW\\xd5\\xcd\\x1d\n\\xe7\\xb8]\\x92\\x05\t=\\x1d\\xd6\\xae56\\x1d\\x88\\xf8;bZ\\x11\\x99\\xe4\\xf5\\x1d\\xe9G;-U=\\x81\\x1c\\x18\\x9c\\x97\\xcf><N]\\x17\\xe9(\\xf0FBnf\\x06\ni\\xaf\\xfa\\x8f\\xc5\\xcbu\\xd2\\x08\\x03\\xf6\\x04\\xd5\\x99\\x17g\\xe2v=O\\x02~\\xe8\\xd2\\xa1>\\xb1\\xaa\\xb8X\\xf3\r\\xd4f\\x1e1&\\x93\\xa5\\\\x1a\\xbey\\x7f\\x1aP\\xbf\\x0b\\x07nE\\xdbz\\xca\\xde|\\xdd\\x12RU\\x9c^\\xc54\\xbfW\\x1f\\xee\\xf7\\xecA\\xc80r\\x10u~\\xb1\\x19\\x95\\x17\\xd5\\x15As\\xfb\\x8b\\x88\\xa8L\\x0c\\x1d\\x9d\\xedE\\x91\\xad{K=\\xda\\xed\\xe8\\x08o+\\xccZP\\xd8\\x15b\\xa3\\xe9\\x88}@2\\x93|i\t\\xfc`\\xd5G\\x1f\\xfe\\xd0\\xcb~>\\xaf\\xc4@7\\x8c\\x0c[\\x07\\x00\\x06\\x10'\\x8eSb\\xd8\\xa1\\xe4O\\x06\\x1d\\xa4'\\xf9\\x8ei\\xd8}\\xb4\\xb5\\x94Y\\xbb\\x99\\xa1\"\\+\\xb9\\x94\\x1f\\xd4s"
              },
              {
                "name": "SequenceNumber",
                "value": "34"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 7642
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xb3\\x00\\xab\\xfe\\x01O\\xc2M\\xf6\\xa5\\xd5]\n\\xc0\\xab\\xe0\\xd2\\x07&\\xcd\\x83\\xc5\\x9e\\xb3U\\x14\\xe3\\x8e\\xbb\\x8b\\xc2\\xe4\\x17\\x03\\x01?\\xd0\\x15s&\\x8a2Lk\\x93\\x06\\xcf\\x95M\\xc2\\x0bPs~\\x00\\xba\\x92\\xcbH\\x0ck\\xf3\\xf1\\x89\\xb4\\x892\\xf1\\x8b\\xa9\r(i_\\x9b\\x009\\x0b\\xc4R\\xd9j\\x89\\xc3\\x03\\x16\\x7fqP]:\\xf2\\x99\\x01\\xb4^CJ\\xc7\\xd3i\\xf8\\xaf\\xfb\\xbb\\x89\\xcbY\\xd7\\x10\\xd5\\xd9\\xc9\\xc6\\x05w+\\xb9\\x06\\x92C\\xb7g\\xbe\\x88h\\x00\\x18c\\xfcR\\xa7\\xc7\\x19\\xb8r\\xe28\\xebc\\xc3\\xef\\x91QQ\\xd5\\xdf\\xa0,\n\\xda\\x8c\\x7f\\x82%\\xbb^e\\xb6\\xc8\\xf0IR\\x85\\xa79X\\xe4\\x00#\\xcch\\xfc\\xb1!(\\xc6\\x80@yx\\xaa~\"Yj\\x99J&\\xf6\\xf6dR\\x8b\\xd8\\xbe\\x96jxG\\xf6\\x8b\\xa4\\xb9\\xa7\\xc2b\\x18\\xe9\\xa6\\xda\\x1f%\\x9d{\\x9c\\xa1x\\xb7n\\xa1-\\xa9\\xea|*Ky\\xd0\\xcc\\xf3W{\\xcf1\\xd2\\x93LZ\\x1b\\xd7\\xae\\xdfg\\xe3\\x11}\\x9bL\\xc26"
              }
            ],
            "repeated": 0,
            "id": 7643
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xd7"
              },
              {
                "name": "SequenceNumber",
                "value": "35"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7644
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "8\\x90\\xee\\x8aL\\x8fR-.\\x8c}\\xc4\\x99\\xc4\\xef\\x9enf\\xa3\\xdd\\x1f\\xbc\\xfd\\x87\\xf4g^\\x9c\\xa3\\xf4\\xb5\\xa7\\xea\\xddg\\x8c\\xcf\\x1e\\x1fL\\xca\\xec\\xe5\\x82\\x91\\x8a\\x7f\\xc2\\x0b\\xbd\\xd6}\\x82\\x96\\xb9\\xfa}\\x0e\\xfe\\x03\\xc4_\\x8d\\xf4\\x9f\\xf28\\xb3\\xd7\\xd7\\xa7(\\xc6\\xa76\\xda\\xe7\\x9f~o\\x9c\\xc3g%T\\xd9\\xda\\xd3\\xadOt~\\xea\\xf2a\\xa2&j\\xe5\t\\x85\\'\\x9e\\x8c'\\xcdi\\xac \\x18\\x8f\\xf2C+\\x8als\\xa0q\\x0f\r\\xe2\\x1b\\x1aD\\xde\\xf0\\xeb_P\\xb9%\\x0cjc\\x87\\x7f\\xc2o\\xb0\\xdc\\xd1\\x87Jff\\xe5[\\xdb1?A\\xe9\\x8bK\\xb7\\xa2\\xf0&\\xa7==\\xffl\\xc6\\xf1\\x0b\\xf3\\xabk\\xcc\\xf0\\x86\\x86\\x8c\\xcd\\xaf\\xbc;\\xcb\\x0e\\xb6\\xf1_\\xc9\\x95\\xd4\\x98\\x1c'\\xd0c\\x93n\\x97\\xcc!N\\xeb\\x15\\xa0\\xfdY\\xa0\\xdf1\\xd9\\xbb\\x8aU\\x18\\x1a\\xe8g4P\\xd9\\x14\\xa1\\xc4\\xf5\\xbb\\x0c~e\\xcaJ\\xb1J1\\x13\\xefJ\\xb8:\\x8e\\xb0\\xbd(\\x7f\\xb6O\\x8c\\~\\xbb\\x02\\x8cF\\xc8T\\xaa\\xbd\\xbf\\xach\\x89\\xad\\xd4\\xfe\\x1e\\xa0\\xbeH6>\\xc6=CM\\xcdzb+5(\\x13\\xb0\\xb4\\xce\\xd4\\xdf\\xda\\x1c\\xa2\"\\x86\\x1d\\xbe\\xf3(\\xc0\\xf0\\x9e\\x06\\xfc\\xed\\xb9\\x81ZR\\xb8:\\xea\\xc1\\x8f\\x81\\x83\\xbe\\x98\\x84$8\\xd1\\xaeS\\xe2\\xf7\\xe0\\xf3\\x18\\x7f\\x9f\\x0b\\xaf\\xcb\\xc8\\xea\\x82F\\x98\\xb5^\\x8a\\x1fH\\x1f\\x95;\\x1f/\\x9d^\\xfe\\x18/\\xd3\\xb7R\\x93='\\xf1\\x8c\\xd6\\xa0\\x9aaw\\xe4\\x19\\xcc\\xb7<\\xd7\\xa1\\xd0-*\\x0f\\x94\\xd1\\x13\\xbdx\\xe6,\\xb6\\x1d\\x93\\x16s\\xc7;Xl\\xdeF\\xaf~;a:\\xf8\\x08~\\xafl\\xfaVe\\xccX\\xd7\\x8c\\x18\\x905\\\\xed\\xf8]\\xf0\\xe9\\xdeu\\x16\n\\xe9\\x18\\x00u\\x84 \\xd1\\x9f\\xe2\\x1dE6\r\\xbd\\xe1\\x91\\xa3;\\xcf\\xd8N\\xe2\\x95\\xb5\\x94\\x83\\x87\\xeb.']\\xffL\\xf5\\x08&\\xc7_\\x0f\\x17\\xba?\\x94\\x0f\\x11\\m\\xf9`\\xfa\\xf2\\x15\\xc86\\x19\\xac\\x1f\\xd5#m\\x83\\x88?=\\xbbd(mk;<~\\xcf\\xcdi\\x1cyx\\xc0\\xe6\\xb6\\x05\\xd5\\xaf\\xce\\xcf\\xcc\\x0c\\xc3C\\xc6r{\\xee\\x18\\?^\\xe8\\xc4\\xd5\\xfe\\xcb/\\x07fT[s\\xa2ZS\\xa3Qt?\\xdd\\x89\\xfd@8\\x84\\x94l\\xdd\\xb1|\\xbd \\x98Pf\\xf7X\\xb5ZdR\\xbb\\xc9\\x08\\xd0j\\x07\\x04\\xad\\x1eb\\xb5K\\x1a\\xc0\\xe7\\xca\\xaf\\x9fUt\\x9e\\xe7\\xfd\\xc3\\x98\\x16\\xaeyOn\\x00q\\x1c}\\x82J\\x08w\\xd6W\\\\xe9\\xb3\\x081\\xe4[\\x98\\x07\\x97p\\xeb\\x84\\xc9\\xa4\\x0b1\\x04?\\xcc\\x90s\\xed\\xbb\\xb1)V\\xbd\\x1f\\xfd\\xd4\\xdfZ\\xc0a\r\\x14>3\\xab\\x91\\x87\\x99EwRV\\x0e\\x92\\xb1&\\xc4\\x0bM\\x8f\\xd7\\x19d\\xec\\x1eS\\xfch\\xdd\\xce5\\xfe\\xd8o\\x81\\xe7G3\\xd7\\x88E\\xbfz\\xe1n\\xb2\\xf4\\xcf \\xc4\\xd5]we\\xbeW\\x00t2\\x005\\x8b\\x1d\\x95\\x94\\xf7w~B\\xde\\xdbp\\x04\\xd9\\xce6r\\x1c\\xe3\\x95\\x9cs\\x96\\x17\\x9b\\xe5\\xc7\\xe34\n\\xceU\\xef\\xa6\\xac\\xf4\\xf7\\x0c\\xfb[1\\xbd\\xacs\\xba(]\\xfa\\xb3\\x9f \\x99\\xac\\xa2\\x11\\xeaQF}\\x0c\\x01\\xc5L\\xa9L=\\x103\\x00\\x84o\\x92\\x88\\xe7R\\x1bt<\\xd1\\xa4a\\xda#\\x94\\xfeg\\xf8\\x01\\x0f\\x15\\x15\\xfe\\x11\\xbb\\xeb\\xbe\\xf3\\xba\\x83\\xa1\\xc4H]F\\xad\\x8f\\x9f\\xdf\\xf7\\x91\\xb4\\xa3\\xa0\\xda\\x1f=\\xbb\\xb5r6M{\\xc9\\x146\"\\x17\r\\xf4~\\x93\\xf3|*\\x89\\xf4\\xc5\\x15\\x804P\\xc0\\x9c=&\\xa6m=\\x81\\xaa\\xa9I\\xab\\<eNN\\x14xo\\xe4\\xe1\\xb2\\x1a\\x96\\x1b\\xef\\xdc]\\x89\\x81\\x0e\\x10L\\xe8\\xc2\\x91Kl\\xbf@3p8Z v\\x7f\\xa6\\x04\\xe7\\xbd\"\\xbde\\xd9)\\xb1\\x87\\x08}q\\x1fMa\\xc5;W7v\\xb5o+PNR\\xc3\\xc4\\xfd\\x0b\\x01\\xc3J\\x17^\\xf6\\xba\\xe8u\\x06u\\xf9(Y\\xae\\xcc\\x12\\xac\\xaa\\x11\\xffqD?X\\xda\\x94\\xe0\\xeb\\x98\\x7fKz\\xa5cu.w$\\x83\\xe8;i\\xc6\\xba\\xd8\\xa9\\x80\\x12ci\\xcb\\\\x05\\x7fR0S\\x7f\\xc6\\xc9T\\xc3\\xf4w\\xf9\\xf8n\\xc6\r\\x1f\\x9er\\x01\\x1e)_\\x06'%\\x89\\x01\\xeb\t\\xa0\\x02\\xf6K\\x89\\x0b\\xf7o\\xdc\\x92\\x1a\\xec'f1\\x8eC\\x0e\\xdaS[\\xb9\t\\xe5\\xb5\\xa3\\xdfh'[[A\\x85b+\\xc0U\\xfa\\x90\\xf9 }d\\xdd\\xa2o\\xec\\x86K-j\\x03\\x0f\\x04\\xef<\\x9e\\xaf\\xeb\\xfc\\x1c\\x91-uo-w\\xe8\\xf5K^M\\xdd\\xaa\\xa6\\x80<\\xa99\\x91\"\\x97\\xef\\xceI\\x81\\xc9\\xde{=S\\x1f/\\x94\\x0f+<M\\xe2\\xc1%B\\xf8\\x16\\xafO\\xdc\\xcf\\xdfWL\\xa2^\\xcf\\x15\\x1f(>3Zo\\xd4\\xbf \\xef\\xf2\\xcf\\xa0pS}\\x8f\\xb7D%\\x1f\\xa2\\x1a/\\xc7\\x1c+G\\xa5\\x95\\xca\\x93\\xc8\\xe2\\xbe\\xfe:\\xce\\xb3\\xd4Y\\xc9\\xc9\\\\x07\\xabQ\\xd9\\x91\\x14t\\xdb\\xf3tB\\x9a{\\xb2\\xdc\\xf5k}\\xd8|\\xea\\xfeL\\xd5\\xf3'\\x1e\\x02\\xa1\\xc62s\\x89\\xc9\\x9fJ\\x85\\x82}\\xbf?\\xd4\\x85*'\\x9f\\x88\\xf5\\xbd\\xab\\x1c\\xd0Qu\\xa8\\x81%\\x93\\x1a\\xbc1\\xc9\\xad\\x9b|.\\x19|\\xd7\\xa4\\xe9\\xb9\\x9ds\r}\\x10K\\x93\\xc9s]5\\xac\\xbdH\\xc3\\x98*H\\x1ey\\xb7\\xe7\\xc4\\xcb\\xda\\xf08\\xcfj\\x8a5\\x1f\\xa9p\\x94\\xa5\\x1c\\xc5\\xa03\\xcd\\x03\r,\\x97\\xe5\\xd6=8\\xbb4W\\x93ti\\xf6\\x19~Y\\xf6\\x0e\\xdd9r'\\x11\\x9d{vL\\xc9r \\xa8\\xfa\\xdaZB\\xbe\\xe7d\\xda\\xea\\x94\\xdb\\xa7\\x8f\\x99\\xa79\\xe5\\xed\\xc1\\xdc.\\xfd^l\\x1cs\\x1a\\xa8\\xe0N\\xe0\\xa3\\xaa\\xefs\\x9aw;\ry\\xf0\\x89kz;\\x12\\xe2\\xf1\\xf5\\x99\\x97[a\r\\xe72\\xcb;\n\\xb2\\xb5\\xd0\\xa9EQ\\x9b\\x88\\xa5\\xa0Y\\xb9S\\xcd\\xe7OP\\x06Cfi-\\x8c\r\\x05\\x8b\\xf3f\\xdb~\\xeb\\xb1\\x8a\\xfb\\x9fH\\x8a\\xe5\\x162m[\\xed\\xba\\xd9\\xa59'5\\xcb'\\xb2\\x87\\x1bF\\xba\\xb2\\x8c\\xe2~\\xee\\xd7\\x9c\\xbf9wJhnL\\xd9\\xdd4MG<\\xabn\\xf2\\x11\\xed\\x01\\x17\\x17\\xe1\\xd1-$s\\x9aE\\xb6\\xdd\\xfct\\xd7\\xc65\\x7f\\xee\\xcdk|>\\xaa\\xf8[\\x8b\\xe1\\xde\\x811~\\x0b\\x0e\\x9d\\x15\\x8fM\\x11plg\\xc6\\xde\\x9e\\xc9~\\xeb\\xe5\\xe6\\x12U\\x01\\xd7\\xb4\\xb5J\\x82>\\xbe\\x87\\x9f7|\\xd8\\x95\\xb2\\xbc\\x11\\x0e\\xf5\\xfdE\\xefhz\\xf6.\\xeb\\xfcx\\xbe\\x10\\xbd\\x92\\xa5\\xc1@`\\xfd('_fx \\xf2\\xe5G\\xf8\\xe5\\x9aM\\xcd-[\\xab\\xc9Ww\\xa2cI\\xd8\\xc8\\xb5#\\x14\\xeflzQ4\\xb7\\xdd\\x99u\\xa9\\x7f\\x87td\\xf6\\xc8\\xf1\\x98\\x0f\\x8d\\x9bj\\x1a\\x08 \\x1a\\xc8\\xbf\\xeb\\xea$\\xdcKJ\\xc4B!d\\x90\\xf3~j\\xa7\\x10\\x9c[\\xd3\\xaa,O\\x18\\x1fc,\\xba\\x94\\xfb\\xd9\\xabnx\\xda\\xe8\\xfbv\\xe2\\x06\\xf5\\x01\\x98\\xc28\\xedF\\x1f\rF\\xd0\\x13\\\\xd5\\xcc@\\xeea\\xeew\\xd3^\\x8fo:\\xa5|F\\x8c\\x14=$v\\xf4\\xf8H\\x93\\xe9*}\\x05\\xf8j69\\x945Y\\xb8T\\x8bP#\\xddkY\\xe74\\x9bz6\\xa9v_\\xf7;\\x9d\\xfb\\x1cO$4\\x9a[\\xf6\\xbf\\xb2\\xe3\\xdd\\xe2/gy\\xf7\\xa1\\x0b\\x84\\xfb\\xd4\\x0ek\\x9aa\\xf3\\xa2k\\xee\\xe9\\xa8\\xa4\\xb6i]ST\\xd0\\xfa\\xa3\\xf2\\xbb\\xc5\\x89\\xf3G\\xd8\\xcf6\\xf6\\x8c'\\xb4\\x04\\xa7\\xd2,i\\x93\\xdba\\x18q>\\xb7SY\\x11\\xac\\xed\\xa2\\xe5\\xdcKU\\x15\\xd1\\x03\\xa2\\xa1{'_\\xad\\xc3(Jq\\x95\\xb1Cp\\x83N\\x9e\\xee\\x8b\\x95\\xc9\\xaa0\\x87\\xc9\\xd1\\x87q\\x81+\\\\xf8\\x04\\x90#<-\\xfe\\xae\\x1e3\\xe7\\x1b\\x18\r_\\xdf\\xcdZ\\xfc?\\x01:\\x02\\xc5\\xfd\\xb2\\xd4m\\xa2!\\x1d\\xd02\\xb9r\\xbc\\x9f\\x93\\x1c\\x02\\x7f\\x8f#\\x1e\\x94\\xcb\\xc8\\xafl-\\xaf \\xd4o\\xf7\\xbc\\x91(H\\x9aGbN\\xf59\\xc1\\x18\\xe8\\x0f5\\x84\t\\x07 \\x90}\\xa9Y\\x99\\xbe\\xf3\\x16\\xfa\\x9c\\xd1a\\xdc\\xdd\\xd1\\xde\\x13\\xa5\\xdc\\xc5\\x14\\xb0G3C(\\x9bx\\xc3\\xba\\x91\\xf2\\xed'\\x8cg\\xa8\\x1c\\xd4~ \\xd1\"\\xd2#\\xb7h\\xee|\\xef79\\x1cq\\xff\\x00\\xd7\\xacZVvlnb\\xd8\\xe9\\x93\\x9a\\x96\\x9d\\xee\\x99\\xa4g\\x15\\x06\\x9a\\xd4\\xd5\\xd1\\xaf\\xed\\xacl\\xaf\\x0c\\xcb\\xe6H\\xe5\\x02G\\x81\\xf3\\x8c0 \\x928\\x1c\\x8c\\xe3\\x9a\\xb8\\xd7\\xf6d\\xf9QIo\\x15\\xc9\\x83q\\xb8\\xdb\\x94\\xf3\\x8e\\x01\\xc7\\x1c|\\xa3\\x19\\xc7\\x04\\x9f\\xads\\x94UX\\xce\\xe4\\x97\\x04\\xb5\\xc4\\x85\\xa4Y\tc\\x97Q\\x80\\xde\\xe2\\xac\\xc3\\xa5_\\D\\x92\\xc7\\x06Q\\xf2C\\x16Q\\xc0\\x04\\xe4\\xe4\\xf0>"
              },
              {
                "name": "SequenceNumber",
                "value": "36"
              },
              {
                "name": "BufferSize",
                "value": "2407"
              }
            ],
            "repeated": 0,
            "id": 7645
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x000009aa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xf7$\\\\xbb\\xb8\\xc5s\\x16x\\xe5)\\xc5E\\x91\\xdf\\xba:\\xb3\\x1d\\xce\\x8e\\x88\\xbfh\\x19\\xc16\\xf9]\\xc1q\\xc0\\x17\\x03\\x01\t\\x80\\xbd\\x1fZw\\xa5][\\xef\\xd4On4\\xaa\\x85\\x00V\\xa3\\xb5)\\x08\\xb3\\xe6\\xe5\\xe4\\xd2\\x8d\\xb9\\xbd\\x85\\xaa\\x0b\\xd7_\\x8b\\x02i\\x0e\\xa3\\xbc\\xc6\\x9b+2\\xd5o_\\x82\\xb2f\\xb8b\\xfc\\xfd\\xa1\\x8b\\x1d\\xd5\\xc2\\x1b>\\xb2\\xde\\x00\\x08eKE\\x90\\xd5\\xd3\\x96\\x05\\xdbP\\xed\\xd3\\x08\\xb4\\x1b\\x97w\\xbd\\x80b\\x00\\xa1q\t\\x19\\x86\\x8f\\x8dsa\\x8cw\\xbf\\xb2\\xfd0>7\\x1fb\\xa4\\x00\\xd5\\xa9\\xd1\n\\xc8=t\\xfb\\x15\\xee\\x17v\\xc2Y\\xe5_\\xa9\\xda\\x8e\\x19\\x02\\xf3\\xc9\\x8cB\\x00\\xa3wN\\x84B\\xc9\\x8ege\\x00\\xd8\\xbcB\\xa6\\x9b\\x1brI\\xad\\xda\\x1b\\xfc\\xf3\\xae\\xf1^2\\x03\\x9b\\x18\\x04\\x15\\xee \\x92[\\xae\\xaf\\x9eg\\x88\\xb8\\x8b\\xf5Gm\\xe9\\xa2\\xe6y\\xd7\\x92:\\x8d\\xfe\\x83\\xe7\\x80\\x9dU\\xb90t\\x91i\\xb4\\xfe\\xa0B\\x9a\\x9b\\xe0w\\xf9\\xa8\\xb34>=h\\x95\\x14"
              }
            ],
            "repeated": 0,
            "id": 7646
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 7647
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5560"
              }
            ],
            "repeated": 0,
            "id": 7648
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x742bad94",
            "parentcaller": "0x742ba15c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000958"
              }
            ],
            "repeated": 0,
            "id": 7649
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x775545ae",
            "parentcaller": "0x7755442c",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7650
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x75c4269a",
            "parentcaller": "0x758e5041",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000095c"
              }
            ],
            "repeated": 0,
            "id": 7651
          },
          {
            "timestamp": "2026-03-05 10:25:58,791",
            "thread_id": "5560",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7652
          },
          {
            "timestamp": "2026-03-05 10:25:58,822",
            "thread_id": "616",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 7653
          },
          {
            "timestamp": "2026-03-05 10:25:58,822",
            "thread_id": "616",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 3,
            "id": 7654
          },
          {
            "timestamp": "2026-03-05 10:25:58,822",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "54501"
              }
            ],
            "repeated": 0,
            "id": 7655
          },
          {
            "timestamp": "2026-03-05 10:25:58,822",
            "thread_id": "616",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 80,
            "id": 7656
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "5516",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7657
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "5516",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 7658
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "5212",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 40,
            "id": 7659
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "5212",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7660
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "5212",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 7661
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "616",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 49,
            "id": 7662
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "616",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7663
          },
          {
            "timestamp": "2026-03-05 10:25:58,837",
            "thread_id": "616",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 7664
          },
          {
            "timestamp": "2026-03-05 10:25:58,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7665
          },
          {
            "timestamp": "2026-03-05 10:25:58,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7666
          },
          {
            "timestamp": "2026-03-05 10:25:58,884",
            "thread_id": "5444",
            "caller": "0x76091e6a",
            "parentcaller": "0x73092f76",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7667
          },
          {
            "timestamp": "2026-03-05 10:25:58,884",
            "thread_id": "5444",
            "caller": "0x730943d1",
            "parentcaller": "0x7309426d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7668
          },
          {
            "timestamp": "2026-03-05 10:25:58,884",
            "thread_id": "5444",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008f8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7669
          },
          {
            "timestamp": "2026-03-05 10:25:58,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7670
          },
          {
            "timestamp": "2026-03-05 10:25:58,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7671
          },
          {
            "timestamp": "2026-03-05 10:25:59,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7672
          },
          {
            "timestamp": "2026-03-05 10:25:59,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7673
          },
          {
            "timestamp": "2026-03-05 10:25:59,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7674
          },
          {
            "timestamp": "2026-03-05 10:25:59,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7675
          },
          {
            "timestamp": "2026-03-05 10:25:59,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7676
          },
          {
            "timestamp": "2026-03-05 10:25:59,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7677
          },
          {
            "timestamp": "2026-03-05 10:25:59,384",
            "thread_id": "5444",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7678
          },
          {
            "timestamp": "2026-03-05 10:25:59,384",
            "thread_id": "5444",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008f8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7679
          },
          {
            "timestamp": "2026-03-05 10:25:59,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7680
          },
          {
            "timestamp": "2026-03-05 10:25:59,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7681
          },
          {
            "timestamp": "2026-03-05 10:25:59,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7682
          },
          {
            "timestamp": "2026-03-05 10:25:59,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7683
          },
          {
            "timestamp": "2026-03-05 10:25:59,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7684
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7685
          },
          {
            "timestamp": "2026-03-05 10:25:59,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7686
          },
          {
            "timestamp": "2026-03-05 10:25:59,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7687
          },
          {
            "timestamp": "2026-03-05 10:25:59,884",
            "thread_id": "5444",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7688
          },
          {
            "timestamp": "2026-03-05 10:25:59,884",
            "thread_id": "5444",
            "caller": "0x75c4269a",
            "parentcaller": "0x7309435b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008f8"
              }
            ],
            "repeated": 0,
            "id": 7689
          },
          {
            "timestamp": "2026-03-05 10:25:59,884",
            "thread_id": "5444",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5444"
              }
            ],
            "repeated": 0,
            "id": 7690
          },
          {
            "timestamp": "2026-03-05 10:25:59,884",
            "thread_id": "5444",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7691
          },
          {
            "timestamp": "2026-03-05 10:25:59,916",
            "thread_id": "5168",
            "caller": "0x75c4269a",
            "parentcaller": "0x7678a9de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000464"
              }
            ],
            "repeated": 0,
            "id": 7692
          },
          {
            "timestamp": "2026-03-05 10:25:59,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7693
          },
          {
            "timestamp": "2026-03-05 10:26:00,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7694
          },
          {
            "timestamp": "2026-03-05 10:26:00,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7695
          },
          {
            "timestamp": "2026-03-05 10:26:00,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7696
          },
          {
            "timestamp": "2026-03-05 10:26:00,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7697
          },
          {
            "timestamp": "2026-03-05 10:26:00,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7698
          },
          {
            "timestamp": "2026-03-05 10:26:00,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7699
          },
          {
            "timestamp": "2026-03-05 10:26:00,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7700
          },
          {
            "timestamp": "2026-03-05 10:26:00,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7701
          },
          {
            "timestamp": "2026-03-05 10:26:00,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7702
          },
          {
            "timestamp": "2026-03-05 10:26:00,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7703
          },
          {
            "timestamp": "2026-03-05 10:26:00,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7704
          },
          {
            "timestamp": "2026-03-05 10:26:00,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7705
          },
          {
            "timestamp": "2026-03-05 10:26:00,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7706
          },
          {
            "timestamp": "2026-03-05 10:26:00,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7707
          },
          {
            "timestamp": "2026-03-05 10:26:00,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7708
          },
          {
            "timestamp": "2026-03-05 10:26:00,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7709
          },
          {
            "timestamp": "2026-03-05 10:26:01,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7710
          },
          {
            "timestamp": "2026-03-05 10:26:01,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7711
          },
          {
            "timestamp": "2026-03-05 10:26:01,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7712
          },
          {
            "timestamp": "2026-03-05 10:26:01,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7713
          },
          {
            "timestamp": "2026-03-05 10:26:01,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7714
          },
          {
            "timestamp": "2026-03-05 10:26:01,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7715
          },
          {
            "timestamp": "2026-03-05 10:26:01,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7716
          },
          {
            "timestamp": "2026-03-05 10:26:01,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7717
          },
          {
            "timestamp": "2026-03-05 10:26:01,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7718
          },
          {
            "timestamp": "2026-03-05 10:26:01,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7719
          },
          {
            "timestamp": "2026-03-05 10:26:01,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7720
          },
          {
            "timestamp": "2026-03-05 10:26:01,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7721
          },
          {
            "timestamp": "2026-03-05 10:26:01,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7722
          },
          {
            "timestamp": "2026-03-05 10:26:01,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7723
          },
          {
            "timestamp": "2026-03-05 10:26:01,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7724
          },
          {
            "timestamp": "2026-03-05 10:26:02,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7725
          },
          {
            "timestamp": "2026-03-05 10:26:02,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7726
          },
          {
            "timestamp": "2026-03-05 10:26:02,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7727
          },
          {
            "timestamp": "2026-03-05 10:26:02,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7728
          },
          {
            "timestamp": "2026-03-05 10:26:02,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7729
          },
          {
            "timestamp": "2026-03-05 10:26:02,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7730
          },
          {
            "timestamp": "2026-03-05 10:26:02,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7731
          },
          {
            "timestamp": "2026-03-05 10:26:02,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7732
          },
          {
            "timestamp": "2026-03-05 10:26:02,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7733
          },
          {
            "timestamp": "2026-03-05 10:26:02,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7734
          },
          {
            "timestamp": "2026-03-05 10:26:02,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7735
          },
          {
            "timestamp": "2026-03-05 10:26:02,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7736
          },
          {
            "timestamp": "2026-03-05 10:26:02,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7737
          },
          {
            "timestamp": "2026-03-05 10:26:02,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7738
          },
          {
            "timestamp": "2026-03-05 10:26:02,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7739
          },
          {
            "timestamp": "2026-03-05 10:26:02,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7740
          },
          {
            "timestamp": "2026-03-05 10:26:03,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7741
          },
          {
            "timestamp": "2026-03-05 10:26:03,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7742
          },
          {
            "timestamp": "2026-03-05 10:26:03,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7743
          },
          {
            "timestamp": "2026-03-05 10:26:03,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7744
          },
          {
            "timestamp": "2026-03-05 10:26:03,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7745
          },
          {
            "timestamp": "2026-03-05 10:26:03,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7746
          },
          {
            "timestamp": "2026-03-05 10:26:03,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7747
          },
          {
            "timestamp": "2026-03-05 10:26:03,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7748
          },
          {
            "timestamp": "2026-03-05 10:26:03,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7749
          },
          {
            "timestamp": "2026-03-05 10:26:03,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7750
          },
          {
            "timestamp": "2026-03-05 10:26:03,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7751
          },
          {
            "timestamp": "2026-03-05 10:26:03,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7752
          },
          {
            "timestamp": "2026-03-05 10:26:03,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7753
          },
          {
            "timestamp": "2026-03-05 10:26:03,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7754
          },
          {
            "timestamp": "2026-03-05 10:26:03,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7755
          },
          {
            "timestamp": "2026-03-05 10:26:04,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7756
          },
          {
            "timestamp": "2026-03-05 10:26:04,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7757
          },
          {
            "timestamp": "2026-03-05 10:26:04,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7758
          },
          {
            "timestamp": "2026-03-05 10:26:04,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7759
          },
          {
            "timestamp": "2026-03-05 10:26:04,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7760
          },
          {
            "timestamp": "2026-03-05 10:26:04,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7761
          },
          {
            "timestamp": "2026-03-05 10:26:04,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7762
          },
          {
            "timestamp": "2026-03-05 10:26:04,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7763
          },
          {
            "timestamp": "2026-03-05 10:26:04,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7764
          },
          {
            "timestamp": "2026-03-05 10:26:04,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7765
          },
          {
            "timestamp": "2026-03-05 10:26:04,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7766
          },
          {
            "timestamp": "2026-03-05 10:26:04,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7767
          },
          {
            "timestamp": "2026-03-05 10:26:04,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7768
          },
          {
            "timestamp": "2026-03-05 10:26:04,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7769
          },
          {
            "timestamp": "2026-03-05 10:26:04,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7770
          },
          {
            "timestamp": "2026-03-05 10:26:04,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7771
          },
          {
            "timestamp": "2026-03-05 10:26:05,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7772
          },
          {
            "timestamp": "2026-03-05 10:26:05,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7773
          },
          {
            "timestamp": "2026-03-05 10:26:05,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7774
          },
          {
            "timestamp": "2026-03-05 10:26:05,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7775
          },
          {
            "timestamp": "2026-03-05 10:26:05,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7776
          },
          {
            "timestamp": "2026-03-05 10:26:05,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7777
          },
          {
            "timestamp": "2026-03-05 10:26:05,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7778
          },
          {
            "timestamp": "2026-03-05 10:26:05,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7779
          },
          {
            "timestamp": "2026-03-05 10:26:05,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7780
          },
          {
            "timestamp": "2026-03-05 10:26:05,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7781
          },
          {
            "timestamp": "2026-03-05 10:26:05,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7782
          },
          {
            "timestamp": "2026-03-05 10:26:05,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7783
          },
          {
            "timestamp": "2026-03-05 10:26:05,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7784
          },
          {
            "timestamp": "2026-03-05 10:26:05,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7785
          },
          {
            "timestamp": "2026-03-05 10:26:05,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7786
          },
          {
            "timestamp": "2026-03-05 10:26:06,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7787
          },
          {
            "timestamp": "2026-03-05 10:26:06,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7788
          },
          {
            "timestamp": "2026-03-05 10:26:06,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7789
          },
          {
            "timestamp": "2026-03-05 10:26:06,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7790
          },
          {
            "timestamp": "2026-03-05 10:26:06,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7791
          },
          {
            "timestamp": "2026-03-05 10:26:06,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7792
          },
          {
            "timestamp": "2026-03-05 10:26:06,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7793
          },
          {
            "timestamp": "2026-03-05 10:26:06,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7794
          },
          {
            "timestamp": "2026-03-05 10:26:06,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7795
          },
          {
            "timestamp": "2026-03-05 10:26:06,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7796
          },
          {
            "timestamp": "2026-03-05 10:26:06,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7797
          },
          {
            "timestamp": "2026-03-05 10:26:06,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7798
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7799
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7800
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "}X\\xe6\\xf4\\xa3O\\x80\t\\x07\\x9f8\\xc8\\x9d\\xa4\\x93\\xa0h\\xc91\\xd54`\\x88F\\x95[/Q%\\xa0B\\xb3"
              }
            ],
            "repeated": 0,
            "id": 7801
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x17"
              },
              {
                "name": "SequenceNumber",
                "value": "21"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7802
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7803
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x04\\x88\\xb1\\xderu\\xa3W]\\xb4I\\xfe\\x85\\xd6rLN\\xdba\\xa2+w\\xa1[\\x07\\x92\\xe1qS\\xf9\\xe1w"
              }
            ],
            "repeated": 0,
            "id": 7804
          },
          {
            "timestamp": "2026-03-05 10:26:06,775",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "22"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7805
          },
          {
            "timestamp": "2026-03-05 10:26:06,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7806
          },
          {
            "timestamp": "2026-03-05 10:26:06,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7807
          },
          {
            "timestamp": "2026-03-05 10:26:06,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7808
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 7809
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xfb_|\\xc9^\\xbf\\x8f\\xdd\\x862\\xbf\\xc0w\\\\x8cH(e>\\xa1\\xe8\\xbd)\\xb1ILt\\x8d\\xdf\\xcb-T"
              }
            ],
            "repeated": 0,
            "id": 7810
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "23"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7811
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 7812
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xdf\\x8f\"\\xf0\\xb7Z\\xaa\\xc7\\x04e(k\\xc5m\\x94\\xd06rYa\\xa5\\xb7\\xeb\\x97\\xae!\\xad\\xfeW\\xe3\\xdd\\xfb}\\xa7\\x1e\\xe6\\x11\\xfbR\\xd4\\x85BE'\\x8e\\xef)^"
              }
            ],
            "repeated": 0,
            "id": 7813
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9b\\xc5\\xc4\\x00\\x00\\xb6\\x86\\xf3=\\x03\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "24"
              },
              {
                "name": "BufferSize",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 7814
          },
          {
            "timestamp": "2026-03-05 10:26:06,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7815
          },
          {
            "timestamp": "2026-03-05 10:26:06,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000954"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4744"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 7816
          },
          {
            "timestamp": "2026-03-05 10:26:06,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000954",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4744"
              }
            ],
            "repeated": 0,
            "id": 7817
          },
          {
            "timestamp": "2026-03-05 10:26:06,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000954"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4744"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 7818
          },
          {
            "timestamp": "2026-03-05 10:26:06,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 7819
          },
          {
            "timestamp": "2026-03-05 10:26:06,962",
            "thread_id": "4744",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7820
          },
          {
            "timestamp": "2026-03-05 10:26:06,962",
            "thread_id": "4744",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7821
          },
          {
            "timestamp": "2026-03-05 10:26:06,978",
            "thread_id": "4744",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 7822
          },
          {
            "timestamp": "2026-03-05 10:26:06,978",
            "thread_id": "4744",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4744"
              }
            ],
            "repeated": 0,
            "id": 7823
          },
          {
            "timestamp": "2026-03-05 10:26:06,978",
            "thread_id": "4744",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7824
          },
          {
            "timestamp": "2026-03-05 10:26:07,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7825
          },
          {
            "timestamp": "2026-03-05 10:26:07,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7826
          },
          {
            "timestamp": "2026-03-05 10:26:07,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7827
          },
          {
            "timestamp": "2026-03-05 10:26:07,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7828
          },
          {
            "timestamp": "2026-03-05 10:26:07,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7829
          },
          {
            "timestamp": "2026-03-05 10:26:07,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7830
          },
          {
            "timestamp": "2026-03-05 10:26:07,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7831
          },
          {
            "timestamp": "2026-03-05 10:26:07,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7832
          },
          {
            "timestamp": "2026-03-05 10:26:07,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7833
          },
          {
            "timestamp": "2026-03-05 10:26:07,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7834
          },
          {
            "timestamp": "2026-03-05 10:26:07,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7835
          },
          {
            "timestamp": "2026-03-05 10:26:07,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7836
          },
          {
            "timestamp": "2026-03-05 10:26:07,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7837
          },
          {
            "timestamp": "2026-03-05 10:26:07,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7838
          },
          {
            "timestamp": "2026-03-05 10:26:07,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7839
          },
          {
            "timestamp": "2026-03-05 10:26:07,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7840
          },
          {
            "timestamp": "2026-03-05 10:26:08,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7841
          },
          {
            "timestamp": "2026-03-05 10:26:08,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7842
          },
          {
            "timestamp": "2026-03-05 10:26:08,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7843
          },
          {
            "timestamp": "2026-03-05 10:26:08,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7844
          },
          {
            "timestamp": "2026-03-05 10:26:08,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7845
          },
          {
            "timestamp": "2026-03-05 10:26:08,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7846
          },
          {
            "timestamp": "2026-03-05 10:26:08,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7847
          },
          {
            "timestamp": "2026-03-05 10:26:08,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7848
          },
          {
            "timestamp": "2026-03-05 10:26:08,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7849
          },
          {
            "timestamp": "2026-03-05 10:26:08,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7850
          },
          {
            "timestamp": "2026-03-05 10:26:08,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7851
          },
          {
            "timestamp": "2026-03-05 10:26:08,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7852
          },
          {
            "timestamp": "2026-03-05 10:26:08,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7853
          },
          {
            "timestamp": "2026-03-05 10:26:08,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7854
          },
          {
            "timestamp": "2026-03-05 10:26:08,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7855
          },
          {
            "timestamp": "2026-03-05 10:26:08,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7856
          },
          {
            "timestamp": "2026-03-05 10:26:09,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7857
          },
          {
            "timestamp": "2026-03-05 10:26:09,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7858
          },
          {
            "timestamp": "2026-03-05 10:26:09,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7859
          },
          {
            "timestamp": "2026-03-05 10:26:09,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7860
          },
          {
            "timestamp": "2026-03-05 10:26:09,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7861
          },
          {
            "timestamp": "2026-03-05 10:26:09,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7862
          },
          {
            "timestamp": "2026-03-05 10:26:09,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7863
          },
          {
            "timestamp": "2026-03-05 10:26:09,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7864
          },
          {
            "timestamp": "2026-03-05 10:26:09,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7865
          },
          {
            "timestamp": "2026-03-05 10:26:09,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7866
          },
          {
            "timestamp": "2026-03-05 10:26:09,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7867
          },
          {
            "timestamp": "2026-03-05 10:26:09,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7868
          },
          {
            "timestamp": "2026-03-05 10:26:09,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7869
          },
          {
            "timestamp": "2026-03-05 10:26:09,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7870
          },
          {
            "timestamp": "2026-03-05 10:26:09,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7871
          },
          {
            "timestamp": "2026-03-05 10:26:09,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7872
          },
          {
            "timestamp": "2026-03-05 10:26:10,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7873
          },
          {
            "timestamp": "2026-03-05 10:26:10,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7874
          },
          {
            "timestamp": "2026-03-05 10:26:10,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7875
          },
          {
            "timestamp": "2026-03-05 10:26:10,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7876
          },
          {
            "timestamp": "2026-03-05 10:26:10,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7877
          },
          {
            "timestamp": "2026-03-05 10:26:10,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7878
          },
          {
            "timestamp": "2026-03-05 10:26:10,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7879
          },
          {
            "timestamp": "2026-03-05 10:26:10,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7880
          },
          {
            "timestamp": "2026-03-05 10:26:10,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7881
          },
          {
            "timestamp": "2026-03-05 10:26:10,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7882
          },
          {
            "timestamp": "2026-03-05 10:26:10,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7883
          },
          {
            "timestamp": "2026-03-05 10:26:10,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7884
          },
          {
            "timestamp": "2026-03-05 10:26:10,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7885
          },
          {
            "timestamp": "2026-03-05 10:26:10,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7886
          },
          {
            "timestamp": "2026-03-05 10:26:10,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7887
          },
          {
            "timestamp": "2026-03-05 10:26:10,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7888
          },
          {
            "timestamp": "2026-03-05 10:26:11,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7889
          },
          {
            "timestamp": "2026-03-05 10:26:11,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7890
          },
          {
            "timestamp": "2026-03-05 10:26:11,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7891
          },
          {
            "timestamp": "2026-03-05 10:26:11,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7892
          },
          {
            "timestamp": "2026-03-05 10:26:11,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7893
          },
          {
            "timestamp": "2026-03-05 10:26:11,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7894
          },
          {
            "timestamp": "2026-03-05 10:26:11,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7895
          },
          {
            "timestamp": "2026-03-05 10:26:11,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7896
          },
          {
            "timestamp": "2026-03-05 10:26:11,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7897
          },
          {
            "timestamp": "2026-03-05 10:26:11,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7898
          },
          {
            "timestamp": "2026-03-05 10:26:11,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7899
          },
          {
            "timestamp": "2026-03-05 10:26:11,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7900
          },
          {
            "timestamp": "2026-03-05 10:26:11,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7901
          },
          {
            "timestamp": "2026-03-05 10:26:11,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7902
          },
          {
            "timestamp": "2026-03-05 10:26:11,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7903
          },
          {
            "timestamp": "2026-03-05 10:26:11,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7904
          },
          {
            "timestamp": "2026-03-05 10:26:12,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7905
          },
          {
            "timestamp": "2026-03-05 10:26:12,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7906
          },
          {
            "timestamp": "2026-03-05 10:26:12,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7907
          },
          {
            "timestamp": "2026-03-05 10:26:12,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7908
          },
          {
            "timestamp": "2026-03-05 10:26:12,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7909
          },
          {
            "timestamp": "2026-03-05 10:26:12,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7910
          },
          {
            "timestamp": "2026-03-05 10:26:12,447",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7911
          },
          {
            "timestamp": "2026-03-05 10:26:12,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7912
          },
          {
            "timestamp": "2026-03-05 10:26:12,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7913
          },
          {
            "timestamp": "2026-03-05 10:26:12,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7914
          },
          {
            "timestamp": "2026-03-05 10:26:12,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7915
          },
          {
            "timestamp": "2026-03-05 10:26:12,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7916
          },
          {
            "timestamp": "2026-03-05 10:26:12,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7917
          },
          {
            "timestamp": "2026-03-05 10:26:12,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7918
          },
          {
            "timestamp": "2026-03-05 10:26:12,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7919
          },
          {
            "timestamp": "2026-03-05 10:26:12,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7920
          },
          {
            "timestamp": "2026-03-05 10:26:13,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7921
          },
          {
            "timestamp": "2026-03-05 10:26:13,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7922
          },
          {
            "timestamp": "2026-03-05 10:26:13,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7923
          },
          {
            "timestamp": "2026-03-05 10:26:13,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7924
          },
          {
            "timestamp": "2026-03-05 10:26:13,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7925
          },
          {
            "timestamp": "2026-03-05 10:26:13,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7926
          },
          {
            "timestamp": "2026-03-05 10:26:13,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7927
          },
          {
            "timestamp": "2026-03-05 10:26:13,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7928
          },
          {
            "timestamp": "2026-03-05 10:26:13,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7929
          },
          {
            "timestamp": "2026-03-05 10:26:13,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7930
          },
          {
            "timestamp": "2026-03-05 10:26:13,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7931
          },
          {
            "timestamp": "2026-03-05 10:26:13,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7932
          },
          {
            "timestamp": "2026-03-05 10:26:13,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7933
          },
          {
            "timestamp": "2026-03-05 10:26:13,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7934
          },
          {
            "timestamp": "2026-03-05 10:26:14,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7935
          },
          {
            "timestamp": "2026-03-05 10:26:14,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7936
          },
          {
            "timestamp": "2026-03-05 10:26:14,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7937
          },
          {
            "timestamp": "2026-03-05 10:26:14,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7938
          },
          {
            "timestamp": "2026-03-05 10:26:14,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7939
          },
          {
            "timestamp": "2026-03-05 10:26:14,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7940
          },
          {
            "timestamp": "2026-03-05 10:26:14,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7941
          },
          {
            "timestamp": "2026-03-05 10:26:14,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7942
          },
          {
            "timestamp": "2026-03-05 10:26:14,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7943
          },
          {
            "timestamp": "2026-03-05 10:26:14,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7944
          },
          {
            "timestamp": "2026-03-05 10:26:14,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7945
          },
          {
            "timestamp": "2026-03-05 10:26:14,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7946
          },
          {
            "timestamp": "2026-03-05 10:26:14,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7947
          },
          {
            "timestamp": "2026-03-05 10:26:14,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7948
          },
          {
            "timestamp": "2026-03-05 10:26:14,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7949
          },
          {
            "timestamp": "2026-03-05 10:26:14,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7950
          },
          {
            "timestamp": "2026-03-05 10:26:15,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7951
          },
          {
            "timestamp": "2026-03-05 10:26:15,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7952
          },
          {
            "timestamp": "2026-03-05 10:26:15,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7953
          },
          {
            "timestamp": "2026-03-05 10:26:15,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7954
          },
          {
            "timestamp": "2026-03-05 10:26:15,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7955
          },
          {
            "timestamp": "2026-03-05 10:26:15,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7956
          },
          {
            "timestamp": "2026-03-05 10:26:15,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7957
          },
          {
            "timestamp": "2026-03-05 10:26:15,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7958
          },
          {
            "timestamp": "2026-03-05 10:26:15,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7959
          },
          {
            "timestamp": "2026-03-05 10:26:15,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7960
          },
          {
            "timestamp": "2026-03-05 10:26:15,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7961
          },
          {
            "timestamp": "2026-03-05 10:26:15,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7962
          },
          {
            "timestamp": "2026-03-05 10:26:15,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7963
          },
          {
            "timestamp": "2026-03-05 10:26:15,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7964
          },
          {
            "timestamp": "2026-03-05 10:26:15,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7965
          },
          {
            "timestamp": "2026-03-05 10:26:15,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7966
          },
          {
            "timestamp": "2026-03-05 10:26:16,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7967
          },
          {
            "timestamp": "2026-03-05 10:26:16,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7968
          },
          {
            "timestamp": "2026-03-05 10:26:16,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7969
          },
          {
            "timestamp": "2026-03-05 10:26:16,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7970
          },
          {
            "timestamp": "2026-03-05 10:26:16,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7971
          },
          {
            "timestamp": "2026-03-05 10:26:16,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7972
          },
          {
            "timestamp": "2026-03-05 10:26:16,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7973
          },
          {
            "timestamp": "2026-03-05 10:26:16,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7974
          },
          {
            "timestamp": "2026-03-05 10:26:16,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7975
          },
          {
            "timestamp": "2026-03-05 10:26:16,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7976
          },
          {
            "timestamp": "2026-03-05 10:26:16,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7977
          },
          {
            "timestamp": "2026-03-05 10:26:16,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7978
          },
          {
            "timestamp": "2026-03-05 10:26:16,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7979
          },
          {
            "timestamp": "2026-03-05 10:26:16,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7980
          },
          {
            "timestamp": "2026-03-05 10:26:17,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7981
          },
          {
            "timestamp": "2026-03-05 10:26:17,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7982
          },
          {
            "timestamp": "2026-03-05 10:26:17,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7983
          },
          {
            "timestamp": "2026-03-05 10:26:17,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7984
          },
          {
            "timestamp": "2026-03-05 10:26:17,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7985
          },
          {
            "timestamp": "2026-03-05 10:26:17,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7986
          },
          {
            "timestamp": "2026-03-05 10:26:17,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7987
          },
          {
            "timestamp": "2026-03-05 10:26:17,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7988
          },
          {
            "timestamp": "2026-03-05 10:26:17,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7989
          },
          {
            "timestamp": "2026-03-05 10:26:17,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7990
          },
          {
            "timestamp": "2026-03-05 10:26:17,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7991
          },
          {
            "timestamp": "2026-03-05 10:26:17,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7992
          },
          {
            "timestamp": "2026-03-05 10:26:17,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7993
          },
          {
            "timestamp": "2026-03-05 10:26:17,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7994
          },
          {
            "timestamp": "2026-03-05 10:26:17,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7995
          },
          {
            "timestamp": "2026-03-05 10:26:17,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7996
          },
          {
            "timestamp": "2026-03-05 10:26:18,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7997
          },
          {
            "timestamp": "2026-03-05 10:26:18,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 7998
          },
          {
            "timestamp": "2026-03-05 10:26:18,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7999
          },
          {
            "timestamp": "2026-03-05 10:26:18,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8000
          },
          {
            "timestamp": "2026-03-05 10:26:18,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8001
          },
          {
            "timestamp": "2026-03-05 10:26:18,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8002
          },
          {
            "timestamp": "2026-03-05 10:26:18,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8003
          },
          {
            "timestamp": "2026-03-05 10:26:18,462",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8004
          },
          {
            "timestamp": "2026-03-05 10:26:18,572",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8005
          },
          {
            "timestamp": "2026-03-05 10:26:18,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8006
          },
          {
            "timestamp": "2026-03-05 10:26:18,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8007
          },
          {
            "timestamp": "2026-03-05 10:26:18,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8008
          },
          {
            "timestamp": "2026-03-05 10:26:18,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8009
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8010
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5516",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5516"
              }
            ],
            "repeated": 0,
            "id": 8011
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5516",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 8012
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5516",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5516"
              }
            ],
            "repeated": 0,
            "id": 8013
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5516",
            "caller": "0x742bad94",
            "parentcaller": "0x742ba15c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008fc"
              }
            ],
            "repeated": 0,
            "id": 8014
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5516",
            "caller": "0x75c4269a",
            "parentcaller": "0x758e5041",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000900"
              }
            ],
            "repeated": 0,
            "id": 8015
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5516",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8016
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5212"
              }
            ],
            "repeated": 0,
            "id": 8017
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 8018
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x75c4269a",
            "parentcaller": "0x7316753d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000918"
              }
            ],
            "repeated": 0,
            "id": 8019
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000908"
              }
            ],
            "repeated": 0,
            "id": 8020
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000090c"
              }
            ],
            "repeated": 0,
            "id": 8021
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000910"
              }
            ],
            "repeated": 0,
            "id": 8022
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000914"
              }
            ],
            "repeated": 0,
            "id": 8023
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5212"
              }
            ],
            "repeated": 0,
            "id": 8024
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "5212",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8025
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x73167056",
            "parentcaller": "0x7330eef5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "616"
              }
            ],
            "repeated": 0,
            "id": 8026
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 8027
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x75c4269a",
            "parentcaller": "0x7316753d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000948"
              }
            ],
            "repeated": 0,
            "id": 8028
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000938"
              }
            ],
            "repeated": 0,
            "id": 8029
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000093c"
              }
            ],
            "repeated": 0,
            "id": 8030
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000940"
              }
            ],
            "repeated": 0,
            "id": 8031
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x75c4269a",
            "parentcaller": "0x73096f21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 8032
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "616"
              }
            ],
            "repeated": 0,
            "id": 8033
          },
          {
            "timestamp": "2026-03-05 10:26:18,853",
            "thread_id": "616",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8034
          },
          {
            "timestamp": "2026-03-05 10:26:18,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8035
          },
          {
            "timestamp": "2026-03-05 10:26:18,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8036
          },
          {
            "timestamp": "2026-03-05 10:26:19,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8037
          },
          {
            "timestamp": "2026-03-05 10:26:19,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8038
          },
          {
            "timestamp": "2026-03-05 10:26:19,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8039
          },
          {
            "timestamp": "2026-03-05 10:26:19,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8040
          },
          {
            "timestamp": "2026-03-05 10:26:19,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8041
          },
          {
            "timestamp": "2026-03-05 10:26:19,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8042
          },
          {
            "timestamp": "2026-03-05 10:26:19,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8043
          },
          {
            "timestamp": "2026-03-05 10:26:19,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8044
          },
          {
            "timestamp": "2026-03-05 10:26:19,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8045
          },
          {
            "timestamp": "2026-03-05 10:26:19,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8046
          },
          {
            "timestamp": "2026-03-05 10:26:19,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8047
          },
          {
            "timestamp": "2026-03-05 10:26:19,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8048
          },
          {
            "timestamp": "2026-03-05 10:26:19,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8049
          },
          {
            "timestamp": "2026-03-05 10:26:19,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8050
          },
          {
            "timestamp": "2026-03-05 10:26:19,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8051
          },
          {
            "timestamp": "2026-03-05 10:26:19,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8052
          },
          {
            "timestamp": "2026-03-05 10:26:20,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8053
          },
          {
            "timestamp": "2026-03-05 10:26:20,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8054
          },
          {
            "timestamp": "2026-03-05 10:26:20,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8055
          },
          {
            "timestamp": "2026-03-05 10:26:20,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8056
          },
          {
            "timestamp": "2026-03-05 10:26:20,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8057
          },
          {
            "timestamp": "2026-03-05 10:26:20,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8058
          },
          {
            "timestamp": "2026-03-05 10:26:20,478",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8059
          },
          {
            "timestamp": "2026-03-05 10:26:20,494",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8060
          },
          {
            "timestamp": "2026-03-05 10:26:20,603",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8061
          },
          {
            "timestamp": "2026-03-05 10:26:20,619",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8062
          },
          {
            "timestamp": "2026-03-05 10:26:20,728",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8063
          },
          {
            "timestamp": "2026-03-05 10:26:20,744",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8064
          },
          {
            "timestamp": "2026-03-05 10:26:20,853",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8065
          },
          {
            "timestamp": "2026-03-05 10:26:20,869",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8066
          },
          {
            "timestamp": "2026-03-05 10:26:20,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8067
          },
          {
            "timestamp": "2026-03-05 10:26:20,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8068
          },
          {
            "timestamp": "2026-03-05 10:26:21,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8069
          },
          {
            "timestamp": "2026-03-05 10:26:21,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8070
          },
          {
            "timestamp": "2026-03-05 10:26:21,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8071
          },
          {
            "timestamp": "2026-03-05 10:26:21,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8072
          },
          {
            "timestamp": "2026-03-05 10:26:21,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8073
          },
          {
            "timestamp": "2026-03-05 10:26:21,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8074
          },
          {
            "timestamp": "2026-03-05 10:26:21,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8075
          },
          {
            "timestamp": "2026-03-05 10:26:21,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8076
          },
          {
            "timestamp": "2026-03-05 10:26:21,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8077
          },
          {
            "timestamp": "2026-03-05 10:26:21,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8078
          },
          {
            "timestamp": "2026-03-05 10:26:21,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8079
          },
          {
            "timestamp": "2026-03-05 10:26:21,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8080
          },
          {
            "timestamp": "2026-03-05 10:26:21,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8081
          },
          {
            "timestamp": "2026-03-05 10:26:21,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8082
          },
          {
            "timestamp": "2026-03-05 10:26:21,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8083
          },
          {
            "timestamp": "2026-03-05 10:26:22,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8084
          },
          {
            "timestamp": "2026-03-05 10:26:22,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8085
          },
          {
            "timestamp": "2026-03-05 10:26:22,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8086
          },
          {
            "timestamp": "2026-03-05 10:26:22,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8087
          },
          {
            "timestamp": "2026-03-05 10:26:22,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8088
          },
          {
            "timestamp": "2026-03-05 10:26:22,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8089
          },
          {
            "timestamp": "2026-03-05 10:26:22,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8090
          },
          {
            "timestamp": "2026-03-05 10:26:22,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8091
          },
          {
            "timestamp": "2026-03-05 10:26:22,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8092
          },
          {
            "timestamp": "2026-03-05 10:26:22,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8093
          },
          {
            "timestamp": "2026-03-05 10:26:22,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8094
          },
          {
            "timestamp": "2026-03-05 10:26:22,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8095
          },
          {
            "timestamp": "2026-03-05 10:26:22,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8096
          },
          {
            "timestamp": "2026-03-05 10:26:22,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8097
          },
          {
            "timestamp": "2026-03-05 10:26:22,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8098
          },
          {
            "timestamp": "2026-03-05 10:26:23,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8099
          },
          {
            "timestamp": "2026-03-05 10:26:23,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8100
          },
          {
            "timestamp": "2026-03-05 10:26:23,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8101
          },
          {
            "timestamp": "2026-03-05 10:26:23,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8102
          },
          {
            "timestamp": "2026-03-05 10:26:23,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8103
          },
          {
            "timestamp": "2026-03-05 10:26:23,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8104
          },
          {
            "timestamp": "2026-03-05 10:26:23,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8105
          },
          {
            "timestamp": "2026-03-05 10:26:23,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8106
          },
          {
            "timestamp": "2026-03-05 10:26:23,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8107
          },
          {
            "timestamp": "2026-03-05 10:26:23,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8108
          },
          {
            "timestamp": "2026-03-05 10:26:23,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8109
          },
          {
            "timestamp": "2026-03-05 10:26:23,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8110
          },
          {
            "timestamp": "2026-03-05 10:26:23,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8111
          },
          {
            "timestamp": "2026-03-05 10:26:23,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8112
          },
          {
            "timestamp": "2026-03-05 10:26:23,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8113
          },
          {
            "timestamp": "2026-03-05 10:26:23,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8114
          },
          {
            "timestamp": "2026-03-05 10:26:24,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8115
          },
          {
            "timestamp": "2026-03-05 10:26:24,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8116
          },
          {
            "timestamp": "2026-03-05 10:26:24,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8117
          },
          {
            "timestamp": "2026-03-05 10:26:24,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8118
          },
          {
            "timestamp": "2026-03-05 10:26:24,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8119
          },
          {
            "timestamp": "2026-03-05 10:26:24,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8120
          },
          {
            "timestamp": "2026-03-05 10:26:24,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8121
          },
          {
            "timestamp": "2026-03-05 10:26:24,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8122
          },
          {
            "timestamp": "2026-03-05 10:26:24,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8123
          },
          {
            "timestamp": "2026-03-05 10:26:24,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8124
          },
          {
            "timestamp": "2026-03-05 10:26:24,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8125
          },
          {
            "timestamp": "2026-03-05 10:26:24,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8126
          },
          {
            "timestamp": "2026-03-05 10:26:24,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8127
          },
          {
            "timestamp": "2026-03-05 10:26:24,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8128
          },
          {
            "timestamp": "2026-03-05 10:26:24,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8129
          },
          {
            "timestamp": "2026-03-05 10:26:24,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8130
          },
          {
            "timestamp": "2026-03-05 10:26:25,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8131
          },
          {
            "timestamp": "2026-03-05 10:26:25,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8132
          },
          {
            "timestamp": "2026-03-05 10:26:25,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8133
          },
          {
            "timestamp": "2026-03-05 10:26:25,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8134
          },
          {
            "timestamp": "2026-03-05 10:26:25,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8135
          },
          {
            "timestamp": "2026-03-05 10:26:25,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8136
          },
          {
            "timestamp": "2026-03-05 10:26:25,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8137
          },
          {
            "timestamp": "2026-03-05 10:26:25,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8138
          },
          {
            "timestamp": "2026-03-05 10:26:25,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8139
          },
          {
            "timestamp": "2026-03-05 10:26:25,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8140
          },
          {
            "timestamp": "2026-03-05 10:26:25,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8141
          },
          {
            "timestamp": "2026-03-05 10:26:25,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8142
          },
          {
            "timestamp": "2026-03-05 10:26:25,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8143
          },
          {
            "timestamp": "2026-03-05 10:26:25,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8144
          },
          {
            "timestamp": "2026-03-05 10:26:25,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8145
          },
          {
            "timestamp": "2026-03-05 10:26:25,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8146
          },
          {
            "timestamp": "2026-03-05 10:26:26,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8147
          },
          {
            "timestamp": "2026-03-05 10:26:26,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8148
          },
          {
            "timestamp": "2026-03-05 10:26:26,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8149
          },
          {
            "timestamp": "2026-03-05 10:26:26,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8150
          },
          {
            "timestamp": "2026-03-05 10:26:26,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8151
          },
          {
            "timestamp": "2026-03-05 10:26:26,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8152
          },
          {
            "timestamp": "2026-03-05 10:26:26,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8153
          },
          {
            "timestamp": "2026-03-05 10:26:26,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8154
          },
          {
            "timestamp": "2026-03-05 10:26:26,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8155
          },
          {
            "timestamp": "2026-03-05 10:26:26,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8156
          },
          {
            "timestamp": "2026-03-05 10:26:26,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8157
          },
          {
            "timestamp": "2026-03-05 10:26:26,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8158
          },
          {
            "timestamp": "2026-03-05 10:26:26,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8159
          },
          {
            "timestamp": "2026-03-05 10:26:26,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8160
          },
          {
            "timestamp": "2026-03-05 10:26:26,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8161
          },
          {
            "timestamp": "2026-03-05 10:26:26,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8162
          },
          {
            "timestamp": "2026-03-05 10:26:27,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8163
          },
          {
            "timestamp": "2026-03-05 10:26:27,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8164
          },
          {
            "timestamp": "2026-03-05 10:26:27,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8165
          },
          {
            "timestamp": "2026-03-05 10:26:27,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8166
          },
          {
            "timestamp": "2026-03-05 10:26:27,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8167
          },
          {
            "timestamp": "2026-03-05 10:26:27,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8168
          },
          {
            "timestamp": "2026-03-05 10:26:27,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8169
          },
          {
            "timestamp": "2026-03-05 10:26:27,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8170
          },
          {
            "timestamp": "2026-03-05 10:26:27,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8171
          },
          {
            "timestamp": "2026-03-05 10:26:27,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8172
          },
          {
            "timestamp": "2026-03-05 10:26:27,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8173
          },
          {
            "timestamp": "2026-03-05 10:26:27,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8174
          },
          {
            "timestamp": "2026-03-05 10:26:27,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8175
          },
          {
            "timestamp": "2026-03-05 10:26:27,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8176
          },
          {
            "timestamp": "2026-03-05 10:26:27,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8177
          },
          {
            "timestamp": "2026-03-05 10:26:27,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8178
          },
          {
            "timestamp": "2026-03-05 10:26:28,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8179
          },
          {
            "timestamp": "2026-03-05 10:26:28,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8180
          },
          {
            "timestamp": "2026-03-05 10:26:28,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8181
          },
          {
            "timestamp": "2026-03-05 10:26:28,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8182
          },
          {
            "timestamp": "2026-03-05 10:26:28,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8183
          },
          {
            "timestamp": "2026-03-05 10:26:28,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8184
          },
          {
            "timestamp": "2026-03-05 10:26:28,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8185
          },
          {
            "timestamp": "2026-03-05 10:26:28,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8186
          },
          {
            "timestamp": "2026-03-05 10:26:28,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8187
          },
          {
            "timestamp": "2026-03-05 10:26:28,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8188
          },
          {
            "timestamp": "2026-03-05 10:26:28,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8189
          },
          {
            "timestamp": "2026-03-05 10:26:28,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8190
          },
          {
            "timestamp": "2026-03-05 10:26:28,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8191
          },
          {
            "timestamp": "2026-03-05 10:26:28,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8192
          },
          {
            "timestamp": "2026-03-05 10:26:28,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8193
          },
          {
            "timestamp": "2026-03-05 10:26:28,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8194
          },
          {
            "timestamp": "2026-03-05 10:26:29,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8195
          },
          {
            "timestamp": "2026-03-05 10:26:29,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8196
          },
          {
            "timestamp": "2026-03-05 10:26:29,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8197
          },
          {
            "timestamp": "2026-03-05 10:26:29,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8198
          },
          {
            "timestamp": "2026-03-05 10:26:29,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8199
          },
          {
            "timestamp": "2026-03-05 10:26:29,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8200
          },
          {
            "timestamp": "2026-03-05 10:26:29,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8201
          },
          {
            "timestamp": "2026-03-05 10:26:29,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8202
          },
          {
            "timestamp": "2026-03-05 10:26:29,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8203
          },
          {
            "timestamp": "2026-03-05 10:26:29,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8204
          },
          {
            "timestamp": "2026-03-05 10:26:29,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8205
          },
          {
            "timestamp": "2026-03-05 10:26:29,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8206
          },
          {
            "timestamp": "2026-03-05 10:26:29,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8207
          },
          {
            "timestamp": "2026-03-05 10:26:29,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8208
          },
          {
            "timestamp": "2026-03-05 10:26:29,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8209
          },
          {
            "timestamp": "2026-03-05 10:26:29,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8210
          },
          {
            "timestamp": "2026-03-05 10:26:30,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8211
          },
          {
            "timestamp": "2026-03-05 10:26:30,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8212
          },
          {
            "timestamp": "2026-03-05 10:26:30,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8213
          },
          {
            "timestamp": "2026-03-05 10:26:30,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8214
          },
          {
            "timestamp": "2026-03-05 10:26:30,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8215
          },
          {
            "timestamp": "2026-03-05 10:26:30,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8216
          },
          {
            "timestamp": "2026-03-05 10:26:30,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8217
          },
          {
            "timestamp": "2026-03-05 10:26:30,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8218
          },
          {
            "timestamp": "2026-03-05 10:26:30,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8219
          },
          {
            "timestamp": "2026-03-05 10:26:30,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8220
          },
          {
            "timestamp": "2026-03-05 10:26:30,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8221
          },
          {
            "timestamp": "2026-03-05 10:26:30,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8222
          },
          {
            "timestamp": "2026-03-05 10:26:30,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8223
          },
          {
            "timestamp": "2026-03-05 10:26:30,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8224
          },
          {
            "timestamp": "2026-03-05 10:26:30,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8225
          },
          {
            "timestamp": "2026-03-05 10:26:30,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8226
          },
          {
            "timestamp": "2026-03-05 10:26:31,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8227
          },
          {
            "timestamp": "2026-03-05 10:26:31,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8228
          },
          {
            "timestamp": "2026-03-05 10:26:31,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8229
          },
          {
            "timestamp": "2026-03-05 10:26:31,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8230
          },
          {
            "timestamp": "2026-03-05 10:26:31,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8231
          },
          {
            "timestamp": "2026-03-05 10:26:31,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8232
          },
          {
            "timestamp": "2026-03-05 10:26:31,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8233
          },
          {
            "timestamp": "2026-03-05 10:26:31,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8234
          },
          {
            "timestamp": "2026-03-05 10:26:31,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8235
          },
          {
            "timestamp": "2026-03-05 10:26:31,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8236
          },
          {
            "timestamp": "2026-03-05 10:26:31,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8237
          },
          {
            "timestamp": "2026-03-05 10:26:31,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8238
          },
          {
            "timestamp": "2026-03-05 10:26:31,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8239
          },
          {
            "timestamp": "2026-03-05 10:26:31,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8240
          },
          {
            "timestamp": "2026-03-05 10:26:31,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8241
          },
          {
            "timestamp": "2026-03-05 10:26:31,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8242
          },
          {
            "timestamp": "2026-03-05 10:26:32,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8243
          },
          {
            "timestamp": "2026-03-05 10:26:32,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8244
          },
          {
            "timestamp": "2026-03-05 10:26:32,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8245
          },
          {
            "timestamp": "2026-03-05 10:26:32,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8246
          },
          {
            "timestamp": "2026-03-05 10:26:32,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8247
          },
          {
            "timestamp": "2026-03-05 10:26:32,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8248
          },
          {
            "timestamp": "2026-03-05 10:26:32,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8249
          },
          {
            "timestamp": "2026-03-05 10:26:32,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8250
          },
          {
            "timestamp": "2026-03-05 10:26:32,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8251
          },
          {
            "timestamp": "2026-03-05 10:26:32,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8252
          },
          {
            "timestamp": "2026-03-05 10:26:32,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8253
          },
          {
            "timestamp": "2026-03-05 10:26:32,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8254
          },
          {
            "timestamp": "2026-03-05 10:26:32,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8255
          },
          {
            "timestamp": "2026-03-05 10:26:32,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8256
          },
          {
            "timestamp": "2026-03-05 10:26:32,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8257
          },
          {
            "timestamp": "2026-03-05 10:26:32,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8258
          },
          {
            "timestamp": "2026-03-05 10:26:33,025",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8259
          },
          {
            "timestamp": "2026-03-05 10:26:33,041",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8260
          },
          {
            "timestamp": "2026-03-05 10:26:33,150",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8261
          },
          {
            "timestamp": "2026-03-05 10:26:33,166",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8262
          },
          {
            "timestamp": "2026-03-05 10:26:33,275",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8263
          },
          {
            "timestamp": "2026-03-05 10:26:33,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8264
          },
          {
            "timestamp": "2026-03-05 10:26:33,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8265
          },
          {
            "timestamp": "2026-03-05 10:26:33,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8266
          },
          {
            "timestamp": "2026-03-05 10:26:33,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8267
          },
          {
            "timestamp": "2026-03-05 10:26:33,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8268
          },
          {
            "timestamp": "2026-03-05 10:26:33,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8269
          },
          {
            "timestamp": "2026-03-05 10:26:33,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8270
          },
          {
            "timestamp": "2026-03-05 10:26:33,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8271
          },
          {
            "timestamp": "2026-03-05 10:26:33,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8272
          },
          {
            "timestamp": "2026-03-05 10:26:33,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8273
          },
          {
            "timestamp": "2026-03-05 10:26:33,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8274
          },
          {
            "timestamp": "2026-03-05 10:26:34,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8275
          },
          {
            "timestamp": "2026-03-05 10:26:34,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8276
          },
          {
            "timestamp": "2026-03-05 10:26:34,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8277
          },
          {
            "timestamp": "2026-03-05 10:26:34,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8278
          },
          {
            "timestamp": "2026-03-05 10:26:34,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8279
          },
          {
            "timestamp": "2026-03-05 10:26:34,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8280
          },
          {
            "timestamp": "2026-03-05 10:26:34,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8281
          },
          {
            "timestamp": "2026-03-05 10:26:34,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8282
          },
          {
            "timestamp": "2026-03-05 10:26:34,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8283
          },
          {
            "timestamp": "2026-03-05 10:26:34,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8284
          },
          {
            "timestamp": "2026-03-05 10:26:34,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8285
          },
          {
            "timestamp": "2026-03-05 10:26:34,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8286
          },
          {
            "timestamp": "2026-03-05 10:26:34,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8287
          },
          {
            "timestamp": "2026-03-05 10:26:34,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8288
          },
          {
            "timestamp": "2026-03-05 10:26:34,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8289
          },
          {
            "timestamp": "2026-03-05 10:26:34,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8290
          },
          {
            "timestamp": "2026-03-05 10:26:35,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8291
          },
          {
            "timestamp": "2026-03-05 10:26:35,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8292
          },
          {
            "timestamp": "2026-03-05 10:26:35,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8293
          },
          {
            "timestamp": "2026-03-05 10:26:35,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8294
          },
          {
            "timestamp": "2026-03-05 10:26:35,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8295
          },
          {
            "timestamp": "2026-03-05 10:26:35,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8296
          },
          {
            "timestamp": "2026-03-05 10:26:35,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8297
          },
          {
            "timestamp": "2026-03-05 10:26:35,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8298
          },
          {
            "timestamp": "2026-03-05 10:26:35,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8299
          },
          {
            "timestamp": "2026-03-05 10:26:35,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8300
          },
          {
            "timestamp": "2026-03-05 10:26:35,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8301
          },
          {
            "timestamp": "2026-03-05 10:26:35,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8302
          },
          {
            "timestamp": "2026-03-05 10:26:35,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8303
          },
          {
            "timestamp": "2026-03-05 10:26:35,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8304
          },
          {
            "timestamp": "2026-03-05 10:26:35,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8305
          },
          {
            "timestamp": "2026-03-05 10:26:35,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8306
          },
          {
            "timestamp": "2026-03-05 10:26:36,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8307
          },
          {
            "timestamp": "2026-03-05 10:26:36,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8308
          },
          {
            "timestamp": "2026-03-05 10:26:36,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8309
          },
          {
            "timestamp": "2026-03-05 10:26:36,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8310
          },
          {
            "timestamp": "2026-03-05 10:26:36,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8311
          },
          {
            "timestamp": "2026-03-05 10:26:36,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8312
          },
          {
            "timestamp": "2026-03-05 10:26:36,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8313
          },
          {
            "timestamp": "2026-03-05 10:26:36,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8314
          },
          {
            "timestamp": "2026-03-05 10:26:36,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8315
          },
          {
            "timestamp": "2026-03-05 10:26:36,587",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8316
          },
          {
            "timestamp": "2026-03-05 10:26:36,697",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8317
          },
          {
            "timestamp": "2026-03-05 10:26:36,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8318
          },
          {
            "timestamp": "2026-03-05 10:26:36,791",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 8319
          },
          {
            "timestamp": "2026-03-05 10:26:36,791",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x96H\\x9f\\x1b\\xba\\xad+a\\x9bV\\xd7\\xe7\\xfb\\xf6\\x92\\xb9\\xa2U\\xdd\\x82y\\xb1\\xf0/\\xa2\\xcbeE$\\xe8\\x9e\\xf2"
              }
            ],
            "repeated": 0,
            "id": 8320
          },
          {
            "timestamp": "2026-03-05 10:26:36,791",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x17"
              },
              {
                "name": "SequenceNumber",
                "value": "25"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8321
          },
          {
            "timestamp": "2026-03-05 10:26:36,791",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 8322
          },
          {
            "timestamp": "2026-03-05 10:26:36,791",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x04\r\\x9b&\\xa2\\x95\\x0e\\xe1#\\xc20\\x84\\xd2\\xbfy\\x05\\xe21Y\\xe1\\xb4\\xc2\\x14\\xe3:bse\\xd5\\xa7[o"
              }
            ],
            "repeated": 0,
            "id": 8323
          },
          {
            "timestamp": "2026-03-05 10:26:36,791",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "26"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8324
          },
          {
            "timestamp": "2026-03-05 10:26:36,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8325
          },
          {
            "timestamp": "2026-03-05 10:26:36,837",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8326
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 8327
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x99\\xf9m\\xe8\\xd1\\xdd\\xd8\\xf3\\x1e\\xc1\\x8f\\xa3\r\\xdd\\xcd\\xddQh\\xdf\\xf4\\xf7\\xffb\\xcfr\\xa3<\\xccx|\\xa3E"
              }
            ],
            "repeated": 0,
            "id": 8328
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "27"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8329
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 8330
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "Uk\\x05\\xc7a\\x1b\\x9f+\\xa4{t\\xb9\\xf9p\\xc3\\x07?.|;\\xdc0\\xfa9\\x06^\\x17P\\xc7Ay\\xd9\\xdd\\xab\\x03\\xe3\\x8d\\xb9\\xedp\\x7f\\x8f\\x92\\x87\\xb6\\xdc\\x02\\xd7"
              }
            ],
            "repeated": 0,
            "id": 8331
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9b\\xc5\\xc4\\x00\\x00\\xb6\\x86\\xf3=\\x03\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "28"
              },
              {
                "name": "BufferSize",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 8332
          },
          {
            "timestamp": "2026-03-05 10:26:36,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8333
          },
          {
            "timestamp": "2026-03-05 10:26:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5192"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 8334
          },
          {
            "timestamp": "2026-03-05 10:26:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000944",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5192"
              }
            ],
            "repeated": 0,
            "id": 8335
          },
          {
            "timestamp": "2026-03-05 10:26:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000944"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5192"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 8336
          },
          {
            "timestamp": "2026-03-05 10:26:36,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 8337
          },
          {
            "timestamp": "2026-03-05 10:26:36,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8338
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "5192",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8339
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "5192",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8340
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "5192",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8341
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "5192",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 8342
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "5192",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5192"
              }
            ],
            "repeated": 0,
            "id": 8343
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "5192",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8344
          },
          {
            "timestamp": "2026-03-05 10:26:36,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8345
          },
          {
            "timestamp": "2026-03-05 10:26:37,087",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8346
          },
          {
            "timestamp": "2026-03-05 10:26:37,103",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8347
          },
          {
            "timestamp": "2026-03-05 10:26:37,212",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8348
          },
          {
            "timestamp": "2026-03-05 10:26:37,228",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8349
          },
          {
            "timestamp": "2026-03-05 10:26:37,337",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8350
          },
          {
            "timestamp": "2026-03-05 10:26:37,353",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8351
          },
          {
            "timestamp": "2026-03-05 10:26:37,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8352
          },
          {
            "timestamp": "2026-03-05 10:26:37,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8353
          },
          {
            "timestamp": "2026-03-05 10:26:37,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8354
          },
          {
            "timestamp": "2026-03-05 10:26:37,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8355
          },
          {
            "timestamp": "2026-03-05 10:26:37,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8356
          },
          {
            "timestamp": "2026-03-05 10:26:37,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8357
          },
          {
            "timestamp": "2026-03-05 10:26:37,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8358
          },
          {
            "timestamp": "2026-03-05 10:26:37,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8359
          },
          {
            "timestamp": "2026-03-05 10:26:37,962",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8360
          },
          {
            "timestamp": "2026-03-05 10:26:37,978",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8361
          },
          {
            "timestamp": "2026-03-05 10:26:38,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8362
          },
          {
            "timestamp": "2026-03-05 10:26:38,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8363
          },
          {
            "timestamp": "2026-03-05 10:26:38,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8364
          },
          {
            "timestamp": "2026-03-05 10:26:38,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8365
          },
          {
            "timestamp": "2026-03-05 10:26:38,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8366
          },
          {
            "timestamp": "2026-03-05 10:26:38,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8367
          },
          {
            "timestamp": "2026-03-05 10:26:38,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8368
          },
          {
            "timestamp": "2026-03-05 10:26:38,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8369
          },
          {
            "timestamp": "2026-03-05 10:26:38,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8370
          },
          {
            "timestamp": "2026-03-05 10:26:38,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8371
          },
          {
            "timestamp": "2026-03-05 10:26:38,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8372
          },
          {
            "timestamp": "2026-03-05 10:26:38,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8373
          },
          {
            "timestamp": "2026-03-05 10:26:38,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8374
          },
          {
            "timestamp": "2026-03-05 10:26:38,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8375
          },
          {
            "timestamp": "2026-03-05 10:26:39,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8376
          },
          {
            "timestamp": "2026-03-05 10:26:39,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8377
          },
          {
            "timestamp": "2026-03-05 10:26:39,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8378
          },
          {
            "timestamp": "2026-03-05 10:26:39,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8379
          },
          {
            "timestamp": "2026-03-05 10:26:39,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8380
          },
          {
            "timestamp": "2026-03-05 10:26:39,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8381
          },
          {
            "timestamp": "2026-03-05 10:26:39,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8382
          },
          {
            "timestamp": "2026-03-05 10:26:39,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8383
          },
          {
            "timestamp": "2026-03-05 10:26:39,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8384
          },
          {
            "timestamp": "2026-03-05 10:26:39,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8385
          },
          {
            "timestamp": "2026-03-05 10:26:39,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8386
          },
          {
            "timestamp": "2026-03-05 10:26:39,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8387
          },
          {
            "timestamp": "2026-03-05 10:26:39,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8388
          },
          {
            "timestamp": "2026-03-05 10:26:39,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8389
          },
          {
            "timestamp": "2026-03-05 10:26:39,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8390
          },
          {
            "timestamp": "2026-03-05 10:26:39,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8391
          },
          {
            "timestamp": "2026-03-05 10:26:40,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8392
          },
          {
            "timestamp": "2026-03-05 10:26:40,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8393
          },
          {
            "timestamp": "2026-03-05 10:26:40,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8394
          },
          {
            "timestamp": "2026-03-05 10:26:40,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8395
          },
          {
            "timestamp": "2026-03-05 10:26:40,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8396
          },
          {
            "timestamp": "2026-03-05 10:26:40,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8397
          },
          {
            "timestamp": "2026-03-05 10:26:40,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8398
          },
          {
            "timestamp": "2026-03-05 10:26:40,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8399
          },
          {
            "timestamp": "2026-03-05 10:26:40,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8400
          },
          {
            "timestamp": "2026-03-05 10:26:40,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8401
          },
          {
            "timestamp": "2026-03-05 10:26:40,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8402
          },
          {
            "timestamp": "2026-03-05 10:26:40,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8403
          },
          {
            "timestamp": "2026-03-05 10:26:40,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8404
          },
          {
            "timestamp": "2026-03-05 10:26:40,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8405
          },
          {
            "timestamp": "2026-03-05 10:26:40,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8406
          },
          {
            "timestamp": "2026-03-05 10:26:40,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8407
          },
          {
            "timestamp": "2026-03-05 10:26:41,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8408
          },
          {
            "timestamp": "2026-03-05 10:26:41,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8409
          },
          {
            "timestamp": "2026-03-05 10:26:41,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8410
          },
          {
            "timestamp": "2026-03-05 10:26:41,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8411
          },
          {
            "timestamp": "2026-03-05 10:26:41,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8412
          },
          {
            "timestamp": "2026-03-05 10:26:41,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8413
          },
          {
            "timestamp": "2026-03-05 10:26:41,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8414
          },
          {
            "timestamp": "2026-03-05 10:26:41,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8415
          },
          {
            "timestamp": "2026-03-05 10:26:41,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8416
          },
          {
            "timestamp": "2026-03-05 10:26:41,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8417
          },
          {
            "timestamp": "2026-03-05 10:26:41,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8418
          },
          {
            "timestamp": "2026-03-05 10:26:41,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8419
          },
          {
            "timestamp": "2026-03-05 10:26:41,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8420
          },
          {
            "timestamp": "2026-03-05 10:26:41,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8421
          },
          {
            "timestamp": "2026-03-05 10:26:41,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8422
          },
          {
            "timestamp": "2026-03-05 10:26:41,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8423
          },
          {
            "timestamp": "2026-03-05 10:26:42,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8424
          },
          {
            "timestamp": "2026-03-05 10:26:42,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8425
          },
          {
            "timestamp": "2026-03-05 10:26:42,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8426
          },
          {
            "timestamp": "2026-03-05 10:26:42,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8427
          },
          {
            "timestamp": "2026-03-05 10:26:42,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8428
          },
          {
            "timestamp": "2026-03-05 10:26:42,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8429
          },
          {
            "timestamp": "2026-03-05 10:26:42,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8430
          },
          {
            "timestamp": "2026-03-05 10:26:42,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8431
          },
          {
            "timestamp": "2026-03-05 10:26:42,541",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8432
          },
          {
            "timestamp": "2026-03-05 10:26:42,556",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8433
          },
          {
            "timestamp": "2026-03-05 10:26:42,666",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8434
          },
          {
            "timestamp": "2026-03-05 10:26:42,681",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8435
          },
          {
            "timestamp": "2026-03-05 10:26:42,791",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8436
          },
          {
            "timestamp": "2026-03-05 10:26:42,806",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8437
          },
          {
            "timestamp": "2026-03-05 10:26:42,916",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8438
          },
          {
            "timestamp": "2026-03-05 10:26:42,931",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8439
          },
          {
            "timestamp": "2026-03-05 10:26:43,041",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8440
          },
          {
            "timestamp": "2026-03-05 10:26:43,056",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8441
          },
          {
            "timestamp": "2026-03-05 10:26:43,166",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8442
          },
          {
            "timestamp": "2026-03-05 10:26:43,181",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8443
          },
          {
            "timestamp": "2026-03-05 10:26:43,291",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8444
          },
          {
            "timestamp": "2026-03-05 10:26:43,306",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8445
          },
          {
            "timestamp": "2026-03-05 10:26:43,416",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8446
          },
          {
            "timestamp": "2026-03-05 10:26:43,431",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8447
          },
          {
            "timestamp": "2026-03-05 10:26:43,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8448
          },
          {
            "timestamp": "2026-03-05 10:26:43,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8449
          },
          {
            "timestamp": "2026-03-05 10:26:43,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8450
          },
          {
            "timestamp": "2026-03-05 10:26:43,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8451
          },
          {
            "timestamp": "2026-03-05 10:26:43,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8452
          },
          {
            "timestamp": "2026-03-05 10:26:43,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8453
          },
          {
            "timestamp": "2026-03-05 10:26:43,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8454
          },
          {
            "timestamp": "2026-03-05 10:26:43,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8455
          },
          {
            "timestamp": "2026-03-05 10:26:44,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8456
          },
          {
            "timestamp": "2026-03-05 10:26:44,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8457
          },
          {
            "timestamp": "2026-03-05 10:26:44,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8458
          },
          {
            "timestamp": "2026-03-05 10:26:44,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8459
          },
          {
            "timestamp": "2026-03-05 10:26:44,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8460
          },
          {
            "timestamp": "2026-03-05 10:26:44,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8461
          },
          {
            "timestamp": "2026-03-05 10:26:44,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8462
          },
          {
            "timestamp": "2026-03-05 10:26:44,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8463
          },
          {
            "timestamp": "2026-03-05 10:26:44,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8464
          },
          {
            "timestamp": "2026-03-05 10:26:44,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8465
          },
          {
            "timestamp": "2026-03-05 10:26:44,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8466
          },
          {
            "timestamp": "2026-03-05 10:26:44,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8467
          },
          {
            "timestamp": "2026-03-05 10:26:44,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8468
          },
          {
            "timestamp": "2026-03-05 10:26:44,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8469
          },
          {
            "timestamp": "2026-03-05 10:26:44,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8470
          },
          {
            "timestamp": "2026-03-05 10:26:44,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8471
          },
          {
            "timestamp": "2026-03-05 10:26:45,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8472
          },
          {
            "timestamp": "2026-03-05 10:26:45,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8473
          },
          {
            "timestamp": "2026-03-05 10:26:45,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8474
          },
          {
            "timestamp": "2026-03-05 10:26:45,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8475
          },
          {
            "timestamp": "2026-03-05 10:26:45,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8476
          },
          {
            "timestamp": "2026-03-05 10:26:45,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8477
          },
          {
            "timestamp": "2026-03-05 10:26:45,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8478
          },
          {
            "timestamp": "2026-03-05 10:26:45,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8479
          },
          {
            "timestamp": "2026-03-05 10:26:45,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8480
          },
          {
            "timestamp": "2026-03-05 10:26:45,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8481
          },
          {
            "timestamp": "2026-03-05 10:26:45,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8482
          },
          {
            "timestamp": "2026-03-05 10:26:45,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8483
          },
          {
            "timestamp": "2026-03-05 10:26:45,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8484
          },
          {
            "timestamp": "2026-03-05 10:26:45,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8485
          },
          {
            "timestamp": "2026-03-05 10:26:45,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8486
          },
          {
            "timestamp": "2026-03-05 10:26:45,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8487
          },
          {
            "timestamp": "2026-03-05 10:26:46,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8488
          },
          {
            "timestamp": "2026-03-05 10:26:46,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8489
          },
          {
            "timestamp": "2026-03-05 10:26:46,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8490
          },
          {
            "timestamp": "2026-03-05 10:26:46,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8491
          },
          {
            "timestamp": "2026-03-05 10:26:46,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8492
          },
          {
            "timestamp": "2026-03-05 10:26:46,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8493
          },
          {
            "timestamp": "2026-03-05 10:26:46,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8494
          },
          {
            "timestamp": "2026-03-05 10:26:46,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8495
          },
          {
            "timestamp": "2026-03-05 10:26:46,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8496
          },
          {
            "timestamp": "2026-03-05 10:26:46,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8497
          },
          {
            "timestamp": "2026-03-05 10:26:46,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8498
          },
          {
            "timestamp": "2026-03-05 10:26:46,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8499
          },
          {
            "timestamp": "2026-03-05 10:26:46,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8500
          },
          {
            "timestamp": "2026-03-05 10:26:46,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8501
          },
          {
            "timestamp": "2026-03-05 10:26:46,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8502
          },
          {
            "timestamp": "2026-03-05 10:26:46,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8503
          },
          {
            "timestamp": "2026-03-05 10:26:47,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8504
          },
          {
            "timestamp": "2026-03-05 10:26:47,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8505
          },
          {
            "timestamp": "2026-03-05 10:26:47,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8506
          },
          {
            "timestamp": "2026-03-05 10:26:47,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8507
          },
          {
            "timestamp": "2026-03-05 10:26:47,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8508
          },
          {
            "timestamp": "2026-03-05 10:26:47,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8509
          },
          {
            "timestamp": "2026-03-05 10:26:47,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8510
          },
          {
            "timestamp": "2026-03-05 10:26:47,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8511
          },
          {
            "timestamp": "2026-03-05 10:26:47,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8512
          },
          {
            "timestamp": "2026-03-05 10:26:47,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8513
          },
          {
            "timestamp": "2026-03-05 10:26:47,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8514
          },
          {
            "timestamp": "2026-03-05 10:26:47,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8515
          },
          {
            "timestamp": "2026-03-05 10:26:47,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8516
          },
          {
            "timestamp": "2026-03-05 10:26:47,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8517
          },
          {
            "timestamp": "2026-03-05 10:26:47,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8518
          },
          {
            "timestamp": "2026-03-05 10:26:47,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8519
          },
          {
            "timestamp": "2026-03-05 10:26:48,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8520
          },
          {
            "timestamp": "2026-03-05 10:26:48,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8521
          },
          {
            "timestamp": "2026-03-05 10:26:48,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8522
          },
          {
            "timestamp": "2026-03-05 10:26:48,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8523
          },
          {
            "timestamp": "2026-03-05 10:26:48,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8524
          },
          {
            "timestamp": "2026-03-05 10:26:48,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8525
          },
          {
            "timestamp": "2026-03-05 10:26:48,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8526
          },
          {
            "timestamp": "2026-03-05 10:26:48,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8527
          },
          {
            "timestamp": "2026-03-05 10:26:48,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8528
          },
          {
            "timestamp": "2026-03-05 10:26:48,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8529
          },
          {
            "timestamp": "2026-03-05 10:26:48,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8530
          },
          {
            "timestamp": "2026-03-05 10:26:48,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8531
          },
          {
            "timestamp": "2026-03-05 10:26:48,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8532
          },
          {
            "timestamp": "2026-03-05 10:26:48,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8533
          },
          {
            "timestamp": "2026-03-05 10:26:48,931",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8534
          },
          {
            "timestamp": "2026-03-05 10:26:48,947",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8535
          },
          {
            "timestamp": "2026-03-05 10:26:49,056",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8536
          },
          {
            "timestamp": "2026-03-05 10:26:49,072",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8537
          },
          {
            "timestamp": "2026-03-05 10:26:49,181",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8538
          },
          {
            "timestamp": "2026-03-05 10:26:49,197",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8539
          },
          {
            "timestamp": "2026-03-05 10:26:49,306",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8540
          },
          {
            "timestamp": "2026-03-05 10:26:49,322",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8541
          },
          {
            "timestamp": "2026-03-05 10:26:49,431",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8542
          },
          {
            "timestamp": "2026-03-05 10:26:49,447",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8543
          },
          {
            "timestamp": "2026-03-05 10:26:49,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8544
          },
          {
            "timestamp": "2026-03-05 10:26:49,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8545
          },
          {
            "timestamp": "2026-03-05 10:26:49,681",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8546
          },
          {
            "timestamp": "2026-03-05 10:26:49,697",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8547
          },
          {
            "timestamp": "2026-03-05 10:26:49,806",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8548
          },
          {
            "timestamp": "2026-03-05 10:26:49,822",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8549
          },
          {
            "timestamp": "2026-03-05 10:26:49,947",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8550
          },
          {
            "timestamp": "2026-03-05 10:26:49,962",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8551
          },
          {
            "timestamp": "2026-03-05 10:26:50,072",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8552
          },
          {
            "timestamp": "2026-03-05 10:26:50,087",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8553
          },
          {
            "timestamp": "2026-03-05 10:26:50,197",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8554
          },
          {
            "timestamp": "2026-03-05 10:26:50,212",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8555
          },
          {
            "timestamp": "2026-03-05 10:26:50,322",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8556
          },
          {
            "timestamp": "2026-03-05 10:26:50,337",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8557
          },
          {
            "timestamp": "2026-03-05 10:26:50,462",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8558
          },
          {
            "timestamp": "2026-03-05 10:26:50,478",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8559
          },
          {
            "timestamp": "2026-03-05 10:26:50,587",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8560
          },
          {
            "timestamp": "2026-03-05 10:26:50,603",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8561
          },
          {
            "timestamp": "2026-03-05 10:26:50,712",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8562
          },
          {
            "timestamp": "2026-03-05 10:26:50,728",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8563
          },
          {
            "timestamp": "2026-03-05 10:26:50,837",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8564
          },
          {
            "timestamp": "2026-03-05 10:26:50,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8565
          },
          {
            "timestamp": "2026-03-05 10:26:50,978",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8566
          },
          {
            "timestamp": "2026-03-05 10:26:50,994",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8567
          },
          {
            "timestamp": "2026-03-05 10:26:51,103",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8568
          },
          {
            "timestamp": "2026-03-05 10:26:51,119",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8569
          },
          {
            "timestamp": "2026-03-05 10:26:51,228",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8570
          },
          {
            "timestamp": "2026-03-05 10:26:51,244",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8571
          },
          {
            "timestamp": "2026-03-05 10:26:51,353",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8572
          },
          {
            "timestamp": "2026-03-05 10:26:51,369",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8573
          },
          {
            "timestamp": "2026-03-05 10:26:51,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8574
          },
          {
            "timestamp": "2026-03-05 10:26:51,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8575
          },
          {
            "timestamp": "2026-03-05 10:26:51,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8576
          },
          {
            "timestamp": "2026-03-05 10:26:51,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8577
          },
          {
            "timestamp": "2026-03-05 10:26:51,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8578
          },
          {
            "timestamp": "2026-03-05 10:26:51,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8579
          },
          {
            "timestamp": "2026-03-05 10:26:51,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8580
          },
          {
            "timestamp": "2026-03-05 10:26:51,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8581
          },
          {
            "timestamp": "2026-03-05 10:26:51,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8582
          },
          {
            "timestamp": "2026-03-05 10:26:52,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8583
          },
          {
            "timestamp": "2026-03-05 10:26:52,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8584
          },
          {
            "timestamp": "2026-03-05 10:26:52,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8585
          },
          {
            "timestamp": "2026-03-05 10:26:52,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8586
          },
          {
            "timestamp": "2026-03-05 10:26:52,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8587
          },
          {
            "timestamp": "2026-03-05 10:26:52,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8588
          },
          {
            "timestamp": "2026-03-05 10:26:52,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8589
          },
          {
            "timestamp": "2026-03-05 10:26:52,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8590
          },
          {
            "timestamp": "2026-03-05 10:26:52,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8591
          },
          {
            "timestamp": "2026-03-05 10:26:52,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8592
          },
          {
            "timestamp": "2026-03-05 10:26:52,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8593
          },
          {
            "timestamp": "2026-03-05 10:26:52,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8594
          },
          {
            "timestamp": "2026-03-05 10:26:52,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8595
          },
          {
            "timestamp": "2026-03-05 10:26:52,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8596
          },
          {
            "timestamp": "2026-03-05 10:26:52,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8597
          },
          {
            "timestamp": "2026-03-05 10:26:52,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8598
          },
          {
            "timestamp": "2026-03-05 10:26:53,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8599
          },
          {
            "timestamp": "2026-03-05 10:26:53,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8600
          },
          {
            "timestamp": "2026-03-05 10:26:53,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8601
          },
          {
            "timestamp": "2026-03-05 10:26:53,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8602
          },
          {
            "timestamp": "2026-03-05 10:26:53,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8603
          },
          {
            "timestamp": "2026-03-05 10:26:53,337",
            "thread_id": "4768",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8604
          },
          {
            "timestamp": "2026-03-05 10:26:53,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8605
          },
          {
            "timestamp": "2026-03-05 10:26:53,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8606
          },
          {
            "timestamp": "2026-03-05 10:26:53,447",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4884"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 8607
          },
          {
            "timestamp": "2026-03-05 10:26:53,447",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000008fc",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4884"
              }
            ],
            "repeated": 0,
            "id": 8608
          },
          {
            "timestamp": "2026-03-05 10:26:53,447",
            "thread_id": "4768",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008fc"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4884"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 8609
          },
          {
            "timestamp": "2026-03-05 10:26:53,509",
            "thread_id": "4884",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8610
          },
          {
            "timestamp": "2026-03-05 10:26:53,509",
            "thread_id": "4884",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8611
          },
          {
            "timestamp": "2026-03-05 10:26:53,509",
            "thread_id": "4884",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8612
          },
          {
            "timestamp": "2026-03-05 10:26:53,541",
            "thread_id": "4884",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8613
          },
          {
            "timestamp": "2026-03-05 10:26:53,541",
            "thread_id": "4884",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000008fc"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\xd0\\x008\\x13\\x00\\x00\\x14\\x13\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4884"
              }
            ],
            "repeated": 0,
            "id": 8614
          },
          {
            "timestamp": "2026-03-05 10:26:53,541",
            "thread_id": "4884",
            "caller": "0x08888fb7",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 8615
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000096c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73092e70"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3980"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 8616
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "4768",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000096c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73092e70"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "3980"
              }
            ],
            "repeated": 0,
            "id": 8617
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "4768",
            "caller": "0x75c4269a",
            "parentcaller": "0x73092c45",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000096c"
              }
            ],
            "repeated": 0,
            "id": 8618
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8619
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "55000"
              }
            ],
            "repeated": 0,
            "id": 8620
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8621
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "3980",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8622
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "3980",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8623
          },
          {
            "timestamp": "2026-03-05 10:26:53,556",
            "thread_id": "3980",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000096c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8624
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8625
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00043000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8626
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00043000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8627
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8628
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8629
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885b04",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8630
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x16"
              },
              {
                "name": "SequenceNumber",
                "value": "37"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8631
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "38"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8632
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xf4\\x8dY\\x88VV\\xe6Z{v(q\\x1b!\\xfc&\\xa4\\xe1\n\\xca\\xb2p\\x80\\xc7\\xacv\\xdep1\\xc01f\\x17\\x03\\x01\\x00 \\xa0\\x06Gv\\x12\\xfa\\xeb\\xc1\\x8e}\reJ\\x1d\\xeaw3\\x01\\x7f\\x15\\xcaDmK\\xc0\\x1a\\xf9m\\xdf\\xb2\\xd0s"
              }
            ],
            "repeated": 0,
            "id": 8633
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885c41",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8634
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "39"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8635
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "40"
              },
              {
                "name": "BufferSize",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 8636
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08885b22",
            "parentcaller": "0x08888f91",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000005a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\x03\\x89\\x86\\xaf\\x97F\\xa0\\x0b\\xe5\\xa9\\x91\\xa1B\\xf0dL\\x04/\\x12Jn\\x83\\xd0\\xb3\\xf9\\x05\\xde\\xe9\\xa6\\xc8\\xb1\\xbd\\x17\\x03\\x01\\x000\\xd1\\xc4\\x8e\\xd5Y\\xad\\x16R\\xec6\\xf4\\\\xd3z:\\x0fWn\\xf1\\x02\\x8e\\xbc\\x88\\xda\\x10=\\xb34\\xb8{\\xdc\\xec\\xad\\xd4\\x8d\\xd4\\xb30\\xc8!C\\x82\\xff\\x19\\xfdeJn"
              }
            ],
            "repeated": 0,
            "id": 8637
          },
          {
            "timestamp": "2026-03-05 10:26:53,572",
            "thread_id": "4884",
            "caller": "0x08888f71",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "40"
              }
            ],
            "repeated": 0,
            "id": 8638
          },
          {
            "timestamp": "2026-03-05 10:26:53,666",
            "thread_id": "4884",
            "caller": "0x08888e7f",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8639
          },
          {
            "timestamp": "2026-03-05 10:26:53,666",
            "thread_id": "4884",
            "caller": "0x73152659",
            "parentcaller": "0x731528bf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8640
          },
          {
            "timestamp": "2026-03-05 10:26:53,681",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 8641
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8642
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8643
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 8644
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "?\\xa8?\\xceP4#\\xa0\\xe8+09X\\Q\\x1a\\xd5\\x9dZe\\xadq\\x04E\\xe4W\\xac\\x02'x!\\xcf"
              }
            ],
            "repeated": 0,
            "id": 8645
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x16"
              },
              {
                "name": "SequenceNumber",
                "value": "29"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8646
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 8647
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xc1<\\xc6\\x08\\xa2\\x8f\\xd8\\xdef\\xa6\\x01Z\\xb4p\\xd9\\xaa \\xfd\\xd3\\xca\\xcf\\x08\\x11\\x1e\\xb4(\\x1a\\xfeX\\x90\\xbb\\xbd"
              }
            ],
            "repeated": 0,
            "id": 8648
          },
          {
            "timestamp": "2026-03-05 10:26:53,712",
            "thread_id": "5380",
            "caller": "0x04569060",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "30"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8649
          },
          {
            "timestamp": "2026-03-05 10:26:53,775",
            "thread_id": "4884",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000098c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "972"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 8650
          },
          {
            "timestamp": "2026-03-05 10:26:53,775",
            "thread_id": "4884",
            "caller": "0x75c56987",
            "parentcaller": "0x76090f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000098c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "972"
              }
            ],
            "repeated": 0,
            "id": 8651
          },
          {
            "timestamp": "2026-03-05 10:26:53,775",
            "thread_id": "4884",
            "caller": "0x75c5d303",
            "parentcaller": "0x73152827",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000098c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "972"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 8652
          },
          {
            "timestamp": "2026-03-05 10:26:53,791",
            "thread_id": "972",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8653
          },
          {
            "timestamp": "2026-03-05 10:26:53,791",
            "thread_id": "972",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8654
          },
          {
            "timestamp": "2026-03-05 10:26:53,791",
            "thread_id": "972",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8655
          },
          {
            "timestamp": "2026-03-05 10:26:53,791",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 8656
          },
          {
            "timestamp": "2026-03-05 10:26:53,791",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8657
          },
          {
            "timestamp": "2026-03-05 10:26:53,822",
            "thread_id": "4884",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8658
          },
          {
            "timestamp": "2026-03-05 10:26:53,822",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 8659
          },
          {
            "timestamp": "2026-03-05 10:26:53,822",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8660
          },
          {
            "timestamp": "2026-03-05 10:26:53,822",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8661
          },
          {
            "timestamp": "2026-03-05 10:26:53,853",
            "thread_id": "4884",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8662
          },
          {
            "timestamp": "2026-03-05 10:26:53,853",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 8663
          },
          {
            "timestamp": "2026-03-05 10:26:53,853",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8664
          },
          {
            "timestamp": "2026-03-05 10:26:53,853",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8665
          },
          {
            "timestamp": "2026-03-05 10:26:53,853",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 85,
            "id": 8666
          },
          {
            "timestamp": "2026-03-05 10:26:53,869",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8667
          },
          {
            "timestamp": "2026-03-05 10:26:53,884",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 10,
            "id": 8668
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8669
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "972",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8670
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "972",
            "caller": "0x75c565db",
            "parentcaller": "0x7307b3e7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000098c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\xd0\\x008\\x13\\x00\\x00\\xcc\\x03\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "972"
              }
            ],
            "repeated": 0,
            "id": 8671
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 8672
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "4884",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8673
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "4884",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 8674
          },
          {
            "timestamp": "2026-03-05 10:26:53,900",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 78,
            "id": 8675
          },
          {
            "timestamp": "2026-03-05 10:26:53,916",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8676
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8677
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 "
              }
            ],
            "repeated": 0,
            "id": 8678
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000020",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\xf8\\xabwH\\xff(\\x17%\\xe1\\x84\\xe9h\\xa3\\x90\\x8c\\x1b\\x87\\xa6\\xad$7\\xb9\\x83\\xae\\xb3\\xa6h\\x10\\xdba\\x1f\\xc4"
              }
            ],
            "repeated": 0,
            "id": 8679
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "31"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8680
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000005",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x000"
              }
            ],
            "repeated": 0,
            "id": 8681
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "recv",
            "status": true,
            "return": "0x00000030",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "R\\xf9\\x84d\\x0c\\x95\\x96\\xd3\\xc2\\xd1\\xef8\\x98\\xb1\\xbcMA\\xb9z.\\xa5p\\xac\\x917\\xe8\\xda\\x086\\xd8ST'\\xb6\\x9f\\xf3;\\x8c\\xce\\xd3\\xa3\\xfc\\x8d\\xe6\\x06\\x16w\\x82"
              }
            ],
            "repeated": 0,
            "id": 8682
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568f71",
            "parentcaller": "0x07f3e4a2",
            "category": "network",
            "api": "SslDecryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "32"
              },
              {
                "name": "BufferSize",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 8683
          },
          {
            "timestamp": "2026-03-05 10:26:53,931",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8684
          },
          {
            "timestamp": "2026-03-05 10:26:53,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000009a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73151150"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3124"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 8685
          },
          {
            "timestamp": "2026-03-05 10:26:53,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000009a4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73151150"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x07b59908"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3124"
              }
            ],
            "repeated": 0,
            "id": 8686
          },
          {
            "timestamp": "2026-03-05 10:26:53,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000009a4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3124"
              },
              {
                "name": "ProcessId",
                "value": "4920"
              }
            ],
            "repeated": 0,
            "id": 8687
          },
          {
            "timestamp": "2026-03-05 10:26:53,962",
            "thread_id": "5380",
            "caller": "0x04568d9e",
            "parentcaller": "0x07f3e4a2",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 8688
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "972",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8689
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 8690
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8691
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "3124",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8692
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "3124",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8693
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "3124",
            "caller": "0x731524f7",
            "parentcaller": "0x73152516",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8694
          },
          {
            "timestamp": "2026-03-05 10:26:53,978",
            "thread_id": "3124",
            "caller": "0x082d7d99",
            "parentcaller": "0x082d7bc4",
            "category": "system",
            "api": "GetLastInputInfo",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 8695
          },
          {
            "timestamp": "2026-03-05 10:26:53,994",
            "thread_id": "3124",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8696
          },
          {
            "timestamp": "2026-03-05 10:26:53,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8697
          },
          {
            "timestamp": "2026-03-05 10:26:54,009",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8698
          },
          {
            "timestamp": "2026-03-05 10:26:54,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8699
          },
          {
            "timestamp": "2026-03-05 10:26:54,009",
            "thread_id": "3124",
            "caller": "0x08880980",
            "parentcaller": "0x08880888",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x086d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8700
          },
          {
            "timestamp": "2026-03-05 10:26:54,009",
            "thread_id": "3124",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8701
          },
          {
            "timestamp": "2026-03-05 10:26:54,025",
            "thread_id": "4768",
            "caller": "0x75c5611b",
            "parentcaller": "0x73092cdd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "54500"
              }
            ],
            "repeated": 0,
            "id": 8702
          },
          {
            "timestamp": "2026-03-05 10:26:54,025",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8703
          },
          {
            "timestamp": "2026-03-05 10:26:54,025",
            "thread_id": "4884",
            "caller": "0x75c2ed4f",
            "parentcaller": "0x730937fb",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4920"
              },
              {
                "name": "ThreadId",
                "value": "4768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000770"
              },
              {
                "name": "ApcRoutine",
                "value": "0x7795c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 8704
          },
          {
            "timestamp": "2026-03-05 10:26:54,025",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8705
          },
          {
            "timestamp": "2026-03-05 10:26:54,025",
            "thread_id": "3124",
            "caller": "0x08883341",
            "parentcaller": "0x08883275",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8706
          },
          {
            "timestamp": "2026-03-05 10:26:54,041",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 8707
          },
          {
            "timestamp": "2026-03-05 10:26:54,056",
            "thread_id": "3124",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x086d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0012c000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8708
          },
          {
            "timestamp": "2026-03-05 10:26:54,056",
            "thread_id": "3124",
            "caller": "0x08883142",
            "parentcaller": "0x08885557",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8709
          },
          {
            "timestamp": "2026-03-05 10:26:54,056",
            "thread_id": "3124",
            "caller": "0x08886039",
            "parentcaller": "0x08885b4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00043000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8710
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09681000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8711
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8712
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09681000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8713
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x088880b5",
            "parentcaller": "0x08886039",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8714
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885b04",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8715
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "'"
              },
              {
                "name": "SequenceNumber",
                "value": "41"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8716
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xad\\x00\\x00"
              },
              {
                "name": "SequenceNumber",
                "value": "42"
              },
              {
                "name": "BufferSize",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8717
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885cb3",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x0000004a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xa4\\xb60J\\xb8l(E\\xdeI)\\xbcr\\xe5\\xc8h>\\xc3s\\xd6\\x1c\\x8f\\xc6\\x8d\\x1b\\xd7\\x85+\\x0c\\xa89\\xdb\\x17\\x03\\x01\\x00 4(\\x98\\x01t\\xc7\\xaa\\x0b\\\\xf4\\xf7v\\x9d\\xd3\"\\x96\\xc0{Z\\x0f\\xecH\\xd6\\xa0M\\xbb\\xbb\\xa5D\\xdc\\xd5\\x00"
              }
            ],
            "repeated": 0,
            "id": 8718
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885c41",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "select",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "socket",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8719
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1f"
              },
              {
                "name": "SequenceNumber",
                "value": "43"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8720
          },
          {
            "timestamp": "2026-03-05 10:26:54,072",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\xec{uT\\xd4\\xdf\\xb7\\xf6g\\x18\\xa4%\\x07\\xe9\\x1e:\\xa4\\xa4\\xbbK\\xbaC\\xbaT\\xba\\xbbQ\\x90\\x1a\\x1a\\xa4C\\xa4\\x05iPA\\xbaS\\xe9.\\x01\tI\\xe9w\\xf0\\xdb\\xf7\\xfe\\xee}\\x7f\\xf7]\\xeb\\xfd\\xef\\x0ek\\xb9f\\xce\\xd9g\\xef\\xfd<{\\x9f3{\\xce\\xfe\\x88\\xfb\\xed\\x05\\x18\\x05\\x11\\x1bD\\x8d\\xa5\\xea\\xec`\\xedljG\\xf9\\xd8\\xd4\\xde\\xd4\\xda\\xd2\\x99\t\\x93\\x9b\\xdf\\x82\\x92\\xcf\\x86\\x92\\x93\\xd3\\x8e\\x92\\x9b\\xd7\\x85\\xf3\\xd3\\x0b\\xf0\\xed\\xd4\\xed\\x12\\x80\\xad #/\\x03\\x80@ \\xc0\\x04\\xfe\\x07\\xdc\\xce\\x02\\x92\\xc0}T4t4\\x94\\xfb\\xe8\\xe8\\xe8X\\x98\\xf7\\xb1!T\\xf8\\x10\\\\\\x08\\x03\\x199!\\x15;\\x13'\\xc7C&6VnAE1n>Y~V6\t=\tYeUM-M.Q#sCu3E\rM\\xb5;% L,,\\x08\\x0e\\x84\\x1e\\x1f\\x9f^\\x8d\\x87\\x8dG\\xed\\x7f\\xfc\\xbam\\x05pP@K\\x08\\x81`\\x105\\x80\\x80\\x03\\x02\\xe3\\x80n;\\x00\n\\x00\\x00\\xdd\\x03\\xfdz\\x01\\xbf\\xbf@\\x08`\\xc4{H\\xc8(p\\xa7\\xe1\\x02\\xb5\\xd8\\x00\\x02\\x08\\x0cF@\\x04\\xdf\\xbb\\x87\\x88\\x08\\x9f\\xf5\\x83\\xcf\\x03\\x888\\xf7p\\xa98\\xc4\\x91\\xf0\\xd4L\\x91\\xa9\\x9d \\x9cA\\xb0\\\\x14\\x1a\\x89\\xaa6|\\xf5\\xd1\\x03(\\x97\\x99s0*\\xda\\x03\\x02B\"bZ:z\\x06F&\\xeeG<\\xbc|\\xfc\\x02\\x92R\\xd22\\xb2r\\xf2\n\\x1a\\x9aZ\\xda:\\xbaz\\xfa\\xe6\\x16\\x96V\\xd66\\xb6O]\\\\xdd\\xdc=<\\xbd\\xbcCB\\xc3\\xc2_\\xbc\\x8c\\x88\\x8cOHLJNIMK\\xcf\\xcb/(|S\\xf4\\xb6\\xb8\\xa4\\xfa}Mm]}Cc\\xd3\\xe7\\xf6\\x8e\\xce\\xae\\xee\\x9e\\xde\\xbe\\xb1\\xf1\\x89/_'\\xa7\\xa6g\\x96WV\\xd7\\xd676\\xbfmm\\xff8<:>9=\\xfby~q\\x87\\x0b\\x04\\x80A\\x7f\\xbc\\xfe%.\\x1c8.\\x04DD0\"\\xf2\\x1d.\\x10\\x82\\xc7\\x9d\\x00\\x0e\\xe2=*\\x0e$\\q5dS'<j\\xce \\x14\\x88\\x04,\\xb7\\xaa\r\\x95\\x86K\\xfd\\x00\\xdf\\xccy\\x14\\xed\\x01\\x94{\\x99\\xf6\\xc7\\x1d\\xb4_\\xc8\\xfe=`\\xc1\\xffO\\xc8\\xfe\\x04\\xf6\\x17\\xae\\x19\\x00\\x03\\x0c\\x82\\x07\\x0f\\x8c\\x03\\x88\\x02Q\\xe9\\\\xe2\\xa5M\\x12\\xf9F\\xf8\\xae\\x18h\\x19\\xd6\\xb5~,\\xeb\\xfd\\x044k\\x8c\\xedY\n\\xc2}\\xbd\\x18\\xd5~=\\xbd\\xe4\rozIa\\x19\\x02\\xf8\"+\\xf53\\xbd\\x8aH\\xf2(\\xa7\\xf6\\x01\\xfa2bizdN[g\\x9f\\x14\\xd6t\\xdf7.\\x95\\xe7Y\\x0b\\x9f\\xab\\xe9\\xd4\\xe2\\x07)x\\xa9}\\xa7\\xe7\\xe7\\xdf\\xf9\\xa9E\\xbc\\x13:\\xb1:\\x10\\xc3\\x14\\xe7\\xba\\xb6\\xf29jTZ\\x0f\\x94\\xae4*\r\\xc6\\x18\\x95\\x86\\x00V\\xf1\\x91\\x0c\\xc0 Q^|P\\xb8\\xcd D\\x15\\xc1*\\xeanf\\xcc*\\x19>`\\xcb\\xa5(/\\x86*\\xcdJ\\x0b\\x1fP_\\x89\\x0fDS\\xd0W@\\xa2\\x85\\xd4$b((\\x18\\xaaE\"\\xd1\\xd2\\xb212\\x10&ZE* A\\x12\\x7f\\x8d\\xba\\xd1\\x82\\xf1\\xb8\\xd3\n\\x0br\\xcc\\xd4\\xd5G\\xc5:\n\\xe0\\xefr\\x19\\x19m\\xe1B\\xeac\\xaa\\x1c\\xf7i\\xe1\\xaa\\xd0\\x14\\x18rL\\xe5\\xe1\\x8a\\xdb\\xb9\\xe1k\\x00u\\xf8\\x04\\xfb/\\xfbaH\\x91\n\\x00\\xc3\\xdd\\x1b\\xa2\\xbcH\\x80\\x91!/(\\x0c.\\x0f@\\xd4\\xa4\\xc1`y\\xb8\\xa7j\\xd2\\x10\\x8c\\xadh\\xbd\\xf1\\xd4\\xf2\\xef\\x9e\\xdb\\xce\\xc8\\xebZ\\x83\"\\xc8\\x87\\x9b\\xb2\\xdf\\xcb\\xeeK}Y\\x19]\\xd5\\xf0\\xadVz\\x8f\\xb1\\x83\\xc7\\xba\\xf6>\\xb5\\x90\\x13\\x87\\xc5\\x93\\xdecD;z\\xf8\\xe2\\xb48\\xdeN\\xe0{\\xb1YT\\x9f38F\\xfcm\\xa5>4\\xed\\x15\\x1fE\\xb4\\xe7\t\\x13\\xdd\\xf7/i\\xc7\\x90-\\xee\\x8at\\x9b\\xdeO\\xcf\\x87\\x90sJjY\\xdb#\\xe8\\xad\\xc8\\xb8:e\\x9f|\\xa0\\xb5\\x81zj\\x15\\x0e\\xaa\\xab\\x0c(0\\x14\\x96r\\xe2F2\\xe4 \\xe6\\xc1Y\\x81;\\x05\\x01~\\xc1a(\\xcc\\x0b\\xc4\\x8d\\xcf\\x94WB\\xcc\\x87\\xd4\\xa8r\\xd4\\xc0\\x11\\xa3\\xca+J\\x83q\\xe3\\x93#\\x91x\"\\xf5\\x19@wC]c\\x1a\\xc5p\\xfc\\x89\\xbf$\\xc6\\xcc\\x82\"\\xe4l\\xef\\xf8H\\xdcV@#\\x91fc\\xe4\\x10\\xeb\\xe0\\xfe5\\x07\\x1f\\x80\\x13\\xca\\xf8\\x8b:\\xb8rF\\xc6\\x89D\\x08UA!w\"\\xc6/\\x02\\xef\\x06A\\xbf\\xb4\\xc3\\x1d1\\x83s\\x01$\\xaa\\xdd}\\xd0W\\x00~\\x9f\\x87[\\x97\\x86\\xdcyU\\x90\\x83\\x10\\xc9\\x00\\xc1\\xd8\\xc6\\x1a\\x8b\\x0b\\x8a:\\xdd\\xcc\\x9a\\xff\\xd4\\xa1\\x9e^\\xf9p\\x06UZw\\xd55F\\x85_\\x92\\xd4\\xf7\\xca?\\x15\\xd1|\\xa1\\xba\\x94Q\\xfa\t\\xdaf\\x82\\x0c{B\\xcd|D\\x03Y\\xf7\\xa6\\xb8\\xef\\xc9\\xf3\\xeb\\xc7\\xe2\\x9bF\\xa6y\\xf3\\x1c\\xee|\\xbd\t\\xfcF\\xa1\\x961\"\\xe6\t\\xdd\\xca\\xc1\\x99\\xd0\\xc9\\xe6l\\x0b9\\x0fr\\xbd\\xb5~\\x9c\\xb0\\xd5\"\\xd2\\xca\\x1d]\\x1f\\xef\\xd8\\x1b\\xa3LQ\\x9d\\x82\\x9a\\xd3\\xb7)4_#C\\xe5\\xbd\\xd5\\xa5lV\\x91\\xa4\\xa6\\x1b\t\\x01~\\xfa\\xbd\\xd5\\xc5:\\x01\\xcd\\x9f\\x8f>\\xf0\\xf7ylD\\xc7x\\xd7,\\xa3;\\xf7\\xad\\xa8I\\xe3\\xe7\\xbe\\xfc\\xcd\\xdf\\xbb\\xf8\\xde\\xa1\\xff\\x8d\\xca\\xe4H@\\x81\\xd1\\x961J\\x81\\xd1&\\x07\\xb1\\xa00/\\x0e\\x9e@\\xbf\\x8d\\xc3\\x99a\\x85t\\xd1R\\x15\\xe6\\x05E\\xdf\\x05!B^\\xb9\\xe0N\\xe4\\x8e-bx\\xd2\\xe1\\xc6\\xc1\\x89@\\x83K\\x86\\xc0\\xf9\\xfe;\\xe9\\x89\\x90\\xbb\\x95\\x18vH\\xbf\\x16)\\xfc\\x91\\x89\\xbf\\xd2\\xecnB\\x81\\x81[\\x15\\xe1.\\xb3\\x14\\xfe\\xcc\\xb7_\\xfe\\xfc\\x91\\x81\\x10\\xb5_\\xacr\\xbd\\xe5V\\xb5\\xc99\\x08\\x86s\\x0f\\xe76\\x07\\xccm\\xa2&M\\x89G\\x9e\\x18\\x8a\\xa3\\x9c\\xcf\\x8da\\x07\\xd9\\x13fh\\xe5n\\xb5\\xa3\\x15\\xb4-\\xe8\\xa4\\x8a\\x90f\\xbb\\xcb\\x95H\\x06\\xd0],\\xcc\\xd4\\xe0\\x99@\\x98\\xfa\\x0f$\\xad\n\n\\xfa\\xbf\\xb9\\x87\\x01\\x07\\x0cO\\x01\\xb80ax\\xfc\\x9d\\x8fw\\xbb\r\\xf7\\xd7\\xbb\\xbb`\\x13\\xdb2N\\x84\\xdfA\\x86'T|\n\\xe4\\x0e\\x8d@\\xdc\\x087\\x0f<\\xeb\\xe0\\xbb\\x8b\\xbb&\\xb1\\x0f\\xf7\\xb7\\xb7\\xbf\\x0c\\xc17U\\x07\\x9c\\x9d\\xdf\\xf6)$\\xf1\r\\x9c\\xce_v\\xfe\\x91(p\\xb0\\x81p\\xb0\\x81\\x02\t\n/\\xc7\\xd8\\xb5\\x88\\xb8\\xc3_\\xd3\\x8e\\x8b}4\\xa4t\\xb0\\xd7\\x8bux\\x9a&H\\xd3\\x19\\xea\\x95\\xf9*x\\x1a8\\x8f\\xa0K\\xf9>Z\\x0f\\xa6~\\xffue\\x95\\xe6l-a*h\\xd0\\xc6@\\xc1\\x82\\x82\\xbd\\x1d3\\xaf\\xa1d\\xa8@#i0\\x03\\x972k~\\x99F\\xa8\\xf8\\x9b\\xb4\\xb4\\x01\\xe6\\x03\\x03\\x0f\\x99=f\\xea\\xa8\\x07\\xcc;8\\xb6{/\\x8b1\\xc5\\xe1\\x0cT\\xacR\\xdeq\\xc1h\\x03\\xa7\\x93\\xa8 /\\x90 \\xf2\\xf1\\xc7\\xf0H\\xc6\\xc0P\\x9c\\x99H\\xc3\\xd1\\x8c\\x13\\x080\\xc38\\x05y\\xfd\\x18\\x0e;qL\\x9d\\xf0\\xf7\\x83\\xe3/\\xb6h9~\\xc5\\xe5\\xb7s\\xe7\\x0eA\\xf8o\\x90;\\xef\\x98J\\x80\\xc0\\xb7\rO\\x02dU^\\xc9\\x06\\x1e\\xe4\\xb8\\x91\\xbb\\x8d3\\x83\\x86\r\\x8f\\xff}\\xaa\\xe8\\x82\"uU\\x8e\\x02u\\x8db\\xc6\\xc4;E`\\xec?\\xd3\\x02~V9\\x15\\xfc\\xdaGw\\x91\\x0f\\xfcmS\\xc1\\xf9\\xfb\\x1c\\xff\\x1b\\x7f\\xbf\\xa4\\xcc\\xfe\\x1a'\\x93/\\xd1 {_\\xf7t\\xab\\xfc\\x13\\xd3\\xe9\\xca\\xf8\\xe3\\xfa*\\xa9\\xa8j\\xa1X.P0\\xe8\\xf2\\x83\\xc0\\xa4\\xb0\\xf7\\xc7^:\\xaf)\\x01\\x91\\xaf\\x8f\\x8ds{\\xa4\\x1d\tT\\xfb3(Idk\\x9f\\xb7n7BO\\xca\\xf6q\\xdb\\xeb\\x8dZl&\\x10\\x8f\\xb0\\x00\\xd7\\xb2\\xa9\n{<T\\xbcO\\xefvt\\x95\\xbf\\xd8\\x1e\\xf6K\rE\\x8c\\xb4T\\x12\\xd4\\xbdP?\\xa32\\xa7R\\x96_)\\xd1\\x12\\xe4\\xdbD\\x1el\\x80\\xbd\\xc2\tl\\\\xd2*\\xff\\xe2i(\\xc4\\xfe\\xe3\\xa9\\xb0O\\xc6#\\x03\\xe7\\xda=\\x81H\\xfbe\\x99\\xed\\xed\\xc6\\xa4\\x17\\xea\\xea\\xf6\\xf9\\x8eyK\\xac\\x90\\xd7at\\xdbl\\x82\\x98y\\xaf\\x9b\\xa2'\\x0cY\\xe0\\x9f\\xdf\\xceK\\x7f\\xfe<*\\xdf\\x94\\xe0F@v'\\x06\\xb1\\xcf[6\\x9d\\xe6v\\xf4\\xd1\\xf0PkPs|\\xd7\\xecw\\x9fJ]\\xf0n\\xfc,o\\x15M\\xc1\\xe8\\xa6e4\\xe9\\xe2\\xee\\xd0\t \\x1d\\xc3\\xdb\\x11Cbd\\x98c\\xe4\\x12\\xfb\\xceJKT0/\\xd6YP0/\\xb3\\xedA\\xa8&\\x9f\\xfex\\x02C_\\x81K>\\x9d\\x8d\\xc3\\x96Cf\\x9bW\\xcd\\x117JU\\x1fn\\x84P]\\xad)*\\x92\r\\xae@\\xbe`\\x90\\x80\\x01\\xfe\\xf50\\x86'\\xddE\\x0b\\xb1\\x8aKgSM\\xcd\\x8b"
              },
              {
                "name": "SequenceNumber",
                "value": "44"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 8721
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8722
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\x9d\\xf7\\x0cP\\xdd\\9\\x1aQo\\x90\\x1f\\x89\\x1e\\xfeOr\\xa30E\\x07\\xb6h}\\xec\\x00\\x8b>\\x8b\\xff\\xafx\\x17\\x03\\x01?\\xd0\\xd8\\xaa\\xbc\\xbd\\xbf\\x800\\xe8\\xfez\\x80\\x03\\x04\\xbdF\\x167X@:\\xc7o\\x97\\x0eL\\xd5\\xc6\\x08\\xe8\\xe0\\x12\\xbc\\xd0\\xbb'%\\xe4\\xdd\\x05o0B=\\xa6\\xd7\\x9f&\\xc0?\\xf2?`\\x7f\\xa0>\\xaa\\xb0J\\xabN\\xe2n\\xfc\\xa4;lc\\xcd\\x00\\xaf\\xd3\\xa6\\x14\\xba\\x87\\xb40\\xc6\\xa3\\xd7\\x07\\x8ao\\x05\\xaf\\xbe\\xd9\\x97Sh\\xce3\\xe6\\x92\\x06\\x1b\\xb4\\xabq\\xfb\\xea3f1G\\x14\\x0c\\xc0\\x83<\\xfd%_\\xf9\\x83\\xe2O[\\x0b\\xee\\x8bTAv\\x1bc.\\xe8\\x9b]7I\\xc5\\x1e\\xc1\\xd5\\xb7\\x18\\xe9\\x9el\\xd4I\\xb7\\x86\\xf3k\\xee#\\x89h\\xb2\\xa5;\\xd1p_\\x0cD\\xaaj\\x148@\\xde^\r\\xa0\\xe1\\xea~\\xc1\\x9cE\\xde\\x03\\xf11\\xd7\\xe2J\\xd3{\\xc7\\xa8\\x87Q|bg'\\xe8Gr:\\xa1W \\xa8[\\xa99pm\\xac\\x88\\x9c\\xfe\\xedL|:\\xda\\x83"
              }
            ],
            "repeated": 0,
            "id": 8723
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "i"
              },
              {
                "name": "SequenceNumber",
                "value": "45"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8724
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x1c\\x1f\\x85q!`5\\xaa\\xc3\\xe6zVW\\x8f[\\xf3\\xb6{}.\\x12S\\xc7\\x11\\xea2r,\\xcc\\xc8\\xca}n\\xbf\\xbb\\x91F\\xc8\\x10\\x85\\xd7#\\xb4dqt\\x9c\\x83\\x96\\xa8ud\\x0e\\xa9\\x96]\\x97\\xa3\\x92|N\\xefB\\xc5\\x1a\\xe3\\xe8\\x14\\xa40#\\xf5yqH/\\xcf\\xb1\\x1b\\x05r\\xfd\\xa3\\xd9^\\xb6R\\xb8i\\x04\\xc9\\x0f\\xbf\\x9c\\xfce\\xbf\\x07\\x9a\\xa1r\\x1e=\\x13/\\x03?m\\x04!\\xb8\\xea\\xfc\\xb1FC\\xb5'\\xebW\\xe7ms\\xdf\\xe7]\\xfe\\xcf7E\\x93\\xd9m\\x10\\xca\\xf1\\xcd\\x08\\xcd}\\x98\\xd3^Qp\n7\\xeb\\xf0-eX\\x17q_\\xee UwY\\xc9\\xfb[I\\xbe\\xc3\t'\\xec\\xd9\\xdcf@(\\xc4wz\\x9e\\xef#h\\xab\\xbd\\xe65\\xdeg\\x8e\\x93\\xc8G&x\\xf3\\x88[_p\\xd8\\xd5$|\\x83\\x11e\\xa9:\\xbc\\xf59,\\xa4\\x9b\\x8c\\x01\\xcc\\x139R7.\\x95\\xe2~\\xba\\xcf\\xc09T\\x18\\xfa\\xac\rl\\xcb\\xdc\\xbb:\\x16T\\xa0d\\x96.\\xce\\xad\\x1b\\x11\\xe9\\x02k\\x0c\\xec\\x05\\x8b\\xae\\xdd\\xb9\\xe9~\\xdai\\xc7\\x9a\\xef\\xc0\\xeb\\xfbF6\\xfa\\x00\\x13\\xf2\\x96\\xd4e\\xb2\\x1c{k\\x90\\x9b\\xbdiN\n\\x9a\\xb1\\xc2\\xf7\\x9a\\xb2~\\x80\\xa0R\\xf9\\x18$\\x93\\\\xab!\\x99\\xf4\\xc6\\xe2RI\\\\x13\\xc1\\x18q\\x15\\x1a#\\xb65r\\xf8\\xb4i\\xaa\\xe0\\xdd,a\\x01Q\\x9c\\xdc\\x18\\xc7\\x10\\xe4!}\\x94\\xb7\\x9f\\x8b\\x18\\xe4m9^A\\xc3\\xcb\\xde\\xd3\\x97/)k\\xcc\\x91\\xd9\\x10\\xc2\\x87\\x95\\xf9\\x84\\xb7\\xeb2!:\\x04\\xa3\\x92\\xecf\\xb1\\xb0\\xc3:\\x14\\xbe\\x1d1\\xfco\\xa5\\x8c\\x0e$[[\\xbc\\xa9\\x88\\xd1\\xecQkK\\x0c4B?.6\\xca\\xc88\\xf9n\\xc6\\xe8\\x9aQ\\xd7\\xba\\xc8te\\xe4|\\xeb\\xf8N\\xef\\xf2\\x89q P*\\x06\\x8aX\\xe7\\x9cCZ!\\xec_\\x9bk^X\\xfe\\xe5\\x95\\xa1\\xd0,*[q\\xcf\\x9f\\x8f\\x94[\\x8d\\xeaW\\xd9\\x14\\xb9o\\x15\\x19?\\xec\\xfd\\xebaq\\xf8\\xa6\\xbf\\xa2\t\tHd\\x0b\\xf0VV\\xfd\\x11nt\\xe9\\xed6\\x1c\\xa0<\\x01\n\\x91v\\xa0\\x0bBO\n\\xa8\\x81\\xe1%\\x899\\x17\\x94\\xe2\\xca\\xd2\\xe7n\\x8d\\xb8\\x0c\tj\\x19\\xf8\t,8\\xbc/\\x95\\xe7\\x14\\x8a\\xe7$MjC\\xc3\\x94;\\xde\\xbc{\n\\xbc?\\xaf\\xf25\\x83H\\xe7\\xa3\\xee\\xd4E\\x96\\xd7\\x90?\\x9e\\xf0.\\xcd\\x9e\\x82\\x99\\xf4\\xd0\\x9b\\xa3\\x85\\xb3\\xcc&l\\x00o\\xe70\\x1d\\x91\\x07\\x17\\xb3\\x18\\xc0\\xb8\\xb0\\x8f[\\x17\\xda\\xf5\\xa7\\x9a\\xfe\\xcf\\x0fP3\\x0b\\xc2-\\xa3\\x92\\xda\\xed\\xef\\x05\\x0e-\\xe4\\xbf\\xbd\\xd1\\xdc:~\\xed\\x19o}\\x94\t\\xa3\\xc1\\xf8$\\x00\\xc8\\x9b\\x89\\x9cI\\x8e\\xd7\\x0b\\xbf\\x05\\xcf\\xba\\xc2\\xbf\\xd5f\\x02&\\x11o\\x81\\x11i\\xc7\\x00\\x9cOk\\\\x7f\\xfe\\xdf\\xda\\xa3\\xbb'h-\\x8b\\xae\\x1dc\\xef:lmW\\x7f\\xef\\xb05\\xbd\\x0b\\xe8\\x92y\\xf4\\x11I \\xf2>\\xfe\\x1e\\x059\\xc7\\x0e,\\xfd\\xbe\\xde\\xb4\\xae\\xb2;\\\\xe8\\xe1\\xf0M\\x81\t,[<*}'\\xab\\x91\\xf1Q\\xe9\\xcf\r%\\xe9\\xd1Hp\\xf8\\xf5\\x12\\x91*\\xf2\\xe6\\x84K\\x86NZ\\xec%}}\\xe2\\xf5\\xa7\\xb8\\xae\\xda\\xaf\\x08*DI\\x91uF\t\\xee\\xbe\\x8b\\x89\\xb8b\\xfb\\x87\\xb0--7\\xc2\\x87\\xf1|\\xe9\\x87\\x92L\\x87\\x91\\xff\\x87\\xbb\\xb7\\x0ck\\xfb\\xdb\\xbaE\\x03\\xc1\\x1d\n4\\x14'\\xc1\\xa5Xqw)\\xeeZ\\xdc\\x9d\"A\\x8a\\xb4\\xd0B\\x83$8\\x85\\x00\\xc5\\xb5\\xb8\\x96\\x02E\\x82{q(%H\\xf1\\xe2\\x05\n=\\xfd\\xef\\xbd\\xdf\\xb3\\xf7+\\xe7\\xb9\\xfb<\\xcf\\xfdr\\xef\\x87|M\\xf2[k\\xae5\\xe7\\x1cs\\x8c\\xf1\\x0b\\xf2\"P\\x11,\\xfdZl\\xee\\xe9\\xf4\\x1b0\\x9c&\\x85\\xc0\\xa4\\x03\\x9e\\xbd\\xd8O\\xf8xsrw\\xf4kV4;\\xe7J\\x87(\\xc3xxj\\xf3\\xd3\\xdc\n\\xb5\\x82\\x8a\\xd0|\\xd4\\x81\\xd8\\x07\\xfe\\xcbaw\\x7f\\x9f\\xe47\\xc6\\xce\\xe4\\xc0V\\xb6\\xe01\\x11hqk\\xf8\\x998\\xbc\\x0e\\xd6\\xc4\\x940|\\x84\\xd7\\xef\\xdf\\xe2c\\x00\\xbb\tw\\xfd\\x17\\x12(\\xc5\\xdb\\x91\\xe4\\xba\\xb2\\xdc\\xcb\\xfe+\\x9c`\\xf3\\xc4\\x7fb@\\x90I\\x96\\xd4\\x18\\x16v\\xe6\\x9f\\x96\\x9c\\xd7\\x9f\\x90\\x8d\\xb0*\\x98\\xd1l%IA,^>!\\xae\\xeeG\\x1e\\x98\\x97e\\xe6\\xc0\\xac\\xec*C\\xf4\\xfb\\x87\\x0f\\xa2\\xa2\\x84\\xee~\\x03\\x84>\\x9c\\xfc\\x06\\x84\\xeek\\x99\\x16\\x07\\x12\\xd4IR\\x08\\x02\\xf4\\xd5\\x19\\x1a\\xd7~\\x1e\\xcbQk\\x17\\x848\\xbaj\\xcdv\\xac\\xd8\\xbe\\x93\\x82\\xeb\\xd28\\xb8L\\x0b\\x1e\\xe8\t5\\xf9\\x7f\\xde\\xa9\\xe1\\x0c\\xcb\n\\xebeLc;\\x19\\xb2*\\x05\\xff(\\xd1\\xfd\\xb3!^\\x1d\\xa7\\x9bI\\x87\\x82\\x94\\xc9[=\\xe2+\\xbe\\xb0{\\xc3\\xed\\xaevAe\\x96a{\\x97Br\\xb6q\\xfe\\xc2&9\\xbbTn\\x81\\xb8n\\x83XIm\\xca\\xdb\\x1b\\x03#M~#\\xec\\xb8\\xef\\x80\\xa1|\\xfcO\\x7f\\xc1\\xee/B\\x0fV;h\\xf6\\xfcs\\xf2\\xac]S\\xb4x\\x8e?\\xb9\\xd2,\\x83\\x86\\xceKb\\xec\\x8a\\xa3\\x11\\xb8X\\xe8(\\xc5\\xc2\\x81e+\\x1aP\\xe0\\xffo)\\xb0Ed>\\xaa,U\\xb9*?\\x07\\xa7i\\xdb\\x82j\t,\\xa4\\x92%\\x8c\\xdc\\xfe\\x13\\x10\\x10\\xc9\\x90aB>D\\x17'T\\xd9\\xc7\\x0f#\\xe5\\x92\\xee\\x12R\\xbb\\x12\\xea\\xcaj7\\x96q\\x12\\xfd\rhJ\\xcc*\\xfa?\\xc0\\x00\\xf9\\xb8<\\x89\\xf1\\xc35\\x86\\xfc\\xbd\\x80\\x90\\xd9\\xb1\\xf0\\xc0\\x93\\xcc\\xa5\r\\x15\\x85\\xe5Avq\\xefg\\xd5r\\x15\\xa3\\xcbF\\x9a\\x0f\\x16\\x88\\xb2\\x83R\\x1e\\xa7\\xd6_{n5x\\x1a\\xa3\\xb0nt\\xb1P\\xba\\x9d\\x82\\x8d%{\\xcf\\x04b\\xe7<NU\\xdd\\xec\\xd6\\xac\\xb8\\x06\\xa8\\x830\\x1f\\xb7M\\xac\\xde\\x18\\xfa\r\\xfcP\\x9b\\x1a\\x8e\\xa1\\xd7&\\xa8\\xed\\xa1\\x1c\\x9d\\xc4\\xda>\\xdd\\x82\\xc5\\x94\\xfaoG2\\xb2\\x1fc\\xcc\\x08\\xff\\x06\\x1c\\x12N\\x7f\\xff\rpM\\xf1\\xe3\\xfb\"\\xfe]Z&\\xcd\\xa294d\\xba]\\xcaV\\xb3\\w\\xa4\\xcdO\\x00\\xbe\\xff'\\x8c;\\xd2<?o\\xc8\\xadu\\xb4\\xed\\xe7\\xed\\x8c\\xf1\\x98\\xb4\\xe8\\x02XZ\\xe1\\x80ul\\xaf\\x9c\\x9d\\xeb\\xecH?9\\xba\\x94\\x05]y\\x00\\x05?\\xe9\\xd3\\xab|\\xfc\\xf4\\xa3-\\x90\\xe0\\x04\\x13\\x18\\xc4tCD:9\\x93}s\\x92n\\xe4\\x9e\\x05\\xd2\\xec\\x8b\\xcc9\\xba\\xf9\\xe2\\x91d\\x9e\\xba<\\x0ev%\\xe2#\\xf7MG\\x01\\xa5e%\\x00&\\xed\\xad)\\xc7\\xa3\\x87\\xa7\\x07\\x9b\\x97\\xe7w\\x9cH\\xfbkk\\xe3\\xb3\\xad\\xa3\\xd5\\x16)\\xe7\\x12\\xd7,\\x86F]\\xac8\\xe1\\xbaH0<\\x19\\x87D$\\xc7O\\xe2Q\\xc6\\xe1U0,\\xbc\\xe0\\x84f%\\xe7nf\\x8f\\xabU\\x7f\\xf1sJTJ\\xd4\\xa4\\xe1\\xfb\\xa5\\xf5\\xcc\\xc8\\x98\\xa1ww\\xcf\\x18#v\\xe5H\\xdc\\x97\\x9b)^\\xfa2S\\x9c\\xb1\\xcb\\x86\\xeek<\\xae\\xe9\\xe5\\x0e/\\xd1\\x1a\\xee\\x90\\x9f\\x10;\\xaf8 \\x100\\xa65\\xa5#\\x0by\\xf9\\xa7\\xad\\x94{pW\\xb3Y\\xc9\\x99;\\x18\\xb4\\xd6\\x9d\\xb3\\xd5\\xf9\\xa2\\xf1\\xac\\xcc:\\xcb\\xdc \\xe0qf\\xaf\\xbb\\x08\\x94\\xa5\\xf29\\xcd\\xe1\\xbe6\\x9c\\x81\\x9d\\x93+\\xf5/\\xaaz>\\xb6k\\xf1\\xf3\\x85i\\x01k1\\xf6\\x99\\xa8k\\x83\\xc2\\xf6\\xd6x\\xb6x\\xf1\\\\xb0\\xc7\\x91n\\xb08H\\xb6X1[H\\x8e\\x1a\\xf2\\xb1=\\x15\\x03r\\xd4\\xcd\\xd7\\x93\\xf2K&O\\xc3me\\x1c\\x8e7\\xe7\\x84W\\xea\\x038\\x97\\xf6\\x93\\xe6\\xac\\xef\\x87\\x10Q\\x1b:@p0b\\x05I\\x15\\xf5\\xb6#y\\x89U~\\xaa9<\\xf4{\r\\xa6!^\\xae\\x16\\x0c\\xcd\\xc8\\xe6\\xb0[\\xa2\\x16\\x93'\\xc8O\\x19\\x12gGn\\xbf\\xff\\x97\\x96;\\x15\\x83'H\\xa8\\x9f\\xb0\\x97\\xae\\xaan\\xe8j\\xf6\\xb9w\\xb5\\x88zq\\xc6\\x9d\\x03\\xec7@\\xc0K\\x1b*\\xad\\xb3\\xabV\\xd7\\x01n/\\xe0\\xca\\\\x91\\xfb\\xe6?#<\\xba\\x1d\\xc9\\xaa\\x19\\x87N\\x1aQ73\\xf0\\xf1\\xcc?\\x81\\x7f\\xdd\\xd7\\x8e=\\xda\\xc6q\\x8a\rJ\\xc8\\xd9\\x8aG\\x96\\x14\\x1c\"\\xd7\\x1a\\xff,4\\x86\\xec\\xd2Q \\x0b\\xf4\\xb8I\\xa8\\xd1\\xb9$\\V\\x82xk\\x84\\xbbR\\xfb\\xa0\\x06`\\xa3\\xed\\x1f\\x95\\xb4\\xa5\\xc7\"\\x9cTG\\xd9\\x10B\\xa2%\\xfa\\xe7\\xac\\xb2!\\xf76\\xd69\\x90A\\xc9\\xec\\xabD\\xfe\\xf1\\xceYld\\xde\\x1e\\xaaW\\xe2\\xb7\\x9d?\\x8b\\x96\\x96\\x81\\x87\\x92\\xeaL\\x0c}\\xf1^.@\\x85e\\x93\\xb6\\xa8\"'B!uX\\xc6\\xe5D\\xa9\\xde\\x84\\xa2nx\\xfb\\xb1\\x87\\x1b\\x1f\\x1d\\x8f\\xaa@T\\xb7\\xe2\\xa1Q\\xbd\\xb4\\xebAb]\\x15\\xac\\x08\\xec\\xecN\\xde\\x83\\xb2\\xd4\\xc5J\\x08\\xf2;0"
              },
              {
                "name": "SequenceNumber",
                "value": "46"
              },
              {
                "name": "BufferSize",
                "value": "16306"
              }
            ],
            "repeated": 0,
            "id": 8725
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00003ffa",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\x84P\\x90\\xaf\\xb7\\xd9%\\x94o\\xc1Wyh\\x9fr\\xb9\\xd6C\\xa4\\xc5\\x11 \\x0fRak} \\xaaY\\x8cd\\x17\\x03\\x01?\\xd0>5$m\\x10J \\+\\xb1h\\x1a\\xa6p\\xb8\\xd1\\xf7bJ\\xd6\\x993N\\xa1\\x90\\xaa\\x1d\\x04\\x13\\xaa\\x17\\x15n\\x01\\x10\\x87\\xd0~B\n=;/2\\x8a\\x15\\xd3me\"f{,\\xb09\\xf0\\xac\\x9e\\xf2\\x9f[\\xc6\\x1c\\xfd\\x92S\\xa4\\x15\\xf5\\xf9\\x14m\\xe5\\xf8\\x97B\\xa1\\xff*\\x08\\x04\\xb1\\xd8`\\xd6\\xa2\\x83\\xe2\\xbd\\xb5>r\\xdfh\\xb5:\\xabI\\xef\\xa1\\xf1\\x0b<\\xabC\\x9a\\xd2\\xd6\\x88S\\xd1\\x85\\xfd0\\xf9\\xcac\\x8d\\x11\\xdbT\\x19\\x83'\\xb7\\xf4\\x8f|\\x84\\xfd\\xa23\\x153nzL\\xdf\\xf6[\\xdbGv-^\\xac\\xa7Y|\\x04\\xd3\\xd3BuF\\xc2\\xa2\\xc3\\xed\\xc8\\x885N\\xefed'\\x10\\xe1*i2l\\xdc\\x8f\\xf4e\\x12q\\xdf\\xbf\\x84\\xc5\\xc7\\xc8Y\\x86n\\x1b\\xf3\\xda\\xcd\\xe1 \\x8dR@\\xd7\\xef\\xb8j:x\\x16A\\x0f3\\xdb\\xad\\xbfF(\\xfcl"
              }
            ],
            "repeated": 0,
            "id": 8726
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xf9"
              },
              {
                "name": "SequenceNumber",
                "value": "47"
              },
              {
                "name": "BufferSize",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8727
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "SslEncryptPacket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\t\\x99\\xc3\\xe0F\\xfb\\xe6\\xe9\\x03\\xd0\\xdb\\xc2\\xb4=\\xddM\\xa7H\\xf2\\x92\\xb4\r\\xb5l\\x15\\x97\\x19IC\\xe4C\\x994z3\\x11?\\xca\\x96\\xd3\\xdf\\x00(k7\\xab\\xbd\\x9c\\xa6\r\\x85lA\\x91;m\\x13\\x05us2\\xdeuDF)\\xcd\\x9f\\x93\\xff\\x0c8]tVL\\x06e\\xb0\\x87Z\\xb4xL\\xd0\\T\\x92\\xbb\\x06M\\x0f\\x92{\\xe6\\x08(\\xa0\\x83h\\x80\\xd5\\xca\\x97N\\xb7<)\\x19\\xba\\xf6>\t4\\xb8`\\xf1\\x9d\\x99\\xba|<\\x01\\x15\\xdcb\\xb3\\xa6\\xfa\\xf4C\\xd3\\x81)\\x18\\xbf\\x1c}][\\xa2\\x0f\\xee\\x96>\\xb1\\x88\\xdf\tsp\\xda\\x96U\\x8f\\xa6_!\\xd6\\xe6\tJQ\\x8e\\xb2\\x96\\xa3\\xfb\\xbc2\\xa9d\\x95\\xa7\\x92\\x81,\\x9d\\xe7!q\\xb2OA\\x17\\x9cr\\x91\\xc79\\xd1\\xf15!d\\x0c\\xbe5\\x10\\xc4/\\xf3z-\\x92[\\xdf&\\xc4 M\\x93\\xdfh3%\\xca\\xc4D\\xbd\\xdd=\\x8e\\x89\\xc1\\xf8\\xe7\\xe5\\xe6\\xf1z:\\x8d.i'@\\xb7\\x1fT\\xa9\\xd0?\\x8a/\\x9a\\x8b3\\x10\\xfe\\xfaqB)\\xcdN\\xbc\\xc3\\J/\\xa4b(\\x8f\\x9bv\\x11\n`x-s\\x8eA\\xcc\\x86[\\xac\\xe3\\xea\\xc9\\xbb\\xf5\\xb9\\x07\\x0f{\\x90}[\\x8c.t\\xd2\\xf3M\\xd3\\xad<\\\\x8e\\x02\\xfa\\xb4U\\xdc\\x006\\x89\\x05bH\\xb5\t1j\\x13\\xbe\\x8d\n\\xe0!g\\xce\\x19\\xc0`\\xe3\\xf7\\x8d\\x16\\xe4z\\\\xbfB\\x99\\xf0+c\\x99\\xf93]\\xf8q1@1j\\xf7\\xcfCZH\\x04l\\xf4\\xf0\\x1c\\x02\\xb9\\x94z\\x9eI\\x91\\xf9\"S\\x93l}\\xeaQ\\x14\\x03\\x0ep4\\x85\\xa7n0\\xee\\$\\xd7T\\xd4\\xaeq\\xe1\\xcc\\x07\\xc8\\xf2\\xdb \\x82\\x89Z!\"\\xa2\\x1d\\xc6\\x89x\\xe5\\xba\\xf6\\x00\\x85\\xe4\\x86c\\xfd\\xee\\xc7\\xec\\x00\\xf4u<\\xa0:\\x9e_\\x9a\\x0b\\xb5Ps9\\xf0\\xd5)\\xc5\\xe3#\\xf3\\xf2U\\xc7\\x89\\xbeN\\xa9&\\xe6S\\x87\\xe7\\xa4x*\\x0e;b\\x1e\\xf6\\xcb\\x9d\\x00\\x83\\xee\\xe2J\\xcc\\xcf'\\xb9\\xba\\x16\\x1af\\xb1\\xeb\"\\x17\\x0cM\\xb4=\\xc2n\\xa3'\\x121\\xe10\\xb5\\x01\\xda\\x99}9r\\xbd\\xa8]\\x83e\\xf3\\xb1\\x80m(\\x17iz\\xcc2;]h\\xe8LL\\x89\\xf1\\x97\\x8f\\x9b\\x84>\\x1a/_\\x9e&\\xcb\\xed$\\xfd\\xa9\\x98-\\x80\\xd30R\\x8d\\xda\\xb9 \\xc0D3[@L|G\\xd9\\xba}5\\xa3]\\xfbZ\\xdc\\xa6\\xcc.\\xce\\x16h3\\xc9\\x1c\\xf0!\\xea\\xcf#\\x9a\\x87\\xcb\\x1cI:\\xb6\\xba\\xa8%d\\xe6\\xb3\\xd7\\xa8\\x82PhM\\xb6<\\xbf\\x16\\xfd\\xe5\"O\\xee\\xfe\\x84e\\xca\\x138\\xf2\\x1cC\\x1ff8m\\xbe\\xa2L\\xa0\\x05\\xe1\\x83w\\xad\\xda\\xf1\\x13C|\\xb4x\\xbc!\\xbeB\\x15Du\\xc0b\\x80\\xf2\\x9f\\xc5\\xe2\\x9a1}\\xea\\x98(\\x86\\x8bt\\x80iH\\xd5\\x86\\x84ng\\xceep\\xc0\\x0e\\xbd\\x99\\x8c<\\x8b\\xd2\\xbe\\x87\\xd8E2u\\x9f\\x97\\x0e\\xf1 \\xd2\\x04%e&)\\x1d\\xce\\x19\\xd2\\x9c\\xe8\\x05O\\xdd\\x8b[\\xc8\\x04;l\\xb6^\\x03\\x186o\\x0cI\\xb1\\xa6\\xa2'h\\xb1AC\\xe0\\xc4\\x90\\x17\\xcf1\\xa89\\xca\\xd1\\xcdP^\\xa7V\\x10>9\\xe0\\x07\\x142\\xad\\xe3\\xee\\xeb\\xd92\\x11\\xb3\\xb1:\\xe33\\xe0\\x82I\\xa7\\x17\\xdfpI\\xfb\\xa1\\x1e\\xf5\\x9c\\x85\\x8d\\x93\\xd6-9$\\xaf\\x14-?sl\\xfc\\x8cci\\x182pX\\x0c\\xed\\x07\\x18\\xf7\\x83\\xfe\\xfc\\x0e-m\\XC\\xed\\xfbA|c/\\x8cn\\xf6\\x1b\\x03\\xad\\xdcI\\x13{o&r\\xd8'\\xd5U\\xb4\\xd4\\x9f\\x88(\\xae|\\xb0\\xa8\\xe3\\xedM9\\xc3,\\xcf\\xc9lx\\x81\\xa6\\xbbo\\xfc\\xd2\\xd8\\x16,u\\xd1\\x02\\x7f?.\\x1a\\x83\\xae\\x91\\xcd\\x05\\x88\\x10\\xc6\\x1d\\xf6\\xe2\\xb1\\x06\\xf7\\x06,\\xf9f\\xbf\\xa5r}~;\\x9f\\xf9\\xb9\\xb9>\\x0b0>)\\xa9\\xff$\\xf5\\x1b\\xef\\xa0\\xfe\\x98L \\x13\\xae\\x94.\\xb6\\x87\\x1e\\xecK\\x8a}0\\xb5\\x8a\\xc8tL\\xd2q\\xee\\xc7\\xc7\\x7f\\x0e\\xda\\xb2\\xa6\\x7f\\x80O->\\x15MCt7Z&G\\xf7oa\\xf8\\xbc_\\x9b\\xb7H\\xe4\\xad\\x1f\\xee\\xf0)\\xd4\\x8d\\xdfO[H\\xbf$+\\xe4\\xde\\x87\\x8c\\xeesA\\x0e\\x85 \\x86X>Aj\\xeae\\xc2\\x9c0<\\xf9U\\xd8\\xa1\\x9d\\x98\\xd8~<r\\xed\\xf3\\xc66u:\\xab\\xfeC1\\xac\\xd3\\x05\\x1a1\\x86\\xcf\\x91\\\\xeb!z\\xc6\\xe8\\x99\\x9a\\xdc\\xe1Fk]\\x9a\\x11\\xf5\\xd3(X\\xc4\\x9b_{\\x06\\x85\\xcf\\x12z\\x87i\\xbf\\xd4\\xdaO\\x8c]5\\xef0d\\xa1\\x851\\xf2\\xa2v\\x95]j\\x12\\x82\\xc7+\\xde\\x0b\\xd2\\x11\\xc3\\x18\\xb7\\xfc\\xd4\\x01\\xc0\\x95M\\xc6\\xe1\\xc2\\xb7ZH\\xc7\\x04\\x84\\x9a\\xf6\\xd5b\\xc2O.\\x1f\\xf5\t\\x86\\xe8H\\xce\\xe9?\\xc7\\xe4C\\x9dl\\xf2\\x19\\xbe\\x1dGu-\\x19j[l\\x1c\\x97\\x8as\\xda\\xeb\\xe5!\\x1b\\x13\\x8e\\xa2\\xc8=Y4\\x06\\xeeW\\xc8\\x9f}R\\xa4\\x84\\xe1\\xcc\\xf4[\\xdd\\x8f\\xb5\\x11\\xed\\xbe:\\x03'\\xab\\x9c\\x1c]\\xa7\\xa6D\\xddL\\x8f\\x14O<\\x1a\\xb4V3\\xd2S\\xa4\\xfe\\xda3\\x04\\x9e\\xa9\\x91\\xcf'\r\\xfe7\\xa6'\\x9fe\\xffg\\xad\\xfd\\xdcO\\xd0\\x992N\\xfc\\xe5D\"\\xe8b W#\\x14j{\\xea\\x89\t\\xf5\\xfa\\xa6\\xb6\\x1a\\xf7\\xbf\\x8a\\xfb\\xee\\xb8\\xa6\\x82m\\xddP\\x14D\\x9a\n\\x02\\x82\\x80\\x14\t H\\x11\\x01)\\x01\\x91\\x12PzG\\x8aT\\xe9M\\xba\\x18\\x8aTCBGz\\x97^\\xa5\nH\\xef\\xbd\t\\x04\\x90N\\xa4K\\xe8-\\xbc\\x80z\\xce\\xbd\\xe7\\x9dw\\x8f\\xf7\\xaf\\xf7G\\xf8\\x85\\xbdf}\\xeb\\x9b\\xb5g\\xd6\\xcc\\xac={\\x02\\xee\\xb0mAf\\xafx\\xeb~\\x18{\\x8c\\x18\\x8d\\x13\\x90\\xf2+\t\\xcd\\x07\\x80\\xee\\x11t\\x87:n\r\\x18\\xd5\\xbb\\xef\\xd8\\x9f\\x03\\x8c\\x0fx\\x92+Q\\xbc\\x99#,\\xe1B\\x99\\x1e\\xa0X\\x9f\\xf4\\xaf:o,\\x04\\x08\\x14>\\xb9!s>M\\xafj8\\x08\\xdb\\x18\\xa1\\xa8\\xef?\\x9fMl\\xf1\\xbaF]c?\\x19<h\\xed0\\xd2v\\x0e\\xf8\\xc2\\xdc\\xc0~\\xe0\\x1aIv\\xbd\\xa3\\xff\\xae\\x10\\x12\\xee\\x9e\\x97\\xb3z\\xdbe\\x83\\xcc\\xa8\\x07v\\x8fQ\\xa6\\xf7\\xf3\\x83X\\x9c\\xa5\\xc5\\x9d\\x8e}\\xda\\xd1e\\xda\tM\\x8b\\xcfg~\\xd6T\\x12\\xf4W\\x1c\\xc3y2+o\\xc0\\x12=\\xf6>\\xbd\\xb4\\xb8\\xf5\\x82s\\xeflf\\xf3\\xf4kM\\x10\\xed\"\\xca}T\\x16\\x88#Y\\xfe!\\xc0\\x9fr\\xda\\x15\nd\\xd6\\x8d\\xac\\x18\\xf4\\x1e\\xce\\x9a\\xfb\\x96\\xab;%2\\xdd,?\\xcb\\xfe\\xf8*^q\\xfb\\xfc\\xc5o8a\\x1f\\xec\\x07\\xde\\xd4\\xf92\\x89\\xfbx\\xa5\\xc4\\xb9\\xab!\\xc9qLt9\\xaf\\xae!lb\\xd1\\xe7\\xb1iL\\x8f\\x9516\\xa8\\xc6{r\\xef\\xe2M|\\xd0F\\xec\\x95\\xe6\\xae\\x8a\\x1f\\xa9\\xc1\\xa4\\xf1\\xf1\\x04\\x1aB\\xf6\\xfd\\xe2I\\x89l\t.B\\xb4,\\xa8\\xb6]\\xe6\\x0f\\xec\\xa5\\xd1\\xfdU+p\\x0b\\x9f`\\xc0\\xf0\\x93\\xa5A\\xd8\\xb3q_7f\\x19\\x96\\xa5\\xae\r\\xd0\\x96\\x9d\\xd0\\xc1r\nl_\\xc8|>\\xfc\\x1bv\\x8d!\\xfel5\\xf5d\\xb5\\x00ZoT>\\x18P\\x85\\xf8\\x00&\\x0cbbC\\x81\\xb9b3\\xa7\\xc4\\xa7\\xfb\\x0f\\xe3`\\xfb\\xdb[L\\x1aN\\xd7K\\x9car4f\\xc2\\x11\\x9dkj?R\\xae7\\xed\\x19\\xea\\xb020uc\\xf3\\xf0\\x147,&\\x89\\xf7\\x9f\\xa8v{>\\xd5\\xbc\\xa7\\xb9\\xcf^j\\x83\\x9a\\x0e\\xea268\\xa1\\xc5s\\xcf\\x92\\x13\\xa3\\x98Tu\\x0e\\xe5\\x9f\\x98'\\x90+\\xfb\\x10\\xb1\\x13Mi4\\x06\\x13a#\\x8f#\\x1fF\\x06\\xda\\x900\\x057\\xda7y'\\x9d\\x03B\\xd43R\\xae;\\xbb|\\x1a\\xa5z\\xc6\\xca\\xd2W\\xcaj\\xf8N\\xfd\\xe5\\xec\\xf6X\\x91l\\x82\\xe5-\\xb7h\\x14\\xd9\\xd4O\\x9f\\xea\\x1dJ\\x9cP)\\xfb$\\x12\\x11\\xc9\\x8b\\xb7\\x9f9\\xfe>\\xc7\\x9f\\xad$\\x06h\\x93\\x92\\x92\\xb6_\\xd3\\xb6,\\x10v!y\\xe4\\\\x92\\xe3$&f\\x8a\\xbe\\xe1=\\x13\\x06KO\\xcd\\xef\\x02b\\x8f\\xb8\\xd4hO:\\xd5*\\xd0\\xe0\\x16C\\x91\\x96\\xe1\\x0e\\xe03\\x10\\x9b\\xf1\\x01\\x83\\x1bKX\\x1au&\\xfd\\xe6\\x03\\xb0\\xca\\xccZ\\xb2;\\xc6\\x9fIC\\x9br\\xbc\\x8c\\xcf\\xb2\\xb5\\xc6lt%\\x0c\\x8ci\\x03V\\x94\\xfb\\xdf}ne\\xe0\\xcb7\\xe8\\xe4Oh\\xd5\n\\x10\\xfd\\xb8\\xbb8\\xfaD\\x160\\xf4\\xa4\\x84\\xb7,\\xed\\x9b\\xf0m\\xe9\\xeb\\xd5\\xc5w\\xa5p\\x9c\\xce\\xd8\\xb8\\xb3#\\x84y\\xebjm\\x1fH\\x98\\x1b%p\\xb5]\\x95Vh\\xcbQ\\x12\\xa3\\xb0q\\xba\\xfde\\xa7v\\x9c\\x91A\\xf7c#\\xa3\\xb9\\x92\\x97\\xf4\\x9c\\xac\\x13\\xf9=\\x8d\\xf5\\xb0\\xa3w\\x8a~\\x11\\x1eo\\x1bh`\\x1e4\\x17\\x875<"
              },
              {
                "name": "SequenceNumber",
                "value": "48"
              },
              {
                "name": "BufferSize",
                "value": "11712"
              }
            ],
            "repeated": 0,
            "id": 8728
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x08885b22",
            "parentcaller": "0x08888535",
            "category": "network",
            "api": "send",
            "status": true,
            "return": "0x00002e0a",
            "arguments": [
              {
                "name": "socket",
                "value": "1284"
              },
              {
                "name": "buffer",
                "value": "\\x17\\x03\\x01\\x00 \\xfeM\\x1d5\\xbb\\xb7\\x8e\\xf0\\x04\\xd9\\xe8\\x03C\\xa3\\xd4\\x19\\xad\\x14\\x89\\x06%\\xdfR\\xbc\\x9d\\x0e\\xa4I\\xec\\xd1\\x12\\xcc\\x17\\x03\\x01-\\xe0ST\\x10\\x1e\\xf2\\x17%T\\xc12I\\x82\\xb7\\x12n\\xe7CwW\\x87MA\\xa9\\xabz\\xfe-|\\xdb?WO\\xc0C\\x1a\\xafb\\xe9\\x85\\xac\\x98\\xc1\\x03\\x14\\xf6b]\\xeaB\\x13rF\r#\\xe4u\\xa8C\\x92\\xe0L\\xe26\\xfd22~\r\\x89x\\xe6\\xf5\\xfc9Mg*>W%\\xfdC\\xc0\\xad!\\x81-\\x133DAI\\x95\\xfd\\xac~\\xa8\\xa5n\\xb4S\\x07\\x9a\\xb1\\xcaZ\\xdc\n\\xdf\\xdfg\\x87\\xeff^uHnP|t\\xf8v!r\\x88\\xb3\\xd7\\xf59~+al\\x95\\x03\\xde\\xfa\\xe7\\xfcRB\\xba\\xbb=\\x12\\xb2\\x91#b\\x9e\\x92\\x95\\x01_A\\xd5\\xc8\\xb6g\\xe3\\xbd\\xca\\x01\\x80%\\xeb\\x90YXY\\xe4t\\x9e\\xce66\\x92\\x96M\\xdbx\\xe40K4s\\xbe\\x85\\x855r\\xa3U\\x8fE\\xb0>\\x82\\xc9x\\x9b\\xf2\\xd5$=\\xe4^\\x9d\\xd708%W"
              }
            ],
            "repeated": 0,
            "id": 8729
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x75c4074f",
            "parentcaller": "0x7670bb70",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 8730
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3124"
              }
            ],
            "repeated": 0,
            "id": 8731
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 3,
            "id": 8732
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3980",
            "caller": "0x76091e6a",
            "parentcaller": "0x73092f76",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8733
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 8734
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x742bad94",
            "parentcaller": "0x742ba15c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000009b4"
              }
            ],
            "repeated": 0,
            "id": 8735
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x775545ae",
            "parentcaller": "0x7755442c",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8736
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x75c4269a",
            "parentcaller": "0x758e5041",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000009b8"
              }
            ],
            "repeated": 0,
            "id": 8737
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3124",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8738
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 8739
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3980",
            "caller": "0x730943d1",
            "parentcaller": "0x7309426d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 8740
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "3980",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000096c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8741
          },
          {
            "timestamp": "2026-03-05 10:26:54,087",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 36,
            "id": 8742
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8743
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "4884",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 43,
            "id": 8744
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "4884",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8745
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "4884",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 8746
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "972",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 51,
            "id": 8747
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "972",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8748
          },
          {
            "timestamp": "2026-03-05 10:26:54,119",
            "thread_id": "972",
            "caller": "0x75c427d9",
            "parentcaller": "0x73094a6b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000760"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 8749
          },
          {
            "timestamp": "2026-03-05 10:26:54,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8750
          },
          {
            "timestamp": "2026-03-05 10:26:54,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8751
          },
          {
            "timestamp": "2026-03-05 10:26:54,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8752
          },
          {
            "timestamp": "2026-03-05 10:26:54,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8753
          },
          {
            "timestamp": "2026-03-05 10:26:54,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8754
          },
          {
            "timestamp": "2026-03-05 10:26:54,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8755
          },
          {
            "timestamp": "2026-03-05 10:26:54,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8756
          },
          {
            "timestamp": "2026-03-05 10:26:54,572",
            "thread_id": "3980",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 8757
          },
          {
            "timestamp": "2026-03-05 10:26:54,572",
            "thread_id": "3980",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000096c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8758
          },
          {
            "timestamp": "2026-03-05 10:26:54,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8759
          },
          {
            "timestamp": "2026-03-05 10:26:54,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8760
          },
          {
            "timestamp": "2026-03-05 10:26:54,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8761
          },
          {
            "timestamp": "2026-03-05 10:26:54,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8762
          },
          {
            "timestamp": "2026-03-05 10:26:54,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8763
          },
          {
            "timestamp": "2026-03-05 10:26:54,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8764
          },
          {
            "timestamp": "2026-03-05 10:26:54,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8765
          },
          {
            "timestamp": "2026-03-05 10:26:55,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8766
          },
          {
            "timestamp": "2026-03-05 10:26:55,072",
            "thread_id": "3980",
            "caller": "0x730943d1",
            "parentcaller": "0x730942ef",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 8767
          },
          {
            "timestamp": "2026-03-05 10:26:55,072",
            "thread_id": "3980",
            "caller": "0x75c4269a",
            "parentcaller": "0x7309435b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000096c"
              }
            ],
            "repeated": 0,
            "id": 8768
          },
          {
            "timestamp": "2026-03-05 10:26:55,072",
            "thread_id": "3980",
            "caller": "0x7799b5a6",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3980"
              }
            ],
            "repeated": 0,
            "id": 8769
          },
          {
            "timestamp": "2026-03-05 10:26:55,072",
            "thread_id": "3980",
            "caller": "0x7799b5c9",
            "parentcaller": "0x7608fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8770
          },
          {
            "timestamp": "2026-03-05 10:26:55,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8771
          },
          {
            "timestamp": "2026-03-05 10:26:55,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8772
          },
          {
            "timestamp": "2026-03-05 10:26:55,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8773
          },
          {
            "timestamp": "2026-03-05 10:26:55,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8774
          },
          {
            "timestamp": "2026-03-05 10:26:55,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8775
          },
          {
            "timestamp": "2026-03-05 10:26:55,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8776
          },
          {
            "timestamp": "2026-03-05 10:26:55,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8777
          },
          {
            "timestamp": "2026-03-05 10:26:55,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8778
          },
          {
            "timestamp": "2026-03-05 10:26:55,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8779
          },
          {
            "timestamp": "2026-03-05 10:26:55,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8780
          },
          {
            "timestamp": "2026-03-05 10:26:55,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8781
          },
          {
            "timestamp": "2026-03-05 10:26:55,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8782
          },
          {
            "timestamp": "2026-03-05 10:26:55,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8783
          },
          {
            "timestamp": "2026-03-05 10:26:55,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8784
          },
          {
            "timestamp": "2026-03-05 10:26:55,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8785
          },
          {
            "timestamp": "2026-03-05 10:26:56,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8786
          },
          {
            "timestamp": "2026-03-05 10:26:56,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8787
          },
          {
            "timestamp": "2026-03-05 10:26:56,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8788
          },
          {
            "timestamp": "2026-03-05 10:26:56,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8789
          },
          {
            "timestamp": "2026-03-05 10:26:56,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8790
          },
          {
            "timestamp": "2026-03-05 10:26:56,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8791
          },
          {
            "timestamp": "2026-03-05 10:26:56,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8792
          },
          {
            "timestamp": "2026-03-05 10:26:56,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8793
          },
          {
            "timestamp": "2026-03-05 10:26:56,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8794
          },
          {
            "timestamp": "2026-03-05 10:26:56,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8795
          },
          {
            "timestamp": "2026-03-05 10:26:56,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8796
          },
          {
            "timestamp": "2026-03-05 10:26:56,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8797
          },
          {
            "timestamp": "2026-03-05 10:26:56,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8798
          },
          {
            "timestamp": "2026-03-05 10:26:56,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8799
          },
          {
            "timestamp": "2026-03-05 10:26:56,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8800
          },
          {
            "timestamp": "2026-03-05 10:26:56,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8801
          },
          {
            "timestamp": "2026-03-05 10:26:57,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8802
          },
          {
            "timestamp": "2026-03-05 10:26:57,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8803
          },
          {
            "timestamp": "2026-03-05 10:26:57,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8804
          },
          {
            "timestamp": "2026-03-05 10:26:57,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8805
          },
          {
            "timestamp": "2026-03-05 10:26:57,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8806
          },
          {
            "timestamp": "2026-03-05 10:26:57,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8807
          },
          {
            "timestamp": "2026-03-05 10:26:57,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8808
          },
          {
            "timestamp": "2026-03-05 10:26:57,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8809
          },
          {
            "timestamp": "2026-03-05 10:26:57,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8810
          },
          {
            "timestamp": "2026-03-05 10:26:57,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8811
          },
          {
            "timestamp": "2026-03-05 10:26:57,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8812
          },
          {
            "timestamp": "2026-03-05 10:26:57,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8813
          },
          {
            "timestamp": "2026-03-05 10:26:57,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8814
          },
          {
            "timestamp": "2026-03-05 10:26:57,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8815
          },
          {
            "timestamp": "2026-03-05 10:26:57,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8816
          },
          {
            "timestamp": "2026-03-05 10:26:57,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8817
          },
          {
            "timestamp": "2026-03-05 10:26:58,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8818
          },
          {
            "timestamp": "2026-03-05 10:26:58,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8819
          },
          {
            "timestamp": "2026-03-05 10:26:58,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8820
          },
          {
            "timestamp": "2026-03-05 10:26:58,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8821
          },
          {
            "timestamp": "2026-03-05 10:26:58,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8822
          },
          {
            "timestamp": "2026-03-05 10:26:58,369",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8823
          },
          {
            "timestamp": "2026-03-05 10:26:58,384",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8824
          },
          {
            "timestamp": "2026-03-05 10:26:58,494",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8825
          },
          {
            "timestamp": "2026-03-05 10:26:58,509",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8826
          },
          {
            "timestamp": "2026-03-05 10:26:58,619",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8827
          },
          {
            "timestamp": "2026-03-05 10:26:58,634",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8828
          },
          {
            "timestamp": "2026-03-05 10:26:58,744",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8829
          },
          {
            "timestamp": "2026-03-05 10:26:58,759",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8830
          },
          {
            "timestamp": "2026-03-05 10:26:58,869",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8831
          },
          {
            "timestamp": "2026-03-05 10:26:58,884",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8832
          },
          {
            "timestamp": "2026-03-05 10:26:58,994",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8833
          },
          {
            "timestamp": "2026-03-05 10:26:59,009",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8834
          },
          {
            "timestamp": "2026-03-05 10:26:59,119",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8835
          },
          {
            "timestamp": "2026-03-05 10:26:59,134",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8836
          },
          {
            "timestamp": "2026-03-05 10:26:59,244",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8837
          },
          {
            "timestamp": "2026-03-05 10:26:59,259",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8838
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x76715bff",
            "parentcaller": "0x7678d71f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5168"
              }
            ],
            "repeated": 0,
            "id": 8839
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x75c4269a",
            "parentcaller": "0x76715bb0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008f8"
              }
            ],
            "repeated": 0,
            "id": 8840
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x76739f95",
            "parentcaller": "0x76715bb8",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8841
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x75c4269a",
            "parentcaller": "0x7678d7a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 8842
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x7799b5a6",
            "parentcaller": "0x75c5cba5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5168"
              }
            ],
            "repeated": 0,
            "id": 8843
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ef2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8844
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ef2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8845
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c192",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 8846
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c214",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 8847
          },
          {
            "timestamp": "2026-03-05 10:26:59,291",
            "thread_id": "5168",
            "caller": "0x7799b5c9",
            "parentcaller": "0x75c5cba5",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8848
          },
          {
            "timestamp": "2026-03-05 10:26:59,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8849
          },
          {
            "timestamp": "2026-03-05 10:26:59,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8850
          },
          {
            "timestamp": "2026-03-05 10:26:59,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8851
          },
          {
            "timestamp": "2026-03-05 10:26:59,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8852
          },
          {
            "timestamp": "2026-03-05 10:26:59,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8853
          },
          {
            "timestamp": "2026-03-05 10:26:59,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8854
          },
          {
            "timestamp": "2026-03-05 10:26:59,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8855
          },
          {
            "timestamp": "2026-03-05 10:26:59,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8856
          },
          {
            "timestamp": "2026-03-05 10:26:59,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8857
          },
          {
            "timestamp": "2026-03-05 10:26:59,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8858
          },
          {
            "timestamp": "2026-03-05 10:27:00,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8859
          },
          {
            "timestamp": "2026-03-05 10:27:00,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8860
          },
          {
            "timestamp": "2026-03-05 10:27:00,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8861
          },
          {
            "timestamp": "2026-03-05 10:27:00,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8862
          },
          {
            "timestamp": "2026-03-05 10:27:00,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8863
          },
          {
            "timestamp": "2026-03-05 10:27:00,275",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8864
          },
          {
            "timestamp": "2026-03-05 10:27:00,384",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8865
          },
          {
            "timestamp": "2026-03-05 10:27:00,400",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8866
          },
          {
            "timestamp": "2026-03-05 10:27:00,509",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8867
          },
          {
            "timestamp": "2026-03-05 10:27:00,525",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8868
          },
          {
            "timestamp": "2026-03-05 10:27:00,634",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8869
          },
          {
            "timestamp": "2026-03-05 10:27:00,650",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8870
          },
          {
            "timestamp": "2026-03-05 10:27:00,759",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8871
          },
          {
            "timestamp": "2026-03-05 10:27:00,775",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8872
          },
          {
            "timestamp": "2026-03-05 10:27:00,884",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8873
          },
          {
            "timestamp": "2026-03-05 10:27:00,900",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8874
          },
          {
            "timestamp": "2026-03-05 10:27:01,009",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8875
          },
          {
            "timestamp": "2026-03-05 10:27:01,025",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8876
          },
          {
            "timestamp": "2026-03-05 10:27:01,134",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8877
          },
          {
            "timestamp": "2026-03-05 10:27:01,150",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8878
          },
          {
            "timestamp": "2026-03-05 10:27:01,259",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8879
          },
          {
            "timestamp": "2026-03-05 10:27:01,291",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8880
          },
          {
            "timestamp": "2026-03-05 10:27:01,400",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8881
          },
          {
            "timestamp": "2026-03-05 10:27:01,416",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8882
          },
          {
            "timestamp": "2026-03-05 10:27:01,525",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8883
          },
          {
            "timestamp": "2026-03-05 10:27:01,541",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8884
          },
          {
            "timestamp": "2026-03-05 10:27:01,650",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8885
          },
          {
            "timestamp": "2026-03-05 10:27:01,666",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8886
          },
          {
            "timestamp": "2026-03-05 10:27:01,775",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8887
          },
          {
            "timestamp": "2026-03-05 10:27:01,791",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8888
          },
          {
            "timestamp": "2026-03-05 10:27:01,900",
            "thread_id": "3936",
            "caller": "0x75c5611b",
            "parentcaller": "0x730793d5",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8889
          },
          {
            "timestamp": "2026-03-05 10:27:01,916",
            "thread_id": "3936",
            "caller": "0x71102997",
            "parentcaller": "0x71f72e01",
            "category": "system",
            "api": "MsgWaitForMultipleObjectsEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 8890
          }
        ],
        "threads": [
          "5380",
          "3380",
          "5316",
          "628",
          "2600",
          "5908",
          "216",
          "5168",
          "3212",
          "6528",
          "6764",
          "4768",
          "1560",
          "5856",
          "996",
          "3936",
          "7152",
          "1460",
          "3188",
          "3292",
          "2908",
          "3344",
          "3780",
          "6364",
          "5360",
          "2704",
          "5516",
          "5444",
          "5212",
          "5560",
          "616",
          "4744",
          "5192",
          "4884",
          "3980",
          "972",
          "3124"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00990000",
          "MainExeSize": "0x0009a000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 772,
        "process_name": "svchost.exe",
        "parent_id": 640,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "first_seen": "2026-03-05 10:23:53,884",
        "calls": [
          {
            "timestamp": "2026-03-05 10:23:54,619",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:23:54,634",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97af6a740",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000017c8"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004f0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:23:54,634",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:23:54,712",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:23:54,712",
            "thread_id": "5752",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:23:54,712",
            "thread_id": "5752",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:23:54,712",
            "thread_id": "5752",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:23:54,712",
            "thread_id": "5752",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "5752",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000008f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000008f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000008f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000008f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:23:54,728",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000008f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:23:54,744",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "5752",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:23:54,759",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:23:54,775",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:23:54,775",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:23:54,775",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:23:54,775",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:23:54,775",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:23:54,806",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:23:54,806",
            "thread_id": "5752",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001770"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\BackgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\BackgroundTaskHost.exe\" -ServerName:BackgroundTaskHost.WebAccountProvider"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423585288"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:23:55,072",
            "thread_id": "5752",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\BackgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\BackgroundTaskHost.exe\" -ServerName:BackgroundTaskHost.WebAccountProvider"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "1032"
              },
              {
                "name": "ThreadId",
                "value": "2696"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001770"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001774"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:23:55,291",
            "thread_id": "5752",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001774"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2696"
              },
              {
                "name": "ProcessId",
                "value": "1032"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:23:55,681",
            "thread_id": "1044",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:23:55,931",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000178c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:23:55,931",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:23:55,931",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:23:55,931",
            "thread_id": "4016",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000176c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168b17d870"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:23:55,947",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:23:55,947",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017cc"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423590480"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:23:55,994",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:23:56,009",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:23:56,009",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": ""
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "ThreadId",
                "value": "7156"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017cc"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:23:56,072",
            "thread_id": "6572",
            "caller": "0x7ff97d6e0ec5",
            "parentcaller": "0x7ff97d6c7031",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001770"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:23:56,072",
            "thread_id": "6572",
            "caller": "0x7ff97d6e0ec5",
            "parentcaller": "0x7ff97d6c7031",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001770"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:23:56,072",
            "thread_id": "6572",
            "caller": "0x7ff97d6e0ec5",
            "parentcaller": "0x7ff97d6c7031",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001770"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:23:56,072",
            "thread_id": "6572",
            "caller": "0x7ff97d6e0ec5",
            "parentcaller": "0x7ff97d6c7031",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001770"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:23:56,072",
            "thread_id": "6572",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001774"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017a0"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\DllHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423587572"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:23:56,103",
            "thread_id": "4016",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000017cc"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "7156"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:23:56,181",
            "thread_id": "6572",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\DllHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000410",
                "pretty_value": "CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              },
              {
                "name": "ThreadId",
                "value": "3376"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001774"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017a0"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:23:56,541",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001790"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001790"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:24:06,541",
            "thread_id": "4244",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000177c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:24:08,634",
            "thread_id": "6572",
            "caller": "0x7ff968164967",
            "parentcaller": "0x7ff968145869",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000167c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100003",
                "pretty_value": "FILE_READ_ACCESS|FILE_WRITE_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\VRegDriver"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:24:13,400",
            "thread_id": "5752",
            "caller": "0x7ff97b214c7f",
            "parentcaller": "0x7ff97b214a90",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001008"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001750"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:24:16,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001008"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 2,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:24:37,025",
            "thread_id": "4244",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000016e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000016e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000016e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000016e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001450"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000016e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000016e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001450"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:24:37,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001450"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001450"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000016e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001338"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000016e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:24:37,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:24:37,447",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:24:37,447",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000009f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:24:37,447",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:24:37,462",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000009f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:24:37,462",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:24:37,462",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:24:42,509",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000122c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:24:42,509",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000122c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001338"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:24:42,509",
            "thread_id": "6120",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001338"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001384"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:24:42,525",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000009ec"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:24:42,572",
            "thread_id": "5752",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000016b8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001750"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423590676"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:24:45,119",
            "thread_id": "5752",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "6420"
              },
              {
                "name": "ThreadId",
                "value": "2936"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000016b8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001750"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "5752",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001750"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2936"
              },
              {
                "name": "ProcessId",
                "value": "6420"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000016b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:24:50,212",
            "thread_id": "4244",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:24:50,416",
            "thread_id": "4244",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000163c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:24:50,416",
            "thread_id": "5848",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016a4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:24:50,416",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000994"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:24:50,478",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015b4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:24:50,494",
            "thread_id": "4244",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001448"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:24:50,494",
            "thread_id": "5752",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014f0"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:24:50,494",
            "thread_id": "1252",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012b8"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:24:50,494",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001790"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:24:50,494",
            "thread_id": "5848",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:24:50,509",
            "thread_id": "6572",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:24:50,509",
            "thread_id": "4108",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:24:50,509",
            "thread_id": "4016",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:24:51,056",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000122c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "6572",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 3,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "6572",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 3,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "6572",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "6572",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "4016",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "4016",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "5848",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "5848",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:24:51,525",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:24:51,541",
            "thread_id": "6572",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001460"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014e0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:24:51,541",
            "thread_id": "4016",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000163c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001008"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:24:51,556",
            "thread_id": "5848",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000009ec"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:24:51,556",
            "thread_id": "4108",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017e8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:24:51,806",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016a4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:24:51,822",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015b4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:24:51,822",
            "thread_id": "1252",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:24:51,822",
            "thread_id": "1252",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "1252",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "1252",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "1252",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001684"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000177c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:24:52,837",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016a4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:24:52,853",
            "thread_id": "1252",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:24:52,853",
            "thread_id": "1252",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:24:53,869",
            "thread_id": "1252",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:24:53,869",
            "thread_id": "1252",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:24:53,869",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:24:53,869",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:24:53,869",
            "thread_id": "1252",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000016f4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001684"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:24:53,916",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000009ec"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000167c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:24:54,587",
            "thread_id": "5848",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001684"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:24:54,587",
            "thread_id": "5848",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000163c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:24:54,603",
            "thread_id": "6120",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:24:54,603",
            "thread_id": "6120",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:24:54,603",
            "thread_id": "1252",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:24:54,619",
            "thread_id": "1252",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001460"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:24:54,619",
            "thread_id": "4244",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:24:54,619",
            "thread_id": "4244",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:24:54,978",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:24:54,994",
            "thread_id": "4108",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:24:54,994",
            "thread_id": "4108",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:24:54,994",
            "thread_id": "4108",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:24:54,994",
            "thread_id": "4108",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:24:54,994",
            "thread_id": "4108",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:24:54,994",
            "thread_id": "4108",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000009f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000009f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000009f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000009f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000009f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000009f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000009f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000009f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000009f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000009f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:24:55,009",
            "thread_id": "4108",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001698"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:24:55,025",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:24:55,041",
            "thread_id": "4340",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:24:55,056",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016e0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:24:55,056",
            "thread_id": "4108",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017d8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe;C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe;C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe;"
              },
              {
                "name": "ProcessId",
                "value": "140707423586128"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:24:55,181",
            "thread_id": "4108",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "ThreadId",
                "value": "6324"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017d8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:24:55,228",
            "thread_id": "4108",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000017d8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "6324"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000014f0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000177c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "5848",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001684"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:24:55,619",
            "thread_id": "6120",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001448"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000e88"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "1252",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016e0"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:24:55,634",
            "thread_id": "4244",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:24:56,541",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001794"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:24:56,634",
            "thread_id": "6120",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:24:56,634",
            "thread_id": "6120",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:24:56,634",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:24:56,634",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:24:56,634",
            "thread_id": "6120",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000014f0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:24:56,650",
            "thread_id": "4244",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:24:56,650",
            "thread_id": "4244",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:24:56,650",
            "thread_id": "4244",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:24:56,650",
            "thread_id": "4244",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:24:56,650",
            "thread_id": "4244",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017fc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000136c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:24:56,837",
            "thread_id": "4244",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000016e0"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:24:56,869",
            "thread_id": "4244",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017d8"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:24:56,869",
            "thread_id": "1252",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:24:56,869",
            "thread_id": "1252",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:24:56,884",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017e4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:24:56,900",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001738"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:24:56,900",
            "thread_id": "5848",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:24:56,900",
            "thread_id": "5848",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:24:56,900",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000163c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:24:56,931",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001684"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:24:56,931",
            "thread_id": "4108",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:24:56,931",
            "thread_id": "4108",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:24:57,447",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 2,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:24:57,884",
            "thread_id": "1252",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:24:57,884",
            "thread_id": "1252",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:24:57,884",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:24:57,884",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:24:57,900",
            "thread_id": "1252",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001448"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001460"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:24:57,900",
            "thread_id": "4244",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001788"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:24:57,900",
            "thread_id": "1252",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:24:57,900",
            "thread_id": "1252",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:24:57,916",
            "thread_id": "5848",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:24:57,916",
            "thread_id": "5848",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:24:57,916",
            "thread_id": "5848",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:24:57,916",
            "thread_id": "5848",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:24:57,931",
            "thread_id": "5848",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000177c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:24:57,931",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017e4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:24:57,931",
            "thread_id": "5848",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:24:57,931",
            "thread_id": "5848",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017fc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014f0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000163c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:24:57,947",
            "thread_id": "4108",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:24:58,056",
            "thread_id": "6560",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001448"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:24:58,916",
            "thread_id": "1252",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:24:58,916",
            "thread_id": "1252",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:24:58,947",
            "thread_id": "5848",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:24:58,947",
            "thread_id": "5848",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:24:58,947",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:24:58,947",
            "thread_id": "5848",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 1,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:24:58,947",
            "thread_id": "1252",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000016e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:24:58,962",
            "thread_id": "4108",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:24:58,962",
            "thread_id": "4108",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:24:58,962",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:24:58,962",
            "thread_id": "4108",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:24:58,962",
            "thread_id": "5848",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001770"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001778"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:24:59,009",
            "thread_id": "4108",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000179c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:24:59,462",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:24:59,603",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017cc"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:24:59,603",
            "thread_id": "6120",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:24:59,603",
            "thread_id": "6120",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:25:00,619",
            "thread_id": "6120",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:25:00,619",
            "thread_id": "6120",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:25:00,619",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:25:00,619",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:25:00,634",
            "thread_id": "6120",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000008f0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:25:01,025",
            "thread_id": "6120",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012d0"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:25:01,041",
            "thread_id": "4016",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:25:01,041",
            "thread_id": "4016",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:25:01,197",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:25:01,650",
            "thread_id": "1040",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:25:01,650",
            "thread_id": "1040",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:25:01,650",
            "thread_id": "1040",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:25:01,650",
            "thread_id": "3772",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:25:01,650",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:25:01,650",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:25:01,931",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001368"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:25:02,056",
            "thread_id": "4016",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:25:02,056",
            "thread_id": "4016",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:25:02,072",
            "thread_id": "4016",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:25:02,103",
            "thread_id": "4016",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:25:02,119",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001328"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:25:02,244",
            "thread_id": "4016",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001274"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:25:02,369",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012d0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:25:02,384",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:25:02,744",
            "thread_id": "4108",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000012c0"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000012bc"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\DllHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423585264"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:25:02,869",
            "thread_id": "1252",
            "caller": "0x7ff97d6c5dae",
            "parentcaller": "0x7ff97f9a9ea3",
            "category": "services",
            "api": "StartServiceW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ServiceHandle",
                "value": "0x1bda001d3a0"
              },
              {
                "name": "ServiceName",
                "value": "WaaSMedicSvc"
              },
              {
                "name": "Arguments",
                "value": []
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:25:03,462",
            "thread_id": "4108",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\DllHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000410",
                "pretty_value": "CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              },
              {
                "name": "ThreadId",
                "value": "3828"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000012c0"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000012bc"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:25:03,541",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012d0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:25:03,587",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000013b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:25:03,587",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012d0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:25:03,603",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000013b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:25:03,728",
            "thread_id": "1252",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012d0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:25:03,759",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000013b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:25:03,962",
            "thread_id": "1252",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:25:04,103",
            "thread_id": "4108",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000016e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dpapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:25:04,103",
            "thread_id": "4108",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d160000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:25:04,103",
            "thread_id": "4108",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\DPAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d160000"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "4108",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 2,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:25:04,166",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000157c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:25:06,431",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001580"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:25:06,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:25:06,650",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001580"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:25:06,681",
            "thread_id": "4108",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001028"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:25:06,681",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001368"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:25:06,697",
            "thread_id": "4016",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017e0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:25:06,697",
            "thread_id": "4016",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:25:06,697",
            "thread_id": "4016",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017dc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000178c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:25:06,837",
            "thread_id": "4108",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017fc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001794"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:25:06,837",
            "thread_id": "4108",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017fc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001778"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:25:06,837",
            "thread_id": "4108",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001778"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:25:06,869",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001578"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:25:06,916",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000012d0"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423588964"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:25:07,134",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000133c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:25:07,197",
            "thread_id": "5752",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001310"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000163c"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe\" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589676"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:25:07,212",
            "thread_id": "6572",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:25:07,212",
            "thread_id": "6572",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001640"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:25:07,212",
            "thread_id": "6572",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:25:07,212",
            "thread_id": "6572",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:25:07,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:25:07,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:25:07,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:25:07,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001640"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "6572",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "6572",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "6572",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017cc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:25:07,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:25:07,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:25:07,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001728"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:25:07,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:25:07,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:25:07,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001640"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:25:07,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000130c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001728"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000130c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000130c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:25:07,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:25:07,462",
            "thread_id": "1252",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:25:07,478",
            "thread_id": "1252",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000130c"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589952"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4708"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000012d0"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:25:09,556",
            "thread_id": "1252",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "5696"
              },
              {
                "name": "ThreadId",
                "value": "5136"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x0000130c"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000a24"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:25:09,587",
            "thread_id": "5752",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe\" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "5420"
              },
              {
                "name": "ThreadId",
                "value": "5544"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001310"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000163c"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:25:09,603",
            "thread_id": "4016",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000012d0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              },
              {
                "name": "ProcessId",
                "value": "4708"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:25:09,666",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001578"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:25:09,712",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012bc"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:25:09,712",
            "thread_id": "6120",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:25:09,712",
            "thread_id": "6120",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:25:10,275",
            "thread_id": "5752",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000163c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5544"
              },
              {
                "name": "ProcessId",
                "value": "5420"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97eb70571",
            "parentcaller": "0x7ff97eb70427",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\apppatch\\sysmain.sdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97eb702b3",
            "parentcaller": "0x7ff97eb7003b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x003e3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1044",
            "caller": "0x7ff97eb71830",
            "parentcaller": "0x7ff97eb71772",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df46b000000"
              },
              {
                "name": "RegionSize",
                "value": "0x003e3000"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:25:10,306",
            "thread_id": "1252",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000a24"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5136"
              },
              {
                "name": "ProcessId",
                "value": "5696"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:25:10,431",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000012d0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001578"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a0"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:25:10,728",
            "thread_id": "6120",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:25:11,744",
            "thread_id": "6120",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:25:11,744",
            "thread_id": "6120",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:25:11,744",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:25:11,744",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:25:11,744",
            "thread_id": "6120",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001388"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:25:12,041",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001384"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:25:12,041",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001750"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:25:12,041",
            "thread_id": "6560",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:25:12,041",
            "thread_id": "6560",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:25:13,056",
            "thread_id": "6560",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:25:13,056",
            "thread_id": "6560",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:25:13,056",
            "thread_id": "6560",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:25:13,056",
            "thread_id": "6560",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:25:13,072",
            "thread_id": "6560",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001794"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:25:13,087",
            "thread_id": "4016",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012b8"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:25:13,087",
            "thread_id": "6560",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:25:13,087",
            "thread_id": "6560",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:25:14,103",
            "thread_id": "6560",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:25:14,103",
            "thread_id": "6560",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:25:14,103",
            "thread_id": "6560",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:25:14,103",
            "thread_id": "6560",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:25:14,119",
            "thread_id": "6560",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001330"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:25:14,181",
            "thread_id": "4108",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001578"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:25:14,197",
            "thread_id": "4108",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001728"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:25:14,197",
            "thread_id": "1252",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:25:14,197",
            "thread_id": "1252",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:25:15,212",
            "thread_id": "1252",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:25:15,212",
            "thread_id": "1252",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:25:15,212",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:25:15,212",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:25:15,212",
            "thread_id": "1252",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000012bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001330"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:25:15,275",
            "thread_id": "4108",
            "caller": "0x7ff97d1474d2",
            "parentcaller": "0x7ff97d14739e",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:25:15,275",
            "thread_id": "1252",
            "caller": "0x7ff97ad63ecb",
            "parentcaller": "0x7ff97ad141a3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "53067330-01CE-4027-947F-FF8580E92463"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D54E68C2-54CD-48B3-AD9A-3F4A4503BA80"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:25:15,275",
            "thread_id": "1252",
            "caller": "0x7ff9784293b9",
            "parentcaller": "0x7ff97ad63f0b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:25:15,494",
            "thread_id": "4016",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:25:16,291",
            "thread_id": "1252",
            "caller": "0x7ff97ddefb05",
            "parentcaller": "0x7ff97ddeef88",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000031A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000417",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0000011A-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "clsid"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:25:16,291",
            "thread_id": "1252",
            "caller": "0x7ff97dde6eca",
            "parentcaller": "0x7ff97dde813c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000033C-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000001B8-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:25:16,291",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:25:16,291",
            "thread_id": "1252",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoGetObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Session:1!clsid:6B3B8D23-FA8D-40B9-8DBD-B950333E2C52"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:25:16,291",
            "thread_id": "1252",
            "caller": "0x7ff97ad2445b",
            "parentcaller": "0x7ff97ad2450f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000012bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001728"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:25:16,541",
            "thread_id": "4108",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:25:17,025",
            "thread_id": "4108",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:25:17,025",
            "thread_id": "4108",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001028"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:25:17,025",
            "thread_id": "4108",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:25:17,025",
            "thread_id": "4108",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:25:17,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:25:17,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001324"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:25:17,056",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:25:17,244",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001324"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:25:17,244",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:25:17,244",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:25:20,087",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:25:20,087",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:25:20,087",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001324"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:25:20,087",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:25:20,087",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001324"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:25:20,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001324"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001578"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001324"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001028"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001028"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000130c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:25:20,275",
            "thread_id": "6120",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000130c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001750"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:25:20,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001580"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001580"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:25:20,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:25:20,322",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001794"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:25:20,322",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000130c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:25:20,322",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4108",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001794"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001794"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:25:20,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a24"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a24"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000130c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:25:20,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a24"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a24"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000130c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:25:20,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ff4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:25:20,384",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001360"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:25:20,416",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423587924"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:25:20,884",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:25:20,884",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:25:20,884",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:25:21,056",
            "thread_id": "1252",
            "caller": "0x7ff97b214c7f",
            "parentcaller": "0x7ff97b214a90",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000020c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017dc"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:25:21,181",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000170c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:25:21,181",
            "thread_id": "5752",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:25:21,181",
            "thread_id": "5752",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000170c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000170c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000170c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000170c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:25:21,228",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000008f0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a5c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a5c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:25:21,244",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a5c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a5c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a5c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:25:21,259",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:25:21,275",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a5c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:25:21,291",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:25:21,306",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:25:21,322",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:25:21,322",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:25:21,337",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:25:21,353",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000131c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:25:21,369",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001368"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:25:21,384",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000179c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001368"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000179c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001320"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:25:21,400",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001320"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001320"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000131c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000131c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000131c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:25:21,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:25:21,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:25:21,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:25:21,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:25:21,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001778"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001778"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "6368",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:25:21,462",
            "thread_id": "6368",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:25:21,478",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001338"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:25:21,478",
            "thread_id": "4428",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:25:21,478",
            "thread_id": "4428",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001010"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:25:21,494",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000143c"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000020c"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423587440"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:25:21,681",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "3184"
              },
              {
                "name": "ThreadId",
                "value": "6852"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x0000143c"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000020c"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:25:21,759",
            "thread_id": "6120",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000020c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "6852"
              },
              {
                "name": "ProcessId",
                "value": "3184"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001524"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000008f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001338"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "1040",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:25:21,869",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001368"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001768"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589156"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:25:22,087",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4900"
              },
              {
                "name": "ThreadId",
                "value": "4884"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001368"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001768"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:25:22,087",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "6120",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "6120",
            "caller": "0x7ff97fcfbc0c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bda3000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfb3f0"
              },
              {
                "name": "ViewSize",
                "value": "0x0014f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "6120",
            "caller": "0x7ff97fd69714",
            "parentcaller": "0x7ff97fd63fa3",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bda3000000"
              },
              {
                "name": "RegionSize",
                "value": "0x0014f000"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "6120",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "6120",
            "caller": "0x7ff97fcfbc0c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bda3000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfb3f0"
              },
              {
                "name": "ViewSize",
                "value": "0x0014c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:25:22,119",
            "thread_id": "6120",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001368"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bf7"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:25:22,166",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001318"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001318"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001368"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:25:22,197",
            "thread_id": "4180",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:25:22,212",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001780"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000994"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423586428"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:25:22,431",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "2172"
              },
              {
                "name": "ThreadId",
                "value": "2960"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001780"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000994"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:25:22,431",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:25:22,431",
            "thread_id": "6120",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001780"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bf7"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001780"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001660"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "5060",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:25:22,447",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001780"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000170c"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589976"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "5720"
              },
              {
                "name": "ThreadId",
                "value": "1740"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001780"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000170c"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "6572",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "6120",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001780"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bf7"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001780"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001780"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001768"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001768"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:25:22,634",
            "thread_id": "176",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:25:22,650",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017e8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000172c"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423587944"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:25:22,822",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "3688"
              },
              {
                "name": "ThreadId",
                "value": "5212"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017e8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000172c"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:25:22,822",
            "thread_id": "6572",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6120",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017e8"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bf7"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a24"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000994"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000994"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:25:22,837",
            "thread_id": "6368",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:25:22,853",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001784"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017a4"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423588312"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:25:22,869",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "3668"
              },
              {
                "name": "ThreadId",
                "value": "2560"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001388"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4056"
              },
              {
                "name": "ThreadId",
                "value": "5180"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001784"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017a4"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "6572",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001780"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "6120",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001784"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bf7"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001784"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000143c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001784"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001784"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000143c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:25:23,119",
            "thread_id": "4428",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:25:24,134",
            "thread_id": "4016",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001388"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2560"
              },
              {
                "name": "ProcessId",
                "value": "3668"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:25:24,259",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014e0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:25:24,353",
            "thread_id": "6120",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001770"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423585140"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:25:24,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001324"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:25:24,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000143c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:25:24,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:25:24,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000143c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:25:24,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001324"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:25:24,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:25:26,244",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:25:26,244",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:25:26,244",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:25:26,244",
            "thread_id": "5848",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001274"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168aefdb80"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:25:26,244",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:25:26,244",
            "thread_id": "5848",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017a0"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001578"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423585304"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:25:26,447",
            "thread_id": "5848",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": ""
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              },
              {
                "name": "ThreadId",
                "value": "4804"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017a0"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001578"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:25:26,525",
            "thread_id": "5848",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001578"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4804"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:25:26,541",
            "thread_id": "2620",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:25:26,884",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "884"
              },
              {
                "name": "ThreadId",
                "value": "3960"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001770"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000012b8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:25:26,884",
            "thread_id": "6120",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001770"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bfa"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001770"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000130c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001770"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001770"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000130c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:25:26,900",
            "thread_id": "3772",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "6120",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "0"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "6120",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000130c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\combase.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "6120",
            "caller": "0x7ff97fcfbc0c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001770"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abf9930"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "6120",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168abfe7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001794"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001794"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:25:26,916",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:25:27,009",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001028"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:25:27,009",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:25:27,009",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001780"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:25:28,056",
            "thread_id": "6120",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:25:28,244",
            "thread_id": "6120",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001028"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:25:28,244",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017b4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001780"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:25:28,244",
            "thread_id": "6120",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017b4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:25:28,244",
            "thread_id": "6120",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a24"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001318"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:25:28,291",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:25:28,291",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:25:28,291",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000e88"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:25:28,306",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001724"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:25:28,369",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001724"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423585644"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:25:28,400",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:25:28,400",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:25:28,416",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 1,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:25:28,431",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000012b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:25:31,353",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "1388"
              },
              {
                "name": "ThreadId",
                "value": "1668"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001724"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001738"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mobsync.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "5752",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000994"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168a8fd960"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000994"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mobsync.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "5752",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168a8fd960"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001334"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:25:32,009",
            "thread_id": "5752",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000131c"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\System32\\mobsync.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\mobsync.exe -Embedding"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423588516"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:25:32,212",
            "thread_id": "5752",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": ""
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\mobsync.exe -Embedding"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000410",
                "pretty_value": "CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "ThreadId",
                "value": "6952"
              },
              {
                "name": "ProcessHandle",
                "value": "0x0000131c"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001774"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:25:32,759",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000131c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 4,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:25:32,947",
            "thread_id": "4016",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001738"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1668"
              },
              {
                "name": "ProcessId",
                "value": "1388"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:25:33,197",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001780"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:25:34,119",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 1,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:25:34,775",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000e88"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001738"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:25:34,775",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000e88"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:25:34,775",
            "thread_id": "5848",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001770"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000132c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "5752",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "5752",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017ec"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423588312"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000172c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:25:34,869",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000172c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000172c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000172c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000131c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000131c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001798"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:25:34,884",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001798"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001798"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001798"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000172c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001770"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000172c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001770"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:25:34,900",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:25:34,916",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001798"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:25:34,916",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:25:34,916",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:25:35,119",
            "thread_id": "5752",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 2,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:25:36,556",
            "thread_id": "5752",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:25:37,134",
            "thread_id": "2620",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 2,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:25:37,181",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4056"
              },
              {
                "name": "ThreadId",
                "value": "6884"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017ec"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:25:38,134",
            "thread_id": "5752",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:25:38,244",
            "thread_id": "4016",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "6884"
              },
              {
                "name": "ProcessId",
                "value": "4056"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:25:38,259",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:25:38,337",
            "thread_id": "6572",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001334"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017ec"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423591116"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:25:38,650",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:25:38,650",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:25:38,650",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:25:39,150",
            "thread_id": "5752",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 13,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "6572",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "6860"
              },
              {
                "name": "ThreadId",
                "value": "1032"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001334"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017ec"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "6572",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001334"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bfa"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "6572",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001334"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168a6fe4a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000172c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001334"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001334"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000172c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:25:41,275",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:25:42,134",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 6,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:25:42,337",
            "thread_id": "6572",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:25:42,416",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001768"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:25:42,416",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:25:42,416",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:25:42,416",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:25:42,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001798"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:25:42,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000172c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:25:42,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:25:42,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001768"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:25:42,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:25:42,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000013a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000013a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000013a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001738"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000013a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4016",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001584"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4016",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001584"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001774"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:25:42,462",
            "thread_id": "4016",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001774"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:25:42,494",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:25:42,509",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:25:42,509",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000131c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:25:42,509",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:25:42,509",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:25:42,509",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:25:42,509",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:25:42,525",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001028"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:25:42,525",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:25:42,525",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:25:42,556",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:25:42,556",
            "thread_id": "5848",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001028"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423587664"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:25:43,134",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 6,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:25:45,416",
            "thread_id": "5848",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "3408"
              },
              {
                "name": "ThreadId",
                "value": "5192"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001028"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:25:46,134",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 1,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:25:46,541",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001770"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:25:47,150",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:25:47,228",
            "thread_id": "5848",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5192"
              },
              {
                "name": "ProcessId",
                "value": "3408"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:25:47,228",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001780"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:25:47,228",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:25:47,228",
            "thread_id": "6120",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:25:47,259",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:25:47,306",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589500"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:25:48,150",
            "thread_id": "2620",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 7,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "5244"
              },
              {
                "name": "ThreadId",
                "value": "5400"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000015a8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "4016",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bfa"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "4016",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168b17e320"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000e78"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001578"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000e78"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:25:50,244",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:25:51,166",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 3,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:25:51,369",
            "thread_id": "4016",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:25:51,509",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017ac"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:25:51,509",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000017b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:25:51,509",
            "thread_id": "5848",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:25:51,509",
            "thread_id": "2620",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017ec"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:25:51,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001334"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:25:51,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000e78"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:25:51,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:25:51,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:25:51,556",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017b4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:25:51,556",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001768"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:25:51,556",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:25:51,556",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "5848",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000013a4"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589140"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001724"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001584"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:25:51,572",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001798"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001724"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001584"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001798"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:25:51,587",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001584"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001798"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:25:51,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:25:52,181",
            "thread_id": "2620",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 5,
            "id": 1237
          },
          {
            "timestamp": "2026-03-05 10:25:55,150",
            "thread_id": "5848",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4884"
              },
              {
                "name": "ThreadId",
                "value": "5372"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000015a8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000013a4"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-03-05 10:25:55,228",
            "thread_id": "6120",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 4,
            "id": 1239
          },
          {
            "timestamp": "2026-03-05 10:25:56,541",
            "thread_id": "6120",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000131c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-03-05 10:25:56,728",
            "thread_id": "5848",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000013a4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5372"
              },
              {
                "name": "ProcessId",
                "value": "4884"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-03-05 10:25:56,728",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000131c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-03-05 10:25:56,728",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-03-05 10:25:56,728",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-03-05 10:25:56,728",
            "thread_id": "6572",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000014e0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-03-05 10:25:56,806",
            "thread_id": "6572",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017ac"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014b8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423590724"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-03-05 10:25:57,244",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 5,
            "id": 1247
          },
          {
            "timestamp": "2026-03-05 10:25:59,728",
            "thread_id": "6572",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "6468"
              },
              {
                "name": "ThreadId",
                "value": "4296"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017ac"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014b8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-03-05 10:25:59,728",
            "thread_id": "6572",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017ac"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bfa"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "6572",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168a6fe4a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001660"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-03-05 10:25:59,744",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-03-05 10:26:00,259",
            "thread_id": "2620",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 5,
            "id": 1258
          },
          {
            "timestamp": "2026-03-05 10:26:03,197",
            "thread_id": "6572",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1259
          },
          {
            "timestamp": "2026-03-05 10:26:03,291",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-03-05 10:26:03,353",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000014e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017ac"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-03-05 10:26:03,353",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000014e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001028"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-03-05 10:26:03,353",
            "thread_id": "5848",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001028"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000013a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-03-05 10:26:03,369",
            "thread_id": "4016",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-03-05 10:26:03,384",
            "thread_id": "4016",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001470"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-03-05 10:26:03,384",
            "thread_id": "4016",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017e8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017b8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423589204"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-03-05 10:26:03,400",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-03-05 10:26:03,400",
            "thread_id": "5848",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-03-05 10:26:03,400",
            "thread_id": "5848",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-03-05 10:26:03,400",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ba4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001008"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-03-05 10:26:03,416",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001008"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001008"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001008"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001008"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-03-05 10:26:03,431",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000bbc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-03-05 10:26:03,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-03-05 10:26:03,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-03-05 10:26:03,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000143c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-03-05 10:26:03,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-03-05 10:26:03,447",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-03-05 10:26:04,306",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 4,
            "id": 1310
          },
          {
            "timestamp": "2026-03-05 10:26:06,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000143c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-03-05 10:26:07,337",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-03-05 10:26:07,978",
            "thread_id": "4016",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4948"
              },
              {
                "name": "ThreadId",
                "value": "4708"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017e8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017b8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-03-05 10:26:08,353",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 4,
            "id": 1314
          },
          {
            "timestamp": "2026-03-05 10:26:09,759",
            "thread_id": "4016",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000017b8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4708"
              },
              {
                "name": "ProcessId",
                "value": "4948"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-03-05 10:26:09,759",
            "thread_id": "5752",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-03-05 10:26:09,791",
            "thread_id": "5752",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000013a4"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423586880"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-03-05 10:26:10,087",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-03-05 10:26:10,087",
            "thread_id": "5848",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-03-05 10:26:10,087",
            "thread_id": "5848",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9fff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-03-05 10:26:10,384",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 4,
            "id": 1321
          },
          {
            "timestamp": "2026-03-05 10:26:12,541",
            "thread_id": "5752",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "2624"
              },
              {
                "name": "ThreadId",
                "value": "6884"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001768"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000013a4"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-03-05 10:26:12,541",
            "thread_id": "5752",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001768"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bfa"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "5752",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001768"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168a8fe410"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000012b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000132c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000132c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000012b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-03-05 10:26:12,556",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-03-05 10:26:13,384",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 4,
            "id": 1332
          },
          {
            "timestamp": "2026-03-05 10:26:13,525",
            "thread_id": "5848",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1333
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4016",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4016",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-03-05 10:26:13,603",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-03-05 10:26:13,619",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-03-05 10:26:13,634",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-03-05 10:26:13,634",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-03-05 10:26:13,634",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-03-05 10:26:13,634",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-03-05 10:26:13,634",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-03-05 10:26:13,634",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-03-05 10:26:13,650",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000143c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000017fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-03-05 10:26:13,650",
            "thread_id": "5848",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000143c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-03-05 10:26:13,650",
            "thread_id": "5848",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001724"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000132c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000132c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000132c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001774"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000132c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000013a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000013a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000013a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-03-05 10:26:13,712",
            "thread_id": "4340",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-03-05 10:26:13,759",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001334"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-03-05 10:26:13,775",
            "thread_id": "5848",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001360"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001470"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423586608"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-03-05 10:26:14,384",
            "thread_id": "6120",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 6,
            "id": 1382
          },
          {
            "timestamp": "2026-03-05 10:26:16,541",
            "thread_id": "6572",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001398"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-03-05 10:26:16,978",
            "thread_id": "5848",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "2352"
              },
              {
                "name": "ThreadId",
                "value": "4832"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001360"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00001470"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-03-05 10:26:17,384",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 3,
            "id": 1385
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "5848",
            "caller": "0x7ff97b3e3101",
            "parentcaller": "0x7ff97b3a18a4",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001470"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4832"
              },
              {
                "name": "ProcessId",
                "value": "2352"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000017fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb3ea",
            "parentcaller": "0x7ff97d6eb6f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001724"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-03-05 10:26:18,494",
            "thread_id": "1044",
            "caller": "0x7ff97d6eb739",
            "parentcaller": "0x7ff97d6eb84a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-03-05 10:26:18,509",
            "thread_id": "5848",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b3c1c20",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001388"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-03-05 10:26:18,509",
            "thread_id": "5848",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001774"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017b8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "DllPath",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy;"
              },
              {
                "name": "ProcessId",
                "value": "140707423588872"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-03-05 10:26:19,416",
            "thread_id": "5752",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 7,
            "id": 1396
          },
          {
            "timestamp": "2026-03-05 10:26:22,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
              },
              {
                "name": "CreationFlags",
                "value": "0x00080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "4616"
              },
              {
                "name": "ThreadId",
                "value": "6156"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00001774"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000017b8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-03-05 10:26:22,556",
            "thread_id": "5752",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001318"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001334"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-03-05 10:26:22,556",
            "thread_id": "5752",
            "caller": "0x7ff97b3122bd",
            "parentcaller": "0x7ff97b21ce49",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001318"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-03-05 10:26:22,556",
            "thread_id": "5752",
            "caller": "0x7ff97b217024",
            "parentcaller": "0x7ff97b217125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000bb0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000136c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-03-05 10:26:22,556",
            "thread_id": "5848",
            "caller": "0x7ff97b46f54d",
            "parentcaller": "0x7ff97b3a1a98",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001774"
              },
              {
                "name": "ExitCode",
                "value": "0x80070bf7"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-03-05 10:26:22,556",
            "thread_id": "5848",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001774"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bd9ffe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168aefe630"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-03-05 10:26:23,431",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 8,
            "id": 1403
          },
          {
            "timestamp": "2026-03-05 10:26:26,541",
            "thread_id": "6572",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000014e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-03-05 10:26:27,494",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 17,
            "id": 1405
          },
          {
            "timestamp": "2026-03-05 10:26:36,541",
            "thread_id": "6572",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00001398"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-03-05 10:26:36,556",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 3,
            "id": 1407
          },
          {
            "timestamp": "2026-03-05 10:26:38,462",
            "thread_id": "6572",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000017b8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\DllHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423590964"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-03-05 10:26:38,587",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 1,
            "id": 1409
          },
          {
            "timestamp": "2026-03-05 10:26:38,822",
            "thread_id": "6572",
            "caller": "0x7ff97d6b63c3",
            "parentcaller": "0x7ff97eb7db20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\DllHost.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000410",
                "pretty_value": "CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              },
              {
                "name": "ThreadId",
                "value": "4944"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000017b8"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000014e0"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-03-05 10:26:39,603",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 13,
            "id": 1411
          },
          {
            "timestamp": "2026-03-05 10:26:46,541",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000da0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-03-05 10:26:46,666",
            "thread_id": "6572",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 21,
            "id": 1413
          },
          {
            "timestamp": "2026-03-05 10:26:56,541",
            "thread_id": "6572",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000017b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-03-05 10:26:56,775",
            "thread_id": "5848",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 19,
            "id": 1415
          },
          {
            "timestamp": "2026-03-05 10:27:04,853",
            "thread_id": "5848",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000015e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-03-05 10:27:04,853",
            "thread_id": "5848",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001670"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1bda0300000"
              },
              {
                "name": "SectionOffset",
                "value": "0x168aefdba0"
              },
              {
                "name": "ViewSize",
                "value": "0x0007a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-03-05 10:27:04,853",
            "thread_id": "5848",
            "caller": "0x7ff97d6b8e73",
            "parentcaller": "0x7ff97d6b63c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00001670"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000009ec"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423585108"
              }
            ],
            "repeated": 0,
            "id": 1418
          }
        ],
        "threads": [
          "4016",
          "5752",
          "4340",
          "1044",
          "6572",
          "4244",
          "6120",
          "5848",
          "1252",
          "4108",
          "2620",
          "6560",
          "1040",
          "3772",
          "6368",
          "4428",
          "4180",
          "5060",
          "176"
        ],
        "environ": {
          "UserName": "￑￈￑ￒￅￌ￀",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff63d200000",
          "MainExeSize": "0x00010000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 3316,
        "process_name": "dllhost.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\dllhost.exe",
        "first_seen": "2026-03-05 10:23:56,274",
        "calls": [
          {
            "timestamp": "2026-03-05 10:23:56,680",
            "thread_id": "3376",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:23:56,680",
            "thread_id": "3376",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff7990014e0"
              },
              {
                "name": "Parameter",
                "value": "0x3acbcff000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "7136",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "1008",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "1008",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "4416",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e06b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "4416",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "4416",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "4264",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:23:56,696",
            "thread_id": "4264",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001349",
            "parentcaller": "0x7ff7990013dc",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff799001b60"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000206"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3376"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2ef000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:23:56,727",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:23:56,743",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:23:56,774",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000001f0"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "f\\x96\\xcf\\xdd\\xff\\xd5g3\\xab\\xc7O'R\\x15)&\\xc1B\\x95<\\x9c1\\xde(\\xb1*\\x19+:\\x93=\\xde\\x9b\\xf6\\xbb\\xa2*\\x1c\\xe7Y\\xf7\\x13\\x97\\xb4\\xe9\\x90Y\\x97"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e06d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CLSIDFromOle1Class"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f52fa90"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xf4\\xef\\xcb:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00:\\x00\\x00\\x00\\xb07x\\x7f\\xf9\\x7f\\x00\\x00v\\xa2I\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ft\\xc4\\\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff@\\xf5\\xef\\xcb:\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-20_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x000001d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3316:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c8"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000208"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000208"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e7b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x3acbeff560"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "ValueName",
                "value": "Com+Enabled"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "clbcatq.dll"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000a9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f254000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:23:56,790",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\MaximumCommitCondition"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\clbcatq"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97f1cd990"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e7c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x3acbeff2b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e073000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x14\\\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e7d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x3acbefed80"
              },
              {
                "name": "ViewSize",
                "value": "0x00006000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e7e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e7e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021c"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Delivery Optimization Managment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalService"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "RunAs"
              },
              {
                "name": "Data",
                "value": "NT Authority\\NetworkService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RunAs"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAtStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateAtStorage"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "ROTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ROTFlags"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "AppIDFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppIDFlags"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "MGOTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\MGOTFlags"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "ProcessMitigationPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProcessMitigationPolicy"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x94\\x00\\x00\\x00\\xa4\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00d\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "LegacyAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "LegacyImpersonationLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:23:56,805",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServerName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RemoteServerName"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "SRPTrustLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\SRPTrustLevel"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "PreferredServerBitness"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\PreferredServerBitness"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "LoadUserSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LoadUserSettings"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xee\\xef\\xcb:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1b\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\xf7\\xef\\xcb:\\x00\\x00\\x00pQx\\x7f\\xf9\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000220"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-20"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000220"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ProtectionLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProtectionLevel"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e074000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:23:56,821",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e075000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000220"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000220"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:23:56,852",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e077000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xec\\xef\\xcb:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00:\\x00\\x00\\x00\\xa0\\xf3\\xef\\xcb:\\x00\\x00\\x00v\\xa2I\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ft\\xc4\\\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffP\\xed\\xef\\xcb:\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-20_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000228"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x90\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00`\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xf2\\xef\\xcb:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\xff\\xff\\xff\\xff \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\x01n}\\xf9\\x7f\\x00\\x00\\x97*@J\\x9d!\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x1593ebfd264"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf4"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.3316"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e079000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e07a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000234"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "NdrOleExtDLL"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "NdrOleInitializeExtension"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f554410"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x07\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00m\\x00p\\x00e\\x00r\\x00s\\x00o\\x00n\\x00a\\x00t\\x00i\\x00o\\x00n\\x00 \\x00D\\x00y\\x00n\\x00a\\x00m\\x00i\\x00c\\x00 \\x00F\\x00a\\x00l\\x00s\\x00e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x06\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x9c\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x07\\x18@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xe8\\xef\\xcb:\\x00\\x00\\x00\\x08\\xe8\\xef\\xcb:\\x00\\x00\\x00\\xd8\\xe7\\xef\\xcb:\\x00\\x00\\x00\\xf8\\xe7\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9c\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xe5\\xef\\xcb:\\x00\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x08\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x03\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xa3\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00g\\x1c@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xe4\\xef\\xcb:\\x00\\x00\\x00h\\xe4\\xef\\xcb:\\x00\\x00\\x008\\xe4\\xef\\xcb:\\x00\\x00\\x00X\\xe4\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xa3\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xe2\\xef\\xcb:\\x00\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e07c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e069cc0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "6492"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000023c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e069cc0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "6492"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x08\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x03+}\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xfd\\x05>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x03\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x9b\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf7$@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xd8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xa8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xc8\\xeb\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9b\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xe9\\xef\\xcb:\\x00\\x00\\x00D\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x04\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00U\\x00S\\x00E\\x00R\\x00\\\\x00S\\x00-\\x001\\x00-\\x005\\x00-\\x002\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x08\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa1\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00W\\x18@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe8\\xef\\xcb:\\x00\\x00\\x008\\xe8\\xef\\xcb:\\x00\\x00\\x00\\x08\\xe8\\xef\\xcb:\\x00\\x00\\x00(\\xe8\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa1\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe6\\xef\\xcb:\\x00\\x00\\x00D\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\t\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x03\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xa1\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf7$@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xd8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xa8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xc8\\xeb\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa1\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xe9\\xef\\xcb:\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\n\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x04\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00-\\x001\\x00-\\x005\\x00-\\x002\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x9a\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00W\\x18@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe8\\xef\\xcb:\\x00\\x00\\x008\\xe8\\xef\\xcb:\\x00\\x00\\x00\\x08\\xe8\\xef\\xcb:\\x00\\x00\\x00(\\xe8\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe6\\xef\\xcb:\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x06\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x08\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xf2\\x05>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:23:56,868",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6492",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6492",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e069cc0"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6492",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e07e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x9d\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf7$@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xd8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xa8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xc8\\xeb\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9d\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xe9\\xef\\xcb:\\x00\\x00\\x00D\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x04\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00-\\x001\\x00-\\x005\\x00-\\x002\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\t\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xd0\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xa8\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00W\\x18@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe8\\xef\\xcb:\\x00\\x00\\x008\\xe8\\xef\\xcb:\\x00\\x00\\x00\\x08\\xe8\\xef\\xcb:\\x00\\x00\\x00(\\xe8\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa8\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe6\\xef\\xcb:\\x00\\x00\\x00D\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\n\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x003\\x000\\x000\\x000\\x00n\\x00\\\\x00d\\x00a\\x00t\\x00a\\x00\\\\x00y\\x00a\\x00r\\x00a\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00m\\x00o\\x00n\\x00.\\x00y\\x00a\\x00c\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x06\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd5\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa6\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf7$@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xd8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xa8\\xeb\\xef\\xcb:\\x00\\x00\\x00\\xc8\\xeb\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa6\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xe9\\xef\\xcb:\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x04\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00-\\x001\\x00-\\x005\\x00-\\x002\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x06\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd4\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa0\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00W\\x18@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe8\\xef\\xcb:\\x00\\x00\\x008\\xe8\\xef\\xcb:\\x00\\x00\\x00\\x08\\xe8\\xef\\xcb:\\x00\\x00\\x00(\\xe8\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe6\\xef\\xcb:\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e07f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6480",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6480",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1593e040b50"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6480",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e081000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "6480",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000024c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000001c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e06a080"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2404"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000001c0",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e06a080"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2404"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c0"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2428",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2428",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1593e040b50"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2428",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e082000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e06a080"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e083000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000260"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:23:56,883",
            "thread_id": "2404",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000264"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x08\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x0b\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd0\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa8\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x007%0M\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xeb\\x9f\\xcc:\\x00\\x00\\x00\\x18\\xeb\\x9f\\xcc:\\x00\\x00\\x00\\xe8\\xea\\x9f\\xcc:\\x00\\x00\\x00\\x08\\xeb\\x9f\\xcc"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xe9\\x9f\\xcc:\\x00\\x00\\x00h\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x05\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xd1\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa6\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x97\\x180M\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xe7\\x9f\\xcc:\\x00\\x00\\x00x\\xe7\\x9f\\xcc:\\x00\\x00\\x00H\\xe7\\x9f\\xcc:\\x00\\x00\\x00h\\xe7\\x9f\\xcc"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa6\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xe5\\x9f\\xcc:\\x00\\x00\\x00h\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2404",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e084000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000268"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x0b\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xd6\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x9b\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00''@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xe9\\xef\\xcb:\\x00\\x00\\x00(\\xe9\\xef\\xcb:\\x00\\x00\\x00\\xf8\\xe8\\xef\\xcb:\\x00\\x00\\x00\\x18\\xe9\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x9b\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xe7\\xef\\xcb:\\x00\\x00\\x00d\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x05\\x06>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\x05\\x06>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00k\\x00e\\x00r\\x00n\\x00e\\x00l\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xd5\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa6\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x87\\x1a@J\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xe5\\xef\\xcb:\\x00\\x00\\x00\\x88\\xe5\\xef\\xcb:\\x00\\x00\\x00X\\xe5\\xef\\xcb:\\x00\\x00\\x00x\\xe5\\xef\\xcb"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa6\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xe3\\xef\\xcb:\\x00\\x00\\x00d\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000026c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e072240"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3148"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000026c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e072240"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3148"
              },
              {
                "name": "ProcessId",
                "value": "3316"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3148",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3148",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x1593e072240"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3148",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f568109",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3148",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f568109",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3148",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3148"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3148",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "2428",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "k\\x10+\\x01\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8c\\xf0\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97f52d757",
            "parentcaller": "0x7ff97f4a3d92",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x1593e042318",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e086000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55448f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544b9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55450d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554537",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554561",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:23:56,899",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55458b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f55439f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Delivery Optimization Management Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000290"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\domgmt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5297e2",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f52981a",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": "MaxSxSHashCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f529833",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Delivery Optimization Management Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000290"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\domgmt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000290"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "Data",
                "value": "{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5555b3",
            "parentcaller": "0x7ff97f4d503c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4d5067",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000294"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Delivery Optimization Managment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalService"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b9bef",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "RunAs"
              },
              {
                "name": "Data",
                "value": "NT Authority\\NetworkService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RunAs"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b9d0a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "ActivateAtStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateAtStorage"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b9e29",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b9e7d",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ROTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ROTFlags"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b9ed0",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "AppIDFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppIDFlags"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b9f20",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "MGOTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\MGOTFlags"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b9f74",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ProcessMitigationPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProcessMitigationPolicy"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b9f97",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f549228",
            "parentcaller": "0x7ff97f4b9fbb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5492a0",
            "parentcaller": "0x7ff97f4b9fbb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x94\\x00\\x00\\x00\\xa4\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00d\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba000",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba042",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "LegacyAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba095",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "LegacyImpersonationLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba0ce",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba113",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "RemoteServerName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RemoteServerName"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba1b8",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "SRPTrustLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\SRPTrustLevel"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba217",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "PreferredServerBitness"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\PreferredServerBitness"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba27a",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "LoadUserSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LoadUserSettings"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4ba308",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "ValueName",
                "value": "ProtectionLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProtectionLevel"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4d528a",
            "parentcaller": "0x7ff97f4ba9aa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5546dc",
            "parentcaller": "0x7ff97f4baa80",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000290"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f5546f9",
            "parentcaller": "0x7ff97f4baa80",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6e4d80",
            "parentcaller": "0x7ff97f554bf9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6e4da0",
            "parentcaller": "0x7ff97f554bf9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000294"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:23:56,915",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:23:56,930",
            "thread_id": "6480",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              },
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:23:56,930",
            "thread_id": "6480",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000290"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:23:56,930",
            "thread_id": "6480",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:23:56,930",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\logoncli"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c8e0000"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:23:56,961",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\netutils"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c8c0000"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:23:56,961",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\dhcpcsvc"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9760e0000"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:23:56,977",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WINHTTP"
              },
              {
                "name": "DllBase",
                "value": "0x7ff974fc0000"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:23:56,977",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 9,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:23:57,008",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c0d0000"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:23:57,008",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:23:57,008",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:23:57,008",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\IPHLPAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c7b0000"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:23:57,008",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:23:57,024",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d2d0000"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:23:57,024",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d310000"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:23:57,024",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\XmlLite"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978f50000"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:23:57,040",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\DNSAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c7f0000"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:23:57,040",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:23:57,040",
            "thread_id": "6480",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\domgmt"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96a7d0000"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:23:57,071",
            "thread_id": "6480",
            "caller": "0x7ff97d73eb83",
            "parentcaller": "0x7ff97c7b8adc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:23:57,071",
            "thread_id": "6480",
            "caller": "0x7ff97d73eb83",
            "parentcaller": "0x7ff97c7b8adc",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\NSI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f3d0000"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:23:57,086",
            "thread_id": "6480",
            "caller": "0x7ff96a7e26f2",
            "parentcaller": "0x7ff96a7e2458",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\domgmt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96a7d0000"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96a7d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\domgmt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96a7d0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96a7da790"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96a7d0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96a7d0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96a7da900"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4c0e54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ec8a0"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e8f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0eac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:23:57,243",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001d0"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:23:57,258",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bca0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3810"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3870"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8y\\x08>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80{\\x08>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xd2\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xa2\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x07x\\xd0M\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xc8\\x7f\\xcc:\\x00\\x00\\x00\\x08\\xc8\\x7f\\xcc:\\x00\\x00\\x00\\xd8\\xc7\\x7f\\xcc:\\x00\\x00\\x00\\xf8\\xc7\\x7f\\xcc"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa2\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xc5\\x7f\\xcc:\\x00\\x00\\x00\\xf4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcf\\x00+\\x01\\x00\\x00\\x00\\x00\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xc4\\x0f\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00}\\x00+\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "Xw\\x08>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0~\\x08>Y\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xd3\\x07>Y\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xa7\\x06>Y\\x01\\x00\\x00\\x02\\x000\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00g|\\xd0M\\x9d!\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xc4\\x7f\\xcc:\\x00\\x00\\x00h\\xc4\\x7f\\xcc:\\x00\\x00\\x008\\xc4\\x7f\\xcc:\\x00\\x00\\x00X\\xc4\\x7f\\xcc"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa7\\x06>Y\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xc2\\x7f\\xcc:\\x00\\x00\\x00\\xf4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff96a7e44c1",
            "parentcaller": "0x7ff96a7e459b",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fce6798",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97fce67b9",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff96a7e44c1",
            "parentcaller": "0x7ff96a7e459b",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:23:57,274",
            "thread_id": "6480",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff96a7e6702",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1593e0879f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt*.etl"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb1bc516e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d72c6ed",
            "parentcaller": "0x7ff96a7e33a4",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000080",
                "pretty_value": "FILE_READ_ATTRIBUTES"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260304_200131_060.etl"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d72c74b",
            "parentcaller": "0x7ff96a7e33a4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260304_200131_060.etl"
              },
              {
                "name": "FileInformationClass",
                "value": "28",
                "pretty_value": "FileCompressionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d72c763",
            "parentcaller": "0x7ff96a7e33a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d72c6ed",
            "parentcaller": "0x7ff96a7e33a4",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000080",
                "pretty_value": "FILE_READ_ATTRIBUTES"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260305_102357_087.etl"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d72c74b",
            "parentcaller": "0x7ff96a7e33a4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260305_102357_087.etl"
              },
              {
                "name": "FileInformationClass",
                "value": "28",
                "pretty_value": "FileCompressionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d72c763",
            "parentcaller": "0x7ff96a7e33a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff96a7e68b4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff96a7dc0d2",
            "parentcaller": "0x7ff96a7d5833",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e8"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff96a7dc0f7",
            "parentcaller": "0x7ff96a7d5833",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff96a7dbd31",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "MajorVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\MajorVersion"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff96a7dbd31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97d6c6c9d",
            "parentcaller": "0x7ff96a806f34",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96a7d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\domgmt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000022"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:23:57,321",
            "thread_id": "6480",
            "caller": "0x7ff97fce84c4",
            "parentcaller": "0x7ff97fcfd176",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:23:57,336",
            "thread_id": "6480",
            "caller": "0x7ff97fdca37d",
            "parentcaller": "0x7ff97fd64a40",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:23:57,336",
            "thread_id": "6480",
            "caller": "0x7ff97fd64a96",
            "parentcaller": "0x7ff97fcfd176",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:23:57,336",
            "thread_id": "6480",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\domgmt.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:23:57,336",
            "thread_id": "6480",
            "caller": "0x7ff97fcfbbc2",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\domgmt.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:23:57,336",
            "thread_id": "6480",
            "caller": "0x7ff97fcfbc0c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593fd20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x3acc7fc360"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:23:57,336",
            "thread_id": "6480",
            "caller": "0x7ff97fcfbc1c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6c6a6a",
            "parentcaller": "0x7ff97d6c314c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96a7d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\domgmt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000022"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5f37",
            "parentcaller": "0x7ff96a7f54fb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e8"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5f37",
            "parentcaller": "0x7ff96a7f54fb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e8"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff96a7dc1ed",
            "parentcaller": "0x7ff96a7dbdbf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d316135",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3160b0",
            "parentcaller": "0x7ff97d3158b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3133b6",
            "parentcaller": "0x7ff97d315877",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000003",
                "pretty_value": "HKEY_USERS"
              },
              {
                "name": "SubKey",
                "value": "S-1-5-20\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\S-1-5-20\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3134ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3134ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d3135eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20"
              },
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "%systemroot%\\ServiceProfiles\\NetworkService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d3135eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3136df",
            "parentcaller": "0x7ff97d3136a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d3158ff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000308"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff96a7e8b3a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "UsagePolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UsagePolicy"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff96a7e8b3a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000308"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff96a7dbd31",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "MajorVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\MajorVersion"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff96a7dbd31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6c6c9d",
            "parentcaller": "0x7ff96a806f34",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96a7d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\domgmt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000022"
              }
            ],
            "repeated": 1,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5f37",
            "parentcaller": "0x7ff96a7f54fb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e8"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5f37",
            "parentcaller": "0x7ff96a7f54fb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e8"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings"
              },
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff96a7dc1ed",
            "parentcaller": "0x7ff96a7dbdbf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d316135",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3160b0",
            "parentcaller": "0x7ff97d3158b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3133b6",
            "parentcaller": "0x7ff97d315877",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000003",
                "pretty_value": "HKEY_USERS"
              },
              {
                "name": "SubKey",
                "value": "S-1-5-20\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000314"
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\S-1-5-20\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3134ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3134ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d3135eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20"
              },
              {
                "name": "Handle",
                "value": "0x00000318"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "%systemroot%\\ServiceProfiles\\NetworkService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d3135eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d3136df",
            "parentcaller": "0x7ff97d3136a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d3158ff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000310"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff96a7e8b3a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "UsagePolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UsagePolicy"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff96a7e8b3a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96a84a000"
              },
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96a84a000"
              },
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "policymanager.dll"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\policymanager.dll"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000318"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\policymanager.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000031c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000318"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\policymanager.dll"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000031c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000a0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976dbd000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d98000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d98000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d98000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d98000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d98000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:23:57,368",
            "thread_id": "6480",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "msvcp110_win.dll"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msvcp110_win.dll"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000318"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msvcp110_win.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000031c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000318"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msvcp110_win.dll"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000031c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c4d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0008a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c51d000"
              },
              {
                "name": "ModuleName",
                "value": "msvcp110_win.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c51d000"
              },
              {
                "name": "ModuleName",
                "value": "msvcp110_win.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c51d000"
              },
              {
                "name": "ModuleName",
                "value": "msvcp110_win.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c51d000"
              },
              {
                "name": "ModuleName",
                "value": "msvcp110_win.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c51d000"
              },
              {
                "name": "ModuleName",
                "value": "msvcp110_win.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d98000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e092000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf8021",
            "parentcaller": "0x7ff97fcf7c1d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\t\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\\\x00s\\x00\\x80\\x07\\x04>Y\\x01\\x00\\x000\r\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00v\\x00c\\x00p\\x02\\x06>Y\\x01\\x00\\x00\\xa8\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00l\\x00l\\x00\\x10\\x02\\x06>Y\\x01\\x00\\x00@\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00b\\x00i\\x00P\\x01\\x06>Y\\x01\\x00\\x00\\xf0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00n\\x003\\x00\\x90\\x00\\x06>Y\\x01\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\\\x00;\\x00\\xd0\\x08\\x06>Y\\x01\\x00\\x00\\\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x001\\x000\\x00\\x90\t\\x06>Y\\x01\\x00\\x00P\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00a\\x00m\\x00\\xf0\t\\x06>Y\\x01\\x00\\x00|\t\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00Y\\x01\\x00\\x00\\xb0\n\\x06>Y\\x01\\x00\\x00d\t\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c51d000"
              },
              {
                "name": "ModuleName",
                "value": "msvcp110_win.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\msvcp110_win"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c4d0000"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\policymanager"
              },
              {
                "name": "DllBase",
                "value": "0x7ff976d20000"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\msvcp110_win"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c4d0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97c515870"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\policymanager"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d20000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff976d29e90"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96a84a000"
              },
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:23:57,383",
            "thread_id": "6480",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96a84a000"
              },
              {
                "name": "ModuleName",
                "value": "domgmt.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976dbd000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976dbd000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc08000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc08000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode"
              },
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "139296"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d273c2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirect"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirect"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976dbd000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976dbd000"
              },
              {
                "name": "ModuleName",
                "value": "policymanager.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DODownloadMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\30Value"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d27b33",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Value"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d26e45",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d26d28",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:23:57,540",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "DownloadMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadMode"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:23:57,555",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "DownloadMode_BackCompat"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:23:57,555",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff96a7dbd31",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "DownloadMode_BackCompat"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e095000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97fb5145f",
            "parentcaller": "0x7ff97fb51399",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 2,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6cf37b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6d1846",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97fb59fa2",
            "parentcaller": "0x7ff97fb5174d",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 1,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d8da5",
            "parentcaller": "0x7ff96a7dbf94",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "DownloadMode_BackCompat"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97fb5145f",
            "parentcaller": "0x7ff97fb51399",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff97d6d8da5",
            "parentcaller": "0x7ff96a7dbf94",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "DODownloadMode"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DODownloadMode"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:23:57,586",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "262176"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOSetHoursToLimitForegroundDownloadBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d279c3",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "Data",
                "value": "07NE.\\x00\\x00\\x00SetHoursToLimitForegroundDownloadBandwidthFrom@1\\x00\\x00\\x00DOSetHoursToLimitForegroundDownloadBandwidth_FromL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x0056=\t\\x00\\x00\\x00\\x00\\x0056=\n\\x00\\x00\\x00\\x00\\x0056=\\x0b\\x00\\x00\\x00\\x00\\x0056=\\x0c\\x00\\x00\\x00\\x00\\x0056=\r\\x00\\x00\\x00\\x00\\x0056=\\x0e\\x00\\x00\\x00\\x00\\x0056=\\x0f\\x00\\x00\\x00\\x00\\x0056=\\x10\\x00\\x00\\x00\\x00\\x0056=\\x11\\x00\\x00\\x00\\x00\\x0056=\\x12\\x00\\x00\\x00\\x00\\x0056=\\x13\\x00\\x00\\x00\\x00\\x0056=\\x14\\x00\\x00\\x00\\x00\\x0056=\\x15\\x00\\x00\\x00\\x00\\x0056=\\x16\\x00\\x00\\x00\\x00\\x0056=\\x17\\x00\\x00\\x00\\x00\\x00\\x00NE,\\x00\\x00\\x00SetHoursToLimitForegroundDownloadBandwidthTo@/\\x00\\x00\\x00DOSetHoursToLimitForegroundDownloadBandwidth_ToL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\30Value"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27c68",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Value"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d28c97",
            "parentcaller": "0x7ff976d25e72",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d25d3c",
            "parentcaller": "0x7ff976d268dd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "139296"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d273c2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirect"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirect"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOPercentageMaxForegroundBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:23:57,602",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\30Value"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27b33",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Value"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d26e45",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d26d28",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "139296"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d273c2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirect"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirect"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOMaxForegroundDownloadBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\30Value"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27b33",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Value"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d26e45",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d26d28",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "DownloadRateForegroundBps"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundBps"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "DownloadRateForegroundPct"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundPct"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:23:57,618",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "262176"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOSetHoursToLimitBackgroundDownloadBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d279c3",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "Data",
                "value": "07NE.\\x00\\x00\\x00SetHoursToLimitBackgroundDownloadBandwidthFrom@1\\x00\\x00\\x00DOSetHoursToLimitBackgroundDownloadBandwidth_FromL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x0056=\t\\x00\\x00\\x00\\x00\\x0056=\n\\x00\\x00\\x00\\x00\\x0056=\\x0b\\x00\\x00\\x00\\x00\\x0056=\\x0c\\x00\\x00\\x00\\x00\\x0056=\r\\x00\\x00\\x00\\x00\\x0056=\\x0e\\x00\\x00\\x00\\x00\\x0056=\\x0f\\x00\\x00\\x00\\x00\\x0056=\\x10\\x00\\x00\\x00\\x00\\x0056=\\x11\\x00\\x00\\x00\\x00\\x0056=\\x12\\x00\\x00\\x00\\x00\\x0056=\\x13\\x00\\x00\\x00\\x00\\x0056=\\x14\\x00\\x00\\x00\\x00\\x0056=\\x15\\x00\\x00\\x00\\x00\\x0056=\\x16\\x00\\x00\\x00\\x00\\x0056=\\x17\\x00\\x00\\x00\\x00\\x00\\x00NE,\\x00\\x00\\x00SetHoursToLimitBackgroundDownloadBandwidthTo@/\\x00\\x00\\x00DOSetHoursToLimitBackgroundDownloadBandwidth_ToL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\30Value"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27c68",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Value"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d28c97",
            "parentcaller": "0x7ff976d25e72",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d25d3c",
            "parentcaller": "0x7ff976d268dd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "139296"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d273c2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirect"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirect"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOPercentageMaxBackgroundBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:23:57,633",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\30Value"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27b33",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Value"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d26e45",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d26d28",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "139296"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d273c2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirect"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirect"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOMaxBackgroundDownloadBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\30Value"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27b33",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Value"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d26e45",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d26d28",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "DownloadRateBackgroundBps"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundBps"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "DownloadRateBackgroundPct"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundPct"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "UpRatePctBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UpRatePctBandwidth"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "UpRatePctBandwidth"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UpRatePctBandwidth"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d271a2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d271fc",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "PolicyType"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\PolicyType"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27268",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Behavior"
              },
              {
                "name": "Data",
                "value": "139296"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Behavior"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d272ec",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "MergeAlgorithm"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\MergeAlgorithm"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2735f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirectMapped"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirectMapped"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d273c2",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "RegKeyPathRedirect"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirect"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2751e",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2759f",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyname"
              },
              {
                "name": "Data",
                "value": "DOMonthlyUploadDataCap"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyname"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27607",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d2772a",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicypath"
              },
              {
                "name": "Data",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicypath"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d277b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicyismultisz"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyismultisz"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d277f6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "grouppolicymultiszSeparatorChar"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicymultiszSeparatorChar"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d278b6",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataUser"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27971",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataDevice"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataDevice"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27a2c",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "ADMXMetadataBoth"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataBoth"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff976d2d727",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "30Value"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\30Value"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27b33",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Value"
              },
              {
                "name": "Data",
                "value": "20"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Value"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d27669",
            "parentcaller": "0x7ff976d261fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d26e45",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d26d28",
            "parentcaller": "0x7ff976d262d6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization"
              }
            ],
            "repeated": 1,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff976d264d0",
            "parentcaller": "0x7ff96a7ff12d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "UploadLimitGBMonth"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UploadLimitGBMonth"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:23:57,649",
            "thread_id": "6480",
            "caller": "0x7ff96a7f5b6c",
            "parentcaller": "0x7ff96a7f566f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "UploadLimitGBMonth"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UploadLimitGBMonth"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:23:57,665",
            "thread_id": "6480",
            "caller": "0x7ff96a7f558c",
            "parentcaller": "0x7ff96a7d899c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:23:57,665",
            "thread_id": "6480",
            "caller": "0x7ff96a7f558c",
            "parentcaller": "0x7ff96a7d899c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:23:57,665",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:23:57,665",
            "thread_id": "3376",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "windows",
            "api": "PostThreadMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "3316"
              },
              {
                "name": "ThreadId",
                "value": "2404"
              },
              {
                "name": "Message",
                "value": "1033"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f4"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523445",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f523454",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f5248a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2404"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "2404",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593e7b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "6480",
            "caller": "0x7ff97ea7d257",
            "parentcaller": "0x7ff97ea7d1b6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "6480",
            "caller": "0x7ff97ea5df31",
            "parentcaller": "0x7ff97ea5dea4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1593e087090",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt*.etl"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb1bc516e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000080",
                "pretty_value": "FILE_READ_ATTRIBUTES"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260304_200131_060.etl"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:24:02,680",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260304_200131_060.etl"
              },
              {
                "name": "FileInformationClass",
                "value": "28",
                "pretty_value": "FileCompressionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000080",
                "pretty_value": "FILE_READ_ATTRIBUTES"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260305_102357_087.etl"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260305_102357_087.etl"
              },
              {
                "name": "FileInformationClass",
                "value": "28",
                "pretty_value": "FileCompressionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\domgmt"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96a7d0000"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1593fd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\logoncli"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c8e0000"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c8e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\netutils"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c8c0000"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c8c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\dhcpcsvc"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9760e0000"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WINHTTP"
              },
              {
                "name": "DllBase",
                "value": "0x7ff974fc0000"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff974fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b0"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c0d0000"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d2d0000"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d2d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d310000"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d310000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\XmlLite"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978f50000"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff978f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\DNSAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c7f0000"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\IPHLPAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c7b0000"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\NSI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f3d0000"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\policymanager"
              },
              {
                "name": "DllBase",
                "value": "0x7ff976d20000"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\msvcp110_win"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c4d0000"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c4d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976d20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96a7d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:24:02,696",
            "thread_id": "3376",
            "caller": "0x7ff799001193",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1105
          }
        ],
        "threads": [
          "3376",
          "7136",
          "1008",
          "4416",
          "4264",
          "6492",
          "6480",
          "2428",
          "2404",
          "3148"
        ],
        "environ": {
          "UserName": "DESKTOP-PC01$",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\SERVIC~1\\NETWOR~1\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff799000000",
          "MainExeSize": "0x00009000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 3820,
        "process_name": "svchost.exe",
        "parent_id": 640,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "first_seen": "2026-03-05 10:23:56,305",
        "calls": [
          {
            "timestamp": "2026-03-05 10:23:58,805",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:23:58,836",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:23:58,836",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:23:58,946",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:23:58,946",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:23:58,946",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:23:58,946",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:23:59,071",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:23:59,071",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:23:59,071",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:23:59,102",
            "thread_id": "3792",
            "caller": "0x7ff964346b2d",
            "parentcaller": "0x7ff972aff3e9",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:23:59,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:23:59,118",
            "thread_id": "3792",
            "caller": "0x7ff972afdd6a",
            "parentcaller": "0x7ff972afd989",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 8,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:23:59,165",
            "thread_id": "3792",
            "caller": "0x7ff972b07e1d",
            "parentcaller": "0x7ff972b07a50",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "EAC8A024-21E2-4523-AD73-A71A0AA2F56A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "81166F58-DD98-11D3-A120-00105A1F515A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:23:59,165",
            "thread_id": "3792",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:23:59,165",
            "thread_id": "3792",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:23:59,165",
            "thread_id": "3792",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00t\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:23:59,383",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:23:59,399",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:23:59,399",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:23:59,399",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:23:59,399",
            "thread_id": "4048",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:23:59,399",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:23:59,399",
            "thread_id": "5684",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:23:59,461",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:23:59,461",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:23:59,461",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:23:59,461",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:23:59,461",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:23:59,477",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:23:59,477",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:23:59,477",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:23:59,477",
            "thread_id": "6192",
            "caller": "0x7ff964346b2d",
            "parentcaller": "0x7ff972aff3e9",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:23:59,477",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:23:59,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000698"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000640"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:23:59,493",
            "thread_id": "6192",
            "caller": "0x7ff972afdd6a",
            "parentcaller": "0x7ff972afd989",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 8,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:23:59,524",
            "thread_id": "6192",
            "caller": "0x7ff972b07e1d",
            "parentcaller": "0x7ff972b07a50",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "EAC8A024-21E2-4523-AD73-A71A0AA2F56A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "81166F58-DD98-11D3-A120-00105A1F515A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:24:00,149",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:24:00,149",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:24:00,305",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:24:00,305",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:24:00,305",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5684",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000738",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e9167e4e50"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5748"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5748",
            "caller": "0x7ff972c9b02d",
            "parentcaller": "0x7ff972c9a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5748",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000698"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:24:00,321",
            "thread_id": "5748",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000694"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000066c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:24:00,336",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:24:00,352",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:24:00,352",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:24:00,352",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:24:00,368",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:24:00,368",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:24:00,399",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000640"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:24:00,446",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:24:00,461",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:24:00,461",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:24:00,461",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000684"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000684"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:24:00,477",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:24:00,540",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:24:00,555",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000640"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000684"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:24:00,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000640"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000690"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000678"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:24:00,586",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:24:00,602",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:24:00,602",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:24:00,602",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:24:03,258",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:24:03,571",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:24:03,571",
            "thread_id": "5376",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:24:03,571",
            "thread_id": "5376",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:24:03,586",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:24:03,586",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:24:03,586",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:24:03,586",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:24:03,602",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\t\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:24:03,836",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xa0\\x07\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:24:04,040",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "5684",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000328"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\INDEX.BTR"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xe0\\x0c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:24:04,055",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:24:04,102",
            "thread_id": "4048",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:24:04,102",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:24:04,102",
            "thread_id": "5684",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:24:04,118",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:24:04,118",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:24:04,227",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:24:04,290",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "5376",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "5376",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:24:04,352",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:24:04,368",
            "thread_id": "5376",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80&\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:24:04,368",
            "thread_id": "5376",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80\\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:24:04,368",
            "thread_id": "5376",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:24:04,368",
            "thread_id": "5376",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:24:04,368",
            "thread_id": "5376",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00@\\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:24:04,399",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:24:04,415",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:24:04,415",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:24:04,430",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:24:04,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:24:04,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:24:04,430",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:24:04,446",
            "thread_id": "4048",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:24:04,446",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:24:04,446",
            "thread_id": "5684",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:24:04,711",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:24:04,711",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:24:04,930",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:24:04,946",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5376",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5376",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5376",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5376",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:24:07,227",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:24:07,243",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:24:07,258",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5376",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5376",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5376",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5376",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000658"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:24:07,274",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:24:07,290",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:24:07,305",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:24:07,305",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:24:07,305",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:24:07,446",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:24:07,446",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:24:07,446",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:24:07,477",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:24:07,540",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:24:07,555",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:24:07,555",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:24:07,555",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:24:07,555",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:24:07,555",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:24:07,555",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000640"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000640"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:24:07,571",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000440"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000440"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:24:07,586",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:24:07,602",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:24:07,602",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:24:07,602",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:24:07,618",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000063c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000063c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000654"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:24:07,633",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5376",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5376",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5376",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5376",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:24:07,649",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000654"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000654"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000065c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:24:07,665",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:24:07,711",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:24:07,711",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:24:07,711",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000654"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:24:07,727",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:24:07,743",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000648"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000648"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:24:07,758",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:24:07,774",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:24:07,790",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:24:07,790",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:24:07,790",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:24:07,790",
            "thread_id": "5376",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:24:07,790",
            "thread_id": "5376",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5376",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5376",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:24:07,805",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000063c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000063c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:24:07,821",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5376",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5376",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5376",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5376",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:24:07,868",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:24:07,883",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:24:07,883",
            "thread_id": "5376",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "5376",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000450"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000630"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:24:07,899",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:24:08,008",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:24:08,008",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:24:08,008",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:24:08,008",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:24:08,008",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 #\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:24:08,086",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:24:08,165",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:24:08,165",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:24:08,165",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:24:08,180",
            "thread_id": "3608",
            "caller": "0x7ff972b0eca2",
            "parentcaller": "0x7ff972b0d9ac",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:24:08,180",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000328"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\INDEX.BTR"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80\\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:24:08,180",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:24:08,180",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:24:08,211",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff964346b2d",
            "parentcaller": "0x7ff972aff3e9",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5748",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000063c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xc0\\x9a\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:24:08,243",
            "thread_id": "5684",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\\x07\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "5376",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "4048",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000450"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "4048",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000450"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:24:08,258",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:24:08,493",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:24:08,508",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "5684",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "5684",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "5684",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "5684",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:24:08,524",
            "thread_id": "4048",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:24:08,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000648"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:24:08,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000648"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:24:08,571",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:24:08,586",
            "thread_id": "4048",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:24:08,586",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:24:08,602",
            "thread_id": "5684",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:24:08,618",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972afffb3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:24:08,618",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:24:08,633",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:24:09,290",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:24:10,274",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:24:10,274",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:24:10,274",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:24:10,274",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:24:10,290",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:24:10,290",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:24:10,290",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:24:10,336",
            "thread_id": "5684",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x07\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:24:10,336",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:24:10,336",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:24:10,336",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:24:10,383",
            "thread_id": "5684",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80\\x07\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:24:10,446",
            "thread_id": "5684",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:24:10,446",
            "thread_id": "5684",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:24:10,446",
            "thread_id": "5684",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:24:10,446",
            "thread_id": "4048",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:24:10,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000658"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:24:10,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000658"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:24:10,477",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:24:10,477",
            "thread_id": "4048",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:24:10,477",
            "thread_id": "4048",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:24:10,477",
            "thread_id": "5684",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:24:10,493",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972afffb3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:24:10,493",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:24:10,493",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:24:10,758",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:24:14,274",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:24:14,274",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:24:14,274",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000624"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:24:14,290",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:24:14,305",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:24:14,321",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:24:14,336",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000062c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:24:14,336",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000062c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:24:14,336",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:24:14,336",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:24:14,336",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:24:14,352",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:24:14,415",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:24:14,430",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:24:14,446",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:24:14,446",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:24:14,446",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000684"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000684"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:24:14,461",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:24:14,477",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:24:15,258",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:24:15,274",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:24:15,290",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000062c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000062c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000658"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:24:15,305",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000658"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:24:15,321",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:24:15,368",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:24:15,368",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:24:15,368",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000624"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000624"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000450"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:24:15,383",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000658"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000658"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:24:15,399",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:24:15,415",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:24:15,430",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:24:15,446",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000069c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000069c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:24:15,461",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:24:15,477",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:24:15,540",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:24:15,540",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:24:15,555",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:24:15,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:24:15,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:24:15,571",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:24:15,571",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:24:15,586",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:24:15,586",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:24:15,586",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:24:15,633",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:24:15,633",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:24:15,633",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:24:15,649",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000440"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:24:15,665",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:24:15,680",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:24:15,680",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:24:15,680",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:24:15,696",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:24:15,696",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:24:15,696",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:24:15,743",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:24:15,758",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:24:15,758",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:24:15,758",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:24:15,758",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:24:15,758",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:24:15,758",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:24:15,821",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:24:15,836",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:24:15,836",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:24:15,852",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:24:15,852",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:24:15,852",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:24:15,852",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:24:15,915",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:24:15,946",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:24:15,946",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:24:16,024",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:24:16,024",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:24:16,024",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:24:16,055",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:24:16,055",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:24:16,055",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:24:16,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:24:16,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:24:16,071",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:24:16,071",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:24:16,086",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:24:16,102",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:24:16,165",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:24:16,180",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:24:16,196",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:24:16,196",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:24:16,211",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000630"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:24:16,227",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:24:16,243",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:24:16,258",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:24:16,305",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:24:16,321",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:24:16,571",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000688"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000688"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:24:16,586",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:24:16,774",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:24:16,774",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:24:16,774",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:24:16,790",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:24:16,790",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:24:16,790",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:24:16,790",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:24:16,790",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000700"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:24:16,805",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:24:16,821",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:24:16,836",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000067c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000067c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:24:16,852",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000067c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:24:16,868",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:24:16,915",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:24:16,915",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:24:16,915",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000067c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000067c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000630"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:24:16,930",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:24:16,946",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:24:16,961",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:24:16,977",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:24:16,993",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:24:17,008",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:24:17,024",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:24:17,040",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:24:17,055",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:24:17,055",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:24:17,055",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:24:17,071",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:24:17,086",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:24:17,102",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:24:17,118",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:24:17,133",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:24:17,149",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:24:17,149",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:24:17,149",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:24:18,008",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:24:18,008",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:24:18,008",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:24:18,024",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:24:18,040",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:24:18,055",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000688"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000688"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:24:18,071",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000630"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:24:18,086",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:24:18,102",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:24:18,118",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:24:18,133",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000710"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:24:18,149",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:24:18,165",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000710"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:24:18,180",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:24:18,211",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000700"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:24:18,227",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:24:18,243",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:24:18,258",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:24:18,274",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000668"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:24:18,290",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-03-05 10:24:18,305",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-03-05 10:24:18,399",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-03-05 10:24:18,415",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-03-05 10:24:18,461",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-03-05 10:24:18,477",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-03-05 10:24:18,493",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-03-05 10:24:18,508",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-03-05 10:24:18,508",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-03-05 10:24:18,508",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-03-05 10:24:18,524",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-03-05 10:24:19,071",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-03-05 10:24:19,071",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-03-05 10:24:19,071",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-03-05 10:24:19,086",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-03-05 10:24:19,102",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000638"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-03-05 10:24:19,196",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-03-05 10:24:19,211",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-03-05 10:24:19,227",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-03-05 10:24:19,227",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-03-05 10:24:19,227",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-03-05 10:24:19,227",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-03-05 10:24:19,227",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-03-05 10:24:19,243",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-03-05 10:24:19,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-03-05 10:24:19,243",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000650"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-03-05 10:24:19,243",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-03-05 10:24:19,243",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000650"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-03-05 10:24:19,258",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-03-05 10:24:19,274",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000688"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000664"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-03-05 10:24:19,290",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-03-05 10:24:19,930",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000664"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000067c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-03-05 10:24:19,977",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-03-05 10:24:19,993",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-03-05 10:24:19,993",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-03-05 10:24:19,993",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000440"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000440"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-03-05 10:24:20,008",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-03-05 10:24:20,024",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000490"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-03-05 10:24:20,040",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000068c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000490"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000068c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-03-05 10:24:20,055",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000680"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-03-05 10:24:20,071",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006cc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006cc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-03-05 10:24:20,086",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-03-05 10:24:20,102",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000440"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-03-05 10:24:20,118",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000490"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000490"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000674"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000490"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-03-05 10:24:20,133",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-03-05 10:24:20,149",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-03-05 10:24:20,165",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-03-05 10:24:20,165",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-03-05 10:24:20,165",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-03-05 10:24:20,180",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000720"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000074c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-03-05 10:24:20,196",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000066c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000718"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000066c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000748"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-03-05 10:24:20,211",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "5748",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "5748",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-03-05 10:24:20,227",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-03-05 10:24:20,305",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000718"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000718"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000758"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-03-05 10:24:20,321",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000760"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-03-05 10:24:20,336",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000768"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000076c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000768"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-03-05 10:24:20,415",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000718"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000718"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000768"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-03-05 10:24:20,430",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000076c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000770"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000076c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000066c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-03-05 10:24:20,446",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000768"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000066c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000768"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000076c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-03-05 10:24:20,461",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-03-05 10:24:21,321",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-03-05 10:24:21,321",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000490"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000674"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-03-05 10:24:22,508",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000758"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000490"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000758"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-03-05 10:24:22,524",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-03-05 10:24:22,540",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-03-05 10:24:22,540",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-03-05 10:24:22,540",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-03-05 10:24:22,540",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-03-05 10:24:22,540",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-03-05 10:24:22,540",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000720"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000720"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000744"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-03-05 10:24:22,555",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000744"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000678"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-03-05 10:24:22,571",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-03-05 10:24:22,586",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-03-05 10:24:22,586",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-03-05 10:24:22,586",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000068c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000644"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-03-05 10:24:22,602",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000066c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000758"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-03-05 10:24:22,618",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000440"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-03-05 10:24:22,633",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000758"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000440"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "5684",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000758"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "4048",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "4048",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-03-05 10:24:22,649",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "3220",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000006d8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e916c69280"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4024"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000758"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000688",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e916c695f0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "1160"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000738"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000738"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000668",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e916c69b90"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5744"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-03-05 10:24:37,118",
            "thread_id": "4024",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-03-05 10:24:37,133",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000038c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000038c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000738"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "1160",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000638"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "1160",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000071c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-03-05 10:24:37,149",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000444"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-03-05 10:24:37,165",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000738"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000738"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-03-05 10:24:37,180",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-03-05 10:24:37,196",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-03-05 10:24:37,227",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-03-05 10:24:37,258",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-03-05 10:24:37,258",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-03-05 10:24:37,258",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-03-05 10:24:37,258",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-03-05 10:24:37,258",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-03-05 10:24:37,274",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-03-05 10:24:37,274",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-03-05 10:24:37,274",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-03-05 10:24:37,274",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-03-05 10:24:37,274",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-03-05 10:24:37,274",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-03-05 10:24:37,290",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000694"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000694"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000038c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-03-05 10:24:37,305",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000038c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000694"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-03-05 10:24:37,321",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000700"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-03-05 10:24:37,336",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000738"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000738"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-03-05 10:24:37,352",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-03-05 10:24:37,368",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-03-05 10:24:37,368",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-03-05 10:24:37,696",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-03-05 10:24:37,696",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000700"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000738"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-03-05 10:24:37,711",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006cc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000738"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006cc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000714"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-03-05 10:24:37,743",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-03-05 10:24:37,758",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-03-05 10:24:37,758",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-03-05 10:24:37,758",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-03-05 10:24:37,758",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-03-05 10:24:37,758",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-03-05 10:24:37,758",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-03-05 10:24:37,774",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000654"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-03-05 10:24:37,774",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-03-05 10:24:37,774",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-03-05 10:24:37,774",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000714"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-03-05 10:24:37,790",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-03-05 10:24:38,243",
            "thread_id": "3792",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-03-05 10:24:38,727",
            "thread_id": "5600",
            "caller": "0x7ff63d204340",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-03-05 10:24:38,805",
            "thread_id": "5600",
            "caller": "0x7ff63d204340",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-03-05 10:24:38,805",
            "thread_id": "5600",
            "caller": "0x7ff63d204340",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000048c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000048c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-03-05 10:24:39,165",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-03-05 10:24:39,227",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-03-05 10:24:39,258",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-03-05 10:24:39,290",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-03-05 10:24:39,290",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000002e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-03-05 10:24:39,305",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000002e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000444"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-03-05 10:24:39,305",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-03-05 10:24:39,305",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-03-05 10:24:39,305",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-03-05 10:24:39,305",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-03-05 10:24:39,305",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-03-05 10:24:42,086",
            "thread_id": "280",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000258"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-03-05 10:24:44,290",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000002e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000002e0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-03-05 10:24:44,305",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-03-05 10:24:44,321",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-03-05 10:24:44,321",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-03-05 10:24:44,321",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-03-05 10:24:44,321",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-03-05 10:24:44,321",
            "thread_id": "3792",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "3792",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "3792",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "3792",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000484"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000484"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-03-05 10:24:44,336",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-03-05 10:24:44,368",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-03-05 10:24:44,368",
            "thread_id": "3792",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-03-05 10:24:44,368",
            "thread_id": "3792",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000314"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000314"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-03-05 10:24:44,383",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-03-05 10:24:44,415",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-03-05 10:24:44,415",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-03-05 10:24:44,415",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000314"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-03-05 10:24:44,430",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "3792",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000738"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-03-05 10:24:44,446",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-03-05 10:24:44,461",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-03-05 10:24:44,461",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-03-05 10:24:44,461",
            "thread_id": "6192",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-03-05 10:24:44,821",
            "thread_id": "3220",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-03-05 10:24:44,821",
            "thread_id": "3220",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-03-05 10:24:44,821",
            "thread_id": "3220",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "3220",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "3220",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000654"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000654"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000684"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-03-05 10:24:44,883",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-03-05 10:24:44,977",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-03-05 10:24:44,993",
            "thread_id": "3220",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-03-05 10:24:44,993",
            "thread_id": "3220",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-03-05 10:24:45,008",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000484"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-03-05 10:24:45,008",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000484"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000654"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-03-05 10:24:45,008",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-03-05 10:24:45,008",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-03-05 10:24:45,118",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-03-05 10:24:45,133",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-03-05 10:24:45,133",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-03-05 10:24:48,180",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-03-05 10:24:48,180",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-03-05 10:24:48,180",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000684"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-03-05 10:24:48,196",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000484"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "4024",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000484"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000670"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "1160",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "1160",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-03-05 10:24:48,211",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-03-05 10:25:08,336",
            "thread_id": "5600",
            "caller": "0x7ff63d204340",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ES"
              },
              {
                "name": "DllBase",
                "value": "0x7ff975af0000"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-03-05 10:25:08,336",
            "thread_id": "5600",
            "caller": "0x7ff63d204340",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff975af0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-03-05 10:25:38,352",
            "thread_id": "3608",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-03-05 10:27:03,415",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-03-05 10:27:03,415",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-03-05 10:27:03,415",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-03-05 10:27:03,430",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-03-05 10:27:03,430",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-03-05 10:27:03,430",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-03-05 10:27:03,477",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-03-05 10:27:03,477",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-03-05 10:27:03,477",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-03-05 10:27:03,493",
            "thread_id": "3608",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000284",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e9167e2290"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5260"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "5260",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "5260",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "5260",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "5260",
            "caller": "0x7ff964346b2d",
            "parentcaller": "0x7ff972aff3e9",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1992
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "5260",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000758",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e916c677a0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "7128"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "7128",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005ac"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000061c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005c8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-03-05 10:27:03,508",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-03-05 10:27:03,524",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-03-05 10:27:03,524",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005ac"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000028c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-03-05 10:27:03,540",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-03-05 10:27:03,555",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-03-05 10:27:03,555",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000660"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000488"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-03-05 10:27:03,555",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-03-05 10:27:03,555",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-03-05 10:27:03,758",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-03-05 10:27:03,758",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-03-05 10:27:03,758",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-03-05 10:27:03,774",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-03-05 10:27:03,774",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000328"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\INDEX.BTR"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xe0\\x10\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-03-05 10:27:03,774",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000328"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\INDEX.BTR"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-03-05 10:27:03,774",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-03-05 10:27:03,774",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-03-05 10:27:03,790",
            "thread_id": "3608",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-03-05 10:27:03,790",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-03-05 10:27:03,790",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2014
          },
          {
            "timestamp": "2026-03-05 10:27:03,790",
            "thread_id": "5260",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-03-05 10:27:03,790",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-03-05 10:27:03,836",
            "thread_id": "5260",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-03-05 10:27:03,836",
            "thread_id": "5260",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-03-05 10:27:03,836",
            "thread_id": "5260",
            "caller": "0x7ff964346b2d",
            "parentcaller": "0x7ff972aff3e9",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2019
          },
          {
            "timestamp": "2026-03-05 10:27:03,836",
            "thread_id": "7128",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000071c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000210"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-03-05 10:27:03,961",
            "thread_id": "5260",
            "caller": "0x7ff972afdd6a",
            "parentcaller": "0x7ff972afd989",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 8,
            "id": 2021
          },
          {
            "timestamp": "2026-03-05 10:27:04,774",
            "thread_id": "5260",
            "caller": "0x7ff972b07e1d",
            "parentcaller": "0x7ff972b07a50",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "EAC8A024-21E2-4523-AD73-A71A0AA2F56A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "81166F58-DD98-11D3-A120-00105A1F515A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-03-05 10:27:04,774",
            "thread_id": "5260",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-03-05 10:27:04,805",
            "thread_id": "5260",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-03-05 10:27:04,805",
            "thread_id": "5260",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-03-05 10:27:04,821",
            "thread_id": "7128",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 2026
          },
          {
            "timestamp": "2026-03-05 10:27:04,852",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000488"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-03-05 10:27:05,071",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-03-05 10:27:05,071",
            "thread_id": "6192",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-03-05 10:27:05,071",
            "thread_id": "6192",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-03-05 10:27:05,118",
            "thread_id": "5480",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000061c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-03-05 10:27:05,243",
            "thread_id": "5944",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000484"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-03-05 10:27:05,352",
            "thread_id": "6192",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-03-05 10:27:05,352",
            "thread_id": "6192",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000328"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\INDEX.BTR"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xc0\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-03-05 10:27:05,352",
            "thread_id": "6192",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-03-05 10:27:05,352",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-03-05 10:27:05,352",
            "thread_id": "5480",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00@s\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "5260",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "5260",
            "caller": "0x7ff972b09ec9",
            "parentcaller": "0x7ff972afb42b",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F87137D-0E7C-44D5-8C73-4EFFB68962F2"
              },
              {
                "name": "ClsContext",
                "value": "0x00090004",
                "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_ENABLE_AAA|CLSCTX_ACTIVATE_64_BIT_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "5260",
            "caller": "0x7ff972b04e9b",
            "parentcaller": "0x7ff972b06a2f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2040
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "5260",
            "caller": "0x7ff964346b2d",
            "parentcaller": "0x7ff972afcae0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2041
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "5260",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2042
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "5260",
            "caller": "0x7ff972b04e9b",
            "parentcaller": "0x7ff972b06a2f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2043
          },
          {
            "timestamp": "2026-03-05 10:27:05,368",
            "thread_id": "6192",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2044
          },
          {
            "timestamp": "2026-03-05 10:27:05,383",
            "thread_id": "7128",
            "caller": "0x7ff978e02508",
            "parentcaller": "0x7ff978e04a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 2045
          },
          {
            "timestamp": "2026-03-05 10:27:05,399",
            "thread_id": "6192",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-03-05 10:27:05,399",
            "thread_id": "6032",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-03-05 10:27:05,399",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "5260",
            "caller": "0x7ff972b04e9b",
            "parentcaller": "0x7ff972b06a2f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "5260",
            "caller": "0x7ff972c9b02d",
            "parentcaller": "0x7ff972c9a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "3336",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000470"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "5260",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000028c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000028c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "7128",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "7128",
            "caller": "0x7ff972c9b02d",
            "parentcaller": "0x7ff972c9a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "7128",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000210"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "7128",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "7128",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000420"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-03-05 10:27:05,415",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-03-05 10:27:05,430",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-03-05 10:27:05,430",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-03-05 10:27:05,430",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-03-05 10:27:05,430",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-03-05 10:27:05,493",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-03-05 10:27:05,493",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2067
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "7128",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b0978f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "7128",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-03-05 10:27:05,508",
            "thread_id": "5260",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972b273be",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-03-05 10:27:05,524",
            "thread_id": "5260",
            "caller": "0x7ff972c9b02d",
            "parentcaller": "0x7ff972c9a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-03-05 10:27:05,524",
            "thread_id": "3608",
            "caller": "0x7ff97eb7b5dd",
            "parentcaller": "0x7ff96435c946",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000664",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96435d7c0"
              },
              {
                "name": "Parameter",
                "value": "0x1e9167e32d0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5096"
              },
              {
                "name": "ProcessId",
                "value": "3820"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-03-05 10:27:07,711",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-03-05 10:27:07,711",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-03-05 10:27:07,727",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-03-05 10:27:07,758",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-03-05 10:27:07,758",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-03-05 10:27:07,758",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2083
          },
          {
            "timestamp": "2026-03-05 10:27:07,946",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-03-05 10:27:08,352",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-03-05 10:27:08,352",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-03-05 10:27:08,352",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-03-05 10:27:08,368",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-03-05 10:27:08,368",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-03-05 10:27:08,368",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2090
          },
          {
            "timestamp": "2026-03-05 10:27:08,399",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-03-05 10:27:08,633",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-03-05 10:27:08,633",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-03-05 10:27:08,649",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-03-05 10:27:08,649",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-03-05 10:27:08,649",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-03-05 10:27:08,665",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2097
          },
          {
            "timestamp": "2026-03-05 10:27:08,774",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-03-05 10:27:08,930",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-03-05 10:27:08,930",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-03-05 10:27:08,930",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-03-05 10:27:08,946",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-03-05 10:27:08,946",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-03-05 10:27:08,946",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2104
          },
          {
            "timestamp": "2026-03-05 10:27:08,961",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-03-05 10:27:08,993",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-03-05 10:27:08,993",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-03-05 10:27:08,993",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-03-05 10:27:09,008",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-03-05 10:27:09,008",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-03-05 10:27:09,008",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2111
          },
          {
            "timestamp": "2026-03-05 10:27:09,024",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-03-05 10:27:09,274",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-03-05 10:27:09,274",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-03-05 10:27:09,274",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-03-05 10:27:09,305",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-03-05 10:27:09,305",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-03-05 10:27:09,305",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2118
          },
          {
            "timestamp": "2026-03-05 10:27:09,399",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-03-05 10:27:09,540",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-03-05 10:27:09,540",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-03-05 10:27:09,540",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-03-05 10:27:09,555",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-03-05 10:27:09,555",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-03-05 10:27:09,555",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "5260",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "5260",
            "caller": "0x7ff97d71435b",
            "parentcaller": "0x7ff97372a168",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000324"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\wbem\\Repository\\OBJECTS.DATA"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xa0\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000620"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000450"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000620"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "7128",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972afffb3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "7128",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-03-05 10:27:09,586",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-03-05 10:27:09,743",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-03-05 10:27:09,868",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-03-05 10:27:09,868",
            "thread_id": "6032",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-03-05 10:27:09,868",
            "thread_id": "6032",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-03-05 10:27:09,930",
            "thread_id": "6032",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-03-05 10:27:09,930",
            "thread_id": "6032",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-03-05 10:27:09,930",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2141
          },
          {
            "timestamp": "2026-03-05 10:27:09,946",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-03-05 10:27:10,086",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-03-05 10:27:10,086",
            "thread_id": "6032",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-03-05 10:27:10,086",
            "thread_id": "6032",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-03-05 10:27:10,118",
            "thread_id": "6032",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-03-05 10:27:10,118",
            "thread_id": "6032",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-03-05 10:27:10,118",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2148
          },
          {
            "timestamp": "2026-03-05 10:27:10,133",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-03-05 10:27:10,477",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-03-05 10:27:10,493",
            "thread_id": "6032",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-03-05 10:27:10,493",
            "thread_id": "6032",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-03-05 10:27:10,508",
            "thread_id": "6032",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-03-05 10:27:10,508",
            "thread_id": "6032",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-03-05 10:27:10,508",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2155
          },
          {
            "timestamp": "2026-03-05 10:27:10,571",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-03-05 10:27:10,790",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-03-05 10:27:10,790",
            "thread_id": "6032",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-03-05 10:27:10,790",
            "thread_id": "6032",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-03-05 10:27:10,805",
            "thread_id": "6032",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-03-05 10:27:10,805",
            "thread_id": "6032",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-03-05 10:27:10,805",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2162
          },
          {
            "timestamp": "2026-03-05 10:27:10,821",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-03-05 10:27:10,915",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-03-05 10:27:10,915",
            "thread_id": "6032",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-03-05 10:27:10,915",
            "thread_id": "6032",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-03-05 10:27:10,977",
            "thread_id": "6032",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-03-05 10:27:10,977",
            "thread_id": "6032",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-03-05 10:27:10,977",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2169
          },
          {
            "timestamp": "2026-03-05 10:27:10,993",
            "thread_id": "6032",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-03-05 10:27:11,243",
            "thread_id": "6032",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-03-05 10:27:11,243",
            "thread_id": "6032",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-03-05 10:27:11,243",
            "thread_id": "6032",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-03-05 10:27:11,258",
            "thread_id": "6032",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-03-05 10:27:11,258",
            "thread_id": "6032",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-03-05 10:27:11,258",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000730"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000730"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "7128",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972afffb3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "7128",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "6032",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c7d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-03-05 10:27:11,290",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-03-05 10:27:11,305",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-03-05 10:27:11,555",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-03-05 10:27:11,555",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-03-05 10:27:11,555",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "3608",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "3608",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "3608",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000063c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000670"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000658"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "7128",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972afffb3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-03-05 10:27:11,571",
            "thread_id": "7128",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2194
          },
          {
            "timestamp": "2026-03-05 10:27:11,586",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-03-05 10:27:11,602",
            "thread_id": "3336",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-03-05 10:27:11,852",
            "thread_id": "3336",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-03-05 10:27:11,852",
            "thread_id": "3336",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-03-05 10:27:11,852",
            "thread_id": "3336",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-03-05 10:27:11,868",
            "thread_id": "3336",
            "caller": "0x7ff972b03a1a",
            "parentcaller": "0x7ff964348f9b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-03-05 10:27:11,868",
            "thread_id": "3336",
            "caller": "0x7ff96f972c2e",
            "parentcaller": "0x7ff964349057",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-03-05 10:27:11,868",
            "thread_id": "3336",
            "caller": "0x7ff972c9a740",
            "parentcaller": "0x7ff972c9a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-03-05 10:27:11,883",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000730"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000660"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-03-05 10:27:11,883",
            "thread_id": "5260",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96f96b51c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000730"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-03-05 10:27:11,883",
            "thread_id": "7128",
            "caller": "0x7ff972b02823",
            "parentcaller": "0x7ff972afffb3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-03-05 10:27:11,883",
            "thread_id": "7128",
            "caller": "0x7ff972c9aaaf",
            "parentcaller": "0x7ff972c9a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 2206
          },
          {
            "timestamp": "2026-03-05 10:27:11,883",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-03-05 10:27:11,883",
            "thread_id": "3608",
            "caller": "0x7ff964348250",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-03-05 10:27:12,008",
            "thread_id": "3608",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-03-05 10:27:12,008",
            "thread_id": "3608",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff973e2359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964330000"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-03-05 10:27:12,008",
            "thread_id": "3608",
            "caller": "0x7ff973e235f7",
            "parentcaller": "0x7ff97f4bb1fe",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2211
          }
        ],
        "threads": [
          "3792",
          "5684",
          "4048",
          "6192",
          "5748",
          "3608",
          "5376",
          "3220",
          "4024",
          "1160",
          "5600",
          "280",
          "5260",
          "7128",
          "5480",
          "5944",
          "6032",
          "3336"
        ],
        "environ": {
          "UserName": "￑￈￑ￒￅￌ￀",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Winmgmt",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff63d200000",
          "MainExeSize": "0x00010000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 6224,
        "process_name": "RuntimeBroker.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\RuntimeBroker.exe",
        "first_seen": "2026-03-05 10:23:56,384",
        "calls": [
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd12015",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7156"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "UMPDC.dll"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\umpdc.dll"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\umpdc.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\umpdc.dll"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d220000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d230000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001dc"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:23:56,681",
            "thread_id": "7156",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\UMPDC"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d220000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\umpdc"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d220000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d223e30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d260000"
              },
              {
                "name": "ModuleName",
                "value": "powrprof.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d260000"
              },
              {
                "name": "ModuleName",
                "value": "powrprof.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\powrprof"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d240000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d243480"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97b1e88ad",
            "parentcaller": "0x7ff97b1ea9c4",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97b1e88ad",
            "parentcaller": "0x7ff97b1ea9c4",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\rmclient"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b1e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b1e9fe0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fd841e6",
            "parentcaller": "0x7ff97fd24d2b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "7156",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff67c006740"
              },
              {
                "name": "Parameter",
                "value": "0xc60b873000"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "3032",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "3032",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "3032",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "1744",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af05000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "1744",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "1744",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "432",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "432",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "1676",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:23:56,697",
            "thread_id": "1676",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0065a9",
            "parentcaller": "0x7ff67c00663c",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff67c006fb0"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c003a89",
            "parentcaller": "0x7ff67c0032af",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "52"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00\\x07\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c003aa6",
            "parentcaller": "0x7ff67c0032af",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "52"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f4"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f4"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000001f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xd0}E=Y\\xdc\\x96\\x05\\x91\\xa3\\xdf\\xb5\\xe1\\xd2T\\x96g>X\\xa1\\xf2\\x00YO\\xc7\\x96~}(BsU\\x85\\xf2\\x8d/\\xcd\\x186\\x17{m\\xbd@\\xda?\\xf7\\xeb"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae29000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c003a0c",
            "parentcaller": "0x7ff67c0032f7",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "58"
              },
              {
                "name": "InputBuffer",
                "value": "\\x939#\\xe1\\xa4\\xea\\x0fG\\x9d\\xe7\\xa3Q\\xc1\\xb6\\xfbq\\xff\\xff\\xff\\xff"
              },
              {
                "name": "OutputBuffer",
                "value": "E\\xf9\\xbc\\xa3mN\\xc6A"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c003a0c",
            "parentcaller": "0x7ff67c0032f7",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "58"
              },
              {
                "name": "InputBuffer",
                "value": "Y\\x9a>]\\xd5\\xe9\\x00K\\xa6\\xbd\\xff4\\xffQeH\\xff\\xff\\xff\\xff"
              },
              {
                "name": "OutputBuffer",
                "value": "E\\x81\\xbc\\xa3mN\\xc6A"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "7156",
            "caller": "0x7ff67c003a0c",
            "parentcaller": "0x7ff67c0032f7",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "59"
              },
              {
                "name": "InputBuffer",
                "value": "Y\\x9a>]\\xd5\\xe9\\x00K\\xa6\\xbd\\xff4\\xffQeH"
              },
              {
                "name": "OutputBuffer",
                "value": "$\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "5092",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "3424",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:23:56,744",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:23:56,759",
            "thread_id": "7156",
            "caller": "0x7ff67c003353",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:23:56,791",
            "thread_id": "7156",
            "caller": "0x7ff67c003353",
            "parentcaller": "0x7ff67c0066c6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:23:56,791",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:23:56,791",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:23:56,791",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:23:56,791",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x000001e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{15C20B67-12E7-4BB6-92BB-7AFF07997402}"
              },
              {
                "name": "Handle",
                "value": "0x000001ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{15C20B67-12E7-4BB6-92BB-7AFF07997402}"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ea"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "Data",
                "value": "6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ea"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "Type",
                "value": "0x00000003",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ea"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xa1'`\\x8f\\x9a\\xbb\\x184c\\xb6w\\xff\\x9d\\xd5\\xb6l\\xe72\\x1ah\\x08RC\\x92\\x86\\xa6\\x1f\\xd8\\x98\\x17\\x1b;\t\\x00L\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ea"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:23:56,806",
            "thread_id": "7156",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c003590",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Ole\\Extensions\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c0035b1",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c0035b1",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "ValueName",
                "value": "MaxSxSHashCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c0035b1",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c003c94",
            "parentcaller": "0x7ff67c003603",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c005150",
            "parentcaller": "0x7ff67c004efd",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c004f0e",
            "parentcaller": "0x7ff67c004f7a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00503d",
            "parentcaller": "0x7ff67c004f95",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c0050b5",
            "parentcaller": "0x7ff67c004f95",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c004eba",
            "parentcaller": "0x7ff67c00463c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c004d83",
            "parentcaller": "0x7ff67c004901",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c004e4b",
            "parentcaller": "0x7ff67c00472e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c0051ea",
            "parentcaller": "0x7ff67c003be2",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c005c44",
            "parentcaller": "0x7ff67c00520f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008ea5",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008ea5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008f7a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008f7a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00a697",
            "parentcaller": "0x7ff67c008fb1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00a697",
            "parentcaller": "0x7ff67c008fd2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00622b",
            "parentcaller": "0x7ff67c00526d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00a697",
            "parentcaller": "0x7ff67c008e19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
              },
              {
                "name": "Handle",
                "value": "0x000001ce"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xe5z\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xce\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xe6z\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000001ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ce"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PerAppRuntimeBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001ce"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe4z\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xce\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xe5z\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000001ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe4z\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xce\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xe5z\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000001ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ce"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0xc60b7af170"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001850"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.6224"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000262"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000262"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000266"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000266"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000266"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000262"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\x07\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x9b\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\x98\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xab\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\x98\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xe6z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x98\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xe4z\\x0b\\xc6\\x00\\x00\\x00d\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x07\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x90\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x002\\x001\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x004\\x000\\x000\\x007\\x006\\x00-\\x004\\x001\\x000\\x009\\x005\\x009\\x001\\x009\\x008\\x006\\x00-\\x003\\x001\\x009\\x002\\x006\\x009\\x000\\x006\\x003\\x002\\x00-\\x00"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x91\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xaf\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xe3z\\x0b\\xc6\\x00\\x00\\x00(\\xe3z\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xe2z\\x0b\\xc6\\x00\\x00\\x00\\x18\\xe3z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x91\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xe1z\\x0b\\xc6\\x00\\x00\\x00d\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000268"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae49150"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5712"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000268",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae49150"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5712"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:23:56,822",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "5712",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "5712",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae49150"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "5712",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x98\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x90\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\x97\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x98\\xeaz\\x0b\\xc6\\x00\\x00\\x00h\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x88\\xeaz\\x0b"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x90\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8z\\x0b\\xc6\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x91\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x91\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xab\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7z\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xe6z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x91\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4z\\x0b\\xc6\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x98\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xbf\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x90\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\x97\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x98\\xeaz\\x0b\\xc6\\x00\\x00\\x00h\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x88\\xeaz\\x0b"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x90\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8z\\x0b\\xc6\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x91\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:23:56,837",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x91\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xab\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7z\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xe6z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x91\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4z\\x0b\\xc6\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x98\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x90\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\x97\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x98\\xeaz\\x0b\\xc6\\x00\\x00\\x00h\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x88\\xeaz\\x0b"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x90\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8z\\x0b\\xc6\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x91\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xbc\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x91\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xab\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7z\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xe6z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x91\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4z\\x0b\\xc6\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x91\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\x98\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\x97\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x98\\xeaz\\x0b\\xc6\\x00\\x00\\x00h\\xeaz\\x0b\\xc6\\x00\\x00\\x00\\x88\\xeaz\\x0b"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x98\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8z\\x0b\\xc6\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x91\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x90\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xab\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7z\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xe6z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x90\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4z\\x0b\\xc6\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "3424",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000280"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x90\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x91\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xde\\x95\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xe8z\\x0b\\xc6\\x00\\x00\\x00\\xa8\\xe8z\\x0b\\xc6\\x00\\x00\\x00x\\xe8z\\x0b\\xc6\\x00\\x00\\x00\\x98\\xe8z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x91\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xe6z\\x0b\\xc6\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x08\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x91\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xbc\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x92\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00~\\xa9\\x92\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xe5z\\x0b\\xc6\\x00\\x00\\x00\\x08\\xe5z\\x0b\\xc6\\x00\\x00\\x00\\xd8\\xe4z\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xe4z\\x0b"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x92\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xe2z\\x0b\\xc6\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
              },
              {
                "name": "Handle",
                "value": "0x0000028a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xe5z\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xe6z\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000028a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PerAppRuntimeBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000028a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xe3z\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xd0\\xe4z\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000028a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xe3z\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xd0\\xe4z\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000028a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028a"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              }
            ],
            "repeated": 1,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:23:56,853",
            "thread_id": "7156",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAsClassIndex"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PackagedCom\\TreatAsClassIndex"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "7156",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000230"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "7156",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "7156",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "y\\x0f+\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00d\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd8\\xb8(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55448f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544b9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55450d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554537",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554561",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55458b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f55439f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000288"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000338-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000338-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}"
              },
              {
                "name": "Handle",
                "value": "0x0000028a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000028a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000286"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000286"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000286"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028a"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "Handle",
                "value": "0x0000028a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000028a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000286"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000286"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000286"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028a"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000288"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\r\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x93\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00N\\xce7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x08\\xc4\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x84\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\r\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x9e\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xbf\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xcd7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00x\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00H\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00h\\xc0\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xbe\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x84\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x0e\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xbe\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x9e\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00N\\xce7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x08\\xc4\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x9e\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\n\\xe3J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xbf\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x9f\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xcd7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00x\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00H\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00h\\xc0\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x9f\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xbe\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4c0e54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ec8a0"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e8f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0eac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae4f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:23:56,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "5092",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3424",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000290"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "6592",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:23:56,884",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000294"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000284"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00X\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xffce\\xffa6\\x07\\xffb8E\\xffb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe4J\\xffed\\x01\\x00\\x000\\xffe1\\xffef\\x0b\\xffc6\\x00\\x00\\x00P\\xffe2\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x000\\xffe1\\xffef\\x0b\\xffc6\\x00\\x00\\x00P\\xffe2\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff84\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffe0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00\\xffed\\x01\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff84\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff90\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffa0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\x10\\x0e\\xffe3J\\xffed\\x01\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffdb\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xffe0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00,\\x0e\\xffe3J\\xffed\\x01\\x00\\x000\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff84\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00ylM\\x7f\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae5c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:23:57,212",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000298"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c006196",
            "parentcaller": "0x7ff67c002e41",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xda\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x01|\\xf6\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xbb\\xe4J"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x18\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00\\xffe8\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\x0f\\xffe3J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff91\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\x0f\\xffe3J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000298"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xd6\\xef\\x0b\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xff\\xff\\xff\\xff\\xd85\\xc4\\\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\\\xf9\\x7f\\x00\\x00\\xc8\\xd7\\xef\\x0b\\xc6\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00K\\xb1n}\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId"
              },
              {
                "name": "DllBase",
                "value": "0x7ff966cf0000"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002ac"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00h\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x000\\xffd7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff83\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff83\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff83\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x000\\xffd7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000029c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:23:57,228",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00\\xffe8\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\xfff0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000029c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd8\\xffdf\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x1c\\xff88\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00h\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe4J\\xffed\\x01\\x00\\x00P\\xff80\\xffe4J\\xffed\\x01\\x00\\x00P\\xff80\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff80\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd9\\xffdf\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000029c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966cf0000"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff966cf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966d2c2a0"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966d066f0"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966cf7340"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966cf0000"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff966cf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966d2c2a0"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966d066f0"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966cf7340"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xd0N\\xe5J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x98O\\xe5J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8O\\xe5J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x06Q\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18Q\\xe5J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00 Q\\xe5J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008Q\\xe5J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@Q\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`Q\\xe5J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00hQ\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88Q\\xe5J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966cf0000"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff966cf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966d2c2a0"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966d066f0"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966cf0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966cf7340"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xd0N\\xe5J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x98O\\xe5J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8O\\xe5J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x06Q\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18Q\\xe5J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00 Q\\xe5J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008Q\\xe5J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@Q\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`Q\\xe5J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00hQ\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88Q\\xe5J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000035-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x000002a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002a2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a2"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd2\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x9f\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbf\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00.\\xc87\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x008\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x08\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00(\\xc6\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xcc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd6\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x9c\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xbf\\xe1J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\xcf7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00h\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x88\\xc2\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xcc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000035-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ca"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:23:57,244",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000035-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000029e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:23:57,259",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000029e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:23:57,259",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:23:57,259",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:23:57,259",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029e"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff94\\xffe4J\\xffed\\x01\\x00\\x00h\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xff94\\xffe4J\\xffed\\x01\\x00\\x00\\xff80\\xffd7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff94\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff85\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff85\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff85\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffd7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xd0N\\xe5J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x98O\\xe5J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8O\\xe5J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x06Q\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18Q\\xe5J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00 Q\\xe5J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008Q\\xe5J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@Q\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`Q\\xe5J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00hQ\\xe5J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88Q\\xe5J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:23:57,275",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:23:57,291",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:23:57,291",
            "thread_id": "5056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:23:57,291",
            "thread_id": "5056",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:23:57,291",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:23:57,291",
            "thread_id": "5056",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002d0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:23:57,291",
            "thread_id": "5056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae59000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:23:57,322",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}"
              },
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:23:57,322",
            "thread_id": "3424",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ca"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xca\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ca"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ca"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xca\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x000\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ca"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ce"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ca"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3764",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a942e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}"
              },
              {
                "name": "Handle",
                "value": "0x000002a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a942e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000246"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000246"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000246"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002da"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a942e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002da"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000246"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002da"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a942e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a942e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a942e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:23:57,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff977880000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9778964c0"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff977896570"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff977880000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9778964c0"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff977896570"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "5056",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9778964c0"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xd3\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "5056",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff977896570"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf0\\xe5J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xfe\\xbc\\x07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xd1\\xef\\x0b\\xc6\\x00\\x00\\x00\\x88\\xd1\\xef\\x0b\\xc6\\x00\\x00\\x00X\\xd1\\xef\\x0b\\xc6\\x00\\x00\\x00x\\xd1\\xef\\x0b"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xcf\\xef\\x0b\\xc6\\x00\\x00\\x00\\xd8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xd4\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x9e\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf2\\xe5J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae62000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8+\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9e\\xb0\\x07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xcd\\xef\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xcd\\xef\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xcd\\xef\\x0b\\xc6\\x00\\x00\\x00\\xd8\\xcd\\xef\\x0b"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0+\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00\\xd8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:23:57,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff97\\xffe4J\\xffed\\x01\\x00\\x00h\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff97\\xffe4J\\xffed\\x01\\x00\\x00 \\xffd3\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff97\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00 \\xffd3\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff82\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:23:57,619",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae63000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00P0\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x181\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x0081\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x862\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x982\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa02\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb82\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc02\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe02\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe82\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x083\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff9f\\xffe4J\\xffed\\x01\\x00\\x00h\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff9f\\xffe4J\\xffed\\x01\\x00\\x00 \\xffd3\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff9f\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00 \\xffd3\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002dc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00P0\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x181\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x0081\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x862\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x982\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa02\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb82\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc02\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe02\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe82\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x083\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:23:57,634",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:23:57,697",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:23:57,697",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:23:57,697",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4cc02000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:23:57,697",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4cd02000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffc5\\xffe1J\\xffed\\x01\\x00\\x00\\xffe8\\xffba\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffba\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffba\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xffc5\\xffe1J\\xffed\\x01\\x00\\x00@\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffc5\\xffe1J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00@\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffba\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002dc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:23:58,087",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "3424",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "3424",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "3424",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "3424",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "3424",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00P@\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18A\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008A\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x86B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98B\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa0B\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8B\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc0B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0B\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08C\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002dc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "3424",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00P@\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18A\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008A\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x86B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98B\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa0B\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8B\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc0B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0B\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08C\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.System.UserProfile.AdvertisingManagerHelper"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00P@\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18A\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008A\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x86B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98B\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa0B\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8B\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc0B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0B\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8B\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08C\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.System.UserProfile.AdvertisingManagerHelper"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb9\\xffaej3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00.\\x00U\\x00s\\x00e\\x00r\\x00P\\x00r\\x00o\\x00f\\x00i\\x00l\\x00e\\x00.\\x00A\\x00d\\x00v\\x00e\\x00r\\x00t\\x00i\\x00s\\x00i\\x00n\\x00g\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00H\\x00e\\x00l\\x00p\\x00e\\x00r\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\x0b\\xffe6J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9f\\xffe4J\\xffed\\x01\\x00\\x00\\xffe8\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x0b\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x0b\\xffe6J\\xffed\\x01\\x00\\x00\\xff90\\xff9f\\xffe4J\\xffed\\x01\\x00\\x000\\xffd2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9f\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\x0b\\xffe6J\\xffed\\x01\\x00\\x000\\xffd2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb4\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002dc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:23:58,103",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\twinapi.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978400000"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff978400000"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff978400000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff978451f00"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97844e9b0"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97845d6b0"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff978400000"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff978400000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff978451f00"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97844e9b0"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97845d6b0"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.System.UserProfile.AdvertisingManagerHelper"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb9\\xffaej3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00.\\x00U\\x00s\\x00e\\x00r\\x00P\\x00r\\x00o\\x00f\\x00i\\x00l\\x00e\\x00.\\x00A\\x00d\\x00v\\x00e\\x00r\\x00t\\x00i\\x00s\\x00i\\x00n\\x00g\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00H\\x00e\\x00l\\x00p\\x00e\\x00r\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd8\\xffdf\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00p\n\\xffe6J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x1c\\xff88\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9a\\xffe4J\\xffed\\x01\\x00\\x00\\xffe8\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00p\n\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00p\n\\xffe6J\\xffed\\x01\\x00\\x00\\xff90\\xff9a\\xffe4J\\xffed\\x01\\x00\\x00`\\xffd4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9a\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\n\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00p\n\\xffe6J\\xffed\\x01\\x00\\x00`\\xffd4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd9\\xffdf\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffbd\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.System.UserProfile.AdvertisingManagerHelper"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb9\\xffaej3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00.\\x00U\\x00s\\x00e\\x00r\\x00P\\x00r\\x00o\\x00f\\x00i\\x00l\\x00e\\x00.\\x00A\\x00d\\x00v\\x00e\\x00r\\x00t\\x00i\\x00s\\x00i\\x00n\\x00g\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00H\\x00e\\x00l\\x00p\\x00e\\x00r\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffbf\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\r\\xffe6J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90@\\xffe6J\\xffed\\x01\\x00\\x00h\\xffbf\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbf\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\r\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbf\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\r\\xffe6J\\xffed\\x01\\x00\\x00\\xff90@\\xffe6J\\xffed\\x01\\x00\\x00\\x10\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90@\\xffe6J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\r\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\r\\xffe6J\\xffed\\x01\\x00\\x00\\x10\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff82\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbf\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ec"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3424",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:23:58,119",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae67000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00PP\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18Q\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008Q\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x86R\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98R\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa0R\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8R\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc0R\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0R\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8R\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08S\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}"
              },
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xf2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xb5\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00Pp\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18q\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008q\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x86r\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98r\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa0r\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8r\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc0r\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0r\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8r\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08s\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xbc\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xf2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000216"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000216"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:23:58,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000216"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xf2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00Pp\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18q\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008q\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x86r\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98r\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xa0r\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8r\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xc0r\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0r\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8r\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08s\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xba\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xbb\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\xb9\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb8\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xb9\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:23:58,150",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ea"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb6\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xb7\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb6\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xb7\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ea"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xb6\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xb7\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ee"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:23:58,166",
            "thread_id": "5056",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ea"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bca0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3810"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3870"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xda\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " '\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00d\\x00o\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00O\\x00n\\x00e\\x00C\\x00o\\x00r\\x00e\\x00C\\x00o\\x00m\\x00m\\x00o\\x00n\\x00P\\x00r\\x00o\\x00x\\x00y\\x00S\\x00t\\x00u\\x00b\\x00"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xf1\\xe5J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x$\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xcf\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xc2\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p$\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xc0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd0\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0)\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00d\\x00o\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00O\\x00n\\x00e\\x00C\\x00o\\x00r\\x00e\\x00C\\x00o\\x00m\\x00m\\x00o\\x00n\\x00P\\x00r\\x00o\\x00x\\x00y\\x00S\\x00t\\x00u\\x00b\\x00"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf1\\xe5J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8'\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xc3\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00(\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x18\\xbf\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0'\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xbd\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bca0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3810"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3870"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bca0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bca0000"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bca0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3810"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bca0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bca3870"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}"
              },
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e6"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{A6FF50C0-56C0-71CA-5732-BED303A59628}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xda\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\t\\xd1k\\xf9\\x7f\\x00\\x00\\xf0\\xecl\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x9e\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xf6\\xe5J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00N\\xb9\\x17\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xd5\\xff\\x0b\\xc6\\x00\\x00\\x00\\x18\\xd5\\xff\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xd4\\xff\\x0b\\xc6\\x00\\x00\\x00\\x08\\xd5\\xff\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xd3\\xff\\x0b\\xc6\\x00\\x00\\x00\\xf4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd0\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf0\\xe5J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x9e\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xbc\\x17\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xd1\\xff\\x0b\\xc6\\x00\\x00\\x00x\\xd1\\xff\\x0b\\xc6\\x00\\x00\\x00H\\xd1\\xff\\x0b\\xc6\\x00\\x00\\x00h\\xd1\\xff\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x9e\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xcf\\xff\\x0b\\xc6\\x00\\x00\\x00\\xf4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:23:58,181",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:23:58,244",
            "thread_id": "5056",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bd12000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:23:58,244",
            "thread_id": "5056",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bd12000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff978407b54",
            "parentcaller": "0x7ff978407db5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff978407c7f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff978407cbd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xdf\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978407d17",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "familysafetyext.dll"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3424",
            "caller": "0x7ff978407b54",
            "parentcaller": "0x7ff978407db5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff978407c7f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff978407cbd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xda\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978407d17",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3424",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3764",
            "caller": "0x7ff978407b54",
            "parentcaller": "0x7ff978407db5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff978407c7f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff978407cbd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xdb\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978407d17",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "3764",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "6592",
            "caller": "0x7ff978407b54",
            "parentcaller": "0x7ff978407db5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff978407c7f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "6592",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff978407cbd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd8\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978407d17",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "6592",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\familysafetyext.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\FamilySafetyExt.dll"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00008000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca73000"
              },
              {
                "name": "ModuleName",
                "value": "familysafetyext.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca73000"
              },
              {
                "name": "ModuleName",
                "value": "familysafetyext.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca73000"
              },
              {
                "name": "ModuleName",
                "value": "familysafetyext.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca73000"
              },
              {
                "name": "ModuleName",
                "value": "familysafetyext.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca73000"
              },
              {
                "name": "ModuleName",
                "value": "familysafetyext.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca73000"
              },
              {
                "name": "ModuleName",
                "value": "familysafetyext.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:23:58,322",
            "thread_id": "5056",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\familysafetyext"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96ca70000"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\FamilySafetyExt"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96ca70000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff96ca71cb0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3424",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 1,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.FamilySafety.Internal.FamilySettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00a\\x00m\\x00i\\x00l\\x00y\\x00S\\x00a\\x00f\\x00e\\x00t\\x00y\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00F\\x00a\\x00m\\x00i\\x00l\\x00y\\x00S\\x00e\\x00t\\x00t\\x00i\\x00n\\x00g\\x00s\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffb9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd6\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x1a\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10F\\xffe6J\\xffed\\x01\\x00\\x00h\\xffb9\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb9\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x10F\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\xffda\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10F\\xffe6J\\xffed\\x01\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\xffda\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb9\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "6592",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.FamilySafety.Internal.FamilySettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.FamilySafety.Internal.FamilySettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00a\\x00m\\x00i\\x00l\\x00y\\x00S\\x00a\\x00f\\x00e\\x00t\\x00y\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00F\\x00a\\x00m\\x00i\\x00l\\x00y\\x00S\\x00e\\x00t\\x00t\\x00i\\x00n\\x00g\\x00s\\x00\\x06\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffd2\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe1\\x19\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\xffe6J\\xffed\\x01\\x00\\x00h\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00PE\\xffe6J\\xffed\\x01\\x00\\x00\\x10\\xffd4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\xffe6J\\xffed\\x01\\x00\\x00\\xffb0\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xffd4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:23:58,337",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "5056",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "6592",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "5056",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "5056",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Normaliz"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f980000"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-03-05 10:23:58,353",
            "thread_id": "5056",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\VERSION"
              },
              {
                "name": "DllBase",
                "value": "0x7ff975490000"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-03-05 10:23:58,369",
            "thread_id": "5056",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1246
          },
          {
            "timestamp": "2026-03-05 10:23:58,369",
            "thread_id": "5056",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\wpc"
              },
              {
                "name": "DllBase",
                "value": "0x7ff950ed0000"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-03-05 10:23:58,400",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Wpc.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff950ed0000"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-03-05 10:23:58,400",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff950ed0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\wpc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-03-05 10:23:58,400",
            "thread_id": "5092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-03-05 10:23:58,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wpc.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff950ed0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff950edb2c0"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-03-05 10:23:58,400",
            "thread_id": "5092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Wpc.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff950ed0000"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff950ed0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\wpc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wpc.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff950ed0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff950edb2c0"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000(\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xe5\\xd7\\x0b\\xc6\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wpc.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff950ed0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff950edbcd0"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wpc.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff950ed0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff950ed6ca0"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " *\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x002\\x001\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x004\\x000\\x000\\x007\\x006\\x00-\\x004\\x001\\x000\\x009\\x005\\x009\\x001\\x009\\x008\\x006\\x00-\\x003\\x001\\x009\\x002\\x006\\x009\\x000\\x006\\x003\\x002\\x00-\\x00"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xa2\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8)\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x8e\\xae?\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xe3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\xd8\\xe3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\xa8\\xe3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xe3\\xd7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0)\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xe1\\xd7\\x0b\\xc6\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae6b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f561aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52e198",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52e1d4",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "GipActivityBypass"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52e1ed",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}"
              },
              {
                "name": "Handle",
                "value": "0x0000032e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000032e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ea"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032e"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae7e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae7f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae6d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3424",
            "caller": "0x7ff97f52e198",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3424",
            "caller": "0x7ff97f52e1d4",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "GipActivityBypass"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3424",
            "caller": "0x7ff97f52e1ed",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              },
              {
                "name": "Handle",
                "value": "0x0000032e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\x9c\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\x9d\\xff\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              },
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-03-05 10:23:58,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "5056",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "5056",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3424",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\System32\\wpc.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-03-05 10:23:58,431",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              },
              {
                "name": "Handle",
                "value": "0x00000342"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000342"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x9c\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\x9d\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "3424",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff978407fa2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd8\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x001\\x1e\\x88\\x9b:@\\x00\\x00\\xb3\\x05\\xcc\\x7f"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978408012",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff950f06a6a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff950ee0f79",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff978407f74",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff978407fa2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xd7\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00Q\\x1f\\xa0\\x9b:@\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-03-05 10:23:58,447",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978408012",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-03-05 10:23:58,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\wlidprov"
              },
              {
                "name": "DllBase",
                "value": "0x7ff968760000"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-03-05 10:23:58,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wlidprov.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff968760000"
              }
            ],
            "repeated": 1,
            "id": 1336
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff978408133",
            "parentcaller": "0x7ff978407def",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "AE0DB8A9-8183-4FA1-AFDA-C3506921D7E3"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "31140CB5-6B64-48FF-B872-660441CE9E51"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 3,
            "id": 1337
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff968767540",
            "parentcaller": "0x7ff9687625f5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\Trace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\Trace"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1341
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": "ServiceEnvironment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ServiceEnvironment"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xd2\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00\\xc0\\xcc\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00 \\xcc\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xcc\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00\\xa0\\xc4\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ApplicationFlags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000348"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff9687643f1",
            "parentcaller": "0x7ff9687620a6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xce\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x08?\\xc4\\\\xf9\\x7f\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "ValueName",
                "value": "ApplicationFlags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff9687643f1",
            "parentcaller": "0x7ff9687620a6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "UserId"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\UserId"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000348"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "ValueName",
                "value": "UserId"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\UserId"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff968764f05",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff9687a3273",
            "parentcaller": "0x7ff968762237",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff9687a3273",
            "parentcaller": "0x7ff968762237",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff968765caa",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff968765caa",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff968765b14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff968765b8a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xa2\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff968765b8a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xa0\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff968765c3d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff968765c3d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff968765caa",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff96876670a",
            "parentcaller": "0x7ff9687635a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000003",
                "pretty_value": "HKEY_USERS"
              },
              {
                "name": "SubKey",
                "value": "S-1-5-18\\Software\\Microsoft\\IdentityCRL\\StoredIdentities"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\IdentityCRL\\StoredIdentities"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff968765c3d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff9687688a8",
            "parentcaller": "0x7ff968766746",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\IdentityCRL\\StoredIdentities\\"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6e01e6",
            "parentcaller": "0x7ff96876680c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978408199",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff96876680c",
            "parentcaller": "0x7ff9687635a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978408199",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3424",
            "caller": "0x7ff978407f05",
            "parentcaller": "0x7ff978407e0f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "3764",
            "caller": "0x7ff978407e4f",
            "parentcaller": "0x7ff978407ad5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff968765caa",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff968765b14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff968765b8a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xa0\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff9687688a8",
            "parentcaller": "0x7ff968766746",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\IdentityCRL\\StoredIdentities\\"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff96876680c",
            "parentcaller": "0x7ff9687635a2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978408199",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff96876670a",
            "parentcaller": "0x7ff9687635a2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000003",
                "pretty_value": "HKEY_USERS"
              },
              {
                "name": "SubKey",
                "value": "S-1-5-18\\Software\\Microsoft\\IdentityCRL\\StoredIdentities"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\IdentityCRL\\StoredIdentities"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff978408199",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff978407f05",
            "parentcaller": "0x7ff978407e0f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-03-05 10:23:58,509",
            "thread_id": "5056",
            "caller": "0x7ff978407e4f",
            "parentcaller": "0x7ff978407ad5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90D\\xffe6J\\xffed\\x01\\x00\\x00\\xffe8\\xffba\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffba\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffba\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\xff90D\\xffe6J\\xffed\\x01\\x00\\x00\\xfff0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90D\\xffe6J\\xffed\\x01\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff84\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\xfff0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffba\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00PN\\xffe6J\\xffed\\x01\\x00\\x00h\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00PN\\xffe6J\\xffed\\x01\\x00\\x00\\xff90\\xffd6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00PN\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xffd6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb6\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff67c005d4f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0M\\xffe6J\\xffed\\x01\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0M\\xffe6J\\xffed\\x01\\x00\\x00\\xff90\\xffd6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0M\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff86\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xffd6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-03-05 10:23:58,541",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-03-05 10:23:58,556",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00h\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd8\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff80\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-03-05 10:23:58,619",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9d\\xffe4J\\xffed\\x01\\x00\\x00h\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00P\\xff9d\\xffe4J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9d\\xffe4J\\xffed\\x01\\x00\\x00\\x10\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\x10\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-03-05 10:23:58,634",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0H\\xffe6J\\xffed\\x01\\x00\\x00h\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0H\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0\\x0c\\xffe3J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0H\\xffe6J\\xffed\\x01\\x00\\x00`\\xff83\\xffe4J\\xffed\\x01\\x00\\x00`\\xff83\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff83\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\x0c\\xffe3J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-03-05 10:23:58,666",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xc0\"\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x88#\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8#\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf6$\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08%\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x10%\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(%\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x000%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P%\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00X%\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x%\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae98000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff99\\xffe4J\\xffed\\x01\\x00\\x00h\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff99\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff99\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff86\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb0\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000344"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00PN\\xffe6J\\xffed\\x01\\x00\\x00h\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00PN\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00PN\\xffe6J\\xffed\\x01\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb3\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6e8b90",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 1616
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-03-05 10:23:58,681",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@%\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08&\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(&\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v'\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88'\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90'\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8'\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0'\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0'\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8'\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8'\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff95\\xffe9J\\xffed\\x01\\x00\\x00h\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff95\\xffe9J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff95\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8a\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff94\\xffe9J\\xffed\\x01\\x00\\x00\\xffe8\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00P\\xff94\\xffe9J\\xffed\\x01\\x00\\x00\\xfff0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff94\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\xfff0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe9J\\xffed\\x01\\x00\\x00h\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff92\\xffe9J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff92\\xffe9J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff86\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbc\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-03-05 10:23:58,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc6\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xffe8\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffc6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffc6\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc6\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xff8b\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe9J\\xffed\\x01\\x00\\x00h\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00P\\xff96\\xffe9J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff96\\xffe9J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00`\\xffd9\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff89\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb2\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff67c002af5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff93\\xffe9J\\xffed\\x01\\x00\\x00h\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00P\\xff93\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffd7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff93\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffd7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00h\\xffb8\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb8\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xffd6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xffd6\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff86\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb8\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-03-05 10:23:58,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Networking.Connectivity.NetworkInformationPrivate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff83\\xffeae3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00i\\x00n\\x00g\\x00.\\x00C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00v\\x00i\\x00t\\x00y\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00I\\x00n\\x00f\\x00o\\x00r\\x00m\\x00a\\x00t\\x00i\\x00o\\x00n\\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00x\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0\\xffd1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "332"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Networking.Connectivity.NetworkInformationPrivate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff83\\xffeae3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00i\\x00n\\x00g\\x00.\\x00C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00v\\x00i\\x00t\\x00y\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00I\\x00n\\x00f\\x00o\\x00r\\x00m\\x00a\\x00t\\x00i\\x00o\\x00n\\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00x\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffc0\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93\\xffe9J\\xffed\\x01\\x00\\x00\\xffe8\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffc0\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffc0\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff93\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93\\xffe9J\\xffed\\x01\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffc0\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff82\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffc0\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffd5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff83\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "332"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-03-05 10:23:59,041",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9678d0000"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9678d0000"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9678d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9678d0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9678d3d00"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9678d0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9678d3fa0"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9678d0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9678d3370"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xf7\\xe6J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xf8\\xe6J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf9\\xe6J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfa\\xe6J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\xfa\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xfa\\xe6J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-03-05 10:23:59,056",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-03-05 10:23:59,087",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-03-05 10:23:59,087",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca89000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{6D4B31C4-8ADB-4F45-88C9-58E7B38CBDCF}"
              },
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6D4B31C4-8ADB-4F45-88C9-58E7B38CBDCF}"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000366"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d4b31c4-8adb-4f45-88c9-58e7b38cbdcf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d4b31c4-8adb-4f45-88c9-58e7b38cbdcf}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00f\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xb5\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000366"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.Connectivity.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000366"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-03-05 10:23:59,103",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00f\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000366"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00f\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000366"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.Connectivity.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000036a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-03-05 10:23:59,119",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xb2\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.Connectivity.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000036a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x000\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x000\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000036a"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xaf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00j\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x0000036e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000036e"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-03-05 10:23:59,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036a"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x00000372"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000372"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000372"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000370"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xd1\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " '\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xe0\\xab\\xe4J\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x009\\x00\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde6\\x003\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xa0\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8$\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xcf\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xc2\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0$\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xc0\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xd6\\xe5J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00l\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0)\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xa2\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98%\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xc3\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00(\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x18\\xbf\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90%\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xbd\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-03-05 10:23:59,150",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1918
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000374"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\Setup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\Setup"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff9678da38b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "SystemSetupInProgress"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff9678da38b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff9678da3fa",
            "parentcaller": "0x7ff9678d4551",
            "category": "system",
            "api": "CreateTimerQueueTimer",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "phNewTimer",
                "value": "0x1ed4ae62230"
              },
              {
                "name": "TimerQueue",
                "value": "0x00000000"
              },
              {
                "name": "Callback",
                "value": "0x67912570"
              },
              {
                "name": "Parameter",
                "value": "0x0bf7d6c0"
              },
              {
                "name": "DueTime",
                "value": "10000"
              },
              {
                "name": "Period",
                "value": "1000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-03-05 10:23:59,244",
            "thread_id": "6592",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-03-05 10:23:59,259",
            "thread_id": "6592",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-03-05 10:23:59,275",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\npmproxy"
              },
              {
                "name": "DllBase",
                "value": "0x7ff974eb0000"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\npmproxy.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff974eb0000"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff9678da42b",
            "parentcaller": "0x7ff9678d4551",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "A47979D2-C419-11D9-A5B4-001185AD2B89"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "D0074FFD-570F-4A9B-8D69-199FDBA5723B"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000036c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}"
              },
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000366"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xad\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00f\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xae\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000366"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-03-05 10:23:59,337",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000366"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\System32\\npmproxy.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 1951
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xac\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00f\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xad\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000366"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xac\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00f\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xad\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000366"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000366"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}"
              },
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}"
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000366"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}"
              },
              {
                "name": "Handle",
                "value": "0x0000037a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000037a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000037e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037e"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037a"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae9f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}"
              },
              {
                "name": "Handle",
                "value": "0x00000366"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000366"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000366"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-03-05 10:23:59,353",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}"
              },
              {
                "name": "Handle",
                "value": "0x0000037a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000037a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000037e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037e"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037a"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffb7\\xff88\\x0b\\xffc6\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffc0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01t\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00h\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\xff90\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffdc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\xff80\\xffdc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffc1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00@\\xffbe\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000378"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\WinTypes"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979c20000"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979c20000"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff979c20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979c20000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979c29590"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979c20000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979c290f0"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979c20000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979c347b0"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{41FD88F7-F295-4D39-91AC-A85F3149A05B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{41FD88F7-F295-4D39-91AC-A85F3149A05B}"
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-03-05 10:23:59,369",
            "thread_id": "6592",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-03-05 10:23:59,384",
            "thread_id": "6592",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4c8da3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-03-05 10:23:59,384",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-03-05 10:23:59,384",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xb5\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.Connectivity.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033e"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8x\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x9f\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xd0\\xe1\\xe4J\\xed\\x01\\x00\\x00p\\xb2\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\xdd~\\x1e\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xae\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\xcf\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x88\\xc2\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x9d\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xc0\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "Xu\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\x80\\xce\\xe4J\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\xa0\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xae\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x9e\\xe1J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xc3\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xbe\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x9e\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xbc\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-03-05 10:23:59,400",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18y\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00W\\x00i\\x00n\\x00T\\x00y\\x00p\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0*\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xd0\\xe1\\xe4J\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xae\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X/\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb0\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xce\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\xce\\xf7\\x0b\\xc6\\x00\\x00\\x008\\xce\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\xce\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P/\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xcc\\xf7\\x0b\\xc6\\x00\\x00\\x00<\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8x\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " -\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xac\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8.\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xb7\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xca\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xca\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x98\\xca\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xca\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0.\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xc8\\xf7\\x0b\\xc6\\x00\\x00\\x00<\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-03-05 10:23:59,416",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "Windows.Networking.HostName.dll"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000033c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000344"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf53000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf44000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf44000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf44000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf44000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf44000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf44000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96bf20000"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\Windows.Networking.HostName"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf20000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff96bf22bc0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967981000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-03-05 10:23:59,431",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967981000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "IPHLPAPI.DLL"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\IPHLPAPI.DLL"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\IPHLPAPI.DLL"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000344"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\IPHLPAPI.DLL"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000348"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0003b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7e8000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7da000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7da000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7da000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7da000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7da000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7da000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\IPHLPAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c7b0000"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2144
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97d73eb83",
            "parentcaller": "0x7ff97c7b8adc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97d73eb83",
            "parentcaller": "0x7ff97c7b8adc",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\IPHLPAPI"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97c7ba620"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf53000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf53000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "NSI.dll"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000384"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00008000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d3000"
              },
              {
                "name": "ModuleName",
                "value": "NSI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d3000"
              },
              {
                "name": "ModuleName",
                "value": "NSI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d3000"
              },
              {
                "name": "ModuleName",
                "value": "NSI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-03-05 10:23:59,462",
            "thread_id": "6592",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d3000"
              },
              {
                "name": "ModuleName",
                "value": "NSI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d3000"
              },
              {
                "name": "ModuleName",
                "value": "NSI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4485",
            "parentcaller": "0x7ff97fd1b22d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d3000"
              },
              {
                "name": "ModuleName",
                "value": "NSI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-03-05 10:23:59,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\NSI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f3d0000"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\nsi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f3d0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97f3d22f0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7e8000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c7e8000"
              },
              {
                "name": "ModuleName",
                "value": "IPHLPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\Nsi"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d11a8",
            "parentcaller": "0x7ff97c7b1a48",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000105",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012001b"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d11dd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d148b",
            "parentcaller": "0x7ff97c7b1a48",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012001b"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0*\\xe6J\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xf4\\xe6J\\xed\\x01\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0*\\xe6J\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xf4\\xe6J\\xed\\x01\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d14bf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d1793",
            "parentcaller": "0x7ff97c7b3015",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x00120007"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc6\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc6\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d17c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d19ae",
            "parentcaller": "0x7ff97c7b309a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012000f"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc6\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xcf\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xc7\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xca\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc6\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xcf\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xc7\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xca\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d19e2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Networking.Connectivity.NetworkInformationPrivate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff83\\xffeae3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00i\\x00n\\x00g\\x00.\\x00C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00v\\x00i\\x00t\\x00y\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00I\\x00n\\x00f\\x00o\\x00r\\x00m\\x00a\\x00t\\x00i\\x00o\\x00n\\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00x\\x7f\\xfff9\\x7f\\x00\\x00h\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffc9\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa1\\x0e\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9f\\xffe9J\\xffed\\x01\\x00\\x00h\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xff9f\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0r\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9f\\xffe9J\\xffed\\x01\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0r\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffca\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000388"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "332"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967981000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967981000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d1793",
            "parentcaller": "0x7ff97c7b316f",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x00120007"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xcc\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xcc\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d17c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d1793",
            "parentcaller": "0x7ff97c7b3015",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x00120007"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d17c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97f3d19ae",
            "parentcaller": "0x7ff97c7b309a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012000f"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xc7\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x04\\x00\\x00\\x00\\x00\\x00\\x00P\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xc7\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x04\\x00\\x00\\x00\\x00\\x00\\x00P\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-03-05 10:23:59,494",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d19e2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\netprofm"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978d20000"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\netprofm.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff978d20000"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff978d25534",
            "parentcaller": "0x7ff978d27c99",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff9678d1899",
            "parentcaller": "0x7ff9678d1781",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DCB00C01-570F-4A9B-8D69-199FDBA5723B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "DCB00000-570F-4A9B-8D69-199FDBA5723B"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2200
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\Setup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\Setup"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff978d26309",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              },
              {
                "name": "ValueName",
                "value": "SystemSetupInProgress"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff978d26309",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-03-05 10:23:59,509",
            "thread_id": "6592",
            "caller": "0x7ff978d26378",
            "parentcaller": "0x7ff978d24a6a",
            "category": "system",
            "api": "CreateTimerQueueTimer",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "phNewTimer",
                "value": "0x1ed4ae626b0"
              },
              {
                "name": "TimerQueue",
                "value": "0x00000000"
              },
              {
                "name": "Callback",
                "value": "0x78d45060"
              },
              {
                "name": "Parameter",
                "value": "0x0bf7cb18"
              },
              {
                "name": "DueTime",
                "value": "10000"
              },
              {
                "name": "Period",
                "value": "1000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-03-05 10:23:59,525",
            "thread_id": "6592",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-03-05 10:23:59,525",
            "thread_id": "6592",
            "caller": "0x7ff978d263a1",
            "parentcaller": "0x7ff978d24a6a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "A47979D2-C419-11D9-A5B4-001185AD2B89"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "D0074FFD-570F-4A9B-8D69-199FDBA5723B"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-03-05 10:23:59,541",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}"
              },
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-03-05 10:23:59,572",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000396"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-03-05 10:23:59,603",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-03-05 10:23:59,603",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-03-05 10:23:59,603",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-03-05 10:23:59,603",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-03-05 10:23:59,603",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-03-05 10:23:59,603",
            "thread_id": "6592",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff978d231e1",
            "parentcaller": "0x7ff9678d1ad7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "A47979D2-C419-11D9-A5B4-001185AD2B89"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "D0074FFD-570F-4A9B-8D69-199FDBA5723B"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00J\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xa3\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000034a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\System32\\npmproxy.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 2236
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xa1\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00J\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xa2\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000034a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xa1\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00J\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xa2\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000034a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-03-05 10:23:59,619",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xaf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSOAInterface"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\oleaut32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xae\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xaf\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xae\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xaf\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xad\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xae\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSOAInterface"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\oleaut32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xab\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xac\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xab\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xac\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xac\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xad\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSOAInterface"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\oleaut32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-03-05 10:23:59,634",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xaa\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xab\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xaa\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xab\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xaa\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xab\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034a"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000033a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033a"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033a"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\oleaut32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fb40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\oleaut32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fb4a580"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fb477d0"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-03-05 10:23:59,666",
            "thread_id": "6592",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sxs.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000338"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000394"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d170000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000a2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d20d000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d1ea000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d1ea000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2377
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d1ea000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d1ea000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d1ea000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d1ea000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-03-05 10:23:59,681",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\sxs"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d170000"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\sxs"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d170000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d1a41d0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc08000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc08000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc08000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc08000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97fb47cce",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fb47f2c",
            "parentcaller": "0x7ff97fb49595",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fb47dd3",
            "parentcaller": "0x7ff97fb49595",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97fb47de5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fb47e3e",
            "parentcaller": "0x7ff97fb49595",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000344"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000394"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fb47e55",
            "parentcaller": "0x7ff97fb49595",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97fb495cb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00020424-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fb495de",
            "parentcaller": "0x7ff97fb49ff9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18y\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`/\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xac\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8.\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xc0\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xbd\\xf7\\x0b\\xc6\\x00\\x00\\x00x\\xbd\\xf7\\x0b\\xc6\\x00\\x00\\x00H\\xbd\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\xbd\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000.\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xbb\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98q\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0.\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xae\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8.\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x8e\\xc4\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xb9\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xd8\\xb9\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xa8\\xb9\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xb9\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0.\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xb7\\xf7\\x0b\\xc6\\x00\\x00\\x00D\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              }
            ],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xb5\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.HostName.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-03-05 10:23:59,712",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xb2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x000\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.HostName.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xc0\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xc0\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xb2\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.HostName.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2496
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000396"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\xb1\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xaf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb0\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              },
              {
                "name": "Handle",
                "value": "0x0000034a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034a"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034a"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-03-05 10:23:59,728",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bf20000"
              }
            ],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bf20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bf20000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bf22350"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bf20000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bf2e1d0"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Networking.HostName.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96bf20000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96bf22550"
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18t\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00o\\x00l\\x00e\\x00a\\x00u\\x00t\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00l\\x00\\x00\\x00L\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00s\\x00.\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00k\\x00i\\x00n\\x00g\\x00.\\x00H\\x00o\\x00s\\x00t\\x00N\\x00a\\x00m\\x00e\\x00.\\x00P\\x00r\\x00o\\x00x\\x00y\\x00S\\x00t\\x00u\\x00b\\x00F\\x00a\\x00c\\x00t\\x00o\\x00"
              }
            ],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xae\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98U\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\xcf\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x88\\xc2\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90U\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xc0\\xf7\\x0b\\xc6\\x00\\x00\\x00H\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98q\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@[\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xae\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xT\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xc3\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xbe\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pT\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xbc\\xf7\\x0b\\xc6\\x00\\x00\\x00H\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-03-05 10:23:59,744",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97f3d11a8",
            "parentcaller": "0x7ff97c7b1a48",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000105",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012001b"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d11dd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97f3d148b",
            "parentcaller": "0x7ff97c7b1a48",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012001b"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x000R\\xe9J\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x02\\xe7J\\xed\\x01\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x000R\\xe9J\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x02\\xe7J\\xed\\x01\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d14bf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97f3d1793",
            "parentcaller": "0x7ff97c7b3015",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x00120007"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d17c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97f3d19ae",
            "parentcaller": "0x7ff97c7b309a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012000f"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc8\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc3\\xf7\\x0b\\xc6\\x00\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc8\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc3\\xf7\\x0b\\xc6\\x00\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d19e2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff9678e6e3b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "BitBlt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3980"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleBitmap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc4aa0"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3b70"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDIBSection"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc2820"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFontIndirectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc1630"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateSolidBrush"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc4b70"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc2c70"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc2130"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiAlphaBlend"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc6bd0"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiGradientFill"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc6d10"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc4880"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDIBits"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc4560"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3290"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GetObjectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3f80"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStockObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3910"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "SelectObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3660"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "SetBkMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3ad0"
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dfc0000"
              },
              {
                "name": "FunctionName",
                "value": "SetTextColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dfc3c40"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff9678e6e3b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetLocaleInfoEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7cb40"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetTickCount64"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb75d30"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserPreferredUILanguages"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb80590"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "LCIDToLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb80640"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "LocaleNameToLCID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7e080"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "MulDiv"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb85000"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "MultiByteToWideChar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb75810"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SleepEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb84aa0"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff9678e6e3b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "WinSqmAddToStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2ff10"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff9678e6e3b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "DrawTextExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7fe710"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplaySettingsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7e88a0"
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "FillRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f803270"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f806130"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDCEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f813ee0"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDesktopWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7eaeb0"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f8007a0"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f814160"
              }
            ],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSysColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f805e40"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f800e50"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetThreadDesktop"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f814200"
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f814250"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "InvalidateRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f814450"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "LogicalToPhysicalPointForPerMonitorDPI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f814580"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "MonitorFromWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f8010e0"
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "OffsetRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7eae80"
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "RedrawWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f814820"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f803b40"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e6ef5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f8032e0"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff9678e9657",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9678e96e8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4d6b0"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff9678e9729",
            "parentcaller": "0x7ff9678d73c3",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "134"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "dusmapi.dll"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dusmapi.dll"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dusmapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dusmapi.dll"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969710000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969719000"
              },
              {
                "name": "ModuleName",
                "value": "dusmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969719000"
              },
              {
                "name": "ModuleName",
                "value": "dusmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969719000"
              },
              {
                "name": "ModuleName",
                "value": "dusmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969719000"
              },
              {
                "name": "ModuleName",
                "value": "dusmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969718000"
              },
              {
                "name": "ModuleName",
                "value": "dusmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969718000"
              },
              {
                "name": "ModuleName",
                "value": "dusmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-03-05 10:23:59,900",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\dusmapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff969710000"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-03-05 10:23:59,916",
            "thread_id": "6592",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\dusmapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969710000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff969716910"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-03-05 10:23:59,916",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967981000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-03-05 10:23:59,916",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967981000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Networking.Connectivity.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2642
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              }
            ],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xb5\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2650
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-03-05 10:24:00,025",
            "thread_id": "6592",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Networking.Connectivity.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000346"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xb4\\xf7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000346"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000346"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000346"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-03-05 10:24:00,041",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "Xu\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\\\x00L\\x00R\\x00P\\x00C\\x00-\\x00b\\x002\\x000\\x004\\x006\\x00c\\x007\\x00a\\x00d\\x00f\\x008\\x006\\x007\\x001\\x004\\x004\\x002\\x00b\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@U\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xad\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xT\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xce\\xcf\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00h\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x88\\xc2\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pT\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xc0\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8u\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`V\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x005\\xd4MX\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x000\\x00\\x04\\x00\\\\x00R\\x00E\\x00G\\x00I\\x00S\\x00T\\x00R\\x00Y\\x00\\\\x00U\\x00S\\x00E\\x00R\\x00\\\\x00S\\x00-\\x001\\x00-\\x005\\x00-\\x002\\x001\\x00-\\x003\\x007\\x00"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xad\\xe6J\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18Q\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00n\\xc3\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xbf\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xbe\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Q\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xbc\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-03-05 10:24:00,306",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Networking.Connectivity.NetworkInformationPrivate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff83\\xffeae3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00i\\x00n\\x00g\\x00.\\x00C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00v\\x00i\\x00t\\x00y\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00I\\x00n\\x00f\\x00o\\x00r\\x00m\\x00a\\x00t\\x00i\\x00o\\x00n\\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00x\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9d\\xffe9J\\xffed\\x01\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "332"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2714
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Networking.Connectivity.NetworkInformationPrivate"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff83\\xffeae3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00i\\x00n\\x00g\\x00.\\x00C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00v\\x00i\\x00t\\x00y\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00I\\x00n\\x00f\\x00o\\x00r\\x00m\\x00a\\x00t\\x00i\\x00o\\x00n\\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00x\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff98\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xff98\\xffe9J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff98\\xffe9J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server"
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "332"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-03-05 10:24:00,416",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-03-05 10:24:00,431",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffc0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00PV\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01t\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00x\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00PV\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00PV\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xff9d\\xffe9J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff9d\\xffe9J\\xffed\\x01\\x00\\x000\\xff8f\\xffe4J\\xffed\\x01\\x00\\x000\\xff8f\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PV\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff8f\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00PV\\xffe9J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffc1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-03-05 10:24:00,462",
            "thread_id": "6592",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4c8da3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97f3d11a8",
            "parentcaller": "0x7ff97c7b1a48",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000105",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012001b"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d11dd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97f3d148b",
            "parentcaller": "0x7ff97c7b1a48",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012001b"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00PP\\xe9J\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x02\\xe7J\\xed\\x01\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00PP\\xe9J\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x02\\xe7J\\xed\\x01\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d14bf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97f3d1793",
            "parentcaller": "0x7ff97c7b3015",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x00120007"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d17c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97f3d19ae",
            "parentcaller": "0x7ff97c7b309a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Nsi"
              },
              {
                "name": "IoControlCode",
                "value": "0x0012000f"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc8\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc3\\xf7\\x0b\\xc6\\x00\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb1}|\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc8\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc3\\xf7\\x0b\\xc6\\x00\\x00\\x008\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f3d19e2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-03-05 10:24:00,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0K\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0K\\xffe6J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0K\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0K\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0K\\xffe6J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0K\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-03-05 10:24:01,541",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000039c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00P\\xff9e\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffe9J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000039c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000039c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00P\\xff9e\\xffe9J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffe9J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000039c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff99\\xffe9J\\xffed\\x01\\x00\\x00x\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0\\xff99\\xffe9J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff99\\xffe9J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc7\\xffe5J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-03-05 10:24:01,556",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00P\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9a\\xffe9J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000344"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000344"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x1f\\x00\\x004\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd0\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff1\\x07\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9a\\xffe9J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd1\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000344"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2892
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-03-05 10:24:01,572",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\cfgmgr32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc30000"
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\msvcp110_win"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c4d0000"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\cryptsp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97ccc0000"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 2902
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd0\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffd0\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd0\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd0\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x10\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\xffa0z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd0\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-03-05 10:24:01,587",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd2\\xffe4J\\x16\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff87\\xffeaJ\\xffed\\x01\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff87\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff0z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff87\\xffeaJ\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xfff0z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2932
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd8\\xffdf\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x1c\\xff88\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff85\\xffeaJ\\xffed\\x01\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff85\\xffeaJ\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff85\\xffeaJ\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd9\\xffdf\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2944
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2945
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2950
          },
          {
            "timestamp": "2026-03-05 10:24:01,603",
            "thread_id": "3424",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-03-05 10:24:01,728",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 9,
            "id": 2952
          },
          {
            "timestamp": "2026-03-05 10:24:01,728",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\dsreg"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a470000"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-03-05 10:24:01,744",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\cdp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff969f90000"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-03-05 10:24:01,744",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97cd60000"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-03-05 10:24:01,744",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97b4e0000"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-03-05 10:24:01,744",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities"
              },
              {
                "name": "DllBase",
                "value": "0x7ff967670000"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967670000"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff967670000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff967670000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff967695450"
              }
            ],
            "repeated": 0,
            "id": 2960
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 2964
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff967670000"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff967670000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3424",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2968
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff967670000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9676955f0"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff967670000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff967695450"
              }
            ],
            "repeated": 0,
            "id": 2970
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3424",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3424",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-03-05 10:24:01,962",
            "thread_id": "5056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-03-05 10:24:01,994",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}"
              },
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}"
              }
            ],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ea"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2985
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ea"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ee"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 3004
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H{\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0T\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xed\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xed\\x01\\x00\\x00\\x80I\\xe0J\\xed\\x01\\x00\\x00\\x80I\\xe0J\\xed\\x01\\x00\\x00\\x80I\\xe0J\\xed\\x01\\x00\\x00\\x80I\\xe0J\\xed\\x01\\x00\\x00\\x80I\\xe0J\\xed\\x01\\x00\\x00`C\\xe0J\\xed\\x01\\x00\\x00\\x00=\\xe0J"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H1\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18Z\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xb27\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x98\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xcf\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Z\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xec\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98{\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0V\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x009\\x005\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x003\\x001\\x009\\x002\\x006\\x009\\x000\\x006\\x003\\x002\\x00-\\x001\\x000\\x000\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x082\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xT\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xb67\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xcc\\xdf\\x0b\\xc6\\x00\\x00\\x00(\\xcc\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xcb\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xcc\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pT\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xec\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aead000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-03-05 10:24:02,009",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af0c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c94f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967677f80",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967677f80",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c906b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c9118",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c906b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c91a6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\x085\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c90ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c9118",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967678071",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c91a6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc85\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c90ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967678071",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}"
              },
              {
                "name": "Handle",
                "value": "0x000003ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c94f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c954b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}"
              },
              {
                "name": "Handle",
                "value": "0x000003f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}"
              },
              {
                "name": "Handle",
                "value": "0x000003f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-03-05 10:24:02,072",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003f6"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-03-05 10:24:02,087",
            "thread_id": "3764",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-03-05 10:24:02,087",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-03-05 10:24:02,087",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-03-05 10:24:02,087",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-03-05 10:24:02,087",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f2"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-03-05 10:24:02,087",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f6"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00D\\x00i\\x00a\\x00g\\x00n\\x00o\\x00s\\x00t\\x00i\\x00c\\x00s\\x00.\\x00A\\x00s\\x00y\\x00n\\x00c\\x00C\\x00a\\x00u\\x00s\\x00a\\x00l\\x00i\\x00t\\x00y\\x00T\\x00r\\x00a\\x00c\\x00e\\x00r\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffe0\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0\\xffcc\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe1\\x17\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0\\xffcc\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0\\xffcc\\xffeaJ\\xffed\\x01\\x00\\x00P\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80R\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffcc\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0\\xffcc\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80R\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffe1\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3072
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003f4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3078
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 3082
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f535bd0"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f55f150"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff96769283f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff96769287f",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff96769289f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676928ce",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676928de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676928ed",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-03-05 10:24:02,150",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c310"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000003f8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c310"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003f8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25f99",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeaf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c310"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff96767b4e1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff96767b4fe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff96767821f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 3107
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff96767ba92",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff96767717a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 3109
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff967678e99",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 3110
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9676770eb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff967686713",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff967686741",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff967676315",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3114
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff967676315",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff967676315",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff967676315",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967675f7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 3118
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}"
              },
              {
                "name": "Handle",
                "value": "0x000003f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003f2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f2"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "HQ\\xe6J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x1aR\\xe6J\\xed\\x01\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`Y\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H:\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8S\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xc9\\x07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xc5\\xef\\x0b\\xc6\\x00\\x00\\x00(\\xc5\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xc4\\xef\\x0b\\xc6\\x00\\x00\\x00\\x18\\xc5\\xef\\x0b"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0S\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00\\x04\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8R\\xe6J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00u\\x00s\\x00o\\x00s\\x00v\\x00c\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00n\\x001\\x00h\\x002\\x00t\\x00"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0U\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00+\\x14\\xa0\\xfa\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf88\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98[\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 3144
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xfe\\xcc\\x07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xc1\\xef\\x0b\\xc6\\x00\\x00\\x00\\x88\\xc1\\xef\\x0b\\xc6\\x00\\x00\\x00X\\xc1\\xef\\x0b\\xc6\\x00\\x00\\x00x\\xc1\\xef\\x0b"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90[\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x04\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 3146
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 3148
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-03-05 10:24:02,166",
            "thread_id": "5264",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\usoapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9507b0000"
              }
            ],
            "repeated": 0,
            "id": 3150
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\usoapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9507b0000"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff967689fe5",
            "parentcaller": "0x7ff96768188b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B91D5831-B1BD-4608-8198-D72E155020F7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "07F3AFAC-7C8A-4CE7-A5E0-3D24EE8A77E0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeb3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97ea356e3",
            "parentcaller": "0x7ff97ea729cb",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3158
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000406"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000422"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000422"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000422"
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-03-05 10:24:02,181",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}"
              },
              {
                "name": "Handle",
                "value": "0x000003f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003f2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f2"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-03-05 10:24:02,197",
            "thread_id": "5264",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000406"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000422"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000422"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000422"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 3179
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Data.Json.JsonObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000404"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffe8\\xfffeY3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x008\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00.\\x00J\\x00s\\x00o\\x00n\\x00.\\x00J\\x00s\\x00o\\x00n\\x00O\\x00b\\x00j\\x00e\\x00c\\x00t\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xfff7\\xff88\\x0b\\xffc6\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffed\\x07\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0Z\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa1\"P\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00\\xffe8\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\xffc0\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0Z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0Z\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00\\xffc0\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0Z\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffee\\x07\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00\\xffc0\\xffbb\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3186
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeb4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-03-05 10:24:02,212",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000404"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3190
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3191
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3194
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-03-05 10:24:02,228",
            "thread_id": "5264",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000404"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-03-05 10:24:02,244",
            "thread_id": "5264",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\iertutil"
              },
              {
                "name": "DllBase",
                "value": "0x7ff970920000"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-03-05 10:24:02,416",
            "thread_id": "5264",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.Web"
              },
              {
                "name": "DllBase",
                "value": "0x7ff964e00000"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964e00000"
              }
            ],
            "repeated": 0,
            "id": 3200
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff964e00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964e00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964e5eab0"
              }
            ],
            "repeated": 0,
            "id": 3202
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964e00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964e0d670"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964e00000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964e0dbe0"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}"
              },
              {
                "name": "Handle",
                "value": "0x00000426"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000426"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000426"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "Handle",
                "value": "0x00000426"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xce\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00&\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xcf\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000426"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000426"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000426"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000426"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Orchestrator Core Service Proxy Stub"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000426"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\usoapi.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00&\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xcd\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000426"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00&\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xcd\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000426"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000426"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-03-05 10:24:02,509",
            "thread_id": "5264",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000426"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-03-05 10:24:02,525",
            "thread_id": "5264",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-03-05 10:24:02,525",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-03-05 10:24:02,525",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-03-05 10:24:02,525",
            "thread_id": "5264",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-03-05 10:24:02,525",
            "thread_id": "5264",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-03-05 10:24:02,541",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca5a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-03-05 10:24:02,541",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-03-05 10:24:04,962",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-03-05 10:24:04,962",
            "thread_id": "5264",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-03-05 10:24:04,962",
            "thread_id": "5264",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-03-05 10:24:04,962",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3254
          },
          {
            "timestamp": "2026-03-05 10:24:04,962",
            "thread_id": "5264",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-03-05 10:24:04,962",
            "thread_id": "5264",
            "caller": "0x7ff967689fe5",
            "parentcaller": "0x7ff96768188b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B91D5831-B1BD-4608-8198-D72E155020F7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "07F3AFAC-7C8A-4CE7-A5E0-3D24EE8A77E0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Data.Json.JsonObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffe8\\xfffeY3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x008\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00.\\x00J\\x00s\\x00o\\x00n\\x00.\\x00J\\x00s\\x00o\\x00n\\x00O\\x00b\\x00j\\x00e\\x00c\\x00t\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffed\\x07\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa1\"P\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90f\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\xff90f\\xffe6J\\xffed\\x01\\x00\\x000R\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90f\\xffe6J\\xffed\\x01\\x00\\x00\\xffa0A\\xffebJ\\xffed\\x01\\x00\\x00\\xffa0A\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0A\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0&\\xffe6J\\xffed\\x01\\x00\\x000R\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffee\\x07\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`C\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3258
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff967689fe5",
            "parentcaller": "0x7ff96768188b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B91D5831-B1BD-4608-8198-D72E155020F7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "07F3AFAC-7C8A-4CE7-A5E0-3D24EE8A77E0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff967689fe5",
            "parentcaller": "0x7ff96768188b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B91D5831-B1BD-4608-8198-D72E155020F7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "07F3AFAC-7C8A-4CE7-A5E0-3D24EE8A77E0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-03-05 10:24:04,978",
            "thread_id": "5264",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90a\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xff90a\\xffe6J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90a\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x18\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0d\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0d\\xffe6J\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0d\\xffe6J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffcd\\xffe5J\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3307
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3315
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3320
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff81\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff81\\xffeaJ\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff81\\xffeaJ\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3326
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-03-05 10:24:04,994",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffc5\\xffe5J\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3355
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3358
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3361
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00P\\xff84\\xffeaJ\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffeaJ\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-03-05 10:24:05,009",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x18\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00x\\xffda\\xffe9J\\xffed\\x01\\x00\\x00P\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00`Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffcc\\xffe5J\\xffed\\x01\\x00\\x00`Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffda\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3398
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3405
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3408
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-03-05 10:24:08,869",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3432
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10c\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x10c\\xffe6J\\xffed\\x01\\x00\\x00pS\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10c\\xffe6J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00pS\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3438
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3444
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-03-05 10:24:08,884",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0d\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0d\\xffe6J\\xffed\\x01\\x00\\x00\\x00U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0d\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000428"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3466
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-03-05 10:24:08,900",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00`Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00`Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3480
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x18\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10f\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-03-05 10:24:08,916",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c94f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3506
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c954b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967677f80",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c906b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c9118",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c91a6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "x7\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c90ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967678071",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10i\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x10i\\xffe6J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10i\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffcc\\xffe5J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3525
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3531
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pl\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00Pl\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pl\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffcb\\xffe5J\\xffed\\x01\\x00\\x00\\xffe0Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-03-05 10:24:08,931",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000424"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000430"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff98\\xffe9J\\xffed\\x01\\x00\\x00\\xfff8\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xff98\\xffe9J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff98\\xffe9J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3554
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000430"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-03-05 10:24:08,947",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000430"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00h\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000430"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3578
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000430"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00h\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80r\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0\\xffc4\\xffe5J\\xffed\\x01\\x00\\x00\\xff80r\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3592
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000430"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3604
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-03-05 10:24:08,962",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00@\\x00\\x00\\x00.\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x006\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x10\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8a\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffb5\\xffe5J\\xffed\\x01\\x00\\x00\\xfff0u\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3610
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3613
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000434"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977f8b000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977f8b000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.Security.WebAuthentication.AuthenticationManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd7%a3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\xff82\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00W\\x00e\\x00b\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd6\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0)\\xffe8J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1d\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0)\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0)\\xffe8J\\xffed\\x01\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0V\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0)\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0)\\xffe8J\\xffed\\x01\\x00\\x00\\xffe0V\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd7\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000434"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\xff8a\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00S\\x00e\\x00r\\x00v\\x00i\\x00c\\x00e\\x00T\\x00i\\x00c\\x00k\\x00e\\x00t\\x00R\\x00e\\x00q\\x00u\\x00e\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00p&\\xffe8J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x19\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00p&\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00p&\\xffe8J\\xffed\\x01\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p&\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00p&\\xffe8J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-03-05 10:24:08,978",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server"
              }
            ],
            "repeated": 0,
            "id": 3648
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000434"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}"
              },
              {
                "name": "Handle",
                "value": "0x00000432"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000432"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000432"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x00000432"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\x99\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x002\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\x9a\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000432"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000432"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000432"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000432"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000432"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000436"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x97\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x002\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\x98\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000432"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x97\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x002\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\x98\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000432"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3692
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000432"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-03-05 10:24:08,994",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000432"
              }
            ],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3697
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8Q\\xe6J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00l\\x7f\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0W\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\x00\\xba\\xeaJ\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00o\\x00\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xdey\\x00V\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3700
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18=\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3703
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xQ\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00~\\xeb\\x07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xa7\\xef\\x0b\\xc6\\x00\\x00\\x00\\x08\\xa7\\xef\\x0b\\xc6\\x00\\x00\\x00\\xd8\\xa6\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xa6\\xef\\x0b"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pQ\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xa4\\xef\\x0b\\xc6\\x00\\x00\\x000\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "XP\\xe6J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x00"
              }
            ],
            "repeated": 0,
            "id": 3708
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " Z\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00 2\\xebJ\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\xa0\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8>\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3712
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98[\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xef\\x07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xa3\\xef\\x0b\\xc6\\x00\\x00\\x00h\\xa3\\xef\\x0b\\xc6\\x00\\x00\\x008\\xa3\\xef\\x0b\\xc6\\x00\\x00\\x00X\\xa3\\xef\\x0b"
              }
            ],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90[\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xa1\\xef\\x0b\\xc6\\x00\\x00\\x000\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff966cf8a3c",
            "parentcaller": "0x7ff966cfb70d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\Trace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\Trace"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff966d0750f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3719
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff966d0754f",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff966d0756f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d0759e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d075ae",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 3723
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d075bd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff966d024dc",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d02510",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d0257e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8<\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3728
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-03-05 10:24:09,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff966d0743b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3732
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000434"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00D\\x00i\\x00a\\x00g\\x00n\\x00o\\x00s\\x00t\\x00i\\x00c\\x00s\\x00.\\x00A\\x00s\\x00y\\x00n\\x00c\\x00C\\x00a\\x00u\\x00s\\x00a\\x00l\\x00i\\x00t\\x00y\\x00T\\x00r\\x00a\\x00c\\x00e\\x00r\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd0\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0^\\xffe4J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x04\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0i\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0^\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0^\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0i\\xffe6J\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0i\\xffe6J\\xffed\\x01\\x00\\x00P@\\xffebJ\\xffed\\x01\\x00\\x00P@\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0^\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P@\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0^\\xffe4J\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd1\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0@\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3734
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server"
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3739
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000434"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3750
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 3752
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ServiceEnvironment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ServiceEnvironment"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xe3\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00\\xa0\\xce\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3755
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3758
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ApplicationFlags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff966d058a7",
            "parentcaller": "0x7ff966cfc8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3761
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x08?\\xc4\\\\xf9\\x7f\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3764
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "Data",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff966cfca78",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff966d077a1",
            "parentcaller": "0x7ff966cfcd29",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001b",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3773
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TickCount"
              },
              {
                "name": "Data",
                "value": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount"
              }
            ],
            "repeated": 0,
            "id": 3774
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ClockTimeSeconds"
              },
              {
                "name": "Data",
                "value": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfe507",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff966cfe5e6",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3780
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3783
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af0d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3786
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff966cfcfa2",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3789
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "DPAPI.DLL"
              }
            ],
            "repeated": 0,
            "id": 3791
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 3792
          },
          {
            "timestamp": "2026-03-05 10:24:09,025",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dpapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000428"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 3794
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000438"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d160000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d167000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3796
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d163000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d163000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3798
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d163000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d163000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d163000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3801
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d163000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3804
          },
          {
            "timestamp": "2026-03-05 10:24:09,041",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\DPAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d160000"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-03-05 10:24:09,306",
            "thread_id": "6592",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\dpapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d160000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d161850"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3806
          },
          {
            "timestamp": "2026-03-05 10:24:09,306",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3807
          },
          {
            "timestamp": "2026-03-05 10:24:09,306",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966ddf000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3808
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90k\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\xff90k\\xffe6J\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90k\\xffe6J\\xffed\\x01\\x00\\x00\\xffa0H\\xffebJ\\xffed\\x01\\x00\\x00\\xffa0H\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0H\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00P\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3810
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3811
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3812
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3813
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3814
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000428"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3816
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3819
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3820
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3821
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3824
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pm\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00Pm\\xffe6J\\xffed\\x01\\x00\\x000R\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pm\\xffe6J\\xffed\\x01\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc0\\xffc2\\xffe5J\\xffed\\x01\\x00\\x000R\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd8\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0A\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3828
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3831
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000428"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3832
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3834
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\xff90\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00@K\\xffebJ\\xffed\\x01\\x00\\x00@K\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@K\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00@\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\xfff0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0G\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc22000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc22000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000428"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3852
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3860
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3863
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c94f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c954b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967677f80",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c906b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c9118",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c91a6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8=\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 3870
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c90ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967678071",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.Security.WebAuthentication.AuthenticationManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager"
              }
            ],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd7%a3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\xff82\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00W\\x00e\\x00b\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffda\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0!\\xffe8J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x11\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0!\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0!\\xffe8J\\xffed\\x01\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff0I\\xffebJ\\xffed\\x01\\x00\\x00\\xfff0I\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0!\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0I\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffa0!\\xffe8J\\xffed\\x01\\x00\\x00\\xfff0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdb\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0M\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-03-05 10:24:09,400",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3879
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000428"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3880
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3885
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest"
              }
            ],
            "repeated": 0,
            "id": 3888
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000440"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\xff8a\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00S\\x00e\\x00r\\x00v\\x00i\\x00c\\x00e\\x00T\\x00i\\x00c\\x00k\\x00e\\x00t\\x00R\\x00e\\x00q\\x00u\\x00e\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0#\\xffe8J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0#\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0#\\xffe8J\\xffed\\x01\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00@D\\xffebJ\\xffed\\x01\\x00\\x00@D\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0#\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@D\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0#\\xffe8J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3890
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server"
              }
            ],
            "repeated": 0,
            "id": 3891
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000440"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3901
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff966d024dc",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d02510",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d0257e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "(?\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 3907
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff966d0743b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xe5\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00\\x80\\xc1\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3910
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ApplicationFlags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags"
              }
            ],
            "repeated": 0,
            "id": 3913
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff966d058a7",
            "parentcaller": "0x7ff966cfc8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xe5\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x08?\\xc4\\\\xf9\\x7f\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3916
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3918
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3921
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "Data",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3925
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff966cfca78",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff966d077a1",
            "parentcaller": "0x7ff966cfcd29",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001b",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TickCount"
              },
              {
                "name": "Data",
                "value": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount"
              }
            ],
            "repeated": 0,
            "id": 3928
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ClockTimeSeconds"
              },
              {
                "name": "Data",
                "value": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds"
              }
            ],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfe507",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff966cfe5e6",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3931
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xe5\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3933
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3934
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3937
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3938
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000428"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 3940
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-03-05 10:24:09,416",
            "thread_id": "3424",
            "caller": "0x7ff966cfcfa2",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3943
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000428"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd6\\xffd7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x1d\\xff80\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pn\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00Pn\\xffe6J\\xffed\\x01\\x00\\x00\\xff90Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pn\\xffe6J\\xffed\\x01\\x00\\x00\\xff90E\\xffebJ\\xffed\\x01\\x00\\x00\\xff90E\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90E\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xff90Q\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd7\\xffd7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0D\\xffebJ\\xffed\\x01\\x00\\x00P\\xffd4\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 3946
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 3948
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000428"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 3951
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 3955
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3958
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3961
          },
          {
            "timestamp": "2026-03-05 10:24:09,447",
            "thread_id": "5092",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d167000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d167000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3965
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97ea9645a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea972f4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 3968
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d167000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d167000"
              },
              {
                "name": "ModuleName",
                "value": "DPAPI.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              }
            ],
            "repeated": 0,
            "id": 3971
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3973
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              },
              {
                "name": "ValueName",
                "value": "GlobalDeviceUpdateTime"
              },
              {
                "name": "Data",
                "value": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime"
              }
            ],
            "repeated": 0,
            "id": 3976
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfd399",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3979
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              },
              {
                "name": "ValueName",
                "value": "ClockSkew"
              },
              {
                "name": "Data",
                "value": "18446744073709540795"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe4\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\xee\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xd0\\xd1\\xd9f\\xf9\\x7f\\x00\\x00ho\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3984
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 3987
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3990
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              }
            ],
            "repeated": 0,
            "id": 3992
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3993
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "GlobalDeviceUpdateTime"
              },
              {
                "name": "Data",
                "value": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime"
              }
            ],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 3997
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfd399",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3999
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ClockSkew"
              },
              {
                "name": "Data",
                "value": "18446744073709540795"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew"
              }
            ],
            "repeated": 0,
            "id": 4002
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xe5\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00`\\xef\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xd0\\xd1\\xd9f\\xf9\\x7f\\x00\\x00ho\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000450"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 4007
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000450"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00?/iM0|^\\xd2bZ\\x18%O\\xc3\tSNz\\x9a\\xd7o\\xc4\\xc3\\xc9\\x10\\xfa\\xd9|\\xc3\\x94\\xf11\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00n\\xae\\x98\\xc7\\xd9K\\x8cd\\xf3\\xf4x-\\xb0i\\x1b\\x18\\xea\\x9a\\xe2\\x87d&\\xe8S\\xd5\\xe9&\\x963\\xb5\\xf9\\xcb\\x80\\x00\\x00\\x00L\\x9c\\xa4-\\x07\\x8d@\\xbc\\x9f\\xf1\\xc2-\\x82\\xe4\\xdb\\xe6F\\x88['\\G\\xffV\\xa2m\\xbc\r\\x0fi\\xa3l\\xe5\t+|\\xa6):\\xcd\\x8b\\x91H\\x86\\xcb\\x95XV-\\xae\\x12\\xb507\\xc0\\xa5u:Q\\xcb\\xca\\x01\\xa8\\xd5\r\\x03\\x1f&\\x8f;U,\\xb4\\xa2a\\xda\\x0f\\x98\\xd7\\xf3\\xe5L\\x89tz\\xdc\\xdeQ\\x1e?N\\xd1\\xbd\\\\xb9\\xf0\\xc3\\xef\\x8cO\\xdciM\\xdd\\xc2\\x85\\x1e\\xabh\\xe2\\x8cG4\\x90\\x0f:\\x86Z\\xd5\\xab\\xdc\\x81\\xc3-m\\x7fB{@\\x00\\x00\\x00\\x1eLm3\\x8c\\x81\\xe9\\x81\\xa4\\x08:\\x8d\\xd9\\x8a@\n\\xf1\\x06\\xee\\x9f\\xdd\\xee\\xdb\\xd1\\xbc\\xf1!S\\x05\\x90\\x84J@\\xe0\\x95\\xd4\\xfb\\xa2S\\xa9\\xc2&\\x96+\\x81 !\\xe1D\\x8b\\x95\\xc9\\xe8\\xf7[\\x19\\xc0\\xd0o\\xf9\\xed\\xce\\xe6+"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 4012
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff966cfdc34",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff966cfa5f6",
            "parentcaller": "0x7ff966d018e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\Trace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\Trace"
              }
            ],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 4017
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "6592",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3424",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96768cd49",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4022
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026b8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-03-05 10:24:09,478",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8d\\xffeaJ\\xffed\\x01\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd5\\xffe9J\\xffed\\x01\\x00\\x00`T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 E\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4027
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000444"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4032
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4037
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x18\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0a\\xffe6J\\xffed\\x01\\x00\\x00 E\\xffebJ\\xffed\\x01\\x00\\x00 E\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 E\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`C\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4042
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4047
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000444"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4048
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4050
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4051
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4052
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4053
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4056
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd9\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1e\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00Ph\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00Ph\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00Ph\\xffe6J\\xffed\\x01\\x00\\x00\\xff90L\\xffebJ\\xffed\\x01\\x00\\x00\\xff90L\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90L\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffda\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000A\\xffebJ\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4060
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 4062
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000444"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4067
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4072
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ContentManagement.ContentManagementBroker"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker"
              }
            ],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "KeyInformation",
                "value": "\tuP3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x18\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10o\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x10o\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10o\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`J\\xffebJ\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4077
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-03-05 10:24:09,541",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000444"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4082
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4087
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4091
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4092
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c94f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c954b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967677f80",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c906b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4097
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c9118",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c91a6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "8e\\xebJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c90ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967678071",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.Security.WebAuthentication.AuthenticationManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager"
              }
            ],
            "repeated": 0,
            "id": 4102
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd7%a3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\xff82\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00W\\x00e\\x00b\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd6\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff0 \\xffe8J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00Q\\x1d\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0 \\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xfff0 \\xffe8J\\xffed\\x01\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00\\xffa0z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10b\\xffe6J\\xffed\\x01\\x00\\x00\\xffa0H\\xffebJ\\xffed\\x01\\x00\\x00\\xffa0H\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0 \\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0H\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xfff0 \\xffe8J\\xffed\\x01\\x00\\x00\\xffa0z\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd7\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0J\\xffebJ\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-03-05 10:24:09,556",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4107
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000444"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4112
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000444"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00\\xff8a\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00S\\x00e\\x00r\\x00v\\x00i\\x00c\\x00e\\x00T\\x00i\\x00c\\x00k\\x00e\\x00t\\x00R\\x00e\\x00q\\x00u\\x00e\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd3\\xffef\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00.\\xffe8J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x19\\xffb8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00x\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00.\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00.\\xffe8J\\xffed\\x01\\x00\\x00P\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff88\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\xffe8J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00.\\xffe8J\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd4\\xffef\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0G\\xffebJ\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4118
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server"
              }
            ],
            "repeated": 0,
            "id": 4120
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4121
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000444"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4130
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff966d024dc",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d02510",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d0257e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "xd\\xebJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4136
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff966d0743b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xea\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00\\x80\\xc1\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4138
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "ApplicationFlags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff966d058a7",
            "parentcaller": "0x7ff966cfc8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xeb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x08?\\xc4\\\\xf9\\x7f\\x00\\x00H\\x04\\x00\\x00\\x00\\x00\\x00\\x00H\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4146
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4148
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4151
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4152
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "Data",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff966cfca78",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff966d077a1",
            "parentcaller": "0x7ff966cfcd29",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001b",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 4156
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "TickCount"
              },
              {
                "name": "Data",
                "value": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount"
              }
            ],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "ClockTimeSeconds"
              },
              {
                "name": "Data",
                "value": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfe507",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff966cfe5e6",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xeb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4167
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 4169
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff966cfcfa2",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              }
            ],
            "repeated": 0,
            "id": 4172
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4173
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 4175
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "GlobalDeviceUpdateTime"
              },
              {
                "name": "Data",
                "value": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4177
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfd399",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4178
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4179
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "ClockSkew"
              },
              {
                "name": "Data",
                "value": "18446744073709540795"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew"
              }
            ],
            "repeated": 0,
            "id": 4182
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xeb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb0\\xf4\\xff\\x0b\\xc6\\x00\\x00\\x00\\xd0\\xd1\\xd9f\\xf9\\x7f\\x00\\x00ho\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4185
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 4188
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 4191
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00?/iM0|^\\xd2bZ\\x18%O\\xc3\tSNz\\x9a\\xd7o\\xc4\\xc3\\xc9\\x10\\xfa\\xd9|\\xc3\\x94\\xf11\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00n\\xae\\x98\\xc7\\xd9K\\x8cd\\xf3\\xf4x-\\xb0i\\x1b\\x18\\xea\\x9a\\xe2\\x87d&\\xe8S\\xd5\\xe9&\\x963\\xb5\\xf9\\xcb\\x80\\x00\\x00\\x00L\\x9c\\xa4-\\x07\\x8d@\\xbc\\x9f\\xf1\\xc2-\\x82\\xe4\\xdb\\xe6F\\x88['\\G\\xffV\\xa2m\\xbc\r\\x0fi\\xa3l\\xe5\t+|\\xa6):\\xcd\\x8b\\x91H\\x86\\xcb\\x95XV-\\xae\\x12\\xb507\\xc0\\xa5u:Q\\xcb\\xca\\x01\\xa8\\xd5\r\\x03\\x1f&\\x8f;U,\\xb4\\xa2a\\xda\\x0f\\x98\\xd7\\xf3\\xe5L\\x89tz\\xdc\\xdeQ\\x1e?N\\xd1\\xbd\\\\xb9\\xf0\\xc3\\xef\\x8cO\\xdciM\\xdd\\xc2\\x85\\x1e\\xabh\\xe2\\x8cG4\\x90\\x0f:\\x86Z\\xd5\\xab\\xdc\\x81\\xc3-m\\x7fB{@\\x00\\x00\\x00\\x1eLm3\\x8c\\x81\\xe9\\x81\\xa4\\x08:\\x8d\\xd9\\x8a@\n\\xf1\\x06\\xee\\x9f\\xdd\\xee\\xdb\\xd1\\xbc\\xf1!S\\x05\\x90\\x84J@\\xe0\\x95\\xd4\\xfb\\xa2S\\xa9\\xc2&\\x96+\\x81 !\\xe1D\\x8b\\x95\\xc9\\xe8\\xf7[\\x19\\xc0\\xd0o\\xf9\\xed\\xce\\xe6+"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff966cfdc34",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4194
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "5056",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96768cd49",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 4197
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026b8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-03-05 10:24:09,572",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c9492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4200
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c94f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c954b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967677f80",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4203
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9676c906b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c9118",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9676c91a6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8`\\xebJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 4206
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9676c90ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-03-05 10:24:09,634",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff967678071",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff966d024dc",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d02510",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff966d0257e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8b\\xebJ\\xed\\x01\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\xd8n\\xdf\\x14\\xbcj\\x91q\\x1c]\\xdb=\\x10\\xe1}\\xb4\\xaf\\xfbi\\x9c\\x9bv\\xb3\\xc3\\xb3q\\xd4J"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d025eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff966d0743b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xea\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\xd2J\\xed\\x01\\x00\\x00\\x80\\xc1\\xe5J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000438"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              },
              {
                "name": "ValueName",
                "value": "ApplicationFlags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff966d058a7",
            "parentcaller": "0x7ff966cfc8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xeb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x08?\\xc4\\\\xf9\\x7f\\x00\\x008\\x04\\x00\\x00\\x00\\x00\\x00\\x008\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4223
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000438"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 4226
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4227
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000438"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4229
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              },
              {
                "name": "ValueName",
                "value": "DeviceId"
              },
              {
                "name": "Data",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId"
              }
            ],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4231
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff966cfca78",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff966d077a1",
            "parentcaller": "0x7ff966cfcd29",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001b",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 4233
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TickCount"
              },
              {
                "name": "Data",
                "value": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ClockTimeSeconds"
              },
              {
                "name": "Data",
                "value": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds"
              }
            ],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfe507",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff966cfe5e6",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4237
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xeb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x008\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000438"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4241
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000438"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              },
              {
                "name": "ValueName",
                "value": "DeviceTicket"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket"
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-03-05 10:24:09,681",
            "thread_id": "5056",
            "caller": "0x7ff966cfcfa2",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\x88\n\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x8f\\xa8i\\x00\\x00\\x00\\x00p\\xe1\\xa9i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x0c\\x00\\x02\\x00\\xfe\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x04\\x00\\x00t\\x00=\\x00E\\x00w\\x00C\\x004\\x00A\\x005\\x00p\\x00e\\x00B\\x00A\\x00A\\x00U\\x00c\\x00i\\x006\\x00v\\x006\\x00T\\x00P\\x005\\x006\\x00G\\x00n\\x00a\\x00e\\x00b\\x00z\\x00p\\x007\\x009\\x001\\x00d\\x004\\x00H\\x00z\\x00c\\x00p\\x00I\\x00s\\x00A\\x00A\\x00Z\\x00z\\x00W\\x009\\x00F\\x008\\x00h\\x00J\\x00Z\\x00d\\x009\\x00K\\x00q\\x00t\\x00J\\x00J\\x009\\x00F\\x00s\\x00l\\x00M\\x00z\\x00H\\x00o\\x00I\\x00r\\x00o\\x00H\\x00y\\x00X\\x00e\\x00d\\x00b\\x000\\x00F\\x00q\\x00m\\x00R\\x00z\\x00R\\x00G\\x00k\\x00P\\x008\\x00b\\x00W\\x005\\x00"
              }
            ],
            "repeated": 0,
            "id": 4249
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4250
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "GlobalDeviceUpdateTime"
              },
              {
                "name": "Data",
                "value": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime"
              }
            ],
            "repeated": 0,
            "id": 4253
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97f4437b4",
            "parentcaller": "0x7ff966cfd399",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4256
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              },
              {
                "name": "ValueName",
                "value": "ClockSkew"
              },
              {
                "name": "Data",
                "value": "18446744073709540795"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4260
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xeb\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb0\\xf4\\xff\\x0b\\xc6\\x00\\x00\\x00\\xd0\\xd1\\xd9f\\xf9\\x7f\\x00\\x00ho\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4263
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4266
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "ValueName",
                "value": "0018C0152326D152"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00?/iM0|^\\xd2bZ\\x18%O\\xc3\tSNz\\x9a\\xd7o\\xc4\\xc3\\xc9\\x10\\xfa\\xd9|\\xc3\\x94\\xf11\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00n\\xae\\x98\\xc7\\xd9K\\x8cd\\xf3\\xf4x-\\xb0i\\x1b\\x18\\xea\\x9a\\xe2\\x87d&\\xe8S\\xd5\\xe9&\\x963\\xb5\\xf9\\xcb\\x80\\x00\\x00\\x00L\\x9c\\xa4-\\x07\\x8d@\\xbc\\x9f\\xf1\\xc2-\\x82\\xe4\\xdb\\xe6F\\x88['\\G\\xffV\\xa2m\\xbc\r\\x0fi\\xa3l\\xe5\t+|\\xa6):\\xcd\\x8b\\x91H\\x86\\xcb\\x95XV-\\xae\\x12\\xb507\\xc0\\xa5u:Q\\xcb\\xca\\x01\\xa8\\xd5\r\\x03\\x1f&\\x8f;U,\\xb4\\xa2a\\xda\\x0f\\x98\\xd7\\xf3\\xe5L\\x89tz\\xdc\\xdeQ\\x1e?N\\xd1\\xbd\\\\xb9\\xf0\\xc3\\xef\\x8cO\\xdciM\\xdd\\xc2\\x85\\x1e\\xabh\\xe2\\x8cG4\\x90\\x0f:\\x86Z\\xd5\\xab\\xdc\\x81\\xc3-m\\x7fB{@\\x00\\x00\\x00\\x1eLm3\\x8c\\x81\\xe9\\x81\\xa4\\x08:\\x8d\\xd9\\x8a@\n\\xf1\\x06\\xee\\x9f\\xdd\\xee\\xdb\\xd1\\xbc\\xf1!S\\x05\\x90\\x84J@\\xe0\\x95\\xd4\\xfb\\xa2S\\xa9\\xc2&\\x96+\\x81 !\\xe1D\\x8b\\x95\\xc9\\xe8\\xf7[\\x19\\xc0\\xd0o\\xf9\\xed\\xce\\xe6+"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152"
              }
            ],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff966d064f5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 4270
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff966cfdc34",
            "parentcaller": "0x7ff966cff680",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97ccb23a4",
            "parentcaller": "0x7ff97d161534",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000180"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390022",
                "pretty_value": "IOCTL_KSEC_DECRYPT_SAME_LOGON"
              },
              {
                "name": "InputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x10\\x08\\x00\\xcc\\xcc\\xcc\\xcc`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x08\\x00\\x02\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x00U\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x000\\x000\\x001\\x008\\x00C\\x000\\x001\\x005\\x002\\x003\\x002\\x006\\x00D\\x001\\x005\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96768cd49",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 4273
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026b8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4274
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff966d026d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-03-05 10:24:09,697",
            "thread_id": "5056",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 4276
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00x\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x10y\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4278
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4281
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4282
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4284
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4287
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4292
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80r\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\xff80r\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd8\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4295
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4298
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4301
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4302
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4303
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4304
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4307
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-03-05 10:24:19,681",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 4311
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8d\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00 \\xffc2\\xffe5J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 4314
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4317
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4321
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4322
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4324
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4326
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff80\\xffc1\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd8\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4329
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4334
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4339
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4342
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 4345
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90i\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\xff90i\\xffe6J\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90i\\xffe6J\\xffed\\x01\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80B\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00`\\xffc8\\xffe5J\\xffed\\x01\\x00\\x00\\x10Y\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0F\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4347
          },
          {
            "timestamp": "2026-03-05 10:24:19,697",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4349
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4352
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4355
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4358
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4362
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 4365
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pl\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00Pl\\xffe6J\\xffed\\x01\\x00\\x00pS\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pl\\xffe6J\\xffed\\x01\\x00\\x00\\xffd0J\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0J\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0J\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\xffce\\xffe5J\\xffed\\x01\\x00\\x00pS\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00pM\\xffebJ\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4366
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 4368
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4379
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-03-05 10:24:19,712",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5264"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523b8c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000418"
              }
            ],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-03-05 10:24:34,978",
            "thread_id": "5264",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-03-05 10:24:35,994",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00`J\\xffebJ\\xffed\\x01\\x00\\x00`J\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`J\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00pF\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4396
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 4397
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4398
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4401
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4405
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4408
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4410
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 4411
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000438"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\x00\\x00\\x00\\x00:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff83\\xffeaJ\\xffed\\x01\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0U\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd8\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90E\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4415
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000438"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4418
          },
          {
            "timestamp": "2026-03-05 10:24:38,150",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4421
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4425
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b4e0000"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97b4e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\windows.storage.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 4428
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97b4e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97b601500"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97b4e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97b661660"
              }
            ],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97b4e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97b669970"
              }
            ],
            "repeated": 0,
            "id": 4431
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 4434
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5056"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000044c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0ac30"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000044c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0ac30"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 4439
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000044c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-03-05 10:24:38,166",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4442
          },
          {
            "timestamp": "2026-03-05 10:24:38,197",
            "thread_id": "2452",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-03-05 10:24:38,197",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0ac30"
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-03-05 10:24:38,197",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4445
          },
          {
            "timestamp": "2026-03-05 10:24:38,197",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-03-05 10:24:38,197",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 4448
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97adb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f802aeb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97adb0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97adb7ce0"
              }
            ],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xe9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4452
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000042c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000410"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-03-05 10:24:38,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 4455
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97adb886c",
            "parentcaller": "0x7ff97adb80d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 4458
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcfcb5e",
            "parentcaller": "0x7ff97d70adb8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4461
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcfcbb0",
            "parentcaller": "0x7ff97d70adb8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000450"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 4464
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 4467
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}"
              },
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}"
              }
            ],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000045e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              }
            ],
            "repeated": 0,
            "id": 4471
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4474
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00^\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4477
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000045e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4481
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000045e"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4484
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4487
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000462"
              }
            ],
            "repeated": 0,
            "id": 4489
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00^\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4492
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000045e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4495
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00^\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4498
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4499
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000045e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              }
            ],
            "repeated": 0,
            "id": 4502
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4503
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 4505
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "ht\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0[\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00i\\x00_\\x00s\\x00s\\x00l\\x00\n\\x00a\\x00d\\x00s\\x00.\\x00a\\x00r\\x00c\\x00c\\x00t\\x00.\\x00m\\x00s\\x00n\\x00.\\x00c\\x00o\\x00m\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4508
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8d\\xebJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4511
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8W\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xa5\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xc8\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\x98\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\xd8\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0W\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8u\\xe9J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00z\\x1b\\xc3:\\x8e\\x17\\xe8\\x15\\x1f\\x0c\\x00\\x00P\\x18\\x94\t^\\x84\\xbf!\\x85\\x9d\\xe0\\xf7LMEM0\\x00\\x00\\x00\\xb8\\xd5\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0Z\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xe0;\\xebJ\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "Ha\\xebJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xQ\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xb9\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00(\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00\\x18\\xd5\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pQ\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00`\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 4523
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-03-05 10:24:38,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-03-05 10:24:38,322",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-03-05 10:24:38,322",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4527
          },
          {
            "timestamp": "2026-03-05 10:24:38,322",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-03-05 10:24:38,322",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-03-05 10:24:38,337",
            "thread_id": "5056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4530
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00$\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90a\\xffe6J\\xffed\\x01\\x00\\x00\\xfff8\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\xff90a\\xffe6J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90a\\xffe6J\\xffed\\x01\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd2\\xffe9J\\xffed\\x01\\x00\\x00`t\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0K\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4535
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000045c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4543
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000464"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x01\\x1d\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00\\xffc0S\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0e\\xffe6J\\xffed\\x01\\x00\\x00\\xfff0B\\xffebJ\\xffed\\x01\\x00\\x00\\xfff0B\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0B\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd3\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0S\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd8\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0K\\xffebJ\\xffed\\x01\\x00\\x00P\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4552
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4554
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000045c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 1,
            "id": 4563
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5056"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 1,
            "id": 4566
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 4567
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 4571
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000045c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x1c\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00x\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90c\\xffe6J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff8c\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\xff80W\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff89\\xffe4J\\xffed\\x01\\x00\\x00P\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4573
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000045c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000464"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 1,
            "id": 4588
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5056"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 1,
            "id": 4591
          },
          {
            "timestamp": "2026-03-05 10:24:38,353",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 4592
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4593
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 4596
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffd6\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10h\\xffe6J\\xffed\\x01\\x00\\x00x\\xffd6\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd6\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd6\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x10h\\xffe6J\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10h\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0F\\xffebJ\\xffed\\x01\\x00\\x00\\xffe0F\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0F\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd1\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0T\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90L\\xffebJ\\xffed\\x01\\x00\\x00P\\xffd6\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4603
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000046c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 1,
            "id": 4613
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5056"
              }
            ],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4615
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "3424",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00`\r\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3424"
              }
            ],
            "repeated": 1,
            "id": 4616
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 4617
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-03-05 10:24:38,369",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-03-05 10:24:38,400",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}"
              },
              {
                "name": "Handle",
                "value": "0x00000472"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ea"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000043e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000472"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000476"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x0000040a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc6\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xc7\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4632
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000040a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000472"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000476"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4637
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000476"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              }
            ],
            "repeated": 0,
            "id": 4640
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000476"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4644
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4645
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8U\\xe6J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc3\\xfb+\\x16\\x80\\x0b\\xb1\\x97\\x05\\x04\\x00\\x00P\\x18\\x94\t\\xda@_\\xc9\\xbb\\xd1\\x83\\xcfLMEM0\\x00\\x00\\x00h\\xda\\xff\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`Y\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xae\\xe9(Q\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000472"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4652
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8Z\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00N\\xbf7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xd3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xd3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xd2\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x08\\xd3\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0Z\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xd1\\xdf\\x0b\\xc6\\x00\\x00\\x00<\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 4656
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "hT\\xe6J\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0W\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf88\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047a"
              }
            ],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8[\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xb27\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00x\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00H\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00h\\xcf\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc5\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc6\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000[\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00<\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 4669
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4671
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000040a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 4673
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc5\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc6\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4675
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4676
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000040a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000040a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-03-05 10:24:38,416",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040a"
              }
            ],
            "repeated": 0,
            "id": 4679
          },
          {
            "timestamp": "2026-03-05 10:24:38,431",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-03-05 10:24:38,431",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-03-05 10:24:38,431",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4682
          },
          {
            "timestamp": "2026-03-05 10:24:38,431",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57e2d0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 4684
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4686
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57e2d0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 4691
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4692
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b57e125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000478"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000047c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 4695
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4699
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3424",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b57e125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000043c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000498"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97fcefdde",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 4705
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcefdde",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97fcec6d8",
            "parentcaller": "0x7ff97fceff14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xdd\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcefe08",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "packageContents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents"
              }
            ],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fcec6d8",
            "parentcaller": "0x7ff97fceff14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xd9\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4710
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97fceff50",
            "parentcaller": "0x7ff97f99d773",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd02\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\x02\\xe7J\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\x03\\xe7J\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x03\\xe7J\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6\\x04\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x04\\xe7J\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\xe7J\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\xe7J\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 \\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\xe7J\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00H\\x05\\xe7J\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x05\\xe7J\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 4719
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4720
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa05\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4722
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4725
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4727
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000490"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4734
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000490"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4737
          },
          {
            "timestamp": "2026-03-05 10:24:38,462",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4741
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4743
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff97df2bc7b",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows_shell_global_counters"
              }
            ],
            "repeated": 0,
            "id": 4746
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df2bc38",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df29a42",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4752
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df2c36a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df2c287",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 1,
            "id": 4754
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeb7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4756
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97df2a0ed",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2bd78",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97df2a249",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2bd78",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4760
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df411c3",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97df2a0ed",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4775
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2bd78",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df3f011",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6e01e6",
            "parentcaller": "0x7ff97df2afd1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 4787
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 4791
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 4795
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97d722304",
            "parentcaller": "0x7ff97d6d1959",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3424",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000484"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97d6e3b98",
            "parentcaller": "0x7ff97d6e3ace",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4799
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97d6e3a88",
            "parentcaller": "0x7ff97d6e3dab",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4801
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97d6e3b98",
            "parentcaller": "0x7ff97d6e3ace",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4803
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4806
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4807
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4811
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df24145",
            "parentcaller": "0x7ff97b64be42",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-03-05 10:24:38,478",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 4818
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "ValueName",
                "value": "DriveMask"
              },
              {
                "name": "Data",
                "value": "32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask"
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97b64bf75",
            "parentcaller": "0x7ff97b60ec15",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3424",
            "caller": "0x7ff97b61450a",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 4822
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97b5b771f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              }
            ],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 4824
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97b61455e",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047a"
              }
            ],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4829
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4831
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 4832
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4834
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "DontShowSuperHidden"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3424",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97b5b771f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97e743cf6",
            "parentcaller": "0x7ff97b5a5543",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "DriveMask"
              },
              {
                "name": "Data",
                "value": "32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b5a5543",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3424",
            "caller": "0x7ff97b61450a",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\"
              }
            ],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3424",
            "caller": "0x7ff97b61455e",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ShellState"
              },
              {
                "name": "Data",
                "value": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97b5a55f7",
            "parentcaller": "0x7ff97b5a3a1f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "NoWebView"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView"
              }
            ],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "NoWebView"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView"
              }
            ],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ClassicShell"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell"
              }
            ],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ClassicShell"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell"
              }
            ],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b5a56fb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Advanced"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "Hidden"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ShowCompColor"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor"
              }
            ],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "HideFileExt"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt"
              }
            ],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "DontPrettyPath"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ShowInfoTip"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "HideIcons"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons"
              }
            ],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "MapNetDrvBtn"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "WebView"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "Filter"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter"
              }
            ],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ShowSuperHidden"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 4884
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "AutoCheckSelect"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect"
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-03-05 10:24:38,494",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "IconsOnly"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ShowTypeOverlay"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay"
              }
            ],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "ShowStatusBar"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar"
              }
            ],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3764",
            "caller": "0x7ff97b5a5c1d",
            "parentcaller": "0x7ff97b5a5684",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4889
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 4891
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4892
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4893
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 4898
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 4903
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a6"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4904
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ae"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ae"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004aa"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4917
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b6"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2ad48",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 4920
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004aa"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2ad48",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004aa"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              }
            ],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97d6d85d9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 4934
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6df79c",
            "parentcaller": "0x7ff97d6dee23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4940
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 4947
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6df79c",
            "parentcaller": "0x7ff97d6dee23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xb2\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xce\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000004ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              }
            ],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xce\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              }
            ],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4963
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              }
            ],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ae"
              }
            ],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4971
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00`\r\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3424"
              }
            ],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 4978
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "528"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 4980
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4986
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x9e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4993
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000049e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              }
            ],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              }
            ],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-03-05 10:24:38,509",
            "thread_id": "2452",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97b62540b",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97b5e8e10"
              },
              {
                "name": "EventName",
                "value": "Global\\WSearchMigPluginActive"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-03-05 10:24:38,525",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-03-05 10:24:38,525",
            "thread_id": "2452",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c4a0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1352"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-03-05 10:24:38,525",
            "thread_id": "2452",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000004b8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c4a0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1352"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-03-05 10:24:38,525",
            "thread_id": "2452",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1352"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-03-05 10:24:38,525",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5005
          },
          {
            "timestamp": "2026-03-05 10:24:38,525",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25f99",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c2"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000004c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c6"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c2"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c6"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 5022
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 5024
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c2"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b6317c1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c6"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2ad48",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2ad48",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c2"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2ad48",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c6"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 5035
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 5038
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              }
            ],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5043
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000004c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 5051
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xcf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xd0\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5062
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xcf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xd0\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              }
            ],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              }
            ],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97b62540b",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97b5e8e10"
              },
              {
                "name": "EventName",
                "value": "Global\\WSearchMigPluginActive"
              }
            ],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 5072
          },
          {
            "timestamp": "2026-03-05 10:24:38,541",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5073
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "1352",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 5074
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "528",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5075
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "528",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c350"
              }
            ],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 5077
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "1352",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "1352",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c4a0"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "1352",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00H\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-03-05 10:24:38,556",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "3764",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c5f0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5860"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "3764",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000004c8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0c5f0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5860"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "3764",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004c8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5860"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25f99",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "528",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-03-05 10:24:38,603",
            "thread_id": "528",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\mssprxy"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95ed30000"
              }
            ],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-03-05 10:24:38,650",
            "thread_id": "5860",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 5091
          },
          {
            "timestamp": "2026-03-05 10:24:38,650",
            "thread_id": "1352",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5092
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mssprxy.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95ed30000"
              }
            ],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}"
              },
              {
                "name": "Handle",
                "value": "0x000004ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}"
              }
            ],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ca"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "5860",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5860"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 5100
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ca"
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "1352",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mssprxy.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95ed30000"
              }
            ],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "1352",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "3764",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}"
              },
              {
                "name": "Handle",
                "value": "0x000004ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}"
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ca"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 5110
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ca"
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-03-05 10:24:38,728",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5114
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "1352",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00H\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 5116
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aebe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "3424",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "3424",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aebf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5127
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979d8bde6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 5129
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff979da3de1",
            "parentcaller": "0x7ff979da3d0a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5134
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff979dbcda2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff979dc56f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d93120",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro"
              }
            ],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000508"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ea90000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07cae0"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000500"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db"
              }
            ],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000500"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4eaa0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07da40"
              },
              {
                "name": "ViewSize",
                "value": "0x00049000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 1,
            "id": 5146
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff979db200e",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d93120",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro"
              }
            ],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000504"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4eaf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07cb90"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db"
              }
            ],
            "repeated": 0,
            "id": 5154
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4eb00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07daf0"
              },
              {
                "name": "ViewSize",
                "value": "0x0009c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-03-05 10:24:38,744",
            "thread_id": "2452",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 1,
            "id": 5156
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff979db200e",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5161
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 5162
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00 }\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xe8}\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08~\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00V\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00p\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x7f\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x7f\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x90O\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00XP\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00xP\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xc6Q\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8Q\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xe0Q\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8Q\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00R\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 R\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00(R\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00HR\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5179
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5182
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6df040",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5188
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5192
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5194
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5196
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6ea33a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6ea33a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97d6ea351",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlIsStateSeparationEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd284d0"
              }
            ],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 2,
            "id": 5203
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5204
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6df040",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5209
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5211
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5212
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5214
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0xc60bdfc690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00@p\\xe1J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\xc6\\x00\\x00\\x00@p\\xe1J\\xed\\x01\\x00\\x00$J\\xe2\\x7f\\xf9\\x7f\\x00\\x00@\\xc8\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x000\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5225
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x02\\xd2J\\xed\\x01\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x02\\xd2J\\xed\\x01\\x00\\x00xO\\xecJ\\xed\\x01\\x00\\x00\\xab\\x8e\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x08\\x08\\x01\\x04\\x01\\x00\\x08\\x08\\x00\\x00\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x00\\x00e\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00\\x89\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xa9\\xae\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\xcc\\x00\\x00\\x00\\x00@\\x00\\x00\\\\x00\\x00\\x00\\xcc\\x00\\xe2\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5232
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00@Y\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x00@Y\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5236
          },
          {
            "timestamp": "2026-03-05 10:24:38,759",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00k\\x8f\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb37\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xb17\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0[\\xe9J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x00\\xf0[\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xeb\\x8f\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb37\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xb17\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x90V\\xe6J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00B\\x00\\x00\\x00\\x00\\x00\\x90V\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5260
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5263
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00k\\x90\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb37\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xb17\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5266
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-03-05 10:24:38,775",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00P\\x8c\\xeaJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00P\\x8c\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x8b\\x91\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb37\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xb17\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00pd\\xebJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00&\\x00\\x00\\x00\\x00\\x00pd\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xab\\x92\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb37\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xb17\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5290
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5\\x19g\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xb1\\xeaJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xa0\\xb1\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5298
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xcb\\x93\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb37\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xb17\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d912b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d912b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6da73a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000514"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\xd19\\x84\\xc4\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-03-05 10:24:38,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6da78f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b5b4987",
            "parentcaller": "0x7ff97b5b5a8b",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b6a1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b6a1d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00H\\x8dm|\\x1f\\x00\\x00\\x00\\x04@\\x00\\x10\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b6a1d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b6a9d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5319
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b6a9d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b6a9d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5323
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x9d\\xe7J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5324
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "5056",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5327
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "5056",
            "caller": "0x7ff97eb75611",
            "parentcaller": "0x7ff97dc3ec21",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\\\x00j\\x00"
              }
            ],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x8a\\xdf\\x0b\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5341
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x000\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\x05\\x16\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00@w\\xe1J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf04\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\xff\\xff\\x00\\x00@w\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5345
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5346
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5355
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2\\x07\\x0c\\xc6\\x00\\x00\\x00-\\x19\\xcc\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x02\\xd2J\\xed\\x01\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xd0\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x02\\xd2J\\xed\\x01\\x00\\x00xO\\xecJ\\xed\\x01\\x00\\x00\\xab\\x8e\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x08\\x08\\x01\\x04\\x01\\x00\\x08\\x08\\x00\\x00\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xd0\\x07\\x0c\\xc6\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x009\\xd0\\x07\\x0c\\xc6\\x00\\x00\\x00\\xa9\\xae\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\xcc\\x00\\x00\\x00\\x00@\\x00\\x00\\\\x00\\x00\\x00\\xcc\\x00\\xe2\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5358
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5361
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x86\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00 \\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5363
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5369
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5373
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5375
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5378
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5386
          },
          {
            "timestamp": "2026-03-05 10:24:38,806",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97b679aad",
            "parentcaller": "0x7ff97b605e88",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97b630061",
            "parentcaller": "0x7ff97b605ea5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Common Start Menu"
              },
              {
                "name": "Data",
                "value": "%ProgramData%\\Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-03-05 10:24:38,822",
            "thread_id": "3424",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "6592",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{934d8cf6-17ea-11f1-b6c8-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5b708a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66040f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b6a1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b6a1d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00H\\x8dm|\\x1f\\x00\\x00\\x00\\x04@\\x00\\x10\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b6a1d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5860",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b6a9d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000524"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b6a9d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 5413
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5860",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 5415
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b6a9d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97b5b727d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000528"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5418
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97b5b727d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000528"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97b5b72dd",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000528"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97b5b72dd",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000528"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x8e\\xe7J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5426
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "5860",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5860"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979d8bde6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000474"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xd0S\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x98T\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8T\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x06V\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18V\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00 V\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008V\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@V\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`V\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00hV\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88V\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000474"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5435
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5436
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xd0S\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x98T\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8T\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x06V\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18V\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00 V\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008V\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@V\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`V\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00hV\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88V\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5437
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0g\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5444
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5446
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5449
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5453
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5456
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5461
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5462
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5463
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-03-05 10:24:38,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x7469736f70655270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x10\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xf5\\x1bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00`v\\xe1J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00t\\Wi`\\x00\\x00\\x00s\\AppReposit\\xd4\\x00\\xd8\\x00\\x00\\x00\\x00\\x00`v\\xe1J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xef\\x0b\\xc6\\x00\\x00\\x00 \\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00@\\xcc\\xef\\x0b\\xc6\\x00\\x00\\x00\\x18\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00\\x10\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00\\x90\\x02\\xd2J\\xed\\x01\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xcc\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x02\\xd2J\\xed\\x01\\x00\\x00\\xb8S\\xecJ\\xed\\x01\\x00\\x00\\xab\\x8e\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\xc4\\x07\\x01\\x04\\x01\\x00\\xc4\\x07\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc4\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xcc\\xef\\x0b\\xc6\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00I\\xcc\\xef\\x0b\\xc6\\x00\\x00\\x00\\xa9\\xae\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\xcc\\x00\\x00\\x00\\x00@\\x00\\x00\\\\x00\\x00\\x00\\xcc\\x00\\xe2\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5480
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x10\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xf5\\x1bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x10g\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x00\\x10g\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5484
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x8b\\x9c\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xbd\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xf8\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\x1e\\xb0\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-03-05 10:24:38,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x10\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xf5\\x1bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0[\\xe9J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x00\\xf0[\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5495
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x0b\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xbd\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xf8\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\x1e\\xb0\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x10\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xf5\\x1bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x00_\\xe6J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00B\\x00\\x00\\x00\\x00\\x00\\x00_\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5507
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5509
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x8b\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xbd\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xf8\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\x1e\\xb0\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5511
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x10\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xf5\\x1bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00Pl\\xe6J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00Pl\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc8\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xab\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xbd\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xf8\\xcb\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\x1e\\xb0\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5523
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-03-05 10:24:38,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000049c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5526
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5529
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@shell32,dll,-12692"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21797"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-117"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5534
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5535
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5541
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "3424",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5547
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x8c\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x14\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5553
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Recent"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent"
              }
            ],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x90\\x07\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5559
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5562
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Windows"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5565
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5571
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-03-05 10:24:38,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5577
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5583
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x90\\x07\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5589
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5590
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000514"
              },
              {
                "name": "SubKey",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "System"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5595
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5601
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5607
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5610
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5613
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x90\\x07\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5619
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Personal"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5625
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21770"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5630
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-112"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5640
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5648
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x8c\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x008\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "Personal"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 5655
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x90\\x07\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5659
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5661
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Fonts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5664
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5670
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5676
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-03-05 10:24:38,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x88\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00<\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Recent"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent"
              }
            ],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5697
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x86\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Recent"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent"
              }
            ],
            "repeated": 0,
            "id": 5705
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "3424",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5b17a8",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ae128",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ae128",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ae128",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ae128",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5724
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 5727
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x0000053a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc0\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00:\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xc1\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Folder\\ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000053a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x00000522"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000522"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000522"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc0\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\"\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xc1\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000522"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000522"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              }
            ],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053a"
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000522"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-03-05 10:24:38,916",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeeb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5751
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979db3a74",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-03-05 10:24:38,947",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979db3a74",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5779
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3424",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979db3a74",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-03-05 10:24:38,962",
            "thread_id": "3764",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5789
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c4146",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c42a4",
            "parentcaller": "0x7ff97b5e14b0",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec500",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97d6c42ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c42a4",
            "parentcaller": "0x7ff97b5e14b0",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec320",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97d6c42ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c42a4",
            "parentcaller": "0x7ff97b5e14b0",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec1e0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5798
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97d6c42ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5799
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c42a4",
            "parentcaller": "0x7ff97b5e14b0",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec5a0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97d6c42ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c42a4",
            "parentcaller": "0x7ff97b5e14b0",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec5a0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97d6c42ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5807
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000480"
              },
              {
                "name": "SubKey",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5809
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5810
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Cache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5811
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5812
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5813
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\INetCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5820
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5835
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xae\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x88\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Cache"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5840
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5844
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000474"
              },
              {
                "name": "SubKey",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CD Burning"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Burn\\Burn"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21815"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5872
          },
          {
            "timestamp": "2026-03-05 10:24:38,978",
            "thread_id": "3764",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xae\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x88\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "CD Burning"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\CD Burning"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000488"
              },
              {
                "name": "SubKey",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5890
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5891
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5894
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5900
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5903
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000474"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000474"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97df2ab55",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "ValueName",
                "value": "FriendlyTypeName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-10152"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\FriendlyTypeName"
              }
            ],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6c60c9",
            "parentcaller": "0x7ff97d6c557b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6c6119",
            "parentcaller": "0x7ff97d6c557b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StringCacheGeneration"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "48"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6c6143",
            "parentcaller": "0x7ff97d6c557b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb5\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00j\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d6e165e",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6e15f9",
            "parentcaller": "0x7ff97d6c5f65",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000480"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6e1615",
            "parentcaller": "0x7ff97d6c5f65",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 5927
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6e3b98",
            "parentcaller": "0x7ff97d6e58f0",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "@C:\\Windows\\system32\\windows.storage.dll,-10152"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "\\x41f\\x430\\x43f\\x43a\\x430 \\x441 \\x444\\x430\\x439\\x43b\\x430\\x43c\\x438"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@C:\\Windows\\system32\\windows.storage.dll,-10152"
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6c5985",
            "parentcaller": "0x7ff97d6c522e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              }
            ],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aecb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0Y\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\xc6\\x00\\x00\\x00\\xf0Y\\xefJ\\xed\\x01\\x00\\x00\\xd5,\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\xe9\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x000\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5942
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-03-05 10:24:38,994",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0R\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x00\\xc0R\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5954
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00K\\xad\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xc8\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0]\\xe9J\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x00\\xd0]\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xcb\\xad\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xc8\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-03-05 10:24:39,009",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 5981
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000003e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00K\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xc8\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00P\\x91\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00P\\x91\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00k\\xaf\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xc8\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6005
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6008
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x008\\xeaJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00&\\x00\\x00\\x00\\x00\\x00\\x008\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x8b\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xc8\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6014
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-03-05 10:24:39,025",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "P\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb5bW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xb7\\xeaJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc0\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\xb7\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\xab\\xb1\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00~\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x008\\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00\\xde\\xc8\\x07\\xb8E\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xedJ\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xad\\xa0L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d912b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d912b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6033
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6da73a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000051c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\xd19\\x84\\xc4\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6da78f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "2452",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6039
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "edputil.dll"
              }
            ],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "2452",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6041
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\edputil.dll"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\edputil.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 6043
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000051c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\edputil.dll"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000510"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965e90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00024000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965eb1000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ea7000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ea7000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ea7000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ea7000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ea6000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ea6000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\edputil"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965e90000"
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6057
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6063
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6069
          },
          {
            "timestamp": "2026-03-05 10:24:39,041",
            "thread_id": "3424",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6070
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\edputil"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965e90000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff965e91790"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3424",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3424",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6084
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000003e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6086
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000003e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6089
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57e2d0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b57e125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000003e8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000053c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 6095
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6096
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcefdde",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 6097
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcefe08",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "ValueName",
                "value": "packageContents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcec6d8",
            "parentcaller": "0x7ff97fceff14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xdd\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6099
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fceff50",
            "parentcaller": "0x7ff97f99d773",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6101
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0;\\xeaJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00?\\x04:\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6107
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6108
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6113
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6119
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000003e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6125
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 6129
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003ea"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 6131
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x00000512"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000512"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000512"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x12\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000512"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6137
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000512"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aefa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6139
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aefb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 6141
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000542"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000542"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00B\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000542"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000542"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000512"
              }
            ],
            "repeated": 0,
            "id": 6149
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              }
            ],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97b62540b",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97b5e8e10"
              },
              {
                "name": "EventName",
                "value": "Global\\WSearchMigPluginActive"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "528",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "528",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-03-05 10:24:39,056",
            "thread_id": "528",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aefc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "528",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aefd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6164
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6166
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6167
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0l\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6169
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6173
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6175
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 6177
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6178
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6179
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6181
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6185
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6186
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6191
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6197
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e300000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e302000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e305000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6203
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e303000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6209
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6215
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-03-05 10:24:39,072",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 6228
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}"
              },
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}"
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000526"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 6230
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000526"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000526"
              }
            ],
            "repeated": 0,
            "id": 6232
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              }
            ],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 6234
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6235
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6236
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc6\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x1e\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xc7\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6237
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 6238
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6239
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 6240
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6241
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6242
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6243
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6244
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6245
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051e"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000526"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 6246
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000526"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 6247
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000526"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6248
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6249
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6250
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 6251
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6252
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 6253
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6254
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6255
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6256
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6257
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc5\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x1e\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xc6\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6258
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6259
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 6260
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6261
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6262
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc5\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x1e\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xc6\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6263
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6264
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 6265
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6266
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 6267
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051e"
              }
            ],
            "repeated": 0,
            "id": 6268
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 6269
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6270
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 6271
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6272
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "3764",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xc5\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xd8\\xdd\\xe1y\\xf9\\x7f\\x00\\x00\\xb0\\xdd\\xe1y\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0x\\xefJ\\xed\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6273
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6274
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6275
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6276
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 6277
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6278
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 6279
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6280
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6281
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6282
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6283
          },
          {
            "timestamp": "2026-03-05 10:24:39,181",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 6284
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6285
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 6286
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 6287
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6288
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6289
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6290
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 6291
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000494"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdd\\xffff\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffc1\\x12\\xffa8\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9b\\xffeeJ\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xff90\\xff9b\\xffeeJ\\xffed\\x01\\x00\\x00@\\xffc6\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9b\\xffeeJ\\xffed\\x01\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00@\\xffc6\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffde\\xffff\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6292
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 6293
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 6294
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 6295
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 6296
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6297
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 6298
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000494"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 6299
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 6300
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 6301
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd6\\xfff7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x1d\\xffa0\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff9c\\xffeeJ\\xffed\\x01\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x10\\xff9c\\xffeeJ\\xffed\\x01\\x00\\x00\\xffc0\\xffc8\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff9c\\xffeeJ\\xffed\\x01\\x00\\x000A\\xffebJ\\xffed\\x01\\x00\\x000A\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000A\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdd\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0\\xffc8\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xfff7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`J\\xffebJ\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6302
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 6303
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 6304
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 6305
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6306
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 6307
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 6308
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 6309
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 1,
            "id": 6310
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5056"
              }
            ],
            "repeated": 0,
            "id": 6311
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 6312
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6313
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000498"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 6314
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 6315
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6316
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 6317
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 6318
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6319
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 6320
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6321
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6322
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6323
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6324
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6325
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 6326
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 6327
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 6328
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 6329
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6592"
              }
            ],
            "repeated": 0,
            "id": 6330
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6331
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 6332
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6333
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 6334
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6335
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6336
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 6337
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6338
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00o\\x00l\\x00d\\x00e\\x00r\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00 \\xffc0\\xffe4J\\x12\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd6\\xffd7\\x0b\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff91\\x1d\\xff80\\xff9b:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff9d\\xffeeJ\\xffed\\x01\\x00\\x00x\\xffde\\xffe9J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xff9d\\xffeeJ\\xffed\\x01\\x00\\x000\\xffc7\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff9d\\xffeeJ\\xffed\\x01\\x00\\x00P\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00P\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8e\\xffe4J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x000\\xffc7\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd7\\xffd7\\x0b\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff81\\xffe4J\\xffed\\x01\\x00\\x00P\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6339
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6340
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 6341
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 6342
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 6343
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6344
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6345
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 6346
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 6347
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 6348
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000470"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 6349
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 6350
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 6351
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFolderStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 6352
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6353
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 6354
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6355
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6356
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 6357
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 1,
            "id": 6358
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 6359
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 6360
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6361
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000498"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 6362
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 6363
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 6364
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 6365
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6366
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 6367
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 6368
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6369
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6370
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6371
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6372
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6373
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 6374
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6375
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 1,
            "id": 6376
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6592"
              }
            ],
            "repeated": 0,
            "id": 6377
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 6378
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6379
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 6380
          },
          {
            "timestamp": "2026-03-05 10:24:39,197",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 6381
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6382
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "6592",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6383
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6384
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "6592",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@~\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x7f\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x80\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x80\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x80\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x80\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x80\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6385
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "6592",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6386
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6387
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97b5980a4",
            "parentcaller": "0x7ff97b598021",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes"
              }
            ],
            "repeated": 0,
            "id": 6388
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b5980d7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "{B372207C-0011-438F-9151-098B2E36B887}"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}"
              }
            ],
            "repeated": 0,
            "id": 6389
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6390
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6391
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Parent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Parent"
              }
            ],
            "repeated": 0,
            "id": 6392
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "CanonicalName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\CanonicalName"
              }
            ],
            "repeated": 0,
            "id": 6393
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "CanonicalName"
              },
              {
                "name": "Data",
                "value": "FileItemAPIs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\CanonicalName"
              }
            ],
            "repeated": 0,
            "id": 6394
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "PerceivedType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\PerceivedType"
              }
            ],
            "repeated": 0,
            "id": 6395
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "PerceivedType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\PerceivedType"
              }
            ],
            "repeated": 0,
            "id": 6396
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Theme"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Theme"
              }
            ],
            "repeated": 0,
            "id": 6397
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Theme"
              },
              {
                "name": "Data",
                "value": "default"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Theme"
              }
            ],
            "repeated": 0,
            "id": 6398
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "LayoutType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\LayoutType"
              }
            ],
            "repeated": 0,
            "id": 6399
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "LayoutType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\LayoutType"
              }
            ],
            "repeated": 0,
            "id": 6400
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "TopViewPersistence"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViewPersistence"
              }
            ],
            "repeated": 0,
            "id": 6401
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "ViewSettingsPersistence"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\ViewSettingsPersistence"
              }
            ],
            "repeated": 0,
            "id": 6402
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Mode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Mode"
              }
            ],
            "repeated": 0,
            "id": 6403
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 6404
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Class"
              }
            ],
            "repeated": 0,
            "id": 6405
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "MostRelevant"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\MostRelevant"
              }
            ],
            "repeated": 0,
            "id": 6406
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "MostRelevant"
              },
              {
                "name": "Data",
                "value": "prop:System.ItemNameDisplay"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\MostRelevant"
              }
            ],
            "repeated": 0,
            "id": 6407
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6408
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6409
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6410
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97b5982ce",
            "parentcaller": "0x7ff97b598021",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Modifiers"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Modifiers"
              }
            ],
            "repeated": 0,
            "id": 6411
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "DefaultView"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\DefaultView"
              }
            ],
            "repeated": 0,
            "id": 6412
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97b59831f",
            "parentcaller": "0x7ff97b598021",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes"
              }
            ],
            "repeated": 0,
            "id": 6413
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97b58bfd4",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews"
              },
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews"
              }
            ],
            "repeated": 0,
            "id": 6414
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "ValueName",
                "value": "OverrideParentTopViews"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\OverrideParentTopViews"
              }
            ],
            "repeated": 0,
            "id": 6415
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97b58c06f",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}"
              }
            ],
            "repeated": 0,
            "id": 6416
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34CBC45C-EB17-448D-AC3A-838EB3ECDCD0}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34CBC45C-EB17-448D-AC3A-838EB3ECDCD0}"
              }
            ],
            "repeated": 0,
            "id": 6417
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34CBC45C-EB17-448D-AC3A-838EB3ECDCD0}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34CBC45C-EB17-448D-AC3A-838EB3ECDCD0}"
              }
            ],
            "repeated": 0,
            "id": 6418
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6419
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6420
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6421
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6422
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6423
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6424
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6425
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6426
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6427
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6428
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6429
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6430
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6431
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6432
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6433
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6434
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6435
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6436
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6437
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6438
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6439
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:-System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6440
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6441
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6442
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}"
              }
            ],
            "repeated": 0,
            "id": 6443
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6444
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6445
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "{3fa62bd1-b86d-4b21-9931-02086472c3e6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}"
              }
            ],
            "repeated": 0,
            "id": 6446
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3FA62BD1-B86D-4B21-9931-02086472C3E6}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3FA62BD1-B86D-4B21-9931-02086472C3E6}"
              }
            ],
            "repeated": 0,
            "id": 6447
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3FA62BD1-B86D-4B21-9931-02086472C3E6}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3FA62BD1-B86D-4B21-9931-02086472C3E6}"
              }
            ],
            "repeated": 0,
            "id": 6448
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6449
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6450
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6451
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6452
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6453
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6454
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6455
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6456
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6457
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6458
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6459
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6460
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6461
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Music.AlbumTitle"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6462
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6463
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Music.AlbumTitle"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6464
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6465
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6466
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.Music.Artist;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6467
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6468
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Music.AlbumTitle;System.Music.DisplayArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6469
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6470
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6471
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{3fa62bd1-b86d-4b21-9931-02086472c3e6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}"
              }
            ],
            "repeated": 0,
            "id": 6472
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6473
          },
          {
            "timestamp": "2026-03-05 10:24:39,212",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6474
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              }
            ],
            "repeated": 0,
            "id": 6475
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              }
            ],
            "repeated": 0,
            "id": 6476
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              }
            ],
            "repeated": 0,
            "id": 6477
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6478
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6479
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6480
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6481
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6482
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6483
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6484
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6485
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6486
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6487
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6488
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6489
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6490
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.ItemTypeText"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6491
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6492
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.ItemTypeText"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6493
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6494
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6495
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.ItemTypeText;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6496
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6497
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.ItemTypeText"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6498
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6499
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6500
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}"
              }
            ],
            "repeated": 0,
            "id": 6501
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6502
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6503
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}"
              }
            ],
            "repeated": 0,
            "id": 6504
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5A07AE71-B138-4E2B-A3D8-815B2EE774E6}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5A07AE71-B138-4E2B-A3D8-815B2EE774E6}"
              }
            ],
            "repeated": 0,
            "id": 6505
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5A07AE71-B138-4E2B-A3D8-815B2EE774E6}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5A07AE71-B138-4E2B-A3D8-815B2EE774E6}"
              }
            ],
            "repeated": 0,
            "id": 6506
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6507
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6508
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6509
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6510
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6511
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6512
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6513
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6514
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6515
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6516
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6517
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6518
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6519
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Music.DisplayArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6520
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6521
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Music.DisplayArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6522
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6523
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6524
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6525
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6526
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Music.DisplayArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6527
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6528
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6529
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}"
              }
            ],
            "repeated": 0,
            "id": 6530
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6531
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6532
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "{5B11944C-125B-40FD-B2BC-025736B0F714}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}"
              }
            ],
            "repeated": 0,
            "id": 6533
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}"
              }
            ],
            "repeated": 0,
            "id": 6534
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}"
              }
            ],
            "repeated": 0,
            "id": 6535
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6536
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6537
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6538
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6539
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6540
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6541
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6542
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6543
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6544
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6545
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6546
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6547
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6548
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Author"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6549
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6550
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Author"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6551
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6552
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6553
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Author;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6554
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6555
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Author"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6556
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6557
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6558
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{5B11944C-125B-40FD-B2BC-025736B0F714}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}"
              }
            ],
            "repeated": 0,
            "id": 6559
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6560
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6561
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "{73218899-7B6E-4168-A140-D7167A04F8F0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}"
              }
            ],
            "repeated": 0,
            "id": 6562
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}"
              }
            ],
            "repeated": 0,
            "id": 6563
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}"
              }
            ],
            "repeated": 0,
            "id": 6564
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6565
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6566
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6567
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6568
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6569
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6570
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6571
          },
          {
            "timestamp": "2026-03-05 10:24:39,228",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6572
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6573
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6574
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6575
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6576
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6577
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Music.Composer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6578
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6579
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Music.Composer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6580
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6581
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6582
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6583
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6584
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Music.Composer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6585
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6586
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6587
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{73218899-7B6E-4168-A140-D7167A04F8F0}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}"
              }
            ],
            "repeated": 0,
            "id": 6588
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6589
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6590
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "{82ba0782-5b7a-4569-b5d7-ec83085f08cc}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}"
              }
            ],
            "repeated": 0,
            "id": 6591
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"
              }
            ],
            "repeated": 0,
            "id": 6592
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"
              }
            ],
            "repeated": 0,
            "id": 6593
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6594
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6595
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6596
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6597
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6598
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6599
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6600
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6601
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6602
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6603
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6604
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6605
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6606
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6607
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6608
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6609
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6610
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6611
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.ItemNameDisplay"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6612
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6613
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6614
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{82ba0782-5b7a-4569-b5d7-ec83085f08cc}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}"
              }
            ],
            "repeated": 0,
            "id": 6615
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6616
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6617
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}"
              }
            ],
            "repeated": 0,
            "id": 6618
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ED-BBC6-AF00FF098FAB}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ED-BBC6-AF00FF098FAB}"
              }
            ],
            "repeated": 0,
            "id": 6619
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ED-BBC6-AF00FF098FAB}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ED-BBC6-AF00FF098FAB}"
              }
            ],
            "repeated": 0,
            "id": 6620
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6621
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6622
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6623
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6624
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6625
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6626
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6627
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6628
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6629
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6630
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6631
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6632
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6633
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6634
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6635
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6636
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6637
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6638
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Title"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6639
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6640
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6641
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}"
              }
            ],
            "repeated": 0,
            "id": 6642
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6643
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6644
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "{94019DD4-8911-4b02-B443-0674C7453F1E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}"
              }
            ],
            "repeated": 0,
            "id": 6645
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4B02-B443-0674C7453F1E}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4B02-B443-0674C7453F1E}"
              }
            ],
            "repeated": 0,
            "id": 6646
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4B02-B443-0674C7453F1E}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4B02-B443-0674C7453F1E}"
              }
            ],
            "repeated": 0,
            "id": 6647
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6648
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6649
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6650
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6651
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6652
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6653
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6654
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6655
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6656
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6657
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6658
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6659
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6660
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Music.AlbumArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6661
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6662
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Music.AlbumArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6663
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6664
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6665
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6666
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6667
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Music.AlbumArtist"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6668
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6669
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6670
          },
          {
            "timestamp": "2026-03-05 10:24:39,244",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{94019DD4-8911-4b02-B443-0674C7453F1E}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}"
              }
            ],
            "repeated": 0,
            "id": 6671
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6672
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6673
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              }
            ],
            "repeated": 0,
            "id": 6674
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              }
            ],
            "repeated": 0,
            "id": 6675
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              }
            ],
            "repeated": 0,
            "id": 6676
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6677
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6678
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6679
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6680
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6681
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6682
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6683
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6684
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6685
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6686
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6687
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6688
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6689
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6690
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6691
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6692
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6693
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6694
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.ItemNameDisplay"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6695
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6696
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6697
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}"
              }
            ],
            "repeated": 0,
            "id": 6698
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6699
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6700
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "{bdbe736f-34f5-4829-abe8-b550e65146c4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}"
              }
            ],
            "repeated": 0,
            "id": 6701
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{BDBE736F-34F5-4829-ABE8-B550E65146C4}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{BDBE736F-34F5-4829-ABE8-B550E65146C4}"
              }
            ],
            "repeated": 0,
            "id": 6702
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{BDBE736F-34F5-4829-ABE8-B550E65146C4}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{BDBE736F-34F5-4829-ABE8-B550E65146C4}"
              }
            ],
            "repeated": 0,
            "id": 6703
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6704
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6705
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6706
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6707
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6708
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6709
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6710
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6711
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6712
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6713
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6714
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6715
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6716
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6717
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6718
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6719
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6720
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6721
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:-System.Search.Rank;-System.DateModified;System.ItemNameDisplay"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6722
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6723
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6724
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{bdbe736f-34f5-4829-abe8-b550e65146c4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}"
              }
            ],
            "repeated": 0,
            "id": 6725
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6726
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6727
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "{C0457B47-32A5-4c29-A092-EFF8AAB749B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}"
              }
            ],
            "repeated": 0,
            "id": 6728
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4C29-A092-EFF8AAB749B7}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4C29-A092-EFF8AAB749B7}"
              }
            ],
            "repeated": 0,
            "id": 6729
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4C29-A092-EFF8AAB749B7}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4C29-A092-EFF8AAB749B7}"
              }
            ],
            "repeated": 0,
            "id": 6730
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6731
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6732
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6733
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6734
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6735
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6736
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6737
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6738
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6739
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6740
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6741
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6742
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6743
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Media.Year"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6744
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6745
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Media.Year"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6746
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6747
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6748
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6749
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6750
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:-System.Media.Year"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6751
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6752
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6753
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{C0457B47-32A5-4c29-A092-EFF8AAB749B7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}"
              }
            ],
            "repeated": 0,
            "id": 6754
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6755
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6756
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "{D16923D7-7E6E-460B-96F0-E321211AA496}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}"
              }
            ],
            "repeated": 0,
            "id": 6757
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}"
              }
            ],
            "repeated": 0,
            "id": 6758
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}"
              }
            ],
            "repeated": 0,
            "id": 6759
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6760
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6761
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6762
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6763
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6764
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6765
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6766
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6767
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6768
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6769
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6770
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6771
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6772
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6773
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6774
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6775
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6776
          },
          {
            "timestamp": "2026-03-05 10:24:39,259",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6777
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:-System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6778
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6779
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6780
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{D16923D7-7E6E-460B-96F0-E321211AA496}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}"
              }
            ],
            "repeated": 0,
            "id": 6781
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6782
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6783
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "{d34ade43-45bd-44ae-84b7-3bcc998826e2}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}"
              }
            ],
            "repeated": 0,
            "id": 6784
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D34ADE43-45BD-44AE-84B7-3BCC998826E2}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D34ADE43-45BD-44AE-84B7-3BCC998826E2}"
              }
            ],
            "repeated": 0,
            "id": 6785
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D34ADE43-45BD-44AE-84B7-3BCC998826E2}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D34ADE43-45BD-44AE-84B7-3BCC998826E2}"
              }
            ],
            "repeated": 0,
            "id": 6786
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6787
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6788
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6789
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6790
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6791
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6792
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6793
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6794
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6795
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6796
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6797
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6798
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6799
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6800
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6801
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6802
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6803
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6804
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Music.DisplayArtist;System.Music.AlbumTitle;System.Music.TrackNumber;System.Title"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6805
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6806
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6807
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{d34ade43-45bd-44ae-84b7-3bcc998826e2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}"
              }
            ],
            "repeated": 0,
            "id": 6808
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6809
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6810
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "{E21A4A59-E483-436d-B9F3-59225953AEF3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}"
              }
            ],
            "repeated": 0,
            "id": 6811
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aecc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6812
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436D-B9F3-59225953AEF3}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436D-B9F3-59225953AEF3}"
              }
            ],
            "repeated": 0,
            "id": 6813
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436D-B9F3-59225953AEF3}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436D-B9F3-59225953AEF3}"
              }
            ],
            "repeated": 0,
            "id": 6814
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6815
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6816
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6817
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6818
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6819
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6820
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6821
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6822
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6823
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6824
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6825
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6826
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6827
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Keywords"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6828
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6829
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Keywords"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6830
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6831
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6832
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6833
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6834
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Keywords"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6835
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6836
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6837
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{E21A4A59-E483-436d-B9F3-59225953AEF3}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}"
              }
            ],
            "repeated": 0,
            "id": 6838
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6839
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6840
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "{E3C50079-D524-4572-83CE-4C810C534095}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}"
              }
            ],
            "repeated": 0,
            "id": 6841
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}"
              }
            ],
            "repeated": 0,
            "id": 6842
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}"
              }
            ],
            "repeated": 0,
            "id": 6843
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6844
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6845
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6846
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6847
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6848
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6849
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6850
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6851
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6852
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6853
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6854
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6855
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6856
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Music.Genre"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6857
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6858
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Music.Genre"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6859
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6860
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6861
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6862
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6863
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:System.Music.Genre"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6864
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6865
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6866
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{E3C50079-D524-4572-83CE-4C810C534095}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}"
              }
            ],
            "repeated": 0,
            "id": 6867
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6868
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6869
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}"
              }
            ],
            "repeated": 0,
            "id": 6870
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e306000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6871
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e308000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6872
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E5E2E7F6-7A4B-45CE-8B40-9A8E3DD8B9A7}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E5E2E7F6-7A4B-45CE-8B40-9A8E3DD8B9A7}"
              }
            ],
            "repeated": 0,
            "id": 6873
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E5E2E7F6-7A4B-45CE-8B40-9A8E3DD8B9A7}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E5E2E7F6-7A4B-45CE-8B40-9A8E3DD8B9A7}"
              }
            ],
            "repeated": 0,
            "id": 6874
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6875
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6876
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6877
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6878
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6879
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6880
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6881
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6882
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6883
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6884
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6885
          },
          {
            "timestamp": "2026-03-05 10:24:39,275",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6886
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6887
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6888
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6889
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6890
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6891
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6892
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6893
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6894
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6895
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:-System.ItemDate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6896
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6897
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6898
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}"
              }
            ],
            "repeated": 0,
            "id": 6899
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6900
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6901
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              }
            ],
            "repeated": 0,
            "id": 6902
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c918",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              }
            ],
            "repeated": 0,
            "id": 6903
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b58c949",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              },
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              }
            ],
            "repeated": 0,
            "id": 6904
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6905
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NoName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6906
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Version"
              }
            ],
            "repeated": 0,
            "id": 6907
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "LogicalViewMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\LogicalViewMode"
              }
            ],
            "repeated": 0,
            "id": 6908
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "IconSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\IconSize"
              }
            ],
            "repeated": 0,
            "id": 6909
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6910
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "QueryType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\QueryType"
              }
            ],
            "repeated": 0,
            "id": 6911
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "HideFileNames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\HideFileNames"
              }
            ],
            "repeated": 0,
            "id": 6912
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "DateCategorizerInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\DateCategorizerInfo"
              }
            ],
            "repeated": 0,
            "id": 6913
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ChildViewID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ChildViewID"
              }
            ],
            "repeated": 0,
            "id": 6914
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupBy"
              }
            ],
            "repeated": 0,
            "id": 6915
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "GroupAscending"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupAscending"
              }
            ],
            "repeated": 0,
            "id": 6916
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6917
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "StackBy"
              },
              {
                "name": "Data",
                "value": "System.Rating"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\StackBy"
              }
            ],
            "repeated": 0,
            "id": 6918
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6919
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimaryProperty"
              },
              {
                "name": "Data",
                "value": "System.Rating"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimaryProperty"
              }
            ],
            "repeated": 0,
            "id": 6920
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "PrimarySettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimarySettings"
              }
            ],
            "repeated": 0,
            "id": 6921
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6922
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "ColumnList"
              },
              {
                "name": "Data",
                "value": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ColumnList"
              }
            ],
            "repeated": 0,
            "id": 6923
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6924
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "SortByList"
              },
              {
                "name": "Data",
                "value": "prop:-System.Rating"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\SortByList"
              }
            ],
            "repeated": 0,
            "id": 6925
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6926
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6927
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000498"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}"
              }
            ],
            "repeated": 0,
            "id": 6928
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "ValueName",
                "value": "Order"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Order"
              }
            ],
            "repeated": 0,
            "id": 6929
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b58c27c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 6930
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1b5",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\"
              }
            ],
            "repeated": 0,
            "id": 6931
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97b58c1d1",
            "parentcaller": "0x7ff97b59833a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 6932
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 6933
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff97b598365",
            "parentcaller": "0x7ff97b598021",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6934
          },
          {
            "timestamp": "2026-03-05 10:24:39,291",
            "thread_id": "2452",
            "caller": "0x7ff979d9034e",
            "parentcaller": "0x7ff979db3726",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8967F85-58AE-4F46-9FB2-5D7904798F4B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6935
          },
          {
            "timestamp": "2026-03-05 10:24:40,228",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6936
          },
          {
            "timestamp": "2026-03-05 10:24:40,228",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6937
          },
          {
            "timestamp": "2026-03-05 10:24:40,228",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6938
          },
          {
            "timestamp": "2026-03-05 10:24:40,275",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6939
          },
          {
            "timestamp": "2026-03-05 10:24:40,291",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6940
          },
          {
            "timestamp": "2026-03-05 10:24:40,291",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6941
          },
          {
            "timestamp": "2026-03-05 10:24:41,509",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6942
          },
          {
            "timestamp": "2026-03-05 10:24:41,541",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6943
          },
          {
            "timestamp": "2026-03-05 10:24:41,541",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 6944
          },
          {
            "timestamp": "2026-03-05 10:24:41,541",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 6945
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}"
              },
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}"
              }
            ],
            "repeated": 0,
            "id": 6946
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 6947
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6948
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              }
            ],
            "repeated": 0,
            "id": 6949
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              }
            ],
            "repeated": 0,
            "id": 6950
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 6951
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6952
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6953
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc5\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x000\\xc6\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6954
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 6955
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6956
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 6957
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6958
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6959
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6960
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6961
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 6962
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 6963
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6964
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 6965
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 6966
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              }
            ],
            "repeated": 0,
            "id": 6967
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6968
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6969
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xc0\\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6970
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 6971
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6972
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 6973
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6974
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6975
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xc0\\xc4\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6976
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 6977
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6978
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 6979
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              }
            ],
            "repeated": 0,
            "id": 6980
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e30c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6981
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6982
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 6983
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6984
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6985
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc2\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00e\\x00m\\x00 \\x00A\\x00p\\x00a\\x00r\\x00t\\x00m\\x00e\\x00n\\x00t\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x00F\\x00a\\x00c\\x00t\\x00o\\x00r\\x00"
              }
            ],
            "repeated": 0,
            "id": 6986
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`P\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 1\\xa8{\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6987
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6988
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8e\\xebJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6989
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6990
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8&\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 6991
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00N\\xbf7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xd3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xd3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xe8\\xd2\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x08\\xd3\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6992
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0&\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xd1\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 6993
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6994
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc7\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8Rx\\x7f\\xf9\\x7f\\x00\\x00\\xf0\\xecl\\x7f\\xf9\\x7f\\x00\\x00H\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6995
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`,\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xa08\\xebJ\\xed\\x01\\x00\\x00\\xd0\\xbe\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\xa0\\x94\t\\x00\\x00\\xdd~\\x1e\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6996
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6997
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8a\\xebJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6998
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6999
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18T\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 7000
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xb27\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00x\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00H\\xcf\\xdf\\x0b\\xc6\\x00\\x00\\x00h\\xcf\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 7001
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10T\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 7002
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7003
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 7004
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 7005
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 7006
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7007
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aecd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7008
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xd8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00F\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00`\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x80\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xc8\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xc8\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7009
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 7010
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 7011
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7012
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xd8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00F\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00`\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x80\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xc8\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xc8\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7013
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 7014
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b583072",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7015
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b58221b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 7016
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97b5820f4",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7017
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97b582148",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xd8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00F\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00`\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x80\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xc8\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xc8\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7018
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5822d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 7019
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b582ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7020
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7021
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7022
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}"
              },
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}"
              }
            ],
            "repeated": 0,
            "id": 7023
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000476"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7024
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000476"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7025
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000476"
              }
            ],
            "repeated": 0,
            "id": 7026
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              }
            ],
            "repeated": 0,
            "id": 7027
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7028
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7029
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7030
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 7031
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7032
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7033
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xbf\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xc0\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7034
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7035
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7036
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7037
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7038
          },
          {
            "timestamp": "2026-03-05 10:24:41,556",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 7039
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7040
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7041
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7042
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7043
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7044
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7045
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 7046
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 7047
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7048
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7049
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xbe\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xbf\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7050
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7051
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7052
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7053
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7054
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7055
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xbe\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xbf\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7056
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7057
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7058
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000048a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7059
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              }
            ],
            "repeated": 0,
            "id": 7060
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7061
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7062
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7063
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7064
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xc8\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00.\\x00I\\x00t\\x00e\\x00m\\x00N\\x00a\\x00m\\x00e\\x00D\\x00i\\x00s\\x00p\\x00l\\x00a\\x00y\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7065
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xc03\\xebJ\\xed\\x01\\x00\\x00\\xc0j\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00L\\x00\\xb4\\x0e\\x00\\x00\\xdd~\\x1e\\xde\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7066
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7067
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8e\\xebJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7068
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7069
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8&\\xe6J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 7070
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xb07\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xc8\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x98\\xcd\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xcd\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 7071
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0&\\xe6J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xcb\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x98\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 7072
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7073
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc2\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00e\\x00m\\x00 \\x00A\\x00p\\x00a\\x00r\\x00t\\x00m\\x00e\\x00n\\x00t\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x00F\\x00a\\x00c\\x00t\\x00o\\x00r\\x00"
              }
            ],
            "repeated": 0,
            "id": 7074
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`,\\xe6J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\xa08\\xebJ\\xed\\x01\\x00\\x00\\xd0\\xbe\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\xa0\\x94\t\\x00\\x00\\xdd~\\x1e\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7075
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7076
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98b\\xebJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7077
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7078
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x]\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 7079
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xb47\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00(\\xca\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xf8\\xc9\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xca\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 7080
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p]\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xc8\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x98\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 7081
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7082
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7083
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}"
              },
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}"
              }
            ],
            "repeated": 0,
            "id": 7084
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7085
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7086
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              }
            ],
            "repeated": 0,
            "id": 7087
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 7088
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7089
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7090
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7091
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 7092
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7093
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7094
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x9a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xba\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7095
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7096
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7097
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000049a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7098
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7099
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 7100
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7101
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7102
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7103
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7104
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7105
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7106
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 7107
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048a"
              }
            ],
            "repeated": 0,
            "id": 7108
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7109
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7110
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x9a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xb8\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7111
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7112
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7113
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000049a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7114
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7115
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7116
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x9a\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xb8\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7117
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7118
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7119
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000049a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7120
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 7121
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7122
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7123
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7124
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7125
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc2\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00e\\x00m\\x00 \\x00A\\x00p\\x00a\\x00r\\x00t\\x00m\\x00e\\x00n\\x00t\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x00F\\x00a\\x00c\\x00t\\x00o\\x00r\\x00"
              }
            ],
            "repeated": 0,
            "id": 7126
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aefe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7127
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xe2\\xefJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7128
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7129
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8=\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7130
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7131
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xe2\\xefJ\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 7132
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00>\\xcb7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00H\\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x18\\xc7\\xdf\\x0b\\xc6\\x00\\x00\\x008\\xc7\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 7133
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xe2\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xc5\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x88\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 7134
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7135
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xc2\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00e\\x00l\\x00l\\x00 \\x00N\\x00a\\x00m\\x00e\\x00s\\x00p\\x00a\\x00c\\x00e\\x00 \\x00h\\x00e\\x00l\\x00p\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7136
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xe8\\xefJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7137
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7138
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h>\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7139
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7140
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xe5\\xefJ\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 7141
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xde\\xce7\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\xa8\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00x\\xc3\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x98\\xc3\\xdf\\x0b"
              }
            ],
            "repeated": 0,
            "id": 7142
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe5\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x88\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 7143
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7144
          },
          {
            "timestamp": "2026-03-05 10:24:41,572",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7145
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 7146
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7147
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7148
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xd8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00F\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00`\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x80\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xc8\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xc8\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7149
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7150
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7151
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7152
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xd8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00F\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00`\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x80\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xc8\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xc8\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7153
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7154
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b583072",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7155
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b58221b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000488"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7156
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97b5820f4",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7157
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97b582148",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xd8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xc6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00F\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00`\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x80\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xc8\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xc8\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xc8\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7158
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5822d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7159
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b582ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 7160
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7161
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6592"
              }
            ],
            "repeated": 0,
            "id": 7162
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000480"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0d1a0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 7163
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000480",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0d1a0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 7164
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000480"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              },
              {
                "name": "ProcessId",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 7165
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 7166
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25f99",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7167
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e30e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7168
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7169
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4af0d1a0"
              }
            ],
            "repeated": 0,
            "id": 7170
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7171
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 7172
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "6592",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7173
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 7174
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000048c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7175
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7176
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7177
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7178
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7179
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 7180
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7181
          },
          {
            "timestamp": "2026-03-05 10:24:41,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 7182
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\StructuredQuery"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96c930000"
              }
            ],
            "repeated": 0,
            "id": 7183
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7184
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7185
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7186
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7187
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00 \\xd5\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xe8\\xd5\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xd6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00V\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00p\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xd7\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd7\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7188
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7189
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7190
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7191
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00 \\xd5\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xe8\\xd5\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xd6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00V\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00p\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xd7\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd7\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7192
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7193
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b583072",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 7194
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b58221b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7195
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97b5820f4",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7196
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97b582148",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00 \\xd5\\xecJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xe8\\xd5\\xecJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xd6\\xecJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00V\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00p\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xd7\\xecJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\xd7\\xecJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd7\\xecJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7197
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5822d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7198
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b582ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 7199
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5056",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5056"
              }
            ],
            "repeated": 0,
            "id": 7200
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5056",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7201
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 7202
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e312000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7203
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e313000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7204
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e314000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7205
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7206
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "2392",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 7207
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 7208
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7209
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 7210
          },
          {
            "timestamp": "2026-03-05 10:24:41,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\StructuredQuery.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c930000"
              }
            ],
            "repeated": 0,
            "id": 7211
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "3764",
            "caller": "0x7ff979d9034e",
            "parentcaller": "0x7ff979db3726",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8967F85-58AE-4F46-9FB2-5D7904798F4B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7212
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e30f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7213
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7214
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7215
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7216
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 7217
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000550"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7218
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7219
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2452",
            "caller": "0x7ff97b5863dc",
            "parentcaller": "0x7ff97b58e5e7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7220
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c9d1000"
              },
              {
                "name": "ModuleName",
                "value": "StructuredQuery.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7221
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c9d1000"
              },
              {
                "name": "ModuleName",
                "value": "StructuredQuery.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7222
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2452",
            "caller": "0x7ff96c94dc90",
            "parentcaller": "0x7ff96c9514ea",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7223
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\Windows.Storage.Search"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95e760000"
              }
            ],
            "repeated": 0,
            "id": 7224
          },
          {
            "timestamp": "2026-03-05 10:24:41,681",
            "thread_id": "3764",
            "caller": "0x7ff97b5863dc",
            "parentcaller": "0x7ff97b58e5e7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7225
          },
          {
            "timestamp": "2026-03-05 10:24:41,697",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7226
          },
          {
            "timestamp": "2026-03-05 10:24:41,728",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.Search.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e760000"
              }
            ],
            "repeated": 0,
            "id": 7227
          },
          {
            "timestamp": "2026-03-05 10:24:41,728",
            "thread_id": "2452",
            "caller": "0x7ff97b588856",
            "parentcaller": "0x7ff97b58e605",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6746C347-576B-4F73-9012-CDFEEA251BC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "54410B83-6787-4418-9735-5AAAABE83A9A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7228
          },
          {
            "timestamp": "2026-03-05 10:24:41,728",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.Search.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e760000"
              }
            ],
            "repeated": 0,
            "id": 7229
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97b588856",
            "parentcaller": "0x7ff97b58e605",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6746C347-576B-4F73-9012-CDFEEA251BC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "54410B83-6787-4418-9735-5AAAABE83A9A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7230
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e319000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7231
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e31c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7232
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e31b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7233
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e31a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7234
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7235
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e81e000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7236
          },
          {
            "timestamp": "2026-03-05 10:24:41,744",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e81e000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7237
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "3764",
            "caller": "0x7ff97fce84c4",
            "parentcaller": "0x7ff97fcfd176",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 7238
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7239
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fce84c4",
            "parentcaller": "0x7ff97fcfd176",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 7240
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "3764",
            "caller": "0x7ff97fdca37d",
            "parentcaller": "0x7ff97fd64a40",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 7241
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "3764",
            "caller": "0x7ff97fd64a96",
            "parentcaller": "0x7ff97fcfd176",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 7242
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fdca37d",
            "parentcaller": "0x7ff97fd64a40",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 7243
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fd64a96",
            "parentcaller": "0x7ff97fcfd176",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 7244
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "3764",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\windows.storage.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 7245
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbbc2",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000055c"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\windows.storage.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 7246
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000560"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07c850"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7247
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbc1c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 7248
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fcbf7b0",
            "parentcaller": "0x7ff97fce53ea",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 7249
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97fcbf7bd",
            "parentcaller": "0x7ff97fce53ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 7250
          },
          {
            "timestamp": "2026-03-05 10:24:41,759",
            "thread_id": "2452",
            "caller": "0x7ff97b58ebdd",
            "parentcaller": "0x7ff97b58e63a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C1800C1-3258-44C2-BE80-3DEADB6C5E39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "FDADA2FA-894D-47D8-AE78-ADF1FD7F28DF"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7251
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "2392",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ae8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7252
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "2392",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00X\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2392"
              }
            ],
            "repeated": 0,
            "id": 7253
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7254
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "7136",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7255
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 7256
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "7136",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 7257
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000056c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7258
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7259
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7260
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7261
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7262
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff979d9034e",
            "parentcaller": "0x7ff979db3726",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8967F85-58AE-4F46-9FB2-5D7904798F4B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7263
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97b5863dc",
            "parentcaller": "0x7ff97b58e5e7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7264
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e325000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7265
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97b629b05",
            "parentcaller": "0x7ff97b4f96e0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7266
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7267
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97b588856",
            "parentcaller": "0x7ff97b58e605",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6746C347-576B-4F73-9012-CDFEEA251BC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "54410B83-6787-4418-9735-5AAAABE83A9A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7268
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7269
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3424",
            "caller": "0x7ff97b58ebdd",
            "parentcaller": "0x7ff97b58e63a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C1800C1-3258-44C2-BE80-3DEADB6C5E39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "FDADA2FA-894D-47D8-AE78-ADF1FD7F28DF"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7270
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e310000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7271
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3376",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7272
          },
          {
            "timestamp": "2026-03-05 10:24:41,791",
            "thread_id": "3376",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 7273
          },
          {
            "timestamp": "2026-03-05 10:24:41,822",
            "thread_id": "3764",
            "caller": "0x7ff97b58ea81",
            "parentcaller": "0x7ff97b58e9d1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6E682784-1ECA-4CF2-988D-96B6E89E9A4D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C0A6C367-C264-4385-A704-9088BDC3640E"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7274
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e326000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7275
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e81e000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7276
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b58e6ca",
            "parentcaller": "0x7ff97b58f0aa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6E682784-1ECA-4CF2-988D-96B6E89E9A4D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C0A6C367-C264-4385-A704-9088BDC3640E"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7277
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7278
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7279
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c9d1000"
              },
              {
                "name": "ModuleName",
                "value": "StructuredQuery.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7280
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c9d1000"
              },
              {
                "name": "ModuleName",
                "value": "StructuredQuery.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7281
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e81e000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7282
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e81e000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7283
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7284
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7285
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7286
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7287
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7288
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7289
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7290
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7291
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7292
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7293
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7294
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000584"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7295
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7296
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7297
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7298
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b67d0ca",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 7299
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b67d0ff",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 7300
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b67617d",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000586"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7301
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000586"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7302
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000586"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7303
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x86\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xc4\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7304
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7305
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000586"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7306
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000586"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7307
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc3\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x86\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xc4\\xef\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7308
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7309
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97b67625a",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000586"
              }
            ],
            "repeated": 0,
            "id": 7310
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7311
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7312
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7313
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7314
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7315
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7316
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7317
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7318
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7319
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7320
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\apphelp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 7321
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b67d0ff",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 7322
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b67617d",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x0000057e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7323
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7324
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7325
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00~\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7326
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7327
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7328
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7329
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc1\\xdf\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00~\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xc2\\xdf\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7330
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7331
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97b67625a",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057e"
              }
            ],
            "repeated": 0,
            "id": 7332
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3424",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 7333
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000588"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000584"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\apphelp.dll"
              }
            ],
            "repeated": 0,
            "id": 7334
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000588"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00090000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7335
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac71000"
              },
              {
                "name": "ModuleName",
                "value": "apphelp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7336
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac71000"
              },
              {
                "name": "ModuleName",
                "value": "apphelp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7337
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac71000"
              },
              {
                "name": "ModuleName",
                "value": "apphelp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7338
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac71000"
              },
              {
                "name": "ModuleName",
                "value": "apphelp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7339
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac70000"
              },
              {
                "name": "ModuleName",
                "value": "apphelp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7340
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 7341
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7342
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac70000"
              },
              {
                "name": "ModuleName",
                "value": "apphelp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7343
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\apphelp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97ac20000"
              }
            ],
            "repeated": 0,
            "id": 7344
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b58ea81",
            "parentcaller": "0x7ff97b58e9d1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6E682784-1ECA-4CF2-988D-96B6E89E9A4D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C0A6C367-C264-4385-A704-9088BDC3640E"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7345
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7346
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7347
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7348
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7349
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7350
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 7351
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7352
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7353
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 7354
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7355
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7356
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7357
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 7358
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b67d0ca",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 7359
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b67d0ff",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 7360
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b67617d",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x0000058e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7361
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7362
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7363
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc7\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8e\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xc8\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7364
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7365
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7366
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7367
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc7\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x8e\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xc8\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7368
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7369
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97b67625a",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058e"
              }
            ],
            "repeated": 0,
            "id": 7370
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "2452",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7371
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97ac2ff08",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 7372
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97ac2ff08",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 7373
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97ac2ff26",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetNtSystemRoot"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcc6bb0"
              }
            ],
            "repeated": 0,
            "id": 7374
          },
          {
            "timestamp": "2026-03-05 10:24:41,837",
            "thread_id": "3764",
            "caller": "0x7ff97ac2654f",
            "parentcaller": "0x7ff97ac24141",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000588"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags"
              }
            ],
            "repeated": 0,
            "id": 7375
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97ac24333",
            "parentcaller": "0x7ff97ac242c3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000588"
              },
              {
                "name": "ValueName",
                "value": "LogFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\LogFlags"
              }
            ],
            "repeated": 0,
            "id": 7376
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97ac241a7",
            "parentcaller": "0x7ff97ac23fe4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 7377
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff97ac2455d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-eventing-provider-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 7378
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97ac24576",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf2b30"
              }
            ],
            "repeated": 0,
            "id": 7379
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7380
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\apphelp"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ac20000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97ac30880"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7381
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7382
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7383
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97ac24b11",
            "parentcaller": "0x7ff97ac249c5",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{04731b67-d933-450a-90e6-4acd2e9408fe}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731b67-d933-450a-90e6-4acd2e9408fe}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7384
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97ac24b7b",
            "parentcaller": "0x7ff97ac249c5",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7385
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97ac24c32",
            "parentcaller": "0x7ff97ac249c5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 7386
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97ac246b9",
            "parentcaller": "0x7ff97b5e8067",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95e760000"
              }
            ],
            "repeated": 0,
            "id": 7387
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5d2c89",
            "parentcaller": "0x7ff97b5e80b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x0000058e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7388
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5d2ca1",
            "parentcaller": "0x7ff97b5e80b0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058e"
              }
            ],
            "repeated": 0,
            "id": 7389
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7390
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7391
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
              }
            ],
            "repeated": 0,
            "id": 7392
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b5d2fad",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\xe0+\\xe0\\x11\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF"
              }
            ],
            "repeated": 0,
            "id": 7393
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b5d2fad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 7394
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7395
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7396
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions"
              }
            ],
            "repeated": 0,
            "id": 7397
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b5d2d69",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "HasFlushedShellExtCache"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache"
              }
            ],
            "repeated": 0,
            "id": 7398
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b5d2d69",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 7399
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 7400
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97ac24b11",
            "parentcaller": "0x7ff97ac249c5",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{04731b67-d933-450a-90e6-4acd2e9408fe}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731b67-d933-450a-90e6-4acd2e9408fe}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7401
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97ac24b7b",
            "parentcaller": "0x7ff97ac249c5",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7402
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97ac24c32",
            "parentcaller": "0x7ff97ac249c5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7403
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95e760000"
              }
            ],
            "repeated": 0,
            "id": 7404
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7405
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97b5d2c89",
            "parentcaller": "0x7ff97b5e80b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000596"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7406
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97b5d2ca1",
            "parentcaller": "0x7ff97b5e80b0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000596"
              }
            ],
            "repeated": 0,
            "id": 7407
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7408
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7409
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97d6df040",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7410
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7411
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7412
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7413
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b5d2fad",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\xe0+\\xe0\\x11\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF"
              }
            ],
            "repeated": 0,
            "id": 7414
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7415
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7416
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7417
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7418
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7419
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7420
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b5d2d69",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "HasFlushedShellExtCache"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache"
              }
            ],
            "repeated": 0,
            "id": 7421
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b5d2d69",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7422
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7423
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 7424
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7425
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7426
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 7427
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7428
          },
          {
            "timestamp": "2026-03-05 10:24:41,853",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7429
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aedc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7430
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aedd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7431
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7432
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7433
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7434
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7435
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7436
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7437
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7438
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7439
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7440
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7441
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7442
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7443
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7444
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7445
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7446
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7447
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aede000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7448
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7449
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7450
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7451
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 3,
            "id": 7452
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7453
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7454
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7455
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7456
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7457
          },
          {
            "timestamp": "2026-03-05 10:24:41,869",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7458
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 3,
            "id": 7459
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7460
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7461
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7462
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7463
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7464
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7465
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7466
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7467
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7468
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7469
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7470
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b61ac4f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7471
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7472
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b61ac4f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7473
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b66be21",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7474
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7475
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7476
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7477
          },
          {
            "timestamp": "2026-03-05 10:24:41,884",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7478
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7479
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7480
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7481
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7482
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7483
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7484
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7485
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7486
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7487
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7488
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7489
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e329000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7490
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7491
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7492
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7493
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b66bce9",
            "parentcaller": "0x7ff97b66bc65",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "807E5A10-4856-4F9A-8E3C-A1F7E75648B3"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "7F73BE3F-FB79-493C-A6C7-7EE14E245841"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7494
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7495
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7496
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7497
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7498
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7499
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7500
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7501
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7502
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7503
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7504
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7505
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7506
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7507
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7508
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7509
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7510
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7511
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7512
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7513
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7514
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7515
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7516
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7517
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7518
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7519
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7520
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7521
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7522
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7523
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7524
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7525
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7526
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7527
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7528
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7529
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7530
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7531
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7532
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7533
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7534
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7535
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7536
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7537
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7538
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7539
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7540
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7541
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7542
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7543
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7544
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7545
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7546
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7547
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7548
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7549
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7550
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7551
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7552
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7553
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7554
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7555
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7556
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7557
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7558
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7559
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7560
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7561
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7562
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7563
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7564
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7565
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7566
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7567
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7568
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7569
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7570
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7571
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7572
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7573
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7574
          },
          {
            "timestamp": "2026-03-05 10:24:41,900",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7575
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b5883eb",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7576
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7577
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 7578
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7579
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\x9b2N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x9c2N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x9c2N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x9d2N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x9d2N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x9d2N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x9d2N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x9d2N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7580
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 7581
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 7582
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7583
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\x9b2N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x9c2N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x9c2N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x9d2N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x9d2N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x9d2N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x9d2N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x9d2N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7584
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 7585
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b583072",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 7586
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b58221b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 7587
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97b5820f4",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7588
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97b582148",
            "parentcaller": "0x7ff97b5822c5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\x9b2N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\x9c2N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x9c2N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x9d2N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\x9d2N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x9d2N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x9d2N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\x9d2N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x9d2N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7589
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5822d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 7590
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b582ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 7591
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7592
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7593
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7594
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7595
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7596
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7597
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7598
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7599
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b61ac4f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7600
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7601
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 7602
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7603
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7604
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 7605
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7606
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7607
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 7608
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7609
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7610
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7611
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7612
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 7613
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7614
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97b68860a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "User32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              }
            ],
            "repeated": 0,
            "id": 7615
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b68862c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDpiForWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7f3f40"
              }
            ],
            "repeated": 0,
            "id": 7616
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b688649",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetricsForDpi"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7f0bc0"
              }
            ],
            "repeated": 0,
            "id": 7617
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7618
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b688666",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowDpiAwarenessContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f7f3420"
              }
            ],
            "repeated": 0,
            "id": 7619
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b688683",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f7e0000"
              },
              {
                "name": "FunctionName",
                "value": "AreDpiAwarenessContextsEqual"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f8092a0"
              }
            ],
            "repeated": 0,
            "id": 7620
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7621
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7622
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7623
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7624
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7625
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7626
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7627
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7628
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7629
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7630
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7631
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7632
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7633
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7634
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7635
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7636
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7637
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7638
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7639
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7640
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7641
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7642
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7643
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7644
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7645
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b66bce9",
            "parentcaller": "0x7ff97b66bc65",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "807E5A10-4856-4F9A-8E3C-A1F7E75648B3"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "7F73BE3F-FB79-493C-A6C7-7EE14E245841"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7646
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7647
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7648
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7649
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7650
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7651
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7652
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7653
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7654
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7655
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7656
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7657
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7658
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7659
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7660
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7661
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7662
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7663
          },
          {
            "timestamp": "2026-03-05 10:24:41,916",
            "thread_id": "3424",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7664
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7665
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7666
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7667
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7668
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7669
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7670
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7671
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7672
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7673
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7674
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7675
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7676
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7677
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7678
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7679
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7680
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7681
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7682
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7683
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7684
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7685
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7686
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7687
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7688
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7689
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7690
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7691
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7692
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7693
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7694
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7695
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7696
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7697
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7698
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7699
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7700
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7701
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 7702
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7703
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7704
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7705
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7706
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7707
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7708
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7709
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7710
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7711
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7712
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7713
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7714
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7715
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7716
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7717
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7718
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7719
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7720
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7721
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7722
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7723
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7724
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7725
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7726
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7727
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7728
          },
          {
            "timestamp": "2026-03-05 10:24:41,931",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7729
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7730
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7731
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7732
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7733
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7734
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7735
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7736
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7737
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7738
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 7739
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7740
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7741
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 7742
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7743
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7744
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7745
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 7746
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7747
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7748
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7749
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7750
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7751
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7752
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7753
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7754
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7755
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7756
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7757
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7758
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7759
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7760
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7761
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7762
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b5883eb",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7763
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3424",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7764
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7765
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b61ac4f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7766
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b66be21",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7767
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7768
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7769
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7770
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7771
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7772
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7773
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7774
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7775
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7776
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7777
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7778
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7779
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7780
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7781
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7782
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7783
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7784
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7785
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7786
          },
          {
            "timestamp": "2026-03-05 10:24:41,947",
            "thread_id": "3764",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7787
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7788
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7789
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7790
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7791
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7792
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7793
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7794
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7795
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7796
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7797
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e330000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7798
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b66bce9",
            "parentcaller": "0x7ff97b66bc65",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "807E5A10-4856-4F9A-8E3C-A1F7E75648B3"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "7F73BE3F-FB79-493C-A6C7-7EE14E245841"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7799
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7800
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7801
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7802
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7803
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7804
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7805
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7806
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7807
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7808
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7809
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7810
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7811
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7812
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7813
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7814
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7815
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7816
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7817
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7818
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7819
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7820
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7821
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7822
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7823
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7824
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7825
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7826
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7827
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e331000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7828
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7829
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7830
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7831
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7832
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7833
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7834
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7835
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7836
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7837
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7838
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7839
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7840
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7841
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7842
          },
          {
            "timestamp": "2026-03-05 10:24:41,962",
            "thread_id": "3764",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7843
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7844
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7845
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7846
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7847
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7848
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7849
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7850
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7851
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7852
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7853
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7854
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7855
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7856
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7857
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7858
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7859
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7860
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7861
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7862
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7863
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7864
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7865
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7866
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7867
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7868
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7869
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7870
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7871
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7872
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7873
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7874
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7875
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7876
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7877
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7878
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7879
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7880
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7881
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7882
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7883
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7884
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7885
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7886
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e343000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7887
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7888
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7889
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7890
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7891
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7892
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7893
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7894
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7895
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7896
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7897
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7898
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7899
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7900
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7901
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7902
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7903
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7904
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7905
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7906
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7907
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7908
          },
          {
            "timestamp": "2026-03-05 10:24:41,978",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 7909
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7910
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7911
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7912
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7913
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 7914
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7915
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7916
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7917
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7918
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b5883eb",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7919
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "3764",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7920
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 7921
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b5c51d4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7922
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e344000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7923
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e345000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7924
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff95e792cd2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 7925
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff95e795739",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 7926
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e346000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7927
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e341000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7928
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7929
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7930
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7931
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 7932
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 7933
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7934
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7935
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7936
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 7937
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 7938
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7939
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7940
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7941
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7942
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7943
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7944
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7945
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7946
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7947
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7948
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7949
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7950
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7951
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7952
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7953
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7954
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e348000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7955
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7956
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e34a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7957
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7958
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 7959
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7960
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 7961
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 7962
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7963
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7964
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7965
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7966
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7967
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 7968
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 7969
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7970
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7971
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 7972
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 7973
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7974
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7975
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 7976
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 7977
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7978
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7979
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7980
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 7981
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 7982
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7983
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7984
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7985
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7986
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 7987
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x000005be"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 7988
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7989
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 7990
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 7991
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 7992
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000005c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 7993
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7994
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7995
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc3'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xc4'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7996
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 7997
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7998
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 7999
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000005c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 8000
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8001
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8002
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc3'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc6\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xc4'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8003
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 8004
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8005
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 8006
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005be"
              }
            ],
            "repeated": 0,
            "id": 8007
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c2"
              }
            ],
            "repeated": 0,
            "id": 8008
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c6"
              }
            ],
            "repeated": 0,
            "id": 8009
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e359000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8010
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8011
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e35a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8012
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8013
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8014
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8015
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8016
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8017
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c4"
              }
            ],
            "repeated": 0,
            "id": 8018
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8019
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8020
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              }
            ],
            "repeated": 0,
            "id": 8021
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8022
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8023
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8024
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              }
            ],
            "repeated": 0,
            "id": 8025
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8026
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8027
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8028
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e332000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8029
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8030
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e333000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8031
          },
          {
            "timestamp": "2026-03-05 10:24:41,994",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e31e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8032
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff95e77f7fc",
            "parentcaller": "0x7ff95e76f061",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8033
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5a9430",
            "parentcaller": "0x7ff97b5eeafc",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C0F439D-7C29-4BDE-8952-4EEB6A49E048"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "BF2D36D6-72A6-4EE1-8553-3D90AA88800F"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8034
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff95e77ff81",
            "parentcaller": "0x7ff95e771b87",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8035
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8036
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8037
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8038
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8039
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8040
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8041
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8042
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8043
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8044
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8045
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8046
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8047
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8048
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b67d0ca",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 8049
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b67d0ff",
            "parentcaller": "0x7ff97b5e8031",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 8050
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b67617d",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              },
              {
                "name": "Handle",
                "value": "0x000005c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 8051
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8052
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8053
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdc'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xdd'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8054
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 8055
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d717658",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8056
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8057
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdc'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xdd'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8058
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d717608",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 8059
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97b67625a",
            "parentcaller": "0x7ff97b676104",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c2"
              }
            ],
            "repeated": 0,
            "id": 8060
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97ac24b11",
            "parentcaller": "0x7ff97ac249c5",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1685d4ab-a51b-4af1-a4e5-cee87002431d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685d4ab-a51b-4af1-a4e5-cee87002431d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8061
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97ac24b7b",
            "parentcaller": "0x7ff97ac249c5",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8062
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97ac24c32",
            "parentcaller": "0x7ff97ac249c5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8063
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97ac246b9",
            "parentcaller": "0x7ff97b5e8067",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Windows.Storage.Search.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95e760000"
              }
            ],
            "repeated": 0,
            "id": 8064
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8065
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8066
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
              }
            ],
            "repeated": 0,
            "id": 8067
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b5d2e40",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": "{1685D4AB-A51B-4AF1-A4E5-CEE87002431D} {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} 0x401"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D} {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} 0x401"
              }
            ],
            "repeated": 0,
            "id": 8068
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b5d2e40",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8069
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8070
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8071
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions"
              }
            ],
            "repeated": 0,
            "id": 8072
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b5d2d69",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": "HasFlushedShellExtCache"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache"
              }
            ],
            "repeated": 0,
            "id": 8073
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b5d2d69",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8074
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b5c51d4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8075
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e34c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8076
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8077
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e35f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8078
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8079
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8080
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8081
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8082
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8083
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8084
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8085
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8086
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8087
          },
          {
            "timestamp": "2026-03-05 10:24:42,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8088
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8089
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8090
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8091
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8092
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8093
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8094
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8095
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8096
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8097
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8098
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8099
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8100
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8101
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8102
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8103
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8104
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8105
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8106
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8107
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8108
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8109
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8110
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8111
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8112
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8113
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8114
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8115
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8116
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8117
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8118
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8119
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8120
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8121
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8122
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8123
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8124
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8125
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e334000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8126
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8127
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8128
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8129
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8130
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8131
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8132
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8133
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8134
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8135
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8136
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8137
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8138
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8139
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8140
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8141
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8142
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8143
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8144
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8145
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8146
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8147
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8148
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8149
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8150
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8151
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8152
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8153
          },
          {
            "timestamp": "2026-03-05 10:24:42,025",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8154
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8155
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8156
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8157
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8158
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8159
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8160
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8161
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8162
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8163
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8164
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8165
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8166
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8167
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8168
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8169
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8170
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8171
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8172
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8173
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8174
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8175
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8176
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8177
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8178
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8179
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8180
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8181
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8182
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8183
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8184
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e335000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8185
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e320000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8186
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e77f7fc",
            "parentcaller": "0x7ff95e76f061",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8187
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5a9430",
            "parentcaller": "0x7ff97b5eeafc",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C0F439D-7C29-4BDE-8952-4EEB6A49E048"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "BF2D36D6-72A6-4EE1-8553-3D90AA88800F"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8188
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e77ff81",
            "parentcaller": "0x7ff95e771b87",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8189
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8190
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8191
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8192
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8193
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8194
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8195
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8196
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8197
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8198
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8199
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8200
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8201
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8202
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b684ae8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1685D4AB-A51B-4AF1-A4E5-CEE87002431D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0C733A8A-2A1C-11CE-ADE5-00AA0044773D"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8203
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 8204
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff95e77008d",
            "parentcaller": "0x7ff95e7729f9",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8205
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b5c51d4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8206
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8207
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8208
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8209
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8210
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8211
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8212
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8213
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8214
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8215
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8216
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8217
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8218
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8219
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8220
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8221
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979d8b172",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8222
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8223
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8224
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8225
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8226
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              }
            ],
            "repeated": 0,
            "id": 8227
          },
          {
            "timestamp": "2026-03-05 10:24:42,041",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8228
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8229
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "WholeFileSystem"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WholeFileSystem"
              }
            ],
            "repeated": 0,
            "id": 8230
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8231
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8232
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8233
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "SystemFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\SystemFolders"
              }
            ],
            "repeated": 0,
            "id": 8234
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8235
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8236
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8237
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8238
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8239
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8240
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8241
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8242
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8243
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8244
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8245
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8246
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "NoSearchFullText"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSearchFullText"
              }
            ],
            "repeated": 0,
            "id": 8247
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8248
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e362000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8249
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8250
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8251
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              }
            ],
            "repeated": 0,
            "id": 8252
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8253
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff979d9034e",
            "parentcaller": "0x7ff979db3726",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8967F85-58AE-4F46-9FB2-5D7904798F4B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8254
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8255
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff95e7805c8",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8256
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff95e780656",
            "parentcaller": "0x7ff95e76aac3",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8257
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8258
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff95e780680",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8259
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c9d1000"
              },
              {
                "name": "ModuleName",
                "value": "StructuredQuery.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8260
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c9d1000"
              },
              {
                "name": "ModuleName",
                "value": "StructuredQuery.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8261
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c94128d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 8262
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8263
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c94128d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 10,
            "id": 8264
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8265
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8266
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c93fb62",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 6,
            "id": 8267
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8268
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8269
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8270
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8271
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8272
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8273
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences"
              }
            ],
            "repeated": 0,
            "id": 8274
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff96c93a1a7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "WriteLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog"
              }
            ],
            "repeated": 0,
            "id": 8275
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8276
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff96c93a1a7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8277
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8278
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8279
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97b5848e1",
            "parentcaller": "0x7ff97b585f81",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8280
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 8281
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b58492d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8282
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8283
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8284
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8285
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8286
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8287
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8288
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8289
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e364000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8290
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8291
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e336000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8292
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8293
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8294
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8295
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8296
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8297
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8298
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8299
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8300
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8301
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8302
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8303
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8304
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8305
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8306
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8307
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8308
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8309
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8310
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8311
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8312
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8313
          },
          {
            "timestamp": "2026-03-05 10:24:42,056",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8314
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8315
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8316
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8317
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8318
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8319
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8320
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8321
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8322
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8323
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8324
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8325
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8326
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8327
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8328
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8329
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8330
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8331
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8332
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8333
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8334
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8335
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8336
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e350000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8337
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8338
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e7812f2",
            "parentcaller": "0x7ff95e78109a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8339
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e77c333",
            "parentcaller": "0x7ff95e779609",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8340
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8341
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8342
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8343
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 8344
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8345
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8346
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8DE9C74C-605A-4ACD-BEE3-2B222AA2D23D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8347
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c935ed6",
            "parentcaller": "0x7ff96c934fe8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8348
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff95e77c375",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "116F8D13-101E-4FA5-84D4-FF8279381935"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8349
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff96c9360d1",
            "parentcaller": "0x7ff96c936111",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "52F15C89-5A17-48E1-BBCD-46A3F89C7CC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000415",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0FC988D4-C935-4B97-A973-46282EA175C8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8350
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8351
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8352
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8353
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcb30fd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ad23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8354
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e365000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8355
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e367000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8356
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e77f7fc",
            "parentcaller": "0x7ff95e76f061",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8357
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5a9430",
            "parentcaller": "0x7ff97b5eeafc",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C0F439D-7C29-4BDE-8952-4EEB6A49E048"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "BF2D36D6-72A6-4EE1-8553-3D90AA88800F"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8358
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e77ff81",
            "parentcaller": "0x7ff95e771b87",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8359
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8360
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8361
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8362
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8363
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8364
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8365
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8366
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8367
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8368
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8369
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8370
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8371
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8372
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b684ae8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1685D4AB-A51B-4AF1-A4E5-CEE87002431D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0C733A8A-2A1C-11CE-ADE5-00AA0044773D"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8373
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 8374
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff95e77008d",
            "parentcaller": "0x7ff95e7729f9",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8375
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979d8b172",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8376
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8377
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8378
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8379
          },
          {
            "timestamp": "2026-03-05 10:24:42,072",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              }
            ],
            "repeated": 0,
            "id": 8380
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff979d9034e",
            "parentcaller": "0x7ff979db3726",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8967F85-58AE-4F46-9FB2-5D7904798F4B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8381
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff95e7805c8",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8382
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff95e780656",
            "parentcaller": "0x7ff95e76aac3",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8383
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff95e780680",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8384
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c94128d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 8385
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8386
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c94128d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 15,
            "id": 8387
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff97b5848e1",
            "parentcaller": "0x7ff97b585f81",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8388
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 8389
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e36d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8390
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b58492d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8391
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b684ae8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1685D4AB-A51B-4AF1-A4E5-CEE87002431D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0C733A8A-2A1C-11CE-ADE5-00AA0044773D"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8392
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 8393
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff95e77008d",
            "parentcaller": "0x7ff95e7729f9",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8394
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979d8b172",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8395
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e36e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8396
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8397
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8398
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              }
            ],
            "repeated": 0,
            "id": 8399
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff979d9034e",
            "parentcaller": "0x7ff979db3726",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8967F85-58AE-4F46-9FB2-5D7904798F4B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8400
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff95e7805c8",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8401
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff95e780656",
            "parentcaller": "0x7ff95e76aac3",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8402
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff95e780680",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8403
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c94128d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 19,
            "id": 8404
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97b5848e1",
            "parentcaller": "0x7ff97b585f81",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8405
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 8406
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b58492d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8407
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e347000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8408
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aea7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8409
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x000\r\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3376"
              }
            ],
            "repeated": 0,
            "id": 8410
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8411
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8412
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97b584c9d",
            "parentcaller": "0x7ff97b5849c7",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000104e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8413
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b584961",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8414
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8415
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8416
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8417
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8418
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8419
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8420
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8421
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8422
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8423
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8424
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8425
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8426
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8427
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8428
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8429
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8430
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8431
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8432
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8433
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8434
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8435
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "NoViewOnDrive"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive"
              }
            ],
            "repeated": 0,
            "id": 8436
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8437
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8438
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "NoViewOnDrive"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive"
              }
            ],
            "repeated": 0,
            "id": 8439
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8440
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8441
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8442
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc5?\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8443
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000005e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 8444
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005e0"
              },
              {
                "name": "SubKey",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 8445
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 8446
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category"
              }
            ],
            "repeated": 0,
            "id": 8447
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Profile"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name"
              }
            ],
            "repeated": 0,
            "id": 8448
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 8449
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description"
              }
            ],
            "repeated": 0,
            "id": 8450
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 8451
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 8452
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 8453
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 8454
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 8455
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security"
              }
            ],
            "repeated": 0,
            "id": 8456
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 8457
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 8458
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 8459
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 8460
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 8461
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 8462
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 8463
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 8464
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 8465
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 8466
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 8467
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 8468
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 8469
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 8470
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p!6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8471
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8472
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8473
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 8474
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 8475
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 8476
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8477
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 8478
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d310000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8479
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d32c000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8480
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8481
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8482
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8483
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8484
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8485
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8486
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 8487
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8488
          },
          {
            "timestamp": "2026-03-05 10:24:42,087",
            "thread_id": "3376",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d310000"
              }
            ],
            "repeated": 0,
            "id": 8489
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 8490
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\profapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d310000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d318d30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8491
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8492
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8493
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 8494
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 8495
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 8496
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 8497
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e4"
              }
            ],
            "repeated": 0,
            "id": 8498
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8499
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8500
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8501
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8502
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8503
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8504
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8505
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8506
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8507
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8508
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8509
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e36f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8510
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8511
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8512
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8513
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8514
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8515
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8516
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8517
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8518
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8519
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8520
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e370000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8521
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e373000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8522
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e374000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8523
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e375000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8524
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8525
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8526
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8527
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8528
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8529
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8530
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c8"
              },
              {
                "name": "FileInformation",
                "value": "p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01\\xe7\\xee\\xa0\\x9e+\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8b\\xa8\\x01\\x00\\x00\\x00\\x03\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01\\xe7\\xee\\xa0\\x9e+\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00.\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8531
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97b65bb59",
            "parentcaller": "0x7ff97b5a1e81",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": false,
            "return": "0xffffffff80000006",
            "pretty_return": "NO_MORE_FILES",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c8"
              },
              {
                "name": "FileInformation",
                "value": ""
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8532
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8533
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8534
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "3376",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x000\r\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3376"
              }
            ],
            "repeated": 0,
            "id": 8535
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8536
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 8537
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1064"
              }
            ],
            "repeated": 0,
            "id": 8538
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97b584c9d",
            "parentcaller": "0x7ff97b5849c7",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000104e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8539
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e376000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8540
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8541
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8542
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8543
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8544
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8545
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8546
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8547
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8548
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8549
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8550
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e371000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8551
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8552
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8553
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8554
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8555
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8556
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8557
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8558
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8559
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8560
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8561
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8562
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8563
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8564
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8565
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8566
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8567
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8568
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8569
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8570
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8571
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8572
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8573
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8574
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8575
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 8576
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8577
          },
          {
            "timestamp": "2026-03-05 10:24:42,103",
            "thread_id": "1064",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8578
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8579
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8580
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 8581
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8582
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8583
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8584
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8585
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8586
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f0"
              },
              {
                "name": "FileInformation",
                "value": "p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01nA\\x9aG\\x8a\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8b\\xa8\\x01\\x00\\x00\\x00\\x03\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01nA\\x9aG\\x8a\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00.\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8587
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97b65bb59",
            "parentcaller": "0x7ff97b5a1e81",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": false,
            "return": "0xffffffff80000006",
            "pretty_return": "NO_MORE_FILES",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f0"
              },
              {
                "name": "FileInformation",
                "value": ""
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8588
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 8589
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8590
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e789936",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 8591
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648233",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 8592
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b584961",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 2,
            "id": 8593
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648233",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 8594
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8595
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "1064",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00(\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1064"
              }
            ],
            "repeated": 0,
            "id": 8596
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8597
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8598
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 8599
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x8a\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3864"
              }
            ],
            "repeated": 0,
            "id": 8600
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97b584c9d",
            "parentcaller": "0x7ff97b5849c7",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000104e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8601
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b584961",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 8602
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8603
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8604
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8605
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8606
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8607
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8608
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8609
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8610
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8611
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8612
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8613
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8614
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8615
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8616
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8617
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8618
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8619
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8620
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8621
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8622
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8623
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8624
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8625
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8626
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8627
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8628
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8629
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8630
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8631
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8632
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8633
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8634
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8635
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 8636
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8637
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8638
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8639
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8640
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 8641
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8642
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8643
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8644
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8645
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8646
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b8"
              },
              {
                "name": "FileInformation",
                "value": "p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01nA\\x9aG\\x8a\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8b\\xa8\\x01\\x00\\x00\\x00\\x03\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01nA\\x9aG\\x8a\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00.\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8647
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97b65bb59",
            "parentcaller": "0x7ff97b5a1e81",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": false,
            "return": "0xffffffff80000006",
            "pretty_return": "NO_MORE_FILES",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b8"
              },
              {
                "name": "FileInformation",
                "value": ""
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8648
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 8649
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8650
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e789936",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 1,
            "id": 8651
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648233",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 8652
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8653
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "3864",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x8a\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3864"
              }
            ],
            "repeated": 0,
            "id": 8654
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8655
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}"
              },
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}"
              }
            ],
            "repeated": 0,
            "id": 8656
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005aa"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8657
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "2452",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8658
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c2"
              }
            ],
            "repeated": 0,
            "id": 8659
          },
          {
            "timestamp": "2026-03-05 10:24:42,119",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              }
            ],
            "repeated": 0,
            "id": 8660
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8661
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8662
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8663
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc1\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8664
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8665
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8666
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8667
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8668
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 8669
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8670
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8671
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005aa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005de"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8672
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8673
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8674
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8675
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 8676
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 8677
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8678
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8679
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xbf\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xc0\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8680
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8681
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8682
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8683
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8684
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8685
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xbf\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xc0\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8686
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8687
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8688
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8689
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              }
            ],
            "repeated": 0,
            "id": 8690
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8691
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 8692
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 8693
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8694
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88L6N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8695
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x9d\\xe1J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00U\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8696
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8697
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x871N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8698
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8699
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xec\\xefJ\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8700
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb3\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xcf\\x07\\x0c\\xc6\\x00\\x00\\x00\\x08\\xcf\\x07\\x0c\\xc6\\x00\\x00\\x00\\xd8\\xce\\x07\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xce\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8701
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xec\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\xdc\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8702
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8703
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "hN6N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8704
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\xed\\xefJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00g\\x00r\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00t\\x00a\\x00r\\x00t\\x00 \\x00M\\x00e\\x00n\\x00"
              }
            ],
            "repeated": 0,
            "id": 8705
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8706
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x8f1N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8707
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8708
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8709
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xdb7N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8710
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00h\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x008\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00X\\xcb\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8711
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xdb7N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\xdc\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8712
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 8713
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 8714
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8715
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8716
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "3424",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8717
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8718
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27f400"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8719
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8720
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8721
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8722
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8723
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 8724
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6992",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e311000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8725
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0000000C-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0000000C-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 8726
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6992",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8727
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6992",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x1ed4ae02340"
              }
            ],
            "repeated": 0,
            "id": 8728
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6992",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e381000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8729
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005aa"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0000000c-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8730
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0000000c-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8731
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              }
            ],
            "repeated": 0,
            "id": 8732
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              }
            ],
            "repeated": 0,
            "id": 8733
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8734
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 8735
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 8736
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8737
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "HK6N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8738
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xda7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8739
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8740
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x156N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8741
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8742
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xda7N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8743
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x0e\\xcc\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00X\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00(\\xc2\\xf7\\x0b\\xc6\\x00\\x00\\x00H\\xc2\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 8744
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xda7N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xc0\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8745
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8746
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98[2N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8747
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd77N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8748
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8749
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x166N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8750
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8751
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd47N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8752
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xae\\xc3\\x1f\\xb8E\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xb8\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\x88\\xbe\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xa8\\xbe\\xf7\\x0b"
              }
            ],
            "repeated": 0,
            "id": 8753
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xd47N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xbc\\xf7\\x0b\\xc6\\x00\\x00\\x00\\xf0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8754
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 8755
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 8756
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "6592",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 8757
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8758
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8759
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000510"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7edd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8760
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 8761
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 8762
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 8763
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e363000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8764
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8765
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8766
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "7136",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 8767
          },
          {
            "timestamp": "2026-03-05 10:24:42,134",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 8768
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}"
              }
            ],
            "repeated": 0,
            "id": 8769
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8770
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8771
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 8772
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 8773
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8774
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8775
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8776
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8777
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8778
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8779
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc1/\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xc0\\xc2/\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8780
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8781
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8782
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8783
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8784
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 8785
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8786
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8787
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8788
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8789
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8790
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8791
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 8792
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 8793
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8794
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8795
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc0/\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xc1/\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8796
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8797
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8798
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8799
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8800
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8801
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc0/\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xc1/\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8802
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8803
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8804
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8805
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 8806
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8807
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 8808
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 8809
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8810
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(S2N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00#\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8811
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xda7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8812
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8813
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x136N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8814
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8815
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xd87N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8816
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xde\\xb2\\xc7\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xcf/\\x0c\\xc6\\x00\\x00\\x00\\xa8\\xcf/\\x0c\\xc6\\x00\\x00\\x00x\\xcf/\\x0c\\xc6\\x00\\x00\\x00\\x98\\xcf/\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8817
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xd87N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xcd/\\x0c\\xc6\\x00\\x00\\x00\\xb8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8818
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8819
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(84N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8820
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd47N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8821
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8822
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x136N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8823
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8824
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xd47N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8825
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb6\\xc7\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xcc/\\x0c\\xc6\\x00\\x00\\x00\\x08\\xcc/\\x0c\\xc6\\x00\\x00\\x00\\xd8\\xcb/\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xcb/\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8826
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xd47N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xc9/\\x0c\\xc6\\x00\\x00\\x00\\xb8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8827
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8828
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 8829
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}"
              }
            ],
            "repeated": 0,
            "id": 8830
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8831
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8832
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 8833
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 8834
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8835
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8836
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8837
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8838
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8839
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8840
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc1/\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xc0\\xc2/\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8841
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8842
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8843
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8844
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8845
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 8846
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8847
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8848
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8849
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8850
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8851
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8852
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 8853
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 8854
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8855
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8856
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc0/\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xc1/\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8857
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8858
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8859
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8860
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8861
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8862
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc0/\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00P\\xc1/\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8863
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8864
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8865
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8866
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 8867
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8868
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 8869
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8870
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8871
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd824N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00e\\x00m\\x00 \\x00B\\x00o\\x00t\\x00h\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x00F\\x00a\\x00c\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00t\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8872
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xd97N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf1\\xad\r\\xce\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8873
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8874
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x136N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8875
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8876
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xd57N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8877
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xde\\xb2\\xc7\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xcf/\\x0c\\xc6\\x00\\x00\\x00\\xa8\\xcf/\\x0c\\xc6\\x00\\x00\\x00x\\xcf/\\x0c\\xc6\\x00\\x00\\x00\\x98\\xcf/\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8878
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd57N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xcd/\\x0c\\xc6\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8879
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8880
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H64N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8881
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xdb7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00yce\\xc5\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8882
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8883
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x136N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8884
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8885
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xda7N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8886
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb6\\xc7\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xcc/\\x0c\\xc6\\x00\\x00\\x00\\x08\\xcc/\\x0c\\xc6\\x00\\x00\\x00\\xd8\\xcb/\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xcb/\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8887
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xda7N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xc9/\\x0c\\xc6\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8888
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 8889
          },
          {
            "timestamp": "2026-03-05 10:24:42,275",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8890
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}"
              },
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}"
              }
            ],
            "repeated": 0,
            "id": 8891
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005aa"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8892
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8893
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 8894
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              }
            ],
            "repeated": 0,
            "id": 8895
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8896
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8897
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8898
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 8899
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8900
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8901
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd824N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00e\\x00m\\x00 \\x00B\\x00o\\x00t\\x00h\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x00F\\x00a\\x00c\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00t\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8902
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xd97N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xb0\\x9e\\x04\\xfd\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8903
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8904
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x136N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8905
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8906
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd97N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8907
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xde\\xb2\\xc7\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xcf/\\x0c\\xc6\\x00\\x00\\x00\\xa8\\xcf/\\x0c\\xc6\\x00\\x00\\x00x\\xcf/\\x0c\\xc6\\x00\\x00\\x00\\x98\\xcf/\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8908
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xd97N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xcd/\\x0c\\xc6\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8909
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8910
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(84N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8911
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xdc7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8912
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8913
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x166N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8914
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8915
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xd57N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 8916
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00~\\xb6\\xc7\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xcc/\\x0c\\xc6\\x00\\x00\\x00\\x08\\xcc/\\x0c\\xc6\\x00\\x00\\x00\\xd8\\xcb/\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xcb/\\x0c"
              }
            ],
            "repeated": 0,
            "id": 8917
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xd57N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xc9/\\x0c\\xc6\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 8918
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 8919
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8920
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df4decf",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005dc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000544"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8921
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f54f743",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000544"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004b8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8922
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f562220",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8923
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea794bb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 8924
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8925
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00X\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2392"
              }
            ],
            "repeated": 0,
            "id": 8926
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8927
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 8928
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 8929
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 8930
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2452",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8931
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 8932
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2452",
            "caller": "0x7ff97b5863dc",
            "parentcaller": "0x7ff97b58e5e7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8933
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2452",
            "caller": "0x7ff97b588856",
            "parentcaller": "0x7ff97b58e605",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6746C347-576B-4F73-9012-CDFEEA251BC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "54410B83-6787-4418-9735-5AAAABE83A9A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8934
          },
          {
            "timestamp": "2026-03-05 10:24:42,291",
            "thread_id": "2452",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8935
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b58ebdd",
            "parentcaller": "0x7ff97b58e63a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C1800C1-3258-44C2-BE80-3DEADB6C5E39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "FDADA2FA-894D-47D8-AE78-ADF1FD7F28DF"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8936
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b58ea81",
            "parentcaller": "0x7ff97b58e9d1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6E682784-1ECA-4CF2-988D-96B6E89E9A4D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C0A6C367-C264-4385-A704-9088BDC3640E"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8937
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8938
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8939
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8940
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b58e6ca",
            "parentcaller": "0x7ff97b58f0aa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "6E682784-1ECA-4CF2-988D-96B6E89E9A4D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C0A6C367-C264-4385-A704-9088BDC3640E"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8941
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8942
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8943
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8944
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8945
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8946
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8947
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8948
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8949
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8950
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8951
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8952
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8953
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8954
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8955
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8956
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e337000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8957
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8958
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8959
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8960
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8961
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8962
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8963
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8964
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8965
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8966
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8967
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8968
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8969
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8970
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8971
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8972
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8973
          },
          {
            "timestamp": "2026-03-05 10:24:42,306",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b61ac4f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8974
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b66be21",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8975
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8976
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8977
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8978
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8979
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8980
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8981
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8982
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8983
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8984
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8985
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8986
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8987
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8988
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8989
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 8990
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 8991
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b66bce9",
            "parentcaller": "0x7ff97b66bc65",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "807E5A10-4856-4F9A-8E3C-A1F7E75648B3"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "7F73BE3F-FB79-493C-A6C7-7EE14E245841"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8992
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8993
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 8994
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8995
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 8996
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8997
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 8998
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8999
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9000
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9001
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9002
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9003
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9004
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9005
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9006
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9007
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9008
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9009
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9010
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9011
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9012
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9013
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9014
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9015
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9016
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9017
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9018
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9019
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9020
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9021
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9022
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9023
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9024
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9025
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9026
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9027
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9028
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9029
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9030
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9031
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9032
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9033
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9034
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9035
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9036
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9037
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9038
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9039
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9040
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9041
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9042
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9043
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9044
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9045
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9046
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9047
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9048
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9049
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9050
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9051
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9052
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9053
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9054
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9055
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9056
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9057
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9058
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9059
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9060
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9061
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9062
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9063
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9064
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9065
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9066
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9067
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9068
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9069
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9070
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff97b61ab2c",
            "parentcaller": "0x7ff97b5883eb",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "30276B4F-F25C-457C-A4B7-08574F8EA528"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "C7858B50-F6B7-4BD4-A645-8A86C3FB9F52"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9071
          },
          {
            "timestamp": "2026-03-05 10:24:42,322",
            "thread_id": "2452",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9072
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9073
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "5056",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1aeaa",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9074
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1af2c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9075
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b5c51d4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9076
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e382000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9077
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e369000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9078
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e383000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9079
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9080
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9081
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9082
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9083
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9084
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9085
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9086
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9087
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9088
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9089
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9090
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9091
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9092
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9093
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9094
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9095
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e352000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9096
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9097
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e354000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9098
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9099
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9100
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9101
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9102
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9103
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9104
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9105
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9106
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9107
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9108
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9109
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9110
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9111
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9112
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9113
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9114
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e384000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9115
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e387000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9116
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff95e784cee",
            "parentcaller": "0x7ff95e784a1e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "DB6EFB73-5153-43B7-8078-C6FFC4C0238C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EA69859A-DB5B-4C4A-8A8F-AE9759027534"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9117
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9118
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9119
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9120
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9121
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9122
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9123
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9124
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9125
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9126
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9127
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9128
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9129
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9130
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5e6ae4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "04731B67-D933-450A-90E6-4ACD2E9408FE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9131
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 9132
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff979d94c3e",
            "parentcaller": "0x7ff979d98a3f",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9133
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e388000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9134
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff95e77fa95",
            "parentcaller": "0x7ff95e77304b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9135
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e36b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9136
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e378000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9137
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff95e77f7fc",
            "parentcaller": "0x7ff95e76f061",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 9138
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5a9430",
            "parentcaller": "0x7ff97b5eeafc",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1C0F439D-7C29-4BDE-8952-4EEB6A49E048"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "BF2D36D6-72A6-4EE1-8553-3D90AA88800F"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9139
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff95e77ff81",
            "parentcaller": "0x7ff95e771b87",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 9140
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9141
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 9142
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9143
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 9144
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 9145
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9146
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9147
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9148
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9149
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 9150
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9151
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 9152
          },
          {
            "timestamp": "2026-03-05 10:24:42,337",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9153
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b684ae8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1685D4AB-A51B-4AF1-A4E5-CEE87002431D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "0C733A8A-2A1C-11CE-ADE5-00AA0044773D"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9154
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}"
              }
            ],
            "repeated": 0,
            "id": 9155
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff95e77008d",
            "parentcaller": "0x7ff95e7729f9",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9156
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9157
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9158
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9159
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9160
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9161
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations"
              }
            ],
            "repeated": 0,
            "id": 9162
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff95e7805c8",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9163
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff95e780656",
            "parentcaller": "0x7ff95e76aac3",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9164
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff95e780680",
            "parentcaller": "0x7ff95e76aac3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "934D4698-6A59-48F8-9F29-9FB30670320E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "71D222E1-432F-429E-8C13-B6DAFDE5077A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9165
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff96c941d92",
            "parentcaller": "0x7ff96c94128d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 19,
            "id": 9166
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9167
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97b5848e1",
            "parentcaller": "0x7ff97b585f81",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 9168
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 9169
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b58492d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9170
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 9171
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97b584c9d",
            "parentcaller": "0x7ff97b5849c7",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000104e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9172
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b584961",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 9173
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9174
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9175
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9176
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 9177
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 9178
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9179
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9180
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9181
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 9182
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 9183
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9184
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9185
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9186
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 9187
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 9188
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9189
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9190
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9191
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 9192
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 9193
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9194
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9195
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9196
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9197
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9198
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "FileInformation",
                "value": "p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01nA\\x9aG\\x8a\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8b\\xa8\\x01\\x00\\x00\\x00\\x03\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e(\\x03\\xe5\\x11\\xac\\xdc\\x01nA\\x9aG\\x8a\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\xd7\\xb6\\xa81\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00.\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 9199
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97b65bb59",
            "parentcaller": "0x7ff97b5a1e81",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": false,
            "return": "0xffffffff80000006",
            "pretty_return": "NO_MORE_FILES",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "FileInformation",
                "value": ""
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 9200
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9201
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9202
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e789936",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 1,
            "id": 9203
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648233",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9204
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 9205
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 9206
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9207
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27f400"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9208
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 9209
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 9210
          },
          {
            "timestamp": "2026-03-05 10:24:42,353",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 9211
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9212
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df4decf",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000510"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9213
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f54f743",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000604"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 9214
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f562220",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 9215
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea794bb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 9216
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df4decf",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000604"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9217
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f54f743",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000604"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000600"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 9218
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f562220",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 9219
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea794bb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 9220
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9221
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9222
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1aeaa",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9223
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1af2c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 9224
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1aeaa",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9225
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1af2c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 9226
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000c015e"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9227
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e78bafb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 9228
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65d2c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 9229
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65d2df",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 9230
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9231
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9232
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 9233
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9234
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9235
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9236
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b67503d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 9237
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9238
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9239
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9240
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df4decf",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000474"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9241
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f54f743",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000474"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000590"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 9242
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f562220",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 9243
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3424",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9244
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea794bb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 9245
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3424",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9246
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3424",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9247
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9248
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d02ae"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9249
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e78bafb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 9250
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65d2c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 9251
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65d2df",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 9252
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9253
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9254
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3424",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9255
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d02ae"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9256
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9257
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "7136",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9258
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9259
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b0036"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9260
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3424",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9261
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0010029e"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9262
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b67503d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 9263
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e78bafb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 9264
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 9265
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65d2df",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 9266
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9267
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9268
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9269
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3764",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9270
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "3764",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9271
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9272
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0010029e"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9273
          },
          {
            "timestamp": "2026-03-05 10:24:42,369",
            "thread_id": "5056",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9274
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "5056",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9275
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9276
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b67503d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9277
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "3764",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9278
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1aeaa",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9279
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1af2c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9280
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9281
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9282
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9283
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e303000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9284
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e302000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9285
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9286
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000c015e"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9287
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e350000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9288
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff95e78bafb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9289
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9290
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65d2df",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9291
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9292
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9293
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9294
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000c015e"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9295
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 9296
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e369000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9297
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 9298
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9299
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9300
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e34a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9301
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9302
          },
          {
            "timestamp": "2026-03-05 10:24:42,384",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b67503d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9303
          },
          {
            "timestamp": "2026-03-05 10:24:42,556",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9304
          },
          {
            "timestamp": "2026-03-05 10:24:42,556",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9305
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 9306
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff90p\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0'6N\\xffed\\x01\\x00\\x00x\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff90p\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xff90p\\xffeaJ\\xffed\\x01\\x00\\x00\\xffe0'6N\\xffed\\x01\\x00\\x00\\xff80\\xff838N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0'6N\\xffed\\x01\\x00\\x00 \\xffac\\xffe9J\\xffed\\x01\\x00\\x00 \\xffac\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90p\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffac\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff90p\\xffeaJ\\xffed\\x01\\x00\\x00\\xff80\\xff838N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9307
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9308
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 9309
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9310
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9311
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9312
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9313
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9314
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9315
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9316
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9317
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9318
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9319
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9320
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9321
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 9322
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00pc\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x06x\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0&6N\\xffed\\x01\\x00\\x00\\xfff8\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00pc\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00pc\\xffeaJ\\xffed\\x01\\x00\\x00\\xffa0&6N\\xffed\\x01\\x00\\x00\\xffc0\\xff848N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0&6N\\xffed\\x01\\x00\\x00\\xffd0\\xffaa\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffaa\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pc\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffaa\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00pc\\xffeaJ\\xffed\\x01\\x00\\x00\\xffc0\\xff848N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffab\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9323
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9324
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 9325
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9326
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9327
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9328
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9329
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9330
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9331
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9332
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9333
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9334
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9335
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9336
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9337
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9338
          },
          {
            "timestamp": "2026-03-05 10:24:42,916",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9339
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 9340
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000g\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$1N\\xffed\\x01\\x00\\x00x\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x000g\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x000g\\xffeaJ\\xffed\\x01\\x00\\x00\\x10$1N\\xffed\\x01\\x00\\x00@\\xff878N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$1N\\xffed\\x01\\x00\\x00\\xffa0\\xffa8\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0\\xffa8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000g\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa8\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000g\\xffeaJ\\xffed\\x01\\x00\\x00@\\xff878N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa4\\xffe9J\\xffed\\x01\\x00\\x00P\\xffdf\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9341
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9342
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 9343
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9344
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9345
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9346
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9347
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9348
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9349
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9350
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9351
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9352
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9353
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9354
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9355
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 9356
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000b\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x06x\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10(1N\\xffed\\x01\\x00\\x00x\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x000b\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x000b\\xffeaJ\\xffed\\x01\\x00\\x00\\x10(1N\\xffed\\x01\\x00\\x00P\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10(1N\\xffed\\x01\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000b\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000b\\xffeaJ\\xffed\\x01\\x00\\x00P\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffab\\xffe9J\\xffed\\x01\\x00\\x00P\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9357
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9358
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 9359
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9360
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9361
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9362
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9363
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9364
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9365
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9366
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9367
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9368
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9369
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9370
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9371
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9372
          },
          {
            "timestamp": "2026-03-05 10:24:42,931",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9373
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 9374
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0!1N\\xffed\\x01\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\xffd0!1N\\xffed\\x01\\x00\\x00\\xffc0\\xff848N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0!1N\\xffed\\x01\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\xffc0\\xff848N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa6\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9375
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9376
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 9377
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9378
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9379
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9380
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9381
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9382
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9383
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9384
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9385
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9386
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9387
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9388
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9389
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9390
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9391
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9392
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFileStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 9393
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00i\\x00l\\x00e\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0!1N\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0!1N\\xffed\\x01\\x00\\x00\\xffe0\\xff878N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0!1N\\xffed\\x01\\x00\\x00@K\\xffebJ\\xffed\\x01\\x00\\x00@K\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@K\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xff878N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0F\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9394
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9395
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 9396
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9397
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9398
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9399
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9400
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9401
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9402
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9403
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9404
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9405
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9406
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9407
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9408
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9409
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFileStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 9410
          },
          {
            "timestamp": "2026-03-05 10:24:42,947",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00i\\x00l\\x00e\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\xffff\\xffff\\x00\\x00\\x1d\\x00\\x00\\x00\\x00\\x00\\x00\\x00:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x06x\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P$1N\\xffed\\x01\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00P$1N\\xffed\\x01\\x00\\x00\\x00\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P$1N\\xffed\\x01\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0C\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9411
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9412
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 9413
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9414
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9415
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9416
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9417
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9418
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9419
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9420
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9421
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9422
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9423
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9424
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 1,
            "id": 9425
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00X\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2392"
              }
            ],
            "repeated": 0,
            "id": 9426
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9427
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 1,
            "id": 9428
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 9429
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}"
              },
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}"
              }
            ],
            "repeated": 0,
            "id": 9430
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 9431
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9432
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 9433
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              }
            ],
            "repeated": 0,
            "id": 9434
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 9435
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9436
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9437
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9438
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9439
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9440
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9441
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9442
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9443
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9444
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9445
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9446
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9447
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9448
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9449
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 9450
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 9451
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9452
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9453
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9454
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9455
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9456
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9457
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9458
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9459
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9460
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9461
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9462
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9463
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              }
            ],
            "repeated": 0,
            "id": 9464
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9465
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 9466
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9467
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9468
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x898N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00d\\x00Q\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00e\\x00.\\x00A\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9469
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xda7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00 \\xf27N\\xed\\x01\\x00\\x00\\xc0j\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\xdd~\\x1e\\xde\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9470
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9471
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x126N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9472
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9473
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xd97N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 9474
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xa5\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xc8\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\x98\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\xd8\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 9475
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xd97N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd6\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 9476
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9477
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x858N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00u\\x00r\\x00e\\x00d\\x00Q\\x00u\\x00e\\x00r\\x00y\\x00T\\x00y\\x00p\\x00e\\x00.\\x00A\\x00n\\x00y\\x00B\\x00i\\x00t\\x00s\\x00S\\x00e\\x00t\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9478
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xd17N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00@\\xea\\xebJ\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9479
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9480
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x126N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9481
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9482
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd07N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 9483
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xb9\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00(\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00\\x18\\xd5\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 9484
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xd07N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 9485
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9486
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9487
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9488
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9489
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9490
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9491
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 9492
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x10s\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0'1N\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x10s\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x10s\\xffeaJ\\xffed\\x01\\x00\\x00\\xffd0'1N\\xffed\\x01\\x00\\x00P\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0'1N\\xffed\\x01\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10s\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x10s\\xffeaJ\\xffed\\x01\\x00\\x00P\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80I\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9493
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9494
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 9495
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9496
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9497
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9498
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9499
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9500
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9501
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9502
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9503
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9504
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9505
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9506
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9507
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9508
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9509
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9510
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9511
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}"
              }
            ],
            "repeated": 0,
            "id": 9512
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 9513
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9514
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              }
            ],
            "repeated": 0,
            "id": 9515
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 9516
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9517
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9518
          },
          {
            "timestamp": "2026-03-05 10:24:42,962",
            "thread_id": "2452",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 9519
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 9520
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9521
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9522
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9523
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9524
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9525
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9526
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9527
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9528
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9529
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9530
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9531
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9532
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9533
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9534
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 9535
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a2"
              }
            ],
            "repeated": 0,
            "id": 9536
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9537
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9538
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9539
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9540
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9541
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9542
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9543
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9544
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xba\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9545
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9546
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ba"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9547
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ba"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9548
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 9549
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9550
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 9551
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9552
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9553
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x868N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x14\\x15\\x00\\x00Ey~\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x051zh\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9554
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xda7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00 \\xf27N\\xed\\x01\\x00\\x00\\xc0j\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\xdd~\\x1e\\xde\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9555
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9556
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x116N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9557
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9558
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd97N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 9559
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xa5\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xc8\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\x98\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\xd8\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 9560
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xd97N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd6\\x07\\x0c\\xc6\\x00\\x00\\x00\\xa0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 9561
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9562
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\x888N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00t\\x00u\\x00r\\x00e\\x00d\\x00Q\\x00u\\x00e\\x00r\\x00y\\x00T\\x00y\\x00p\\x00e\\x00.\\x00A\\x00n\\x00y\\x00B\\x00i\\x00t\\x00s\\x00S\\x00e\\x00t\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9563
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xdc7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9564
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9565
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x1c6N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9566
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9567
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd37N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 9568
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00^\\xb9\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00(\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00\\xf8\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00\\x18\\xd5\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 9569
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xd37N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\xa0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 9570
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9571
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9572
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 9573
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57e2d0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9574
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9575
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9576
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b57e125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005a0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 9577
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9578
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9579
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcefdde",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 9580
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcefe08",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "packageContents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents"
              }
            ],
            "repeated": 0,
            "id": 9581
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcec6d8",
            "parentcaller": "0x7ff97fceff14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xdd\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9582
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fceff50",
            "parentcaller": "0x7ff97f99d773",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9583
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9584
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9585
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9586
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x166N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9587
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9588
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9589
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9590
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9591
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9592
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 9593
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 9594
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 9595
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9596
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9597
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 9598
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 9599
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 9600
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9601
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9602
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9603
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9604
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9605
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 9606
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "AllowFileCLSIDJunctions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions"
              }
            ],
            "repeated": 0,
            "id": 9607
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9608
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 9609
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "AllowFileCLSIDJunctions"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions"
              }
            ],
            "repeated": 0,
            "id": 9610
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9611
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 9612
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9613
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9614
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff979dbc696",
            "parentcaller": "0x7ff979dbc52f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              }
            ],
            "repeated": 0,
            "id": 9615
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff979dbc6d0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "."
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\."
              }
            ],
            "repeated": 0,
            "id": 9616
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff979dbc6f4",
            "parentcaller": "0x7ff979dbc52f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9617
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff979dbc71d",
            "parentcaller": "0x7ff979dbc52f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 0,
            "id": 9618
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9619
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9620
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9621
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 9622
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 9623
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9624
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9625
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97e743cf6",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts"
              }
            ],
            "repeated": 0,
            "id": 9626
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 9627
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9628
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9629
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9630
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 3,
            "id": 9631
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 9632
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9633
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9634
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9635
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 9636
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9637
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000053e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 9638
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053e"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000005fe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 9639
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              }
            ],
            "repeated": 0,
            "id": 9640
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9641
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9642
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfe\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9643
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 9644
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9645
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 9646
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\."
              }
            ],
            "repeated": 1,
            "id": 9647
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9648
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9649
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9650
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9651
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9652
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 9653
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 9654
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9655
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9656
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9657
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 9658
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 9659
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9660
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9661
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9662
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9663
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 9664
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9665
          },
          {
            "timestamp": "2026-03-05 10:24:42,978",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9666
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 9667
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9668
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9669
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9670
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "*"
              },
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\*"
              }
            ],
            "repeated": 0,
            "id": 9671
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\*"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9672
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9673
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000053e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 9674
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 9675
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000005aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 9676
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9677
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9678
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9679
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 9680
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9681
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 9682
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fe"
              }
            ],
            "repeated": 0,
            "id": 9683
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              }
            ],
            "repeated": 0,
            "id": 9684
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005aa"
              }
            ],
            "repeated": 0,
            "id": 9685
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97b62540b",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97b5e8e10"
              },
              {
                "name": "EventName",
                "value": "Global\\WSearchMigPluginActive"
              }
            ],
            "repeated": 0,
            "id": 9686
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 9687
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9688
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 9689
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "528",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9690
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "528",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9691
          },
          {
            "timestamp": "2026-03-05 10:24:42,994",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9692
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9693
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9694
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9695
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9696
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9697
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9698
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9699
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9700
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9701
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0`\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9702
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9703
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9704
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9705
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9706
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9707
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 9708
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 9709
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 9710
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9711
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9712
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 9713
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 9714
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 9715
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9716
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9717
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9718
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9719
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 9720
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 9721
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 9722
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9723
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9724
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9725
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 9726
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 9727
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 9728
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9729
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff979dbc696",
            "parentcaller": "0x7ff979dbc52f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              }
            ],
            "repeated": 0,
            "id": 9730
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff979dbc6d0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "."
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\."
              }
            ],
            "repeated": 0,
            "id": 9731
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff979dbc6f4",
            "parentcaller": "0x7ff979dbc52f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9732
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff979dbc71d",
            "parentcaller": "0x7ff979dbc52f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 0,
            "id": 9733
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9734
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9735
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9736
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9737
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 9738
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9739
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9740
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 9741
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9742
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9743
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 9744
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 3,
            "id": 9745
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 9746
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9747
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9748
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xf6\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xcd\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9749
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 9750
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9751
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 9752
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005f6"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 9753
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 9754
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b656c3b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 9755
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\."
              }
            ],
            "repeated": 1,
            "id": 9756
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9757
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9758
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9759
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 9760
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 9761
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9762
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9763
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9764
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 9765
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 9766
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 9767
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 9768
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 9769
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b556",
            "parentcaller": "0x7ff97b631b1d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 9770
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2ad48",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 9771
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 9772
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 9773
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b51c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 9774
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9775
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9776
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9777
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9778
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9779
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9780
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9781
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9782
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9783
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9784
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9785
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9786
          },
          {
            "timestamp": "2026-03-05 10:24:43,009",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 9787
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9788
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff979dc6b26",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 9789
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff979dbcd02",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 9790
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff979dbcac2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 9791
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff979dc63cb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 9792
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff979dbcd6b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 9793
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff979dbba69",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9794
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbc7b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9795
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9796
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9797
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9798
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9799
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979db5edb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 9800
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979db5edb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9801
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff979db5eab",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9802
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979db5edb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9803
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff979db9369",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6224:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9804
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbc7b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9805
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9806
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9807
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9808
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff979dbbe25",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9809
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979db5edb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 9810
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979db5edb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 9811
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff979db5eab",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9812
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979db5edb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9813
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9814
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9815
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 9816
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9817
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 9818
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9819
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9820
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9821
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9822
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.FileTypeAssociation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation"
              }
            ],
            "repeated": 0,
            "id": 9823
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a8"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00h\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00F\\x00i\\x00l\\x00e\\x00T\\x00y\\x00p\\x00e\\x00A\\x00s\\x00s\\x00o\\x00c\\x00i\\x00a\\x00t\\x00i\\x00o\\x00n\\x00:\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffed\\x0f\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\x16\\xffe6J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\"X\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0#6N\\xffed\\x01\\x00\\x00\\xfff8\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\x16\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\x16\\xffe6J\\xffed\\x01\\x00\\x00\\xffe0#6N\\xffed\\x01\\x00\\x00\\xffb0\\xff808N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0#6N\\xffed\\x01\\x00\\x00\\x00\\xffa6\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\xffa6\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\x16\\xffe6J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa6\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\x16\\xffe6J\\xffed\\x01\\x00\\x00\\xffb0\\xff808N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffee\\x0f\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffa2\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffde\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9824
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 9825
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server"
              }
            ],
            "repeated": 0,
            "id": 9826
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 9827
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 9828
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 9829
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9830
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 9831
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 9832
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 9833
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 9834
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9835
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9836
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d6c46",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000284"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server"
              }
            ],
            "repeated": 0,
            "id": 9837
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000053c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 9838
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\xffa4\\xffb8\\xffa5L\\xffed\\x01\\x00\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\x02yM\\x7f\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\xff90\\xffe7\\xffbfE\\xffb7\\x00\\x00x\\xffd7\\xffe9J\\xffed\\x01\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xff88\\xffe9\\x0f\\x0c\\xffc6\\x00\\x00\\x00\\xffbe\\xff96\\xffe7\\xffbfE\\xffb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfffc%6N\\xffed\\x01\\x00\\x00\\xffc8\\x15\\xffe3J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffb0&6N\\xffed\\x01\\x00\\x00\\xffd0\\xffe9\\x0f\\x0c\\xffc6\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff84\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb0&6N\\xffed\\x01\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00\\xffed\\x01\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff84\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\xffe9\\x0f\\x0c\\xffc6\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffd0\\xffe9\\x0f\\x0c\\xffc6\\x00\\x00\\x00\\xffa0\\xff811N\\xffed\\x01\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffeb\\x0f\\x0c\\xffc6\\x00\\x00\\x00\\xffb0&6N\\xffed\\x01\\x00\\x00`$6N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\xffbc\\xff811N\\xffed\\x01\\x00\\x000\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xff84\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffe9\\x0f\\x0c\\xffc6\\x00\\x00\\x00@\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0&6N\\xffed\\x01\\x00\\x00ylM\\x7f\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9839
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 9840
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 9841
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 9842
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7ff900000003"
              },
              {
                "name": "DataLength",
                "value": "184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9843
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 9844
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f559e40",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 9845
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 9846
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 9847
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Data",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 9848
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 9849
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 9850
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 9851
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 9852
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9853
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9854
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 9855
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 9856
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9857
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 9858
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9859
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 9860
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9861
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9862
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc5\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xc6\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9863
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9864
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9865
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9866
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9867
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9868
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9869
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9870
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9871
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9872
          },
          {
            "timestamp": "2026-03-05 10:24:43,056",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9873
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9874
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 9875
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 9876
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9877
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9878
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc4\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xc5\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9879
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9880
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9881
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9882
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9883
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9884
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc4\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xc5\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9885
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9886
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9887
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9888
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9889
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9890
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9891
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 9892
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9893
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9894
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc2\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xc3\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9895
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9896
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9897
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9898
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9899
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 9900
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9901
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9902
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9903
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 9904
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9905
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9906
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 9907
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 9908
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9909
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9910
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc1\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xc2\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9911
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9912
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9913
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 9914
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9915
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9916
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc1\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xc2\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9917
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9918
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9919
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 9920
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 9921
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 9922
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9923
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9924
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc0\\x0f\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xc1\\x0f\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9925
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 9926
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9927
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 9928
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 9929
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005f6"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 9930
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 9931
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9932
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 9933
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 9934
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9935
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9936
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9937
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96b9e0000"
              }
            ],
            "repeated": 0,
            "id": 9938
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96b9e0000"
              }
            ],
            "repeated": 0,
            "id": 9939
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96b9e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 9940
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96b9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96b9e7340"
              }
            ],
            "repeated": 0,
            "id": 9941
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96b9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9942
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96b9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96b9e7380"
              }
            ],
            "repeated": 0,
            "id": 9943
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce6798",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 9944
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fce67b9",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 9945
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 9946
          },
          {
            "timestamp": "2026-03-05 10:24:43,072",
            "thread_id": "528",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9947
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 9948
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 9949
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 9950
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 9951
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9952
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9953
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9954
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 9955
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9956
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9957
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers"
              }
            ],
            "repeated": 0,
            "id": 9958
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff979db074a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "."
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\."
              }
            ],
            "repeated": 0,
            "id": 9959
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff979db074a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9960
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9961
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9962
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\."
              }
            ],
            "repeated": 0,
            "id": 9963
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9964
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9965
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9966
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9967
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 9968
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9969
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 9970
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 9971
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9972
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9973
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 9974
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 3,
            "id": 9975
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 9976
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9977
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9978
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc1\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9979
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 9980
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9981
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 9982
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000005f6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 9983
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 9984
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9985
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9986
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xc1\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xf6\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9987
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 9988
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9989
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 9990
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\."
              }
            ],
            "repeated": 1,
            "id": 9991
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9992
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9993
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9994
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 9995
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 9996
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9997
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 9998
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 9999
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 10000
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 10001
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10002
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10003
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10004
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10005
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 10006
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10007
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10008
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 10009
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10010
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10011
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10012
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "*"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\*"
              }
            ],
            "repeated": 0,
            "id": 10013
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\*"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10014
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 10015
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000546"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 10016
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\*\\ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 10017
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 10018
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10019
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10020
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc1\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xb2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10021
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 10022
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10023
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\PropertyHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler"
              }
            ],
            "repeated": 0,
            "id": 10024
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 10025
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 10026
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              }
            ],
            "repeated": 0,
            "id": 10027
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10028
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10029
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10030
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10031
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 10032
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 10033
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fce84c4",
            "parentcaller": "0x7ff97fcfd176",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 10034
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fdca37d",
            "parentcaller": "0x7ff97fd64a40",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 10035
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fd64a96",
            "parentcaller": "0x7ff97fcfd176",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 10036
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\PROPSYS.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 10037
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbbc2",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\propsys.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 10038
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbc0c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07c740"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10039
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbc1c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 10040
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fd69714",
            "parentcaller": "0x7ff97fd63fa3",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              }
            ],
            "repeated": 0,
            "id": 10041
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fd6971e",
            "parentcaller": "0x7ff97fd63fa3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 10042
          },
          {
            "timestamp": "2026-03-05 10:24:43,087",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbb6a",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\PROPSYS.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 10043
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbbc2",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\propsys.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 10044
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbc0c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c07c740"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10045
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97fcfbc1c",
            "parentcaller": "0x7ff97fcfb9de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10046
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10047
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10048
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10049
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10050
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10051
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10052
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10053
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 10054
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10055
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10056
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 10057
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10058
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10059
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10060
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 3,
            "id": 10061
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 10062
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10063
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10064
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xc7\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10065
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 10066
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10067
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 10068
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 10069
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10070
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df2ab55",
            "parentcaller": "0x7ff97b62f2b3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "ValueName",
                "value": "FriendlyTypeName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\FriendlyTypeName"
              }
            ],
            "repeated": 0,
            "id": 10071
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df2ab55",
            "parentcaller": "0x7ff97b62f4e7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10072
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\."
              }
            ],
            "repeated": 1,
            "id": 10073
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10074
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10075
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 10076
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 10077
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 10078
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10079
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10080
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 10081
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 10082
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 10083
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10084
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10085
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10086
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10087
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 10088
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10089
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10090
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 10091
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10092
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10093
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10094
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "*"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\*"
              }
            ],
            "repeated": 0,
            "id": 10095
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b684de8",
            "parentcaller": "0x7ff97b684d3f",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1ed4eba0dd0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff97b4e0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#259"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 10096
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b684e05",
            "parentcaller": "0x7ff97b684d3f",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1ed4eba181c",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff97b4e0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1ed4eba0dd0"
              }
            ],
            "repeated": 0,
            "id": 10097
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              }
            ],
            "repeated": 0,
            "id": 10098
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10099
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10100
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10101
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10102
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10103
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10104
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10105
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe38N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x01$\\x01\\xc6\\x00\\x00\\x00@\\xe38N\\xed\\x01\\x00\\x00\\xd5,\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00I\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x000\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10106
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10107
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10108
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10109
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10110
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10111
          },
          {
            "timestamp": "2026-03-05 10:24:43,103",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10112
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10113
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10114
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10115
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10116
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10117
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00`q\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x01\\x16\\x01\\x00\\x00\\x00\\x00`q\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10118
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10119
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10120
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10121
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10122
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10123
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10124
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10125
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10126
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10127
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10128
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10129
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10130
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10131
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xfd\\xebJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x00\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\xfd\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10132
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10133
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10134
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10135
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10136
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10137
          },
          {
            "timestamp": "2026-03-05 10:24:43,119",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10138
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10139
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10140
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10141
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10142
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10143
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00p48N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\x00\\x00\\x00\\x00p48N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10144
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10145
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10146
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10147
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10148
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10149
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10150
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10151
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10152
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10153
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10154
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10155
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x000\\xa5\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x000\\xa5\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10156
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10157
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10158
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10159
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10160
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10161
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10162
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10163
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10164
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10165
          },
          {
            "timestamp": "2026-03-05 10:24:43,134",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10166
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10167
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xdb7N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x00\\x90\\xdb7N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10168
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10169
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10170
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10171
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10172
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10173
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10174
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10175
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10176
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10177
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10178
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10179
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00p34N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00B\\x00\\x00\\x00\\x00\\x00p34N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10180
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10181
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10182
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10183
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10184
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10185
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10186
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10187
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10188
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10189
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10190
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10191
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0$6N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00\\xa0$6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10192
          },
          {
            "timestamp": "2026-03-05 10:24:43,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10193
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10194
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10195
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10196
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10197
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10198
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10199
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10200
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10201
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10202
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10203
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\x831N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00&\\x00\\x00\\x00\\x00\\x00\\xb0\\x831N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10204
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10205
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10206
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10207
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10208
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10209
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10210
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10211
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10212
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10213
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10214
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10215
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0b2N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xa0b2N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10216
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10217
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10218
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10219
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10220
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd38N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10221
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10222
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10223
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10224
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10225
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d912b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10226
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 10227
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d912b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10228
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6da73a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10229
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10230
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\xd19\\x84\\xc4\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 10231
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6da78f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10232
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10233
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10234
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10235
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10236
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10237
          },
          {
            "timestamp": "2026-03-05 10:24:43,166",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10238
          },
          {
            "timestamp": "2026-03-05 10:24:43,494",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFileStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 10239
          },
          {
            "timestamp": "2026-03-05 10:24:43,494",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00i\\x00l\\x00e\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0#6N\\xffed\\x01\\x00\\x00\\xfff8\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0#6N\\xffed\\x01\\x00\\x00\\xff80\\xff888N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0#6N\\xffed\\x01\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffa1\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xff888N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffa2\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10240
          },
          {
            "timestamp": "2026-03-05 10:24:43,494",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 10241
          },
          {
            "timestamp": "2026-03-05 10:24:43,494",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 10242
          },
          {
            "timestamp": "2026-03-05 10:24:43,494",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 10243
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 10244
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 10245
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 10246
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 10247
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 10248
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 10249
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 10250
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 10251
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 10252
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10253
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10254
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10255
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFileStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 10256
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00i\\x00l\\x00e\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\xffff\\xffff\\x00\\x00\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x06x\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0%6N\\xffed\\x01\\x00\\x00\\xfff8\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0%6N\\xffed\\x01\\x00\\x00@\\xff878N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0%6N\\xffed\\x01\\x00\\x000\\xffa8\\xffe9J\\xffed\\x01\\x00\\x000\\xffa8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffa8\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffd8\\xffe9J\\xffed\\x01\\x00\\x00@\\xff878N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffda\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10257
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 10258
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 10259
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 10260
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 10261
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 10262
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 10263
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 10264
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 10265
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 10266
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 10267
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0xc600000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 10268
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 10269
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10270
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 1,
            "id": 10271
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00X\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2392"
              }
            ],
            "repeated": 0,
            "id": 10272
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 10273
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 1,
            "id": 10274
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 10275
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10276
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10277
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10278
          },
          {
            "timestamp": "2026-03-05 10:24:43,509",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 10279
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}"
              },
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}"
              }
            ],
            "repeated": 0,
            "id": 10280
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 10281
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10282
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10283
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              }
            ],
            "repeated": 0,
            "id": 10284
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 10285
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10286
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10287
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xb2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10288
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10289
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10290
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10291
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10292
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10293
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10294
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10295
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10296
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10297
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10298
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10299
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 10300
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10301
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10302
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10303
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xb2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10304
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10305
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10306
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10307
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10308
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10309
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xb2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10310
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10311
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10312
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10313
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              }
            ],
            "repeated": 0,
            "id": 10314
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10315
          },
          {
            "timestamp": "2026-03-05 10:24:43,759",
            "thread_id": "2452",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 10316
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10317
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10318
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x818N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10319
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd17N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00s\\xccV,\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90\\x11l\\x7f\\xf9\\x7f\\x00\\x00X\\x11l\\x7f\\xf9\\x7f\\x00\\x00\\x80\\xd3\\xebJ\\xed\\x01\\x00\\x00\\xd0\\xb3\\xe3J\\xed\\x01\\x00\\x00\\x00\\x00S\\x00\\xff\\xff\\xff\\xff\\xdd~\\x1e\\xde \\x00M\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10320
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10321
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x841N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10322
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10323
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd77N\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 10324
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xa5\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xc8\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\x98\\xd8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\xd8\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 10325
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xd77N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 10326
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10327
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x878N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 10328
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xdb7N\\xed\\x01\\x00\\x00`\\x00\\x00\\x00g\\x00r\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00A\\x00p\\x00p\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 10329
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10330
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x841N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10331
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x001\r\\xa0\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00(\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x000\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00(\\xd5\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 10332
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xd5\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00\\xb9\\x00\\xed?\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00UUUUUUUU\\x18\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10333
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10334
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10335
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10336
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10337
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10338
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10339
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10340
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10341
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10342
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10343
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00@p\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x01\\x16\\x01\\x00\\x00\\x00\\x00@p\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10344
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10345
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10346
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10347
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10348
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10349
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10350
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10351
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10352
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10353
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10354
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10355
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f8"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0y\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x00\\x02\\x01\\x00\\x00\\x00\\x00\\xd0y\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10356
          },
          {
            "timestamp": "2026-03-05 10:24:43,806",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10357
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10358
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10359
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10360
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10361
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10362
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10363
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10364
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10365
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10366
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10367
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00Pe\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\x00\\x00\\x00\\x00Pe\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10368
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10369
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10370
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10371
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10372
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10373
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10374
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10375
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10376
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10377
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10378
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10379
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xaa\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x00\\xe0\\xaa\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10380
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10381
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10382
          },
          {
            "timestamp": "2026-03-05 10:24:43,822",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10383
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57e2d0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10384
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10385
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10386
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b57e125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000518"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 10387
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10388
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10389
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10390
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 10391
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10392
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 10393
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10394
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 10395
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10396
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10397
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 10398
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 10399
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10400
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10401
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10402
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df21503",
            "parentcaller": "0x7ff97b60baf8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 0,
            "id": 10403
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10404
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10405
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 10406
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10407
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "pi\\xecJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10408
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10409
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10410
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000057c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xdb7N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x00\\x90\\xdb7N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10411
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10412
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 10413
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10414
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10415
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x1a\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10416
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 10417
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10418
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 10419
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10420
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10421
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\x1a\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10422
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 10423
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10424
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051a"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 10425
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              }
            ],
            "repeated": 0,
            "id": 10426
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10427
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10428
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10429
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 10430
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 10431
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 10432
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10433
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10434
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 10435
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 10436
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 10437
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10438
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10439
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10440
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10441
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 10442
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 10443
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10444
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "pi\\xecJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10445
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10446
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "*"
              },
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\*"
              }
            ],
            "repeated": 0,
            "id": 10447
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\*"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10448
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 10449
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 10450
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 10451
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10452
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              }
            ],
            "repeated": 0,
            "id": 10453
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000057c"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10454
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f6"
              }
            ],
            "repeated": 0,
            "id": 10455
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10456
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97b62540b",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97b5e8e10"
              },
              {
                "name": "EventName",
                "value": "Global\\WSearchMigPluginActive"
              }
            ],
            "repeated": 0,
            "id": 10457
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 10458
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 10459
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 10460
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10461
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10462
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0D6N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00B\\x00\\x00\\x00\\x00\\x00\\xb0D6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10463
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10464
          },
          {
            "timestamp": "2026-03-05 10:24:43,837",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10465
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10466
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10467
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00|\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00|\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00|\\x05\\x00\\x00\\x00\\x00\\x00\\x00|\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10468
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10469
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10470
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10471
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10472
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10473
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10474
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x10(1N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00\\x10(1N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10475
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10476
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10477
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10478
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10479
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10480
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10481
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10482
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10483
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10484
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10485
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10486
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\x841N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00&\\x00\\x00\\x00\\x00\\x00\\xa0\\x841N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10487
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10488
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10489
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10490
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10491
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10492
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10493
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10494
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10495
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10496
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10497
          },
          {
            "timestamp": "2026-03-05 10:24:43,853",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10498
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffEaW\\x99.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00 \\xb87N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xbf\\xef\\x0b\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00 \\xb87N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xbe\\xef\\x0b\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10499
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10500
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10501
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10502
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10503
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\xee\\xca\\x07\\xb8\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\xa8\\xc2\\xef\\x0b\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00N\\xc9\\x07\\xb8E\\xb7\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x000\\xd68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10504
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10505
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "528",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10506
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "528",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10507
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10508
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10509
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10510
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d912b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10511
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000518"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 10512
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d912b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10513
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 10514
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10515
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10516
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10517
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10518
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10519
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10520
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10521
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10522
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10523
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x196N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10524
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10525
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10526
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10527
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10528
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10529
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 10530
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 10531
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 10532
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10533
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10534
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 10535
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 10536
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e900a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 10537
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10538
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10539
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10540
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10541
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 10542
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 10543
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 10544
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10545
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 10546
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10547
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 10548
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 10549
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9ec3",
            "parentcaller": "0x7ff97d6e9e05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 10550
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10551
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10552
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10553
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10554
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10555
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10556
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10557
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00@\\xa02N\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x08\\xa12N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xa12N\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00v\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xa22N\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x90\\xa22N\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xa22N\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xb0\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xa22N\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xa22N\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa22N\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10558
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10559
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10560
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10561
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 10562
          },
          {
            "timestamp": "2026-03-05 10:24:43,869",
            "thread_id": "3764",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6da73a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10563
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000057c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10564
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000057c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\xd19\\x84\\xc4\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 10565
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6da78f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10566
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10567
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10568
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10569
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10570
          },
          {
            "timestamp": "2026-03-05 10:24:43,884",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10571
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "3764",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 10572
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10573
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10574
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10575
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 10576
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 10577
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10578
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10579
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10580
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10581
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10582
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10583
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10584
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10585
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10586
          },
          {
            "timestamp": "2026-03-05 10:24:43,900",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10587
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xd88N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x01$\\x01\\x00\\x00\\x00\\x00\\x90\\xd88N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10588
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10589
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10590
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10591
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10592
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10593
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10594
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10595
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10596
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10597
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10598
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10599
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0~\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x01\\x16\\x01\\x00\\x00\\x00\\x00\\xe0~\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10600
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10601
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10602
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10603
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10604
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10605
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10606
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10607
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10608
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10609
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10610
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10611
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\x8c\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x00\\x02\\x01\\x00\\x00\\x00\\x00\\xf0\\x8c\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10612
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10613
          },
          {
            "timestamp": "2026-03-05 10:24:43,916",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10614
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10615
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10616
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10617
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10618
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10619
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10620
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10621
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10622
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10623
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0*8N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\xd0*8N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10624
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10625
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10626
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10627
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10628
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10629
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10630
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10631
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10632
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10633
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10634
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10635
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xaf\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x00\\xc0\\xaf\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10636
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10637
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10638
          },
          {
            "timestamp": "2026-03-05 10:24:43,931",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10639
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10640
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10641
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10642
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10643
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10644
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10645
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10646
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10647
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00P\\xe0\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x00P\\xe0\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10648
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10649
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10650
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10651
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10652
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10653
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10654
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10655
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10656
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10657
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10658
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10659
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\x818N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x818N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10660
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10661
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10662
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10663
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10664
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000005b0"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10665
          },
          {
            "timestamp": "2026-03-05 10:24:43,947",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 10666
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10667
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10668
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10669
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10670
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10671
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00 -6N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00 -6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10672
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10673
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10674
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10675
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10676
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10677
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10678
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10679
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10680
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10681
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10682
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10683
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00p\\x1a6N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00&\\x00\\x00\\x00\\x00\\x00p\\x1a6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10684
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10685
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10686
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10687
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10688
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10689
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10690
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10691
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10692
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10693
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10694
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10695
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x80a2N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x80a2N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10696
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10697
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10698
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10699
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10700
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe68N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10701
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10702
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10703
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10704
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10705
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d912b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 10706
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 10707
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d912b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10708
          },
          {
            "timestamp": "2026-03-05 10:24:43,962",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6da73a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10709
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10710
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000598"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\xd19\\x84\\xc4\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 10711
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6da78f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10712
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10713
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10714
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10715
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 10716
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10717
          },
          {
            "timestamp": "2026-03-05 10:24:43,978",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 10718
          },
          {
            "timestamp": "2026-03-05 10:24:44,619",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 10719
          },
          {
            "timestamp": "2026-03-05 10:24:44,634",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10720
          },
          {
            "timestamp": "2026-03-05 10:24:44,634",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10721
          },
          {
            "timestamp": "2026-03-05 10:24:44,634",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 10722
          },
          {
            "timestamp": "2026-03-05 10:24:44,650",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 10723
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97b554884",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10724
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97b5548c4",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6224"
              }
            ],
            "repeated": 0,
            "id": 10725
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5548e4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 10726
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b554913",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10727
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b554923",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 10728
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b554932",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10729
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 10730
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10731
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10732
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              }
            ],
            "repeated": 0,
            "id": 10733
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00D\\x00i\\x00a\\x00g\\x00n\\x00o\\x00s\\x00t\\x00i\\x00c\\x00s\\x00.\\x00A\\x00s\\x00y\\x00n\\x00c\\x00C\\x00a\\x00u\\x00s\\x00a\\x00l\\x00i\\x00t\\x00y\\x00T\\x00r\\x00a\\x00c\\x00e\\x00r\\x00\\x00\\x00h\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffd7\\x07\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x0021N\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe1\\x1cP\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff92\\xffeeJ\\xffed\\x01\\x00\\x00h\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00@\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x0021N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00\\x0021N\\xffed\\x01\\x00\\x00P\\xff92\\xffeeJ\\xffed\\x01\\x00\\x00\\xff80\\xffc2\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff92\\xffeeJ\\xffed\\x01\\x00\\x00\\xff90|1N\\xffed\\x01\\x00\\x00\\xff90|1N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0021N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90|1N\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\x0021N\\xffed\\x01\\x00\\x00\\xff80\\xffc2\\xffeeJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffd8\\x07\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v1N\\xffed\\x01\\x00\\x00@\\xffb1\\xffe5J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10734
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 10735
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server"
              }
            ],
            "repeated": 0,
            "id": 10736
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 10737
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading"
              }
            ],
            "repeated": 0,
            "id": 10738
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 10739
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005f8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 10740
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 10741
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 10742
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 10743
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 10744
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 10745
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10746
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10747
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{5A648006-843A-4DA9-865B-9D26E5DFAD7B}"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5A648006-843A-4DA9-865B-9D26E5DFAD7B}"
              }
            ],
            "repeated": 0,
            "id": 10748
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5a648006-843a-4da9-865b-9d26e5dfad7b}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 10749
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5a648006-843a-4da9-865b-9d26e5dfad7b}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10750
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 10751
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10752
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 10753
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10754
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10755
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xbe\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xbf\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10756
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10757
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10758
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10759
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10760
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10761
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10762
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Ptype_PSFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10763
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10764
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10765
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10766
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10767
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 10768
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 10769
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10770
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10771
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbd\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xbe\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10772
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10773
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10774
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10775
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10776
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10777
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbd\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xbe\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10778
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10779
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10780
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10781
          },
          {
            "timestamp": "2026-03-05 10:24:44,666",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10782
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 10783
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10784
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10785
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbc\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\xbd\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10786
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10787
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10788
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10789
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10790
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10791
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10792
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Ptype_PSFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10793
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10794
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10795
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10796
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10797
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 10798
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 10799
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10800
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10801
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xba\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xbb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10802
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10803
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10804
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10805
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10806
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10807
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xba\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xbb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10808
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10809
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10810
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10811
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10812
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 10813
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10814
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10815
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xbb\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xbc\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10816
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10817
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10818
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10819
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10820
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10821
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10822
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Ptype_PSFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10823
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10824
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10825
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10826
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10827
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 10828
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 10829
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10830
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10831
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xd0\\xba\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10832
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10833
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10834
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10835
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10836
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10837
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xd0\\xba\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10838
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10839
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10840
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10841
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 10842
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 10843
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10844
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10845
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xb9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x10\\xba\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10846
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 10847
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10848
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 10849
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 10850
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059e"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 10851
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 10852
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10853
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 10854
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10855
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10856
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10857
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10858
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 10859
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 10860
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10861
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10862
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xb7\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10863
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10864
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10865
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 10866
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10867
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 10868
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10869
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Ptype_PSFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10870
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005fa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10871
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 10872
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10873
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 10874
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 10875
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 10876
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10877
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10878
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb5\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\xb6\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10879
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10880
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10881
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 10882
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 10883
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10884
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb5\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x00\\xb6\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10885
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10886
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 10887
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 10888
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fa"
              }
            ],
            "repeated": 0,
            "id": 10889
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10890
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 10891
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 10892
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10893
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc5\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10894
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00U\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10895
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10896
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x8c1N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10897
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10898
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98^\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 10899
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb6\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00h\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x008\\xcc\\x07\\x0c\\xc6\\x00\\x00\\x00X\\xcc\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 10900
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90^\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 10901
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10902
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xc3\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00W\\x00i\\x00n\\x00T\\x00y\\x00p\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10903
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80]\\xe9J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00U\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10904
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10905
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x891N\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10906
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10907
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8]\\xe9J\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 10908
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbe\\xb5\\xef\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xc8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xc8\\xc8\\x07\\x0c\\xc6\\x00\\x00\\x00\\x98\\xc8\\x07\\x0c\\xc6\\x00\\x00\\x00\\xb8\\xc8\\x07\\x0c"
              }
            ],
            "repeated": 0,
            "id": 10909
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0]\\xe9J\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 10910
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10911
          },
          {
            "timestamp": "2026-03-05 10:24:44,681",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 10912
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "3764",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3764"
              }
            ],
            "repeated": 0,
            "id": 10913
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 10914
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 10915
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 10916
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10917
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7100",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}"
              }
            ],
            "repeated": 0,
            "id": 10918
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "5092",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}"
              }
            ],
            "repeated": 0,
            "id": 10919
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "5092",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 10920
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b4e0000"
              }
            ],
            "repeated": 0,
            "id": 10921
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7136",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 10922
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7136",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4eafe6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10923
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7136",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}"
              }
            ],
            "repeated": 0,
            "id": 10924
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7136",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 10925
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "5092",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4eafe6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 10926
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 10927
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7136",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 10928
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7100",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4eafe6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10929
          },
          {
            "timestamp": "2026-03-05 10:24:44,697",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 10930
          },
          {
            "timestamp": "2026-03-05 10:24:44,728",
            "thread_id": "7136",
            "caller": "0x7ff97b6b73b4",
            "parentcaller": "0x7ff97b6b5fe3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D105A4D4-344C-48EB-9866-EE378D90658B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "04B0F1A7-9490-44BC-96E1-4296A31252E2"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10931
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97b67a1bc",
            "parentcaller": "0x7ff97b679f13",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3AD05575-8857-4850-9277-11B85BDB8E09"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "947AAB5F-0A5C-4C13-B4D6-4BF7836FC9F8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10932
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97fce6798",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 10933
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97fce67b9",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 10934
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97b67c970",
            "parentcaller": "0x7ff97b68871b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 6,
            "id": 10935
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 10936
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ConfirmFileDelete"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete"
              }
            ],
            "repeated": 0,
            "id": 10937
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741bfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 10938
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 10939
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ConfirmFileDelete"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete"
              }
            ],
            "repeated": 0,
            "id": 10940
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97e741c38",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 10941
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 10942
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "NoFileFolderConnection"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection"
              }
            ],
            "repeated": 0,
            "id": 10943
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 10944
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97eb7ee41",
            "parentcaller": "0x7ff97b5bf5c6",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "43"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00N\\x00P\\x00\\x00\\x00\\x00\\x00x\\xdf\\xe9J\\xed\\x01\\x00\\x00\\x03\\xc5\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xdf\\xe9J\\xed\\x01\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10945
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf5e4",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10946
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf666",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10947
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10948
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0'\\xeeJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10949
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10950
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10951
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10952
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10953
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10954
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\xcc[\\xc8\\xde\\xac\\xd5\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00\\x00\\x00\\x00\\x00\\x03\\x00$\\x00R\\x00e\\x00c\\x00y\\x00c\\x00l\\x00e\\x00.\\x00B\\x00i\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e,o\\x97\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\xab\\x01\\x00\\x00\\x00\\x04\\x005\\x00o\\x007\\x002\\x002\\x00x\\x00t\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 10955
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10956
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7136",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10957
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97b6b73b4",
            "parentcaller": "0x7ff97b6b5fe3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D105A4D4-344C-48EB-9866-EE378D90658B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "04B0F1A7-9490-44BC-96E1-4296A31252E2"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10958
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97b67a1bc",
            "parentcaller": "0x7ff97b679f13",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3AD05575-8857-4850-9277-11B85BDB8E09"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "947AAB5F-0A5C-4C13-B4D6-4BF7836FC9F8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10959
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e379000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10960
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97fce6798",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 10961
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97fce67b9",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 10962
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97b67c970",
            "parentcaller": "0x7ff97b68871b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 6,
            "id": 10963
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 10964
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "NoFileFolderConnection"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection"
              }
            ],
            "repeated": 0,
            "id": 10965
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 10966
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97eb7ee41",
            "parentcaller": "0x7ff97b5bf5c6",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "43"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00N\\x00P\\x00\\x00\\x00\\x00\\x00x\\xdf\\xe9J\\xed\\x01\\x00\\x00\\x03\\xc5\\xebJ\\x00\\x00\\x00\\x00\\xc8\\xdf\\xe9J\\xed\\x01\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x10\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10967
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf5e4",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\x10\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10968
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf666",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\x10\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10969
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 10970
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0c\\xedJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10971
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10972
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 10973
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10974
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10975
          },
          {
            "timestamp": "2026-03-05 10:24:44,744",
            "thread_id": "5092",
            "caller": "0x7ff97b6b73b4",
            "parentcaller": "0x7ff97b6b5fe3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D105A4D4-344C-48EB-9866-EE378D90658B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "04B0F1A7-9490-44BC-96E1-4296A31252E2"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10976
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10977
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\xcc[\\xc8\\xde\\xac\\xd5\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00\\x00\\x00\\x00\\x00\\x03\\x00$\\x00R\\x00e\\x00c\\x00y\\x00c\\x00l\\x00e\\x00.\\x00B\\x00i\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e,o\\x97\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\xab\\x01\\x00\\x00\\x00\\x04\\x005\\x00o\\x007\\x002\\x002\\x00x\\x00t\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 10978
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 10979
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10980
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e37a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10981
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97b67a1bc",
            "parentcaller": "0x7ff97b679f13",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3AD05575-8857-4850-9277-11B85BDB8E09"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "947AAB5F-0A5C-4C13-B4D6-4BF7836FC9F8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10982
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10983
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10984
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fce6798",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10985
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fce67b9",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10986
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97b67c970",
            "parentcaller": "0x7ff97b68871b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 6,
            "id": 10987
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 10988
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "NoFileFolderConnection"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection"
              }
            ],
            "repeated": 0,
            "id": 10989
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 10990
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97eb7ee41",
            "parentcaller": "0x7ff97b5bf5c6",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "43"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00N\\x00P\\x00r\\x00s\\x00x\\xdf\\xe9J\\xed\\x01\\x00\\x00\\x03\\xc5\\\\x00\\x00\\x00\\x00\\x00\\xc8\\xdf\\xe9J\\xed\\x01\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10991
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf5e4",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10992
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf666",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10993
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10994
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x87\\xedJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10995
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 10996
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10997
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10998
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10999
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11000
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\xcc[\\xc8\\xde\\xac\\xd5\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00\\x00\\x00\\x00\\x00\\x03\\x00$\\x00R\\x00e\\x00c\\x00y\\x00c\\x00l\\x00e\\x00.\\x00B\\x00i\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e,o\\x97\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\xab\\x01\\x00\\x00\\x00\\x04\\x005\\x00o\\x007\\x002\\x002\\x00x\\x00t\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 11001
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11002
          },
          {
            "timestamp": "2026-03-05 10:24:44,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11003
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11004
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11005
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11006
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11007
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11008
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11009
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11010
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11011
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11012
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11013
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00110080",
                "pretty_value": "FILE_READ_ATTRIBUTES|DELETE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\1772665622"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11014
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b568194",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11015
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11016
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11017
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11018
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11019
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11020
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11021
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11022
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11023
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11024
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11025
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11026
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11027
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11028
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11029
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11030
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00110080",
                "pretty_value": "FILE_READ_ATTRIBUTES|DELETE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694\\1772665622"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11031
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b568194",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11032
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11033
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11034
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11035
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e302000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11036
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e303000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11037
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11038
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e304000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11039
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11040
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11041
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11042
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11043
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11044
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11045
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11046
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11047
          },
          {
            "timestamp": "2026-03-05 10:24:44,775",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11048
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00110080",
                "pretty_value": "FILE_READ_ATTRIBUTES|DELETE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387\\1772665622"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11049
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b568194",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11050
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11051
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11052
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11053
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11054
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11055
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11056
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11057
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11058
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11059
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11060
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11061
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11062
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11063
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11064
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11065
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11066
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e38f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11067
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11068
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e391000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11069
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11070
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11071
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11072
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11073
          },
          {
            "timestamp": "2026-03-05 10:24:44,791",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11074
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11075
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11076
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11077
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11078
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11079
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11080
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11081
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11082
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11083
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11084
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e393000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11085
          },
          {
            "timestamp": "2026-03-05 10:24:44,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e394000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11086
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11087
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11088
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11089
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11090
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e395000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11091
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11092
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11093
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11094
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11095
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11096
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11097
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11098
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11099
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11100
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 11101
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11102
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11103
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11104
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11105
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11106
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11107
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11108
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11109
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11110
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11111
          },
          {
            "timestamp": "2026-03-05 10:24:44,822",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11112
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11113
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11114
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11115
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11116
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11117
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11118
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11119
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11120
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11121
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11122
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e341000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11123
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11124
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11125
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11126
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11127
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11128
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11129
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11130
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11131
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11132
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11133
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11134
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11135
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11136
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11137
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e342000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11138
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11139
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11140
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11141
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11142
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11143
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11144
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11145
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11146
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11147
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11148
          },
          {
            "timestamp": "2026-03-05 10:24:44,837",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11149
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11150
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11151
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11152
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11153
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11154
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11155
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11156
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11157
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11158
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11159
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11160
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11161
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11162
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11163
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11164
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11165
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11166
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11167
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11168
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11169
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11170
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11171
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11172
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11173
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11174
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11175
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11176
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11177
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11178
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11179
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11180
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11181
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11182
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11183
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11184
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11185
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11186
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11187
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11188
          },
          {
            "timestamp": "2026-03-05 10:24:44,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11189
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11190
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11191
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11192
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11193
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11194
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11195
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11196
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11197
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11198
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11199
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11200
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11201
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11202
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.FileExplorer.Common"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95e840000"
              }
            ],
            "repeated": 0,
            "id": 11203
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11204
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000608"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11205
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11206
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11207
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11208
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11209
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000608"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11210
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11211
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11212
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11213
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000608"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11214
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11215
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11216
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11217
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11218
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11219
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11220
          },
          {
            "timestamp": "2026-03-05 10:24:44,869",
            "thread_id": "7136",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11221
          },
          {
            "timestamp": "2026-03-05 10:24:44,884",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11222
          },
          {
            "timestamp": "2026-03-05 10:24:44,884",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11223
          },
          {
            "timestamp": "2026-03-05 10:24:44,884",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11224
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.FileExplorer.Common.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e840000"
              }
            ],
            "repeated": 1,
            "id": 11225
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11226
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              }
            ],
            "repeated": 0,
            "id": 11227
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "MaxUndoItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems"
              }
            ],
            "repeated": 0,
            "id": 11228
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11229
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97b5d9c94",
            "parentcaller": "0x7ff97b5be814",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 11230
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97b5db934",
            "parentcaller": "0x7ff97b5db8b7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11231
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97b5dba1b",
            "parentcaller": "0x7ff97b5db96b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11232
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97b5dba6e",
            "parentcaller": "0x7ff97b5db96b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11233
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97b5db99e",
            "parentcaller": "0x7ff97b5db8b7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11234
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b678ed7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000608"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11235
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97b5db0ef",
            "parentcaller": "0x7ff97b5db03d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\RuntimeBroker.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\RuntimeBroker.exe"
              }
            ],
            "repeated": 0,
            "id": 11236
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11237
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 11238
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11239
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11240
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97b5db934",
            "parentcaller": "0x7ff97b5db8b7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11241
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97b5dba1b",
            "parentcaller": "0x7ff97b5db96b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11242
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97b5dba6e",
            "parentcaller": "0x7ff97b5db96b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11243
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97b5db99e",
            "parentcaller": "0x7ff97b5db8b7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11244
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97b5db0ef",
            "parentcaller": "0x7ff97b5db03d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\RuntimeBroker.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\RuntimeBroker.exe"
              }
            ],
            "repeated": 0,
            "id": 11245
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11246
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11247
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11248
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed70"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11249
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11250
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11251
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11252
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000608"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000600"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11253
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11254
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````+*````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11255
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11256
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11257
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11258
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11259
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc50000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11260
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11261
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11262
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7100",
            "caller": "0x7ff97b5d9c94",
            "parentcaller": "0x7ff97b5be814",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 11263
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed20"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11264
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11265
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e397000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11266
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11267
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e398000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11268
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11269
          },
          {
            "timestamp": "2026-03-05 10:24:44,900",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000060c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11270
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e399000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11271
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11272
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11273
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11274
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11275
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11276
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed70"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11277
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11278
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11279
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11280
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eea0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11281
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000608"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11282
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11283
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 11284
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11285
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11286
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11287
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11288
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000060c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11289
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11290
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11291
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11292
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````O5````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11293
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11294
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11295
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00O\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11296
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11297
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000608"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11298
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11299
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11300
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11301
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11302
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11303
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11304
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11305
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00O\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11306
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11307
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000060c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11308
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11309
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11310
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11311
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed20"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11312
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11313
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 11314
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11315
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000608"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11316
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 11317
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````G?````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 11318
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11319
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11320
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 11321
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11322
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11323
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11324
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed70"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11325
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11326
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed70"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11327
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 11328
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11329
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 11330
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11331
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eea0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11332
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000608"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11333
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11334
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11335
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11336
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000060c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11337
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11338
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11339
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11340
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````O5````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11341
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11342
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11343
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11344
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00O\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11345
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11346
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11347
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11348
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000608"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11349
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11350
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11351
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11352
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11353
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11354
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11355
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11356
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11357
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00O\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11358
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6df040",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11359
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11360
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11361
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eec0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11362
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11363
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eec0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11364
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11365
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b68c099",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "TelemetrySalt"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TelemetrySalt"
              }
            ],
            "repeated": 0,
            "id": 11366
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11367
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b68c099",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11368
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11369
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11370
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11371
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11372
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11373
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000060c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11374
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11375
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11376
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97b5cf4dd",
            "parentcaller": "0x7ff97b5cf3bd",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00010000",
                "pretty_value": "DELETE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\1772665622"
              },
              {
                "name": "ShareAccess",
                "value": "4",
                "pretty_value": "FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11377
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cf545",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11378
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11379
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e270"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11380
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11381
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000060c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11382
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 11383
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e0f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11384
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````]5````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 11385
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11386
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11387
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11388
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11389
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11390
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000059c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "TargetHandle",
                "value": "0x000015bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11391
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00]\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 11392
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11393
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11394
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015f4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11395
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````O5````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11396
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11397
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11398
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11399
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11400
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11401
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00O\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11402
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00]\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 11403
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000608"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11404
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11405
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11406
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015f4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000060c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11407
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e140"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11408
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 11409
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11410
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11411
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11412
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11413
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11414
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11415
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11416
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11417
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00O\\x005\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11418
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 11419
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7e0000"
              }
            ],
            "repeated": 0,
            "id": 11420
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11421
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000608"
              },
              {
                "name": "SourceHandle",
                "value": "0x000015bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000060c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11422
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 11423
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e110"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11424
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11425
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e110"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11426
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11427
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11428
          },
          {
            "timestamp": "2026-03-05 10:24:44,916",
            "thread_id": "7136",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 11429
          },
          {
            "timestamp": "2026-03-05 10:24:44,931",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e35c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11430
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11431
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11432
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11433
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000604"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000d24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11434
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11435
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````)-````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11436
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11437
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11438
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00)\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11439
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11440
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d24"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 11441
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11442
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11443
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11444
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11445
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e870"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11446
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11447
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11448
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11449
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000d24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11450
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11451
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````)-````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11452
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11453
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11454
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00)\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11455
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11456
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d24"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000604"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11457
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11458
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11459
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11460
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11461
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11462
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11463
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00)\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11464
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11465
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d24"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11466
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11467
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e890"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11468
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11469
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e890"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11470
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11471
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11472
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11473
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e870"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11474
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11475
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11476
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11477
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005c0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001ed4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11478
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11479
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````U>````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11480
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11481
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11482
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00U\\x00>\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11483
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11484
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001ed4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000604"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11485
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11486
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11487
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11488
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11489
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11490
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11491
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00U\\x00>\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c076"
              }
            ],
            "repeated": 0,
            "id": 11492
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11493
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000604"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001ed4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11494
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11495
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e890"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11496
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11497
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e890"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11498
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11499
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11500
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11501
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11502
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11503
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11504
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11505
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11506
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 11507
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11508
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11509
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97b5cf4dd",
            "parentcaller": "0x7ff97b5cf3bd",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00010000",
                "pretty_value": "DELETE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694\\1772665622"
              },
              {
                "name": "ShareAccess",
                "value": "4",
                "pretty_value": "FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11510
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cf545",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11511
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11512
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11513
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11514
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11515
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11516
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000059c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000d24"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11517
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11518
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````)-````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11519
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11520
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11521
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00)\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11522
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11523
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d24"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11524
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11525
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11526
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11527
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11528
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11529
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11530
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00)\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c079"
              }
            ],
            "repeated": 0,
            "id": 11531
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11532
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d24"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000059c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11533
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11534
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11535
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11536
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11537
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 11538
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11539
          },
          {
            "timestamp": "2026-03-05 10:24:44,994",
            "thread_id": "5092",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 11540
          },
          {
            "timestamp": "2026-03-05 10:24:45,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11541
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000060c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e0f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11542
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11543
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11544
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11545
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000060c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11546
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11547
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````5B````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 11548
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11549
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11550
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 11551
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11552
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000060c"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11553
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 11554
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e140"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11555
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11556
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e140"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11557
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11558
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11559
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 11560
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11561
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000005c0"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000604"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11562
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11563
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e110"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11564
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11565
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e110"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11566
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11567
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11568
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "7136",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 11569
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 11570
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 11571
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11572
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 11573
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11574
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11575
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11576
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11577
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11578
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11579
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11580
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11581
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 11582
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11583
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11584
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              }
            ],
            "repeated": 0,
            "id": 11585
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec780",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x30cfc2fc"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac12"
              }
            ],
            "repeated": 0,
            "id": 11586
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11587
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              }
            ],
            "repeated": 0,
            "id": 11588
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e325320",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11589
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11590
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              }
            ],
            "repeated": 0,
            "id": 11591
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3254b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11592
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11593
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              }
            ],
            "repeated": 0,
            "id": 11594
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388470",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11595
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11596
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              }
            ],
            "repeated": 0,
            "id": 11597
          },
          {
            "timestamp": "2026-03-05 10:24:45,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388470",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11598
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11599
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              }
            ],
            "repeated": 0,
            "id": 11600
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388740",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb9857ecd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11601
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11602
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 11603
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388830",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11604
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11605
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 11606
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388470",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11607
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11608
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 11609
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388920",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 11610
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11611
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 11612
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388740",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 11613
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11614
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d70e9e6",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 11615
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d70ebbf",
            "parentcaller": "0x7ff97d70ea13",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 11616
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d70ea6d",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11617
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d70ea7a",
            "parentcaller": "0x7ff97e0b5860",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11618
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97e0b4cfd",
            "parentcaller": "0x7ff97e0b4a3f",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 11619
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11620
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11621
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11622
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97e0b6b30",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000600"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11623
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97e0b6b30",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000600"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11624
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11625
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11626
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97e0b6b92",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000600"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11627
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97e0b6b92",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000600"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11628
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11629
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 11630
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11631
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11632
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11633
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11634
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11635
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11636
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 11637
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000600"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 11638
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11639
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 11640
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11641
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11642
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11643
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 11644
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11645
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11646
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11647
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e714000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11648
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97e743e6d",
            "parentcaller": "0x7ff97e0b696a",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 11649
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97e0b6802",
            "parentcaller": "0x7ff97e0b6771",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": "MaxCapacity"
              },
              {
                "name": "Data",
                "value": "7167"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity"
              }
            ],
            "repeated": 0,
            "id": 11650
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97e0b68a5",
            "parentcaller": "0x7ff97e0b682c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              },
              {
                "name": "ValueName",
                "value": "NukeOnDelete"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete"
              }
            ],
            "repeated": 0,
            "id": 11651
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97e743e6d",
            "parentcaller": "0x7ff97e0b502f",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "BitBucket"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 11652
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11653
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11654
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97df2b02d",
            "parentcaller": "0x7ff97e0926c9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "LastEnum"
              },
              {
                "name": "Data",
                "value": "\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum"
              }
            ],
            "repeated": 0,
            "id": 11655
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97e0b5064",
            "parentcaller": "0x7ff97e0b4891",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11656
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e7478ef",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\1772665622"
              }
            ],
            "repeated": 0,
            "id": 11657
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 11658
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11659
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11660
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 11661
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000600"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 11662
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11663
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 11664
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11665
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11666
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11667
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11668
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 11669
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11670
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11671
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000604"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 11672
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000604"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 11673
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11674
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 11675
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11676
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0b5ccb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 11677
          },
          {
            "timestamp": "2026-03-05 10:24:45,791",
            "thread_id": "7136",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 11678
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 11679
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 11680
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11681
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000600"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 11682
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000604"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11683
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c100000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11684
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0f4000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11685
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0f4000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11686
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0f4000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11687
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0f4000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11688
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0f4000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11689
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 11690
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f9f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 11691
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0f4000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11692
          },
          {
            "timestamp": "2026-03-05 10:24:45,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c0d0000"
              }
            ],
            "repeated": 0,
            "id": 11693
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\ntmarta"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c0d0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97c0d6930"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 11694
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11695
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11696
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97c0d4f57",
            "parentcaller": "0x7ff97c0d4e70",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11697
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97c0d5834",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000624"
              },
              {
                "name": "HandleName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11698
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97c0d5284",
            "parentcaller": "0x7ff97c0d31d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 11699
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 11700
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc0\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11701
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 11702
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 11703
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xdc2N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11704
          },
          {
            "timestamp": "2026-03-05 10:24:45,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 11705
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97b6004ab",
            "parentcaller": "0x7ff97e0b5c4a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11706
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979d9472a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 1,
            "id": 11707
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*cape*AppData*Local*Microsoft*Windows*Caches*cversions.1"
              }
            ],
            "repeated": 0,
            "id": 11708
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*cape*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro"
              }
            ],
            "repeated": 0,
            "id": 11709
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979d9472a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 11710
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff979db6d71",
            "parentcaller": "0x7ff979d9382d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches"
              }
            ],
            "repeated": 0,
            "id": 11711
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11712
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979e6f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11713
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff979dbb735",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11714
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff979dbb764",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11715
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff979dbb7c4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x196N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11716
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dbb7f3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11717
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d71bdbc",
            "parentcaller": "0x7ff979dbb4a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11718
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d71be2e",
            "parentcaller": "0x7ff979dbb4a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11719
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d71bdbc",
            "parentcaller": "0x7ff979dbb4f7",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11720
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d71be2e",
            "parentcaller": "0x7ff979dbb4f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11721
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff979dbb523",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f01ff"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11722
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11723
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd874N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11724
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xe0\\xefJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x002\\x001\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x004\\x000\\x000\\x007\\x006\\x00-\\x004\\x001\\x000\\x009\\x005\\x009\\x001\\x009\\x008\\x006\\x00-\\x003\\x001\\x009\\x002\\x006\\x009\\x000\\x006\\x003\\x002\\x00-\\x00"
              }
            ],
            "repeated": 0,
            "id": 11725
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11726
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x:\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11727
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11728
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xe9\\xefJ\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 11729
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xfe\\xb7\\xdf\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xca7\\x0c\\xc6\\x00\\x00\\x00\\x88\\xca7\\x0c\\xc6\\x00\\x00\\x00X\\xca7\\x0c\\xc6\\x00\\x00\\x00x\\xca7\\x0c"
              }
            ],
            "repeated": 0,
            "id": 11730
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe9\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xc87\\x0c\\xc6\\x00\\x00\\x00,\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 11731
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "i\\xfc*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00!\\xfc*\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11732
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0854N\\xed\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xd57N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11733
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xea\\xefJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00d\\x00o\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00w\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00s\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11734
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11735
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88<\\xeaJ\\xed\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11736
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11737
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xe1\\xefJ\\xed\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 11738
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9e\\xcb\\xdf\\xbfE\\xb7\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xc67\\x0c\\xc6\\x00\\x00\\x00\\xe8\\xc67\\x0c\\xc6\\x00\\x00\\x00\\xb8\\xc67\\x0c\\xc6\\x00\\x00\\x00\\xd8\\xc67\\x0c"
              }
            ],
            "repeated": 0,
            "id": 11739
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xe1\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xc47\\x0c\\xc6\\x00\\x00\\x00,\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 11740
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dbb596",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11741
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11742
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff979dbb735",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11743
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff979dbb764",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11744
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff979dbb7c4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0a\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11745
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dbb7f3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11746
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*cape*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro"
              },
              {
                "name": "FileHandle",
                "value": "0x0000062c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"
              }
            ],
            "repeated": 0,
            "id": 11747
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979d93524",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11748
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37cd50"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11749
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff979d930c5",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*cape*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              }
            ],
            "repeated": 0,
            "id": 11750
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11751
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d717d77",
            "parentcaller": "0x7ff979dbad7f",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000630"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00p\\x01\\x00\\x00\\x00\\x00\\x00\\xc8f\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11752
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff979dbb735",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11753
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff979dbb764",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11754
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff979dbb7c4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0a\\xebJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11755
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dbb7f3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11756
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*cape*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "FileHandle",
                "value": "0x00000630"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              }
            ],
            "repeated": 0,
            "id": 11757
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dbadb7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 11758
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ed60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37dcb0"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11759
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b62aeae",
            "parentcaller": "0x7ff97b6005e1",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11760
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1838",
            "parentcaller": "0x7ff97df2bc7b",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\windows_shell_global_counters"
              }
            ],
            "repeated": 0,
            "id": 11761
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000624"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37dcc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11762
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b62aeae",
            "parentcaller": "0x7ff97b6005e1",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11763
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dba83f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11764
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979d9472a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 11765
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff979dbaf1d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11766
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff979dbaf30",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11767
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 11768
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 11769
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11770
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11771
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x81\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11772
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "[.ShellClassInfo]\r\nCLSID={645FF040-5081-101B-9F08-00AA002F954E}\r\nLocalizedResourceName=@%SystemRoot%\\system32\\shell32.dll,-8964\r\n"
              },
              {
                "name": "Length",
                "value": "129"
              }
            ],
            "repeated": 0,
            "id": 11773
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\x13\\xd9\\xd8I\\x8a\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11774
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11775
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11776
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 11777
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 11778
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11779
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11780
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed70"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11781
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11782
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11783
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11784
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11785
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11786
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````5B````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 11787
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11788
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11789
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 11790
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11791
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11792
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11793
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37edc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11794
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11795
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37edc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11796
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11797
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11798
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 11799
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11800
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11801
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11802
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11803
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11804
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11805
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11806
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11807
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11808
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed70"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11809
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11810
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11811
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11812
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000209c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11813
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11814
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````G@````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11815
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11816
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11817
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00@\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11818
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11819
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000209c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000062c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11820
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11821
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37edc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11822
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11823
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37edc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11824
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11825
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11826
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00@\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 11827
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 11828
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000062c"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000209c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 11829
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11830
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11831
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11832
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37ed90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11833
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11834
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11835
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11836
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 11837
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11838
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ApplicationDestinations"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ApplicationDestinations"
              }
            ],
            "repeated": 0,
            "id": 11839
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11840
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b67bbc1",
            "parentcaller": "0x7ff97b5acbc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11841
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11842
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 0,
            "id": 11843
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11844
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11845
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11846
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11847
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 11848
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 11849
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 11850
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 11851
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11852
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11853
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11854
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 3,
            "id": 11855
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x00000636"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 11856
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000636"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 11857
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000636"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11858
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xce7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x006\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xcf7\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11859
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 11860
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000636"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11861
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000636"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 11862
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000636"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x0000062e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 11863
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000636"
              }
            ],
            "repeated": 0,
            "id": 11864
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000062e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 11865
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000062e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11866
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xce7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00.\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xcf7\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11867
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 11868
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000062e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11869
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000062e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 11870
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\."
              }
            ],
            "repeated": 1,
            "id": 11871
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 11872
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 11873
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 11874
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 11875
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 11876
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 11877
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 11878
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 11879
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 11880
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 11881
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11882
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11883
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11884
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11885
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 11886
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 11887
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 11888
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 11889
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11890
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11891
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11892
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "*"
              },
              {
                "name": "Handle",
                "value": "0x00000636"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\*"
              }
            ],
            "repeated": 0,
            "id": 11893
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000636"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\*"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 11894
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000636"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 11895
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000636"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 11896
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\*\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 11897
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x00000632"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 11898
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000632"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 11899
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000632"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11900
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xce7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x002\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xcf7\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11901
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 11902
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000632"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 11903
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000632"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\{000214F9-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 11904
          },
          {
            "timestamp": "2026-03-05 10:24:45,884",
            "thread_id": "7136",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062e"
              }
            ],
            "repeated": 0,
            "id": 11905
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000636"
              }
            ],
            "repeated": 0,
            "id": 11906
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000632"
              }
            ],
            "repeated": 0,
            "id": 11907
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              }
            ],
            "repeated": 0,
            "id": 11908
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutexf01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11909
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11910
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11911
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11912
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11913
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11914
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11915
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11916
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11917
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11918
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11919
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11920
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11921
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11922
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11923
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11924
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11925
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11926
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11927
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11928
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11929
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11930
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 11931
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11932
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 11933
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11934
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 11935
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "coml2.dll"
              }
            ],
            "repeated": 0,
            "id": 11936
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e9b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00079000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11937
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea26000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11938
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea13000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11939
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea13000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11940
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea13000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11941
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea13000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11942
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea13000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11943
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcc4485",
            "parentcaller": "0x7ff97fd1b22d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 11944
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ea13000"
              },
              {
                "name": "ModuleName",
                "value": "coml2.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11945
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\coml2"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97e9b0000"
              }
            ],
            "repeated": 0,
            "id": 11946
          },
          {
            "timestamp": "2026-03-05 10:24:45,962",
            "thread_id": "2392",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11947
          },
          {
            "timestamp": "2026-03-05 10:24:45,962",
            "thread_id": "2392",
            "caller": "0x7ff97b67b6f3",
            "parentcaller": "0x7ff97df43106",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9E175B6D-F52A-11D8-B9A5-505054503030"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "A5EBA07A-DAE8-4D15-B12F-728EFD8A9866"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11948
          },
          {
            "timestamp": "2026-03-05 10:24:45,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11949
          },
          {
            "timestamp": "2026-03-05 10:24:45,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11950
          },
          {
            "timestamp": "2026-03-05 10:24:45,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11951
          },
          {
            "timestamp": "2026-03-05 10:24:45,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11952
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11953
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11954
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "2392",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 11955
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97e9d1858",
            "parentcaller": "0x7ff97e9d387d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\Tracing"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\Tracing"
              }
            ],
            "repeated": 0,
            "id": 11956
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97e9d1858",
            "parentcaller": "0x7ff97e9d387d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\coml2"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e9b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97e9d28f0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 11957
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11958
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97bc4f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11959
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x000\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00`\\x00\\xc6\\x00\\x00\\x00\\x88\\xe3\\x04\\x00\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11960
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "EventName",
                "value": "OleDfRoot31485BFA7566367E"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11961
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11962
          },
          {
            "timestamp": "2026-03-05 10:24:45,994",
            "thread_id": "7136",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01Z\\x0f\\xcb\\x13\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11963
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11964
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 11965
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11966
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01 N\\xeeI\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11967
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11968
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01 N\\xeeI\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11969
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11970
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 11971
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11972
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\x06\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 11973
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11974
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90V\\xbe\t\\x12\\xac\\xdc\\x01\\x03\\x00\\x00\\x00\\xc0\\x10\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 11975
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11976
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x03\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 11977
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11978
          },
          {
            "timestamp": "2026-03-05 10:24:46,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\r\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\x10\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x18\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x1f\\x00\\x00\\x00 \\x00\\x00\\x00!\\x00\\x00\\x00\"\\x00\\x00\\x00#\\x00\\x00\\x00$\\x00\\x00\\x00%\\x00\\x00\\x00&\\x00\\x00\\x00'\\x00\\x00\\x00(\\x00\\x00\\x00)\\x00\\x00\\x00*\\x00\\x00\\x00+\\x00\\x00\\x00,\\x00\\x00\\x00-\\x00\\x00\\x005\\x00\\x00\\x00/\\x00\\x00\\x000\\x00\\x00\\x001\\x00\\x00\\x002\\x00\\x00\\x003\\x00\\x00\\x004\\x00\\x00\\x00\\xfe\\xff\\xff\\xff6\\x00\\x00\\x007\\x00\\x00\\x00?\\x00\\x00\\x009\\x00\\x00\\x00:\\x00\\x00\\x00;\\x00\\x00\\x00<\\x00\\x00\\x00=\\x00\\x00\\x00>\\x00\\x00\\x00\\xfe\\xff\\xff\\xff@\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 11979
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x11\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11980
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x85]B\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x03\\x95C\\xbfk\\xdf\\xb3\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\xccl@c\\xfe\\xbb\t\\x12\\xac\\xdc\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x001\\x008\\x009\\x008\\x009\\x00B\\x001\\x00D\\x00-\\x009\\x009\\x00B\\x005\\x00-\\x004\\x005\\x005\\x00B\\x00-\\x008\\x004\\x001\\x00C\\x00-\\x00A\\x00B\\x007\\x00C\\x007\\x004\\x00E\\x004\\x00D\\x00D\\x00"
              },
              {
                "name": "Length",
                "value": "1024"
              }
            ],
            "repeated": 0,
            "id": 11981
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "@\\x17\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11982
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "_\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0A[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x007\\x005\\x004\\x00A\\x00C\\x008\\x008\\x006\\x00-\\x00D\\x00F\\x006\\x004\\x00-\\x004\\x00C\\x00B\\x00A\\x00-\\x008\\x006\\x00B\\x005\\x00-\\x00F\\x007\\x00F\\x00B\\x00F\\x004\\x00F\\x00B\\x00C\\x00E\\x00F\\x005\\x00}\\x00\\x00\\x00\\x00\\x00@\n\\xf0\\xc8\\xf6\\x1ck\\x8a\\xe4/#6\\x16\\x02"
              },
              {
                "name": "Length",
                "value": "192"
              }
            ],
            "repeated": 0,
            "id": 11983
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11984
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\xd7\\x9fA[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x003\\x007\\x004\\x00D\\x00E\\x002\\x009\\x000\\x00-\\x001\\x002\\x003\\x00F\\x00-\\x004\\x005\\x006\\x005\\x00-\\x009\\x001\\x006\\x004\\x00-\\x003\\x009\\x00C\\x004\\x009\\x002\\x005\\x00E\\x004\\x006\\x007\\x00B\\x00}\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "220"
              }
            ],
            "repeated": 0,
            "id": 11985
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11986
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000640"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 11987
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000640"
              },
              {
                "name": "SubKey",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 11988
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 11989
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category"
              }
            ],
            "repeated": 0,
            "id": 11990
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "My Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name"
              }
            ],
            "repeated": 0,
            "id": 11991
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 11992
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description"
              }
            ],
            "repeated": 0,
            "id": 11993
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 11994
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 11995
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 11996
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21779"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 11997
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-113"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 11998
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security"
              }
            ],
            "repeated": 0,
            "id": 11999
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12000
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12001
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12002
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12003
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12004
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12005
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12006
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12007
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12008
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12009
          },
          {
            "timestamp": "2026-03-05 10:24:46,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12010
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000640"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12011
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12012
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12013
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12014
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12015
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12016
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12017
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12018
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12019
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12020
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000064c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12021
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12022
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "My Pictures"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures"
              }
            ],
            "repeated": 0,
            "id": 12023
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12024
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 12025
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000064c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12026
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000064c"
              },
              {
                "name": "SubKey",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 12027
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 12028
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12029
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "My Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12030
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12031
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12032
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12033
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{1CF1260C-4DD0-4EBB-811F-33C572699FDE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12034
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12035
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21790"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12036
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-108"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12037
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12038
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12039
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12040
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12041
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12042
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12043
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12044
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12045
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12046
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12047
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12048
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12049
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000064c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12050
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12051
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12052
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12053
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12054
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12055
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12056
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12057
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12058
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12059
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000650"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12060
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12061
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "My Music"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music"
              }
            ],
            "repeated": 0,
            "id": 12062
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12063
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 12064
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000650"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12065
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000650"
              },
              {
                "name": "SubKey",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 12066
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 12067
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12068
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "My Video"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12069
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12070
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12071
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12072
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A0953C92-50DC-43BF-BE83-3742FED03C9C}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12073
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12074
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21791"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12075
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-189"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12076
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12077
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12078
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12079
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12080
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12081
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12082
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12083
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12084
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12085
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12086
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12087
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12088
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000650"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12089
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12090
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12091
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12092
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12093
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12094
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12095
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12096
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12097
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12098
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000654"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12099
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12100
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "My Video"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video"
              }
            ],
            "repeated": 0,
            "id": 12101
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12102
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 12103
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000654"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12104
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000654"
              },
              {
                "name": "SubKey",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 12105
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 12106
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12107
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12108
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12109
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12110
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12111
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12112
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12113
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21798"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12114
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12115
          },
          {
            "timestamp": "2026-03-05 10:24:46,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "S:AI(RA;IOOICI;;;;WD;(\"IMAGELOAD\",TU,0x0,0x01))"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12116
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12117
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12118
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12119
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12120
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12121
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12122
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12123
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12124
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12125
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{885A186E-A440-4ADA-812B-DB871B942259}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12126
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12127
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000654"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12128
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12129
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12130
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12131
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12132
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12133
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12134
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12135
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12136
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12137
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000658"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12138
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12139
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 12140
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12141
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000658"
              }
            ],
            "repeated": 0,
            "id": 12142
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000658"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12143
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000658"
              },
              {
                "name": "SubKey",
                "value": "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              }
            ],
            "repeated": 0,
            "id": 12144
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000658"
              }
            ],
            "repeated": 0,
            "id": 12145
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12146
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12147
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12148
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12149
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12150
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{d3162b92-9365-467a-956b-92703aca08af}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12151
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12152
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21770"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12153
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-112"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12154
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12155
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12156
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12157
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12158
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12159
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12160
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12161
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12162
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12163
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12164
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12165
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12166
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000658"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12167
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12168
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12169
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12170
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12171
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12172
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12173
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12174
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12175
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12176
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12177
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12178
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              }
            ],
            "repeated": 0,
            "id": 12179
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12180
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "066N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12181
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12182
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12183
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12184
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 12185
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12186
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12187
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 12188
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12189
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000065c"
              },
              {
                "name": "SubKey",
                "value": "{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              }
            ],
            "repeated": 0,
            "id": 12190
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 12191
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12192
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12193
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12194
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12195
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12196
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12197
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12198
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21779"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12199
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-113"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12200
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12201
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12202
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12203
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12204
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12205
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12206
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12207
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12208
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12209
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12210
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12211
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12212
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12213
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12214
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12215
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12216
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12217
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12218
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12219
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12220
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12221
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12222
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12223
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12224
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              }
            ],
            "repeated": 0,
            "id": 12225
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12226
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "026N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12227
          },
          {
            "timestamp": "2026-03-05 10:24:46,056",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12228
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12229
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12230
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 12231
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12232
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12233
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 12234
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12235
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000660"
              },
              {
                "name": "SubKey",
                "value": "{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              }
            ],
            "repeated": 0,
            "id": 12236
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 12237
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12238
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12239
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12240
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12241
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12242
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12243
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12244
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21790"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12245
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-108"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12246
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12247
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12248
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12249
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12250
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12251
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12252
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12253
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12254
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12255
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12256
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12257
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12258
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12259
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12260
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12261
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12262
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12263
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12264
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12265
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12266
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12267
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12268
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12269
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12270
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              }
            ],
            "repeated": 0,
            "id": 12271
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12272
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb026N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12273
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12274
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12275
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12276
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 12277
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12278
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12279
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 12280
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12281
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000664"
              },
              {
                "name": "SubKey",
                "value": "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              }
            ],
            "repeated": 0,
            "id": 12282
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 12283
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12284
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12285
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12286
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12287
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12288
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12289
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12290
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21791"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12291
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-189"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12292
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12293
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12294
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12295
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12296
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12297
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12298
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12299
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12300
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12301
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12302
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12303
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12304
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12305
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12306
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12307
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12308
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12309
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12310
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12311
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12312
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12313
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12314
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12315
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12316
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              }
            ],
            "repeated": 0,
            "id": 12317
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12318
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0;6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12319
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12320
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12321
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12322
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12323
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12324
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12325
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 12326
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12327
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000668"
              },
              {
                "name": "SubKey",
                "value": "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              }
            ],
            "repeated": 0,
            "id": 12328
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 12329
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12330
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12331
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12332
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12333
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12334
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{088e3905-0323-4b02-9826-5d99428e115f}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12335
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12336
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21798"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12337
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12338
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12339
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12340
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12341
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12342
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12343
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12344
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12345
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12346
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12347
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12348
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12349
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12350
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12351
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12352
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12353
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12354
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12355
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12356
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000066c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12357
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12358
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00l\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12359
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12360
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000066c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12361
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12362
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              }
            ],
            "repeated": 0,
            "id": 12363
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12364
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x95\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12365
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12366
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12367
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12368
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 12369
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12370
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12371
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12372
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 12373
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 12374
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12375
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 12376
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ThisPCDesktopFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 12377
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 12378
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 12379
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 12380
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 12381
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 12382
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21769"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 12383
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-183"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 12384
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 12385
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 12386
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 12387
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 12388
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 12389
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 12390
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 12391
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 12392
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 12393
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 12394
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 12395
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 12396
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 12397
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12398
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12399
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12400
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbf7\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12401
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 12402
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 12403
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12404
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xba7\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00p\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12405
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 12406
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 12407
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12408
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 12409
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12410
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x9c\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12411
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12412
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12413
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 12414
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 12415
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12416
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12417
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12418
          },
          {
            "timestamp": "2026-03-05 10:24:46,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 12419
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12420
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e270"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12421
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12422
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12423
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12424
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12425
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12426
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````Q?````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 12427
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12428
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12429
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 12430
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12431
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12432
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12433
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000648"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e2c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12434
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12435
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000648"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e2c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12436
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12437
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12438
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 12439
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12440
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12441
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12442
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12443
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12444
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12445
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12446
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12447
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "7100",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 12448
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 12449
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12450
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12451
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 1,
            "id": 12452
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              }
            ],
            "repeated": 1,
            "id": 12453
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutex5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12454
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12455
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12456
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12457
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12458
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12459
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12460
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12461
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12462
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12463
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12464
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12465
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12466
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12467
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12468
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12469
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12470
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12471
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12472
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12473
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12474
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12475
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12476
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 12477
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 12478
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12479
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00@\\x00\\x00\\x00P\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00P\\x00\\xed\\x01\\x00\\x00d\\xe3\\x04\\x00\\xed\\x01\\x00\\x00d\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12480
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "EventName",
                "value": "OleDfRootB5322DD18692129"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12481
          },
          {
            "timestamp": "2026-03-05 10:24:46,197",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12482
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01Z\\x0f\\xcb\\x13\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12483
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12484
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12485
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12486
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01#M\rJ\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12487
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12488
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01#M\rJ\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12489
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12490
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12491
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12492
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12493
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12494
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa2\\x92/\\x12\\xac\\xdc\\x01\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12495
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12496
          },
          {
            "timestamp": "2026-03-05 10:24:46,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 12497
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 12498
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 12499
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12500
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 12501
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12502
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12503
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12504
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387"
              }
            ],
            "repeated": 0,
            "id": 12505
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3256e0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x30cd5e2a"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac12"
              }
            ],
            "repeated": 0,
            "id": 12506
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12507
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              }
            ],
            "repeated": 0,
            "id": 12508
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12509
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12510
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              }
            ],
            "repeated": 0,
            "id": 12511
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12512
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12513
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              }
            ],
            "repeated": 0,
            "id": 12514
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12515
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12516
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              }
            ],
            "repeated": 0,
            "id": 12517
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12518
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12519
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              }
            ],
            "repeated": 0,
            "id": 12520
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb9857ecd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12521
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12522
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 12523
          },
          {
            "timestamp": "2026-03-05 10:24:46,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388880",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12524
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12525
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 12526
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e364320",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12527
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12528
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 12529
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e364370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12530
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12531
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 12532
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3643c0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 12533
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12534
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70e9e6",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 12535
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70ebbf",
            "parentcaller": "0x7ff97d70ea13",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000610"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 12536
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70ea6d",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 12537
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70ea7a",
            "parentcaller": "0x7ff97e0b5860",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12538
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97e0b4cfd",
            "parentcaller": "0x7ff97e0b4a3f",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12539
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12540
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97e0b6b30",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000610"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12541
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97e0b6b30",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000610"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12542
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12543
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12544
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97e0b6b92",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000610"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12545
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97e0b6b92",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000610"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12546
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12547
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12548
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12549
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12550
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 12551
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000610"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12552
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12553
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 12554
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12555
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12556
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12557
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 12558
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97e743e6d",
            "parentcaller": "0x7ff97e0b696a",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 12559
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97e0b6802",
            "parentcaller": "0x7ff97e0b6771",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "MaxCapacity"
              },
              {
                "name": "Data",
                "value": "7167"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity"
              }
            ],
            "repeated": 0,
            "id": 12560
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97e0b68a5",
            "parentcaller": "0x7ff97e0b682c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "NukeOnDelete"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete"
              }
            ],
            "repeated": 0,
            "id": 12561
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97e743e6d",
            "parentcaller": "0x7ff97e0b502f",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "BitBucket"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 12562
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97df2b02d",
            "parentcaller": "0x7ff97e0926c9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "LastEnum"
              },
              {
                "name": "Data",
                "value": "\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum"
              }
            ],
            "repeated": 0,
            "id": 12563
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97e0b5064",
            "parentcaller": "0x7ff97e0b4891",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12564
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e7478ef",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387\\1772665622"
              }
            ],
            "repeated": 0,
            "id": 12565
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12566
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12567
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12568
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 12569
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000610"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12570
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12571
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 12572
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12573
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12574
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12575
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12576
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12577
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12578
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12579
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 12580
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12581
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12582
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 12583
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12584
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0b5ccb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12585
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97c0d4f57",
            "parentcaller": "0x7ff97c0d4e70",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 12586
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97c0d5834",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000610"
              },
              {
                "name": "HandleName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12587
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97c0d5284",
            "parentcaller": "0x7ff97c0d31d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12588
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12589
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12590
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12591
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12592
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12593
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12594
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97e0b5c4a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12595
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12596
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12597
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12598
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12599
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12600
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12601
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12602
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````5B````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 12603
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12604
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12605
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 12606
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12607
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000644"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12608
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12609
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000644"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12610
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12611
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000644"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12612
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12613
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12614
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 12615
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12616
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12617
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12618
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12619
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12620
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12621
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12622
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12623
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12624
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12625
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12626
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12627
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12628
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12629
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12630
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````G?````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12631
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12632
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12633
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12634
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12635
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000644"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12636
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12637
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000644"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12638
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12639
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000644"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12640
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12641
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12642
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12643
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12644
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000644"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12645
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12646
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12647
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12648
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12649
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12650
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12651
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 12652
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97b67bbc1",
            "parentcaller": "0x7ff97b5acbc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12653
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12654
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 0,
            "id": 12655
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              }
            ],
            "repeated": 0,
            "id": 12656
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutexf01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12657
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12658
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12659
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12660
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12661
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12662
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12663
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12664
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12665
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12666
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12667
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12668
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12669
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12670
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12671
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12672
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12673
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12674
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12675
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12676
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12677
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12678
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12679
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12680
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12681
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12682
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe1'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x000\\x00\\x00\\x00@\\x00\\x00\\x00P\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00P\\x00\\xc6\\x00\\x00\\x00C\\xe3\\x04\\x00\\xed\\x01\\x00\\x00d\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12683
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "EventName",
                "value": "OleDfRootFC138346C613695D"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12684
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12685
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\\x1d\\xb0\\xf0I\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12686
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12687
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12688
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12689
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x017\\xfd\\x1dJ\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12690
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12691
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x017\\xfd\\x1dJ\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12692
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12693
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12694
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12695
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\x06\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12696
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12697
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90V\\xbe\t\\x12\\xac\\xdc\\x01\\x03\\x00\\x00\\x00\\xc0\\x10\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12698
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12699
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x03\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12700
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e330000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12701
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12702
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\r\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\x10\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x18\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x1f\\x00\\x00\\x00 \\x00\\x00\\x00!\\x00\\x00\\x00\"\\x00\\x00\\x00#\\x00\\x00\\x00$\\x00\\x00\\x00%\\x00\\x00\\x00&\\x00\\x00\\x00'\\x00\\x00\\x00(\\x00\\x00\\x00)\\x00\\x00\\x00*\\x00\\x00\\x00+\\x00\\x00\\x00,\\x00\\x00\\x00-\\x00\\x00\\x005\\x00\\x00\\x00/\\x00\\x00\\x000\\x00\\x00\\x001\\x00\\x00\\x002\\x00\\x00\\x003\\x00\\x00\\x004\\x00\\x00\\x00\\xfe\\xff\\xff\\xff6\\x00\\x00\\x007\\x00\\x00\\x00?\\x00\\x00\\x009\\x00\\x00\\x00:\\x00\\x00\\x00;\\x00\\x00\\x00<\\x00\\x00\\x00=\\x00\\x00\\x00>\\x00\\x00\\x00\\xfe\\xff\\xff\\xff@\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12703
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x11\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12704
          },
          {
            "timestamp": "2026-03-05 10:24:46,337",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x85]B\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x03\\x95C\\xbfk\\xdf\\xb3\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\xccl@c\\xfe\\xbb\t\\x12\\xac\\xdc\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x001\\x008\\x009\\x008\\x009\\x00B\\x001\\x00D\\x00-\\x009\\x009\\x00B\\x005\\x00-\\x004\\x005\\x005\\x00B\\x00-\\x008\\x004\\x001\\x00C\\x00-\\x00A\\x00B\\x007\\x00C\\x007\\x004\\x00E\\x004\\x00D\\x00D\\x00"
              },
              {
                "name": "Length",
                "value": "1024"
              }
            ],
            "repeated": 0,
            "id": 12705
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "@\\x17\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12706
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "_\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0A[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x007\\x005\\x004\\x00A\\x00C\\x008\\x008\\x006\\x00-\\x00D\\x00F\\x006\\x004\\x00-\\x004\\x00C\\x00B\\x00A\\x00-\\x008\\x006\\x00B\\x005\\x00-\\x00F\\x007\\x00F\\x00B\\x00F\\x004\\x00F\\x00B\\x00C\\x00E\\x00F\\x005\\x00}\\x00\\x00\\x00\\x00\\x00@\n\\xf0\\xc8\\xf6\\x1ck\\x8a\\xe4/#6\\x16\\x02"
              },
              {
                "name": "Length",
                "value": "192"
              }
            ],
            "repeated": 0,
            "id": 12707
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12708
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\xd7\\x9fA[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x003\\x007\\x004\\x00D\\x00E\\x002\\x009\\x000\\x00-\\x001\\x002\\x003\\x00F\\x00-\\x004\\x005\\x006\\x005\\x00-\\x009\\x001\\x006\\x004\\x00-\\x003\\x009\\x00C\\x004\\x009\\x002\\x005\\x00E\\x004\\x006\\x007\\x00B\\x00}\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "220"
              }
            ],
            "repeated": 0,
            "id": 12709
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "7100",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12710
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 12711
          },
          {
            "timestamp": "2026-03-05 10:24:46,369",
            "thread_id": "2392",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12712
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "2392",
            "caller": "0x7ff97b67b6f3",
            "parentcaller": "0x7ff97df43106",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9E175B6D-F52A-11D8-B9A5-505054503030"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "A5EBA07A-DAE8-4D15-B12F-728EFD8A9866"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12713
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12714
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12715
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12716
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12717
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12718
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12719
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12720
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12721
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12722
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000059c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12723
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12724
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````Q?````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12725
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12726
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12727
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12728
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12729
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000059c"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000648"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12730
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12731
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000648"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12732
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12733
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000648"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc90"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12734
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12735
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12736
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12737
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12738
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000648"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000059c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12739
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 12740
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12741
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12742
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12743
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12744
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12745
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "5092",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 12746
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12747
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12748
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "2392",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 12749
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 12750
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12751
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 12752
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5acc86",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12753
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12754
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12755
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12756
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12757
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12758
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12759
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12760
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accc1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12761
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12762
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12763
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12764
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12765
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12766
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12767
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12768
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accfa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12769
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12770
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12771
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12772
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12773
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12774
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12775
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12776
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12777
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12778
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12779
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12780
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12781
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12782
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12783
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12784
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12785
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12786
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12787
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 12788
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 12789
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12790
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be92d",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12791
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be946",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12792
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5be956",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 12793
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12794
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e680"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12795
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12796
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12797
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12798
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005b4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000630"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12799
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12800
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````Q?````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12801
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12802
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 12803
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12804
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12805
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000005b4"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000630"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12806
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 12807
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000630"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e6d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12808
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12809
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000630"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e6d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12810
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12811
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12812
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12813
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000630"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12814
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000630"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005b4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12815
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12816
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e6a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12817
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12818
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c37e6a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12819
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 12820
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12821
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "7136",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 12822
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12823
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 12824
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12825
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 1,
            "id": 12826
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              }
            ],
            "repeated": 1,
            "id": 12827
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutex5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12828
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12829
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12830
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12831
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12832
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12833
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12834
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12835
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12836
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12837
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12838
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12839
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12840
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12841
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12842
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12843
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12844
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12845
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12846
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12847
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12848
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12849
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 12850
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12851
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12852
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12853
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe1'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00@\\x00\\x00\\x00P\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00P\\x00\\xed\\x01\\x00\\x00%\\xe3\\x04\\x00\\xed\\x01\\x00\\x00d\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12854
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "EventName",
                "value": "OleDfRoot7289C22E22D310E4"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12855
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12856
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01#M\rJ\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12857
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12858
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12859
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12860
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\xd2\\xac.J\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12861
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12862
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\xd2\\xac.J\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12863
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12864
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12865
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12866
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12867
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12868
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa2\\x92/\\x12\\xac\\xdc\\x01\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 12869
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12870
          },
          {
            "timestamp": "2026-03-05 10:24:46,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 12871
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 12872
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 12873
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12874
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 12875
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12876
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12877
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12878
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694"
              }
            ],
            "repeated": 0,
            "id": 12879
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e364550",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x30d9487c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac12"
              }
            ],
            "repeated": 0,
            "id": 12880
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12881
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              }
            ],
            "repeated": 0,
            "id": 12882
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3430a0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12883
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12884
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              }
            ],
            "repeated": 0,
            "id": 12885
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3434b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12886
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12887
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              }
            ],
            "repeated": 0,
            "id": 12888
          },
          {
            "timestamp": "2026-03-05 10:24:46,462",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e343870",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12889
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12890
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              }
            ],
            "repeated": 0,
            "id": 12891
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e343870",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12892
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12893
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              }
            ],
            "repeated": 0,
            "id": 12894
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4ae65780",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb9857ecd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12895
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12896
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 12897
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec5f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12898
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12899
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 12900
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4aeec780",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12901
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12902
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 12903
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3252d0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 12904
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12905
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 12906
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3252d0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 12907
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12908
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d70e9e6",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 12909
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d70ebbf",
            "parentcaller": "0x7ff97d70ea13",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 12910
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d70ea6d",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 12911
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d70ea7a",
            "parentcaller": "0x7ff97e0b5860",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12912
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97e0b4cfd",
            "parentcaller": "0x7ff97e0b4a3f",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12913
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12914
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97e0b6b30",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000678"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12915
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97e0b6b30",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000678"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12916
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12917
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12918
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6f4e4e",
            "parentcaller": "0x7ff97e0b6b92",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000678"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12919
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6f4fdd",
            "parentcaller": "0x7ff97e0b6b92",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000678"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12920
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6f4e5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12921
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12922
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12923
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12924
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 12925
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12926
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12927
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 12928
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12929
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12930
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12931
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 12932
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97e743e6d",
            "parentcaller": "0x7ff97e0b696a",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 12933
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97e0b6802",
            "parentcaller": "0x7ff97e0b6771",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "MaxCapacity"
              },
              {
                "name": "Data",
                "value": "7167"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity"
              }
            ],
            "repeated": 0,
            "id": 12934
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97e0b68a5",
            "parentcaller": "0x7ff97e0b682c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              },
              {
                "name": "ValueName",
                "value": "NukeOnDelete"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete"
              }
            ],
            "repeated": 0,
            "id": 12935
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97e743e6d",
            "parentcaller": "0x7ff97e0b502f",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "BitBucket"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 12936
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97df2b02d",
            "parentcaller": "0x7ff97e0926c9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "LastEnum"
              },
              {
                "name": "Data",
                "value": "\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum"
              }
            ],
            "repeated": 0,
            "id": 12937
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97e0b5064",
            "parentcaller": "0x7ff97e0b4891",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12938
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e7478ef",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694\\1772665622"
              }
            ],
            "repeated": 0,
            "id": 12939
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12940
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12941
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12942
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 12943
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12944
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12945
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 12946
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12947
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12948
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12949
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12950
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 12951
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12952
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12953
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 12954
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 12955
          },
          {
            "timestamp": "2026-03-05 10:24:46,478",
            "thread_id": "5092",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 12956
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 12957
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12958
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0b5ccb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 12959
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97c0d4f57",
            "parentcaller": "0x7ff97c0d4e70",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 12960
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97c0d5834",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12961
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97c0d5284",
            "parentcaller": "0x7ff97c0d31d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12962
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12963
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbc\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12964
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12965
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97e056492",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12966
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e0564e7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12967
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e056507",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12968
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97e0b5c4a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12969
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12970
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12971
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12972
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 12973
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12974
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12975
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 12976
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````Q?````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12977
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12978
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12979
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12980
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12981
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12982
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12983
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e910"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12984
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12985
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e910"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12986
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 12987
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12988
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 12989
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 12990
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000678"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 12991
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 12992
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12993
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12994
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12995
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 12996
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12997
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12998
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12999
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13000
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13001
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13002
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 13003
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13004
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````+*````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 13005
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13006
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 13007
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 13008
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13009
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000634"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 13010
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 13011
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e910"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13012
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13013
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000634"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e910"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13014
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13015
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13016
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 13017
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13018
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000634"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000678"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 13019
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13020
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13021
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13022
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e8e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13023
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 13024
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13025
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13026
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 13027
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97b67bbc1",
            "parentcaller": "0x7ff97b5acbc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13028
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13029
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 0,
            "id": 13030
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              }
            ],
            "repeated": 0,
            "id": 13031
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutexf01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13032
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13033
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13034
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13035
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13036
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13037
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13038
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13039
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13040
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13041
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13042
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13043
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13044
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13045
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13046
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13047
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13048
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13049
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13050
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13051
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13052
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13053
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 13054
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13055
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13056
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13057
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xdb\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x000\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00`\\x00\\xc6\\x00\\x00\\x00\\x88\\xe3\\x04\\x00\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13058
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "EventName",
                "value": "OleDfRoot63FDC67FD9FF1831"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13059
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13060
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\\x98\\xc1\"J\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13061
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13062
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 13063
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13064
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\n\\x99:J\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13065
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13066
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\n\\x99:J\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13067
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13068
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 13069
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13070
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\x06\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 13071
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13072
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90V\\xbe\t\\x12\\xac\\xdc\\x01\\x03\\x00\\x00\\x00\\xc0\\x10\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 13073
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13074
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x03\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 13075
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13076
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\r\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\x10\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x18\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x1f\\x00\\x00\\x00 \\x00\\x00\\x00!\\x00\\x00\\x00\"\\x00\\x00\\x00#\\x00\\x00\\x00$\\x00\\x00\\x00%\\x00\\x00\\x00&\\x00\\x00\\x00'\\x00\\x00\\x00(\\x00\\x00\\x00)\\x00\\x00\\x00*\\x00\\x00\\x00+\\x00\\x00\\x00,\\x00\\x00\\x00-\\x00\\x00\\x005\\x00\\x00\\x00/\\x00\\x00\\x000\\x00\\x00\\x001\\x00\\x00\\x002\\x00\\x00\\x003\\x00\\x00\\x004\\x00\\x00\\x00\\xfe\\xff\\xff\\xff6\\x00\\x00\\x007\\x00\\x00\\x00?\\x00\\x00\\x009\\x00\\x00\\x00:\\x00\\x00\\x00;\\x00\\x00\\x00<\\x00\\x00\\x00=\\x00\\x00\\x00>\\x00\\x00\\x00\\xfe\\xff\\xff\\xff@\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 13077
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x11\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13078
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x85]B\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x03\\x95C\\xbfk\\xdf\\xb3\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\xccl@c\\xfe\\xbb\t\\x12\\xac\\xdc\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x001\\x008\\x009\\x008\\x009\\x00B\\x001\\x00D\\x00-\\x009\\x009\\x00B\\x005\\x00-\\x004\\x005\\x005\\x00B\\x00-\\x008\\x004\\x001\\x00C\\x00-\\x00A\\x00B\\x007\\x00C\\x007\\x004\\x00E\\x004\\x00D\\x00D\\x00"
              },
              {
                "name": "Length",
                "value": "1024"
              }
            ],
            "repeated": 0,
            "id": 13079
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "@\\x17\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13080
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "_\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0A[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x007\\x005\\x004\\x00A\\x00C\\x008\\x008\\x006\\x00-\\x00D\\x00F\\x006\\x004\\x00-\\x004\\x00C\\x00B\\x00A\\x00-\\x008\\x006\\x00B\\x005\\x00-\\x00F\\x007\\x00F\\x00B\\x00F\\x004\\x00F\\x00B\\x00C\\x00E\\x00F\\x005\\x00}\\x00\\x00\\x00\\x00\\x00@\n\\xf0\\xc8\\xf6\\x1ck\\x8a\\xe4/#6\\x16\\x02"
              },
              {
                "name": "Length",
                "value": "192"
              }
            ],
            "repeated": 0,
            "id": 13081
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13082
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000634"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\xd7\\x9fA[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x003\\x007\\x004\\x00D\\x00E\\x002\\x009\\x000\\x00-\\x001\\x002\\x003\\x00F\\x00-\\x004\\x005\\x006\\x005\\x00-\\x009\\x001\\x006\\x004\\x00-\\x003\\x009\\x00C\\x004\\x009\\x002\\x005\\x00E\\x004\\x006\\x007\\x00B\\x00}\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "220"
              }
            ],
            "repeated": 0,
            "id": 13083
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13084
          },
          {
            "timestamp": "2026-03-05 10:24:46,525",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 13085
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 13086
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13087
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 13088
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5acc86",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13089
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13090
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13091
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13092
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13093
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13094
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13095
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13096
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accc1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13097
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13098
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13099
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13100
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13101
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13102
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13103
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13104
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accfa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13105
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13106
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13107
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13108
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13109
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13110
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13111
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13112
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13113
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13114
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13115
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13116
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13117
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13118
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13119
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13120
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13121
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13122
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13123
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13124
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 13125
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13126
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be92d",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\x10\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13127
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be946",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\x10\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13128
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5be956",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13129
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13130
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000510"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e800"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13131
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13132
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13133
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13134
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000510"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000610"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 13135
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13136
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````+*````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 13137
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13138
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13139
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 13140
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13141
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000510"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000610"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 13142
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13143
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e850"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13144
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13145
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000610"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e850"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13146
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 13147
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13148
          },
          {
            "timestamp": "2026-03-05 10:24:46,556",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 13149
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 13150
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x0000067c"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000680"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 13151
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13152
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000680"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e820"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13153
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13154
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000680"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e820"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13155
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 13156
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13157
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "7100",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 13158
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "2392",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13159
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "2392",
            "caller": "0x7ff97b67b6f3",
            "parentcaller": "0x7ff97df43106",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9E175B6D-F52A-11D8-B9A5-505054503030"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "A5EBA07A-DAE8-4D15-B12F-728EFD8A9866"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13160
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 13161
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 13162
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13163
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 13164
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13165
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13166
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13167
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13168
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13169
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13170
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13171
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13172
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13173
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13174
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x003\\x00\r\\x00\n\\x00"
              },
              {
                "name": "Length",
                "value": "174"
              }
            ],
            "repeated": 0,
            "id": 13175
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "-j\\xb5\\xc9\\xde\\xac\\xd5\\x01\\xad\\x84FJ\\x8a\\xac\\xdc\\x01\\xb8\\x818{\\xde\\xac\\xd5\\x01\\xd9\\x81w\\x97\\xf6\\xab\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13176
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13177
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13178
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13179
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13180
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13181
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5efd75",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13182
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13183
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13184
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13185
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13186
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13187
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13188
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13189
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13190
          },
          {
            "timestamp": "2026-03-05 10:24:46,587",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13191
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13192
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13193
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13194
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13195
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13196
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13197
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd~\\x85\\xb9\\x11\\xac\\xdc\\x01\\xb4\\x1b\\x8d\\x13\\x8a\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa3\\x01\\x00\\x00\\x00\\x02\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13198
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13199
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13200
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13201
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13202
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13203
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13204
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13205
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13206
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13207
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13208
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13209
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00O\\x00N\\x00T\\x00E\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00S\\x00D\\x00K\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13210
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13211
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13212
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13213
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13214
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13215
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13216
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13217
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xc2\\xcf0\\x12\\xac\\xdc\\x01\\xf5\\xbbA:\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00:\\x97\\x01\\x00\\x00\\x00\\x04\\x003\\x003\\x008\\x003\\x008\\x008\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 13218
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13219
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13220
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 13221
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 13222
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13223
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13224
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13225
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13226
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13227
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13228
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13229
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21769"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13230
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-183"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13231
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13232
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13233
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13234
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13235
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13236
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13237
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13238
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13239
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13240
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13241
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13242
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13243
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13244
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13245
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13246
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13247
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb57\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13248
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 13249
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 13250
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 13251
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xb17\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00D\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13252
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 13253
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 13254
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 13255
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Desktop"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop"
              }
            ],
            "repeated": 0,
            "id": 13256
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13257
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13258
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13259
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13260
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13261
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\Desktop\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13262
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Desktop\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13263
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Desktop\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x006\\x009\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 13264
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000670"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Desktop\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "B\\xfa\\xc4\\xba\\x11\\xac\\xdc\\x01WIKJ\\x8a\\xac\\xdc\\x01B\\xfa\\xc4\\xba\\x11\\xac\\xdc\\x01B\\xfa\\xc4\\xba\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13265
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13266
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13267
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13268
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13269
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13270
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 13271
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13272
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              }
            ],
            "repeated": 0,
            "id": 13273
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 13274
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13275
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              }
            ],
            "repeated": 0,
            "id": 13276
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13277
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13278
          },
          {
            "timestamp": "2026-03-05 10:24:46,619",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 13279
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13280
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13281
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13282
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13283
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13284
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13285
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13286
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13287
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13288
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13289
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13290
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13291
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13292
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13293
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13294
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13295
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13296
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13297
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13298
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13299
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13300
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13301
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13302
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13303
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13304
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13305
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb57\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13306
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 13307
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000680"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 13308
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 13309
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xb17\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x80\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13310
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 13311
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000680"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 13312
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 13313
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 13314
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13315
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000680"
              },
              {
                "name": "SubKey",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 13316
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 13317
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13318
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13319
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13320
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13321
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppData\\Roaming"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13322
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13323
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13324
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13325
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13326
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13327
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13328
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13329
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13330
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13331
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13332
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13333
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13334
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13335
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13336
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13337
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13338
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13339
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13340
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 13341
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 13342
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13343
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData"
              }
            ],
            "repeated": 0,
            "id": 13344
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13345
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13346
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13347
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13348
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13349
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13350
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\Documents\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13351
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Documents\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x92\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13352
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Documents\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x007\\x000\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "402"
              }
            ],
            "repeated": 0,
            "id": 13353
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Documents\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "&\\xc0\\xc9\\xba\\x11\\xac\\xdc\\x01\\x13\\xacMJ\\x8a\\xac\\xdc\\x01*4\\xdf\\xba\\x11\\xac\\xdc\\x01*4\\xdf\\xba\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13354
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13355
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13356
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13357
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13358
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13359
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13360
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13361
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13362
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13363
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\Music\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13364
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Music\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13365
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Music\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x000\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 13366
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Music\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "&\\xc0\\xc9\\xba\\x11\\xac\\xdc\\x01\\xc3\rPJ\\x8a\\xac\\xdc\\x01\\xe2\\xab\\xd5\\xba\\x11\\xac\\xdc\\x01\\xe2\\xab\\xd5\\xba\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13367
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13368
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13369
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13370
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13371
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13372
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13373
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13374
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13375
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13376
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\Pictures\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13377
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Pictures\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13378
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Pictures\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x007\\x009\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 13379
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Pictures\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "B\\xfa\\xc4\\xba\\x11\\xac\\xdc\\x01\\xc3\rPJ\\x8a\\xac\\xdc\\x01\\xde^\\xc7\\xba\\x11\\xac\\xdc\\x01\\xde^\\xc7\\xba\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13380
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13381
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13382
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13383
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13384
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13385
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13386
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13387
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13388
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13389
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\Videos\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13390
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Videos\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13391
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Videos\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x001\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 13392
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Videos\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x81\\xe7\\xb1\\xba\\x11\\xac\\xdc\\x01\\xc3\rPJ\\x8a\\xac\\xdc\\x01\\xde^\\xc7\\xba\\x11\\xac\\xdc\\x01\\xde^\\xc7\\xba\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13393
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13394
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13395
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13396
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13397
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13398
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13399
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13400
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13401
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13402
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\Downloads\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13403
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Downloads\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13404
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Downloads\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x008\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 13405
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\Downloads\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe2\\xab\\xd5\\xba\\x11\\xac\\xdc\\x01\\xc3\rPJ\\x8a\\xac\\xdc\\x01\\xe2\\xab\\xd5\\xba\\x11\\xac\\xdc\\x01\\xe2\\xab\\xd5\\xba\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13406
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13407
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13408
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13409
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13410
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13411
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13412
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13413
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 13414
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13415
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13416
          },
          {
            "timestamp": "2026-03-05 10:24:46,650",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "OneDrive"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13417
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13418
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13419
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "OneDrive"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13420
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13421
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13422
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\System32\\SettingSyncCore.dll,-1024"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13423
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1040"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13424
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13425
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13426
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13427
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13428
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13429
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13430
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13431
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13432
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "Data",
                "value": "64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13433
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13434
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13435
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13436
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13437
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13438
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13439
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13440
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb57\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13441
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 13442
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 13443
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13444
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xb17\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00p\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13445
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 13446
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 13447
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13448
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 13449
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13450
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0-1N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13451
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 13452
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 13453
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 13454
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13455
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13456
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13457
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 13458
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13459
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 13460
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13461
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13462
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13463
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\OneDrive\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13464
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\OneDrive\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13465
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\OneDrive\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "[.ShellClassInfo]\r\nIconResource=C:\\Users\\cape\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe,1\r\n"
              },
              {
                "name": "Length",
                "value": "95"
              }
            ],
            "repeated": 0,
            "id": 13466
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000644"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\OneDrive\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8s#\\x16\\x12\\xac\\xdc\\x01jpRJ\\x8a\\xac\\xdc\\x01\\xf8s#\\x16\\x12\\xac\\xdc\\x01\\xf8s#\\x16\\x12\\xac\\xdc\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13467
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 13468
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13469
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7136"
              }
            ],
            "repeated": 0,
            "id": 13470
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 13471
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0xc60b89c281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13472
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 13473
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13474
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000644"
              },
              {
                "name": "SubKey",
                "value": "{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}"
              }
            ],
            "repeated": 0,
            "id": 13475
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 13476
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13477
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13478
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13479
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13480
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13481
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13482
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13483
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13484
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13485
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13486
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13487
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13488
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13489
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13490
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13491
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13492
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13493
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13494
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13495
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13496
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13497
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13498
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13499
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97df24145",
            "parentcaller": "0x7ff97b64be42",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x000005b6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 13500
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b6"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "18446744073449767213"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13501
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b6"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 13502
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b6"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 13503
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b6"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Data",
                "value": "5243433"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 13504
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b64bf75",
            "parentcaller": "0x7ff97b60ec15",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b6"
              }
            ],
            "repeated": 0,
            "id": 13505
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 13506
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 13507
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 13508
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 13509
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "{59031A47-3F72-44A7-89C5-5595FE6B30EE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}"
              }
            ],
            "repeated": 0,
            "id": 13510
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13511
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 13512
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13513
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 13514
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 13515
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13516
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 13517
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13518
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 13519
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 13520
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13521
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 13522
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13523
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 13524
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b67c229",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegateSuppressionPolicy"
              },
              {
                "name": "Data",
                "value": "{92803FB4-7706-4035-ACD7-F63E069D3697}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy"
              }
            ],
            "repeated": 0,
            "id": 13525
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b67c229",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 13526
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13527
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreventItemCreationInUsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder"
              }
            ],
            "repeated": 0,
            "id": 13528
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2a965",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13529
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13530
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreventItemCreationInUsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder"
              }
            ],
            "repeated": 0,
            "id": 13531
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2a9a0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13532
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 13533
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13534
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 13535
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b67c2b5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegate"
              },
              {
                "name": "Data",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate"
              }
            ],
            "repeated": 0,
            "id": 13536
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b67c2b5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13537
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x0000067e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 13538
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067e"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Data",
                "value": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 13539
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13540
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13541
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13542
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13543
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 13544
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 13545
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 13546
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13547
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b5e8013",
            "parentcaller": "0x7ff97b664fb2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13548
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b665003",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067e"
              },
              {
                "name": "SubKey",
                "value": "InitPropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13549
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13550
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "17"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13551
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "DescriptionID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID"
              }
            ],
            "repeated": 0,
            "id": 13552
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 13553
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 13554
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "RecursiveSearch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch"
              }
            ],
            "repeated": 0,
            "id": 13555
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 13556
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 13557
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "7136",
            "caller": "0x7ff97b62e10b",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 13558
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b62e153",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 13559
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b62e194",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000680"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 13560
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b62e21a",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 13561
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b62e1d6",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000688"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 13562
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000686"
              }
            ],
            "repeated": 0,
            "id": 13563
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b6018b9",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 13564
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b6018ab",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067e"
              }
            ],
            "repeated": 0,
            "id": 13565
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff97b60cab5",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 13566
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b6707cc",
            "parentcaller": "0x7ff97b604518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13567
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b679aad",
            "parentcaller": "0x7ff97b651a23",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13568
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              }
            ],
            "repeated": 0,
            "id": 13569
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "{00BCFC5A-ED94-4e48-96A1-3F6217F21990}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}"
              }
            ],
            "repeated": 0,
            "id": 13570
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 13571
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              }
            ],
            "repeated": 0,
            "id": 13572
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 13573
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "{0762D272-C50A-4BB0-A382-697DCD729B80}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}"
              }
            ],
            "repeated": 0,
            "id": 13574
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              }
            ],
            "repeated": 0,
            "id": 13575
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              }
            ],
            "repeated": 0,
            "id": 13576
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "{0ddd015d-b06c-45d5-8c4c-f59713854639}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}"
              }
            ],
            "repeated": 0,
            "id": 13577
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}"
              }
            ],
            "repeated": 0,
            "id": 13578
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              }
            ],
            "repeated": 0,
            "id": 13579
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "{12D4C69E-24AD-4923-BE19-31321C43A767}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}"
              }
            ],
            "repeated": 0,
            "id": 13580
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 13581
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 13582
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "{190337d1-b8ca-4121-a639-6d472d16972a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}"
              }
            ],
            "repeated": 0,
            "id": 13583
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 13584
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 13585
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 13586
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 13587
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "Name",
                "value": "{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              }
            ],
            "repeated": 0,
            "id": 13588
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "Name",
                "value": "{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 13589
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "Name",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 13590
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "Name",
                "value": "{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              }
            ],
            "repeated": 0,
            "id": 13591
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "Name",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 13592
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "Name",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 13593
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "Name",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 13594
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "Name",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 13595
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "Name",
                "value": "{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 13596
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "Name",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 13597
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "Name",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 13598
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "Name",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 13599
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "Name",
                "value": "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              }
            ],
            "repeated": 0,
            "id": 13600
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "Name",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 13601
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "Name",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 13602
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "Name",
                "value": "{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              }
            ],
            "repeated": 0,
            "id": 13603
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "Name",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 13604
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "Name",
                "value": "{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              }
            ],
            "repeated": 0,
            "id": 13605
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "Name",
                "value": "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 13606
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "Name",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 13607
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "Name",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 13608
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "Name",
                "value": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              }
            ],
            "repeated": 0,
            "id": 13609
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "Name",
                "value": "{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 13610
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "Name",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 13611
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "Name",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 13612
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "Name",
                "value": "{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 13613
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "Name",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 13614
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "Name",
                "value": "{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 13615
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "Name",
                "value": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              }
            ],
            "repeated": 0,
            "id": 13616
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "Name",
                "value": "{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 13617
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "Name",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 13618
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "Name",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 13619
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "Name",
                "value": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              }
            ],
            "repeated": 0,
            "id": 13620
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "Name",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 13621
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "Name",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 13622
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "Name",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 13623
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "Name",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 13624
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13625
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13626
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "Name",
                "value": "{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              }
            ],
            "repeated": 0,
            "id": 13627
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "Name",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 13628
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "Name",
                "value": "{6D809377-6AF0-444b-8957-A3773F02200E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}"
              }
            ],
            "repeated": 0,
            "id": 13629
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "Name",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 13630
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "Name",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 13631
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "Name",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 13632
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "Name",
                "value": "{767E6811-49CB-4273-87C2-20F355E1085B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}"
              }
            ],
            "repeated": 0,
            "id": 13633
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "Name",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 13634
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "Name",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 13635
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "Name",
                "value": "{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              }
            ],
            "repeated": 0,
            "id": 13636
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "Name",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 13637
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "Name",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 13638
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "68"
              },
              {
                "name": "Name",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 13639
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "69"
              },
              {
                "name": "Name",
                "value": "{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              }
            ],
            "repeated": 0,
            "id": 13640
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "70"
              },
              {
                "name": "Name",
                "value": "{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              }
            ],
            "repeated": 0,
            "id": 13641
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "71"
              },
              {
                "name": "Name",
                "value": "{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              }
            ],
            "repeated": 0,
            "id": 13642
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "72"
              },
              {
                "name": "Name",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 13643
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "73"
              },
              {
                "name": "Name",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 13644
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "74"
              },
              {
                "name": "Name",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 13645
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "75"
              },
              {
                "name": "Name",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 13646
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "76"
              },
              {
                "name": "Name",
                "value": "{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              }
            ],
            "repeated": 0,
            "id": 13647
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "77"
              },
              {
                "name": "Name",
                "value": "{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 13648
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "78"
              },
              {
                "name": "Name",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 13649
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "79"
              },
              {
                "name": "Name",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 13650
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "80"
              },
              {
                "name": "Name",
                "value": "{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 13651
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "81"
              },
              {
                "name": "Name",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              }
            ],
            "repeated": 0,
            "id": 13652
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "82"
              },
              {
                "name": "Name",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 13653
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "83"
              },
              {
                "name": "Name",
                "value": "{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              }
            ],
            "repeated": 0,
            "id": 13654
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "84"
              },
              {
                "name": "Name",
                "value": "{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 13655
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "85"
              },
              {
                "name": "Name",
                "value": "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              }
            ],
            "repeated": 0,
            "id": 13656
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "86"
              },
              {
                "name": "Name",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 13657
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "87"
              },
              {
                "name": "Name",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 13658
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "88"
              },
              {
                "name": "Name",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 13659
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "89"
              },
              {
                "name": "Name",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 13660
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "90"
              },
              {
                "name": "Name",
                "value": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 13661
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "91"
              },
              {
                "name": "Name",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 13662
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "92"
              },
              {
                "name": "Name",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 13663
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "93"
              },
              {
                "name": "Name",
                "value": "{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 13664
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "94"
              },
              {
                "name": "Name",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 13665
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "95"
              },
              {
                "name": "Name",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 13666
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "96"
              },
              {
                "name": "Name",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 13667
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "97"
              },
              {
                "name": "Name",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 13668
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "98"
              },
              {
                "name": "Name",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 13669
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "99"
              },
              {
                "name": "Name",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 13670
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "100"
              },
              {
                "name": "Name",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 13671
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "101"
              },
              {
                "name": "Name",
                "value": "{b7bede81-df94-4682-a7d8-57a52620b86f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}"
              }
            ],
            "repeated": 0,
            "id": 13672
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "102"
              },
              {
                "name": "Name",
                "value": "{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 13673
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "103"
              },
              {
                "name": "Name",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 13674
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "104"
              },
              {
                "name": "Name",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 13675
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "105"
              },
              {
                "name": "Name",
                "value": "{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              }
            ],
            "repeated": 0,
            "id": 13676
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "106"
              },
              {
                "name": "Name",
                "value": "{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              }
            ],
            "repeated": 0,
            "id": 13677
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "107"
              },
              {
                "name": "Name",
                "value": "{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              }
            ],
            "repeated": 0,
            "id": 13678
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "108"
              },
              {
                "name": "Name",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 13679
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "109"
              },
              {
                "name": "Name",
                "value": "{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              }
            ],
            "repeated": 0,
            "id": 13680
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "110"
              },
              {
                "name": "Name",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 13681
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "111"
              },
              {
                "name": "Name",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 13682
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "112"
              },
              {
                "name": "Name",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 13683
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "113"
              },
              {
                "name": "Name",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 13684
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "114"
              },
              {
                "name": "Name",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 13685
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "115"
              },
              {
                "name": "Name",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 13686
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "116"
              },
              {
                "name": "Name",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 13687
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "117"
              },
              {
                "name": "Name",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 13688
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "118"
              },
              {
                "name": "Name",
                "value": "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              }
            ],
            "repeated": 0,
            "id": 13689
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "119"
              },
              {
                "name": "Name",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 13690
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "120"
              },
              {
                "name": "Name",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 13691
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "121"
              },
              {
                "name": "Name",
                "value": "{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 13692
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "122"
              },
              {
                "name": "Name",
                "value": "{df7266ac-9274-4867-8d55-3bd661de872d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}"
              }
            ],
            "repeated": 0,
            "id": 13693
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "123"
              },
              {
                "name": "Name",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 13694
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "124"
              },
              {
                "name": "Name",
                "value": "{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 13695
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "125"
              },
              {
                "name": "Name",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 13696
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "126"
              },
              {
                "name": "Name",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 13697
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "127"
              },
              {
                "name": "Name",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 13698
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "128"
              },
              {
                "name": "Name",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 13699
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "129"
              },
              {
                "name": "Name",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 13700
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "130"
              },
              {
                "name": "Name",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 13701
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "131"
              },
              {
                "name": "Name",
                "value": "{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              }
            ],
            "repeated": 0,
            "id": 13702
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "132"
              },
              {
                "name": "Name",
                "value": "{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              }
            ],
            "repeated": 0,
            "id": 13703
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "2392",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 13704
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "133"
              },
              {
                "name": "Name",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 13705
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "134"
              },
              {
                "name": "Name",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 13706
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "135"
              },
              {
                "name": "Name",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 13707
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "Index",
                "value": "136"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\"
              }
            ],
            "repeated": 0,
            "id": 13708
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b651b1a",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13709
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13710
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              }
            ],
            "repeated": 0,
            "id": 13711
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13712
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13713
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Searches"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13714
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13715
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13716
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Searches"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13717
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13718
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13719
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-9031"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13720
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-18"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13721
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13722
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13723
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13724
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13725
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13726
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13727
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13728
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13729
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13730
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13731
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{0b0ba2e3-405f-415e-a6ee-cad625207853}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13732
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13733
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000688"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13734
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 13735
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b62d8eb",
            "parentcaller": "0x7ff97b62cfdf",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13736
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 13737
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 13738
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 13739
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 13740
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13741
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13742
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 13743
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 13744
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13745
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa27\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00|\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13746
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 13747
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 13748
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13749
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              }
            ],
            "repeated": 0,
            "id": 13750
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13751
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0<6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13752
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 13753
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 13754
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 13755
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 13756
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 13757
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 13758
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13759
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13760
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 13761
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13762
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13763
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesCommon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13764
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13765
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13766
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13767
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13768
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13769
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13770
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13771
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13772
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13773
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13774
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13775
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13776
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13777
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13778
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13779
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13780
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13781
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13782
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13783
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000688"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13784
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 13785
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13786
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000688"
              },
              {
                "name": "SubKey",
                "value": "{2112AB0A-C86A-4FFE-A368-0DE96E47012E}"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 13787
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 13788
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13789
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "MusicLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13790
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13791
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13792
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13793
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13794
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13795
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34584"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13796
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1004"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13797
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13798
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13799
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13800
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13801
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13802
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13803
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13804
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13805
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13806
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13807
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13808
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13809
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13810
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13811
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13812
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}"
              }
            ],
            "repeated": 0,
            "id": 13813
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13814
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13815
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PublicLibraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13816
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13817
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13818
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13819
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13820
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13821
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13822
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13823
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13824
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13825
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13826
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13827
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13828
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13829
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13830
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13831
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13832
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13833
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13834
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13835
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13836
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13837
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13838
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 13839
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13840
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13841
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13842
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13843
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13844
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13845
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13846
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13847
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21799"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13848
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13849
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "D:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13850
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13851
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13852
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13853
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13854
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13855
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13856
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13857
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13858
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13859
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13860
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13861
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13862
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13863
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13864
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 13865
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13866
          },
          {
            "timestamp": "2026-03-05 10:24:46,759",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13867
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataDocuments"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13868
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13869
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13870
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13871
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13872
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13873
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13874
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13875
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13876
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13877
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13878
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13879
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13880
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13881
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13882
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13883
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13884
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13885
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13886
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13887
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13888
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13889
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13890
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000670"
              },
              {
                "name": "SubKey",
                "value": "{767E6811-49CB-4273-87C2-20F355E1085B}"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}"
              }
            ],
            "repeated": 0,
            "id": 13891
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 13892
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13893
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "OneDriveCameraRoll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13894
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13895
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13896
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Camera Roll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13897
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13898
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13899
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13900
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13901
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13902
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13903
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13904
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13905
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13906
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13907
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13908
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13909
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "Data",
                "value": "64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13910
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13911
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{b3690e58-e961-423b-b687-386ebfd83239}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13912
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13913
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000670"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13914
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13915
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13916
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000684"
              },
              {
                "name": "SubKey",
                "value": "{E25B5812-BE88-4BD9-94B0-29233477B6C3}"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4BD9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 13917
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 13918
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13919
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SavedPicturesLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13920
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13921
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13922
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "SavedPictures.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13923
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13924
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13925
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13926
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13927
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13928
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13929
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13930
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13931
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13932
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13933
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13934
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13935
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13936
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13937
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13938
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13939
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000684"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13940
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13941
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13942
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 13943
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13944
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13945
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "MAPIFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13946
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13947
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13948
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13949
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}\\*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 13950
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 13951
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 13952
          },
          {
            "timestamp": "2026-03-05 10:24:46,775",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 13953
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security"
              }
            ],
            "repeated": 0,
            "id": 13954
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 13955
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 13956
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 13957
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 13958
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 13959
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 13960
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 13961
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 13962
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 13963
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 13964
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 13965
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 13966
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 13967
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 13968
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 13969
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 13970
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13971
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 13972
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x10\\x97\\xe9J\\xed\\x01\\x00\\x00\\x90\\x9f\\xe9J\\xed\\x01\\x00\\x00H\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13973
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 13974
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 13975
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000648"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 13976
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 13977
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13978
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13979
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 13980
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 13981
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 13982
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 13983
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 13984
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 13985
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 13986
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 13987
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13988
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 13989
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 13990
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 13991
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 13992
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}"
              }
            ],
            "repeated": 0,
            "id": 13993
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 13994
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 13995
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Quick Launch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 13996
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 13997
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 13998
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Internet Explorer\\Quick Launch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 13999
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14000
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14001
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14002
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14003
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14004
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14005
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14006
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14007
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14008
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14009
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14010
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14011
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14012
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14013
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14014
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14015
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14016
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14017
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14018
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 14019
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14020
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14021
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesCommonX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14022
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14023
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14024
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14025
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14026
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14027
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14028
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14029
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14030
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14031
          },
          {
            "timestamp": "2026-03-05 10:24:46,791",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14032
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14033
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14034
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14035
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14036
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14037
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14038
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14039
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14040
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14041
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000688"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14042
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 14043
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14044
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000688"
              },
              {
                "name": "SubKey",
                "value": "{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              }
            ],
            "repeated": 0,
            "id": 14045
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 14046
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14047
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "OneDriveDocuments"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14048
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14049
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14050
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14051
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14052
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14053
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14054
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14055
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14056
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14057
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14058
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14059
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14060
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14061
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14062
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14063
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "Data",
                "value": "64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14064
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14065
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{DD61BD66-70E8-48dd-9655-65C5E1AAC2D1}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14066
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14067
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14068
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14069
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14070
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 14071
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14072
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14073
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "3D Objects"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14074
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14075
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14076
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "3D Objects"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14077
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14078
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14079
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21825"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14080
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-198"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14081
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14082
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14083
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14084
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14085
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14086
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14087
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14088
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14089
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14090
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14091
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{b3690e58-e961-423b-b687-386ebfd83239}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14092
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14093
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14094
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14095
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14096
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14097
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14098
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14099
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14100
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14101
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 14102
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 14103
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14104
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa27\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14105
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 14106
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 14107
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14108
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 14109
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14110
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0>6N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14111
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 14112
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 14113
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 14114
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14115
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14116
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14117
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 14118
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14119
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000068c"
              },
              {
                "name": "SubKey",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 14120
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 14121
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14122
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ConnectionsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14123
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14124
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14125
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14126
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14127
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14128
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14129
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14130
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14131
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14132
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14133
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14134
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14135
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14136
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14137
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14138
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14139
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14140
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14141
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14142
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14143
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14144
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14145
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 14146
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14147
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14148
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PrintersFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14149
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14150
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14151
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14152
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{2227A280-3AEA-1069-A2DE-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14153
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14154
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14155
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14156
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14157
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14158
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14159
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14160
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14161
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14162
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14163
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14164
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14165
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14166
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14167
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14168
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000068c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14169
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 14170
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14171
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 14172
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14173
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14174
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{491E922F-5643-4AF4-A7EB-4E7A138D8174}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4AF4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 14175
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 14176
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14177
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14178
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 0,
            "id": 14179
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14180
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 0,
            "id": 14181
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              }
            ],
            "repeated": 0,
            "id": 14182
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14183
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14184
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutex5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14185
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14186
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14187
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 14188
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14189
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14190
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14191
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 14192
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14193
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14194
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 14195
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14196
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14197
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000068c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14198
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14199
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14200
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14201
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14202
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14203
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14204
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\x8d\\xeaJ\\xed\\x01\\x00\\x00Pc\\xe6J\\xed\\x01\\x00\\x00|\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14205
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 14206
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14207
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14208
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 14209
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14210
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14211
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 14212
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 14213
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14214
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 14215
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 14216
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14217
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 14218
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xdb\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00`\\x00\\xed\\x01\\x00\\x00\\x88\\xe3\\x04\\x00\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14219
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 14220
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14221
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 14222
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14223
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14224
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14225
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 14226
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14227
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "5092",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000063c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14228
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14229
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ResourceDir"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14230
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14231
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14232
          },
          {
            "timestamp": "2026-03-05 10:24:46,822",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14233
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14234
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14235
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14236
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14237
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14238
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14239
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14240
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14241
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14242
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14243
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14244
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14245
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14246
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e331000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14247
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14248
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14249
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14250
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14251
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14252
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14253
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 14254
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14255
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14256
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Startup"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14257
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14258
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14259
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "StartUp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14260
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14261
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14262
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21787"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14263
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14264
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14265
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14266
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14267
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14268
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14269
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14270
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14271
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14272
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14273
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14274
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14275
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14276
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14277
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 14278
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14279
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "{DEBF2536-E1A8-4C59-B6A2-414586476AEA}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4C59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 14280
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 14281
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14282
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PublicGameTasks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14283
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14284
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14285
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\GameExplorer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14286
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14287
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14288
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14289
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14290
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14291
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14292
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14293
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14294
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14295
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14296
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14297
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14298
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14299
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14300
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14301
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14302
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14303
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14304
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14305
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}"
              }
            ],
            "repeated": 0,
            "id": 14306
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14307
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14308
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SyncSetupFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14309
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14310
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14311
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14312
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14313
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14314
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14315
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14316
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14317
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14318
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14319
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14320
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14321
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14322
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14323
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14324
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14325
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14326
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14327
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14328
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14329
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 14330
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14331
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000648"
              },
              {
                "name": "SubKey",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 14332
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 14333
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14334
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonVideo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14335
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14336
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14337
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14338
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14339
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14340
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21804"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14341
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14342
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14343
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14344
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14345
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14346
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14347
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14348
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14349
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14350
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14351
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14352
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14353
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14354
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14355
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14356
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14357
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14358
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14359
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14360
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14361
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14362
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 14363
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14364
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14365
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14366
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14367
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14368
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14369
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14370
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14371
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14372
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14373
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14374
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14375
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14376
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14377
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14378
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14379
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14380
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14381
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14382
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14383
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14384
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14385
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14386
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14387
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14388
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 14389
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14390
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14391
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 14392
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14393
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14394
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SyncResultsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14395
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14396
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14397
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14398
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14399
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14400
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14401
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14402
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14403
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14404
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14405
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14406
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14407
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14408
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14409
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14410
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14411
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14412
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14413
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14414
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14415
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14416
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14417
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 14418
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14419
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14420
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ConflictFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14421
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14422
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14423
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14424
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{E413D040-6788-4C22-957E-175D1C513A34},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14425
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14426
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14427
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14428
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14429
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14430
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14431
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14432
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14433
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14434
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14435
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14436
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14437
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14438
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14439
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14440
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14441
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14442
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14443
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 14444
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14445
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14446
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "RecycleBinFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14447
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14448
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14449
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14450
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{645FF040-5081-101B-9F08-00AA002F954E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14451
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14452
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14453
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14454
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14455
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14456
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14457
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14458
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14459
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14460
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14461
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14462
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14463
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14464
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14465
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14466
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14467
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14468
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14469
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14470
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14471
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14472
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 14473
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14474
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14475
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CSCFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14476
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14477
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14478
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14479
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14480
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14481
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14482
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14483
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14484
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14485
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14486
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14487
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14488
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14489
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14490
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14491
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14492
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14493
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14494
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14495
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14496
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14497
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14498
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000063c"
              },
              {
                "name": "SubKey",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 14499
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 14500
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14501
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14502
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14503
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14504
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14505
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14506
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14507
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14508
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14509
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14510
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14511
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14512
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14513
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14514
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14515
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14516
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14517
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14518
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14519
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14520
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14521
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14522
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14523
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14524
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 14525
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14526
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14527
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14528
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14529
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14530
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14531
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14532
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14533
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21782"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14534
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14535
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14536
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14537
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14538
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14539
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14540
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14541
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14542
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14543
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14544
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14545
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14546
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14547
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14548
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14549
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14550
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 14551
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14552
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14553
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NetHood"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14554
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14555
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14556
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Network Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14557
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14558
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14559
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14560
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14561
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14562
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14563
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14564
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14565
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14566
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14567
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14568
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14569
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14570
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14571
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14572
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14573
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14574
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14575
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14576
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14577
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000674"
              },
              {
                "name": "SubKey",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 14578
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 14579
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14580
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Contacts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14581
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14582
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14583
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Contacts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14584
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14585
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%CommonProgramFiles%\\system\\wab32res.dll,-10200"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14586
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%CommonProgramFiles%\\system\\wab32res.dll,-10100"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14587
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-181"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14588
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14589
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14590
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14591
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14592
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14593
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14594
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14595
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14596
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14597
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14598
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{de2b70ec-9bf7-4a93-bd3d-243f7881d492}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14599
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14600
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14601
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14602
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14603
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14604
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14605
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14606
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14607
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14608
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14609
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 14610
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 14611
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14612
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa27\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\x90\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14613
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 14614
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 14615
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14616
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 14617
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14618
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xf5:N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14619
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 14620
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 14621
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 14622
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14623
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14624
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14625
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14626
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14627
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000694"
              },
              {
                "name": "SubKey",
                "value": "{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}"
              }
            ],
            "repeated": 0,
            "id": 14628
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14629
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14630
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UserProgramFilesCommon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14631
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14632
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14633
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Common"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14634
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14635
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14636
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14637
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14638
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14639
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14640
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14641
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14642
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14643
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14644
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14645
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14646
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14647
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14648
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14649
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14650
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14651
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14652
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14653
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"
              },
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"
              }
            ],
            "repeated": 0,
            "id": 14654
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14655
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14656
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Roaming Tiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14657
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14658
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14659
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\RoamingTiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14660
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14661
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14662
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14663
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14664
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14665
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14666
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14667
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14668
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14669
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14670
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14671
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14672
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14673
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14674
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14675
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14676
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000694"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14677
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14678
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14679
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14680
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 14681
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 14682
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14683
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14684
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14685
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xf4:N\\xed\\x01\\x00\\x00 \\xf8:N\\xed\\x01\\x00\\x00\\x94\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14686
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000694"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 14687
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000694"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14688
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000694"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14689
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 14690
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14691
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14692
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 14693
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 14694
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14695
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 14696
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 14697
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14698
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 14699
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 14700
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14701
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000694"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 14702
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14703
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14704
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14705
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14706
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14707
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14708
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000694"
              },
              {
                "name": "SubKey",
                "value": "{A302545D-DEFF-464B-ABE8-61C8648D939B}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464B-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 14709
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 14710
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14711
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UsersLibrariesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14712
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14713
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14714
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14715
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14716
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14717
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14718
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14719
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14720
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14721
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14722
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14723
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14724
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14725
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14726
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14727
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14728
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14729
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14730
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14731
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000694"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14732
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14733
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14734
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 14735
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14736
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14737
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Cookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14738
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14739
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14740
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\INetCookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14741
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14742
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14743
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14744
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14745
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14746
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14747
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14748
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14749
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14750
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14751
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14752
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14753
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14754
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14755
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14756
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14757
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14758
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14759
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14760
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 14761
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14762
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14763
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "LocalizedResourcesDir"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14764
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14765
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14766
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14767
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14768
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14769
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14770
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14771
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14772
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14773
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14774
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14775
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14776
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14777
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14778
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14779
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14780
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14781
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14782
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14783
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14784
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14785
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14786
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 14787
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14788
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14789
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonRingtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14790
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14791
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14792
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14793
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14794
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14795
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14796
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14797
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14798
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14799
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14800
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14801
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14802
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14803
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14804
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14805
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14806
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14807
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14808
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14809
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14810
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14811
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14812
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 14813
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14814
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14815
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "GameTasks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14816
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14817
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14818
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\GameExplorer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14819
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14820
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14821
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14822
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14823
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14824
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14825
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14826
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14827
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14828
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14829
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14830
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14831
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14832
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14833
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14834
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14835
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14836
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14837
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14838
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 14839
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14840
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14841
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14842
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14843
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14844
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14845
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14846
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14847
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21796"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14848
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-115"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14849
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14850
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14851
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14852
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14853
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14854
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14855
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14856
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14857
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14858
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14859
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14860
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14861
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14862
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14863
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14864
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14865
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14866
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14867
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14868
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14869
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 14870
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 14871
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14872
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa27\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00|\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14873
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 14874
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 14875
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14876
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Favorites"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites"
              }
            ],
            "repeated": 0,
            "id": 14877
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14878
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14879
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14880
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 14881
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 14882
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 14883
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14884
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14885
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14886
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xf0:N\\xed\\x01\\x00\\x00\\xa0\\xf7:N\\xed\\x01\\x00\\x00\\x98\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14887
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 14888
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14889
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000698"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14890
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 14891
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14892
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14893
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 14894
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 14895
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14896
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 14897
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 14898
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 14899
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 14900
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 14901
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14902
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 14903
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14904
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14905
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 14906
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14907
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 14908
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14909
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 14910
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14911
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14912
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 14913
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14914
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14915
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "HomeGroupFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14916
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14917
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14918
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14919
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14920
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14921
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14922
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1013"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14923
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14924
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14925
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14926
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14927
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14928
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14929
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14930
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14931
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14932
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14933
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14934
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14935
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000063c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14936
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14937
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14938
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 14939
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14940
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14941
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SendTo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14942
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14943
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14944
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\SendTo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14945
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14946
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14947
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14948
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14949
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14950
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14951
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14952
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14953
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14954
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14955
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14956
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14957
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14958
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14959
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14960
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14961
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14962
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14963
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14964
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}"
              }
            ],
            "repeated": 0,
            "id": 14965
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 14966
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14967
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PublicAccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14968
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14969
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14970
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14971
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14972
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14973
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 14974
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 14975
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security"
              }
            ],
            "repeated": 0,
            "id": 14976
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 14977
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 14978
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 14979
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 14980
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 14981
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 14982
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 14983
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 14984
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 14985
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 14986
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 14987
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 14988
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14989
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 14990
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{BCB5256F-79F6-4CEE-B725-DC34E402FD46}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCB5256F-79F6-4CEE-B725-DC34E402FD46}"
              }
            ],
            "repeated": 0,
            "id": 14991
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 14992
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category"
              }
            ],
            "repeated": 0,
            "id": 14993
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ImplicitAppShortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name"
              }
            ],
            "repeated": 0,
            "id": 14994
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 14995
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description"
              }
            ],
            "repeated": 0,
            "id": 14996
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "ImplicitAppShortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 14997
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 14998
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 14999
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15000
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15001
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15002
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15003
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15004
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15005
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15006
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15007
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15008
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15009
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15010
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15011
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15012
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15013
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15014
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15015
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15016
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 15017
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15018
          },
          {
            "timestamp": "2026-03-05 10:24:46,962",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15019
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15020
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15021
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15022
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15023
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15024
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15025
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21762"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15026
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15027
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15028
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15029
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15030
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15031
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15032
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15033
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15034
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15035
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15036
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15037
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15038
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15039
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15040
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15041
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15042
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15043
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15044
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15045
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15046
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xf2:N\\xed\\x01\\x00\\x00`\\xf7:N\\xed\\x01\\x00\\x00\\x90\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15047
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15048
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15049
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000690"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15050
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 15051
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15052
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15053
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15054
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15055
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15056
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15057
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15058
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15059
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 15060
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 15061
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15062
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 15063
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15064
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15065
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15066
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}"
              }
            ],
            "repeated": 0,
            "id": 15067
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15068
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15069
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AddNewProgramsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15070
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15071
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15072
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15073
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15074
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15075
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15076
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15077
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15078
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15079
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15080
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15081
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15082
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15083
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15084
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15085
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15086
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15087
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15088
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15089
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15090
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15091
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15092
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 15093
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15094
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15095
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Captures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15096
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15097
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15098
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Captures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15099
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15100
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15101
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21826"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15102
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15103
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15104
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15105
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15106
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15107
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15108
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15109
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15110
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15111
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15112
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15113
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15114
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15115
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15116
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15117
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15118
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{0762D272-C50A-4BB0-A382-697DCD729B80}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}"
              }
            ],
            "repeated": 0,
            "id": 15119
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15120
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15121
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UserProfiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15122
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15123
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15124
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15125
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15126
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15127
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21813"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15128
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15129
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "D:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;WD)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15130
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15131
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15132
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15133
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15134
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15135
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15136
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15137
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15138
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15139
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15140
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15141
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15142
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15143
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15144
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 15145
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15146
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15147
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "InternetFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15148
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15149
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15150
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15151
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{871C5380-42A0-1069-A2EA-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15152
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15153
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15154
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15155
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15156
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15157
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15158
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15159
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15160
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15161
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15162
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15163
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15164
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15165
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15166
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15167
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000069c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15168
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              }
            ],
            "repeated": 0,
            "id": 15169
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15170
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000069c"
              },
              {
                "name": "SubKey",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 15171
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              }
            ],
            "repeated": 0,
            "id": 15172
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15173
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CameraRollLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15174
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15175
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15176
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "CameraRoll.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15177
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15178
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15179
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34582"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15180
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15181
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15182
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15183
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15184
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15185
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15186
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15187
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15188
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15189
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15190
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15191
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15192
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15193
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000069c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15194
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15195
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15196
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 15197
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15198
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15199
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15200
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15201
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15202
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15203
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15204
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15205
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21782"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15206
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15207
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15208
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15209
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15210
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15211
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15212
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15213
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15214
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15215
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15216
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15217
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15218
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15219
          },
          {
            "timestamp": "2026-03-05 10:24:46,994",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15220
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15221
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15222
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "{6D809377-6AF0-444B-8957-A3773F02200E}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}"
              }
            ],
            "repeated": 0,
            "id": 15223
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15224
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15225
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesX64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15226
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15227
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15228
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15229
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15230
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15231
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15232
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15233
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15234
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15235
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15236
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15237
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15238
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15239
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15240
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15241
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15242
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15243
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15244
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15245
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15246
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15247
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15248
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 15249
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15250
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15251
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataDesktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15252
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15253
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15254
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15255
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15256
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15257
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15258
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15259
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15260
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15261
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15262
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15263
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15264
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15265
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15266
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15267
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15268
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15269
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15270
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15271
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15272
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15273
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15274
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 15275
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15276
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15277
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Camera Roll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15278
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15279
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15280
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Camera Roll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15281
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15282
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15283
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21824"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15284
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15285
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15286
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15287
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15288
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15289
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15290
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15291
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15292
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15293
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15294
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15295
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15296
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "Data",
                "value": "{B26388EA-AD62-430f-AF5C-CFA63BFE94A6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15297
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15298
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15299
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15300
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              }
            ],
            "repeated": 0,
            "id": 15301
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15302
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15303
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "MyComputerFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15304
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15305
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15306
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15307
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15308
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15309
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15310
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15311
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15312
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15313
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15314
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15315
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15316
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000610"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 15317
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15318
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15319
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15320
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15321
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15322
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15323
          },
          {
            "timestamp": "2026-03-05 10:24:47,009",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15324
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15325
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15326
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15327
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 15328
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15329
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15330
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5efd75",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15331
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15332
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15333
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15334
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15335
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15336
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15337
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15338
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15339
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15340
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 15341
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15342
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15343
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15344
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15345
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15346
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15347
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15348
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 15349
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15350
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000610"
              },
              {
                "name": "SubKey",
                "value": "{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}"
              }
            ],
            "repeated": 0,
            "id": 15351
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 15352
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15353
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 15354
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15355
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15356
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15357
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15358
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15359
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15360
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15361
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15362
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15363
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15364
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 15365
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15366
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000610"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15367
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15368
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15369
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 15370
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15371
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15372
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15373
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15374
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Application Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15375
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15376
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15377
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-50704"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15378
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15379
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15380
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15381
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15382
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15383
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15384
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15385
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15386
          },
          {
            "timestamp": "2026-03-05 10:24:47,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15387
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15388
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15389
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15390
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15391
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"
              }
            ],
            "repeated": 0,
            "id": 15392
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15393
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15394
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 15395
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15396
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15397
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21823"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15398
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15399
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15400
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15401
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15402
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15403
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15404
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15405
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15406
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15407
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15408
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15409
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 15410
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15411
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15412
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SavedPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15413
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15414
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15415
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Saved Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15416
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15417
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15418
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15419
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15420
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15421
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15422
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15423
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15424
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15425
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 15426
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15427
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15428
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15429
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15430
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15431
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15432
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15433
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15434
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15435
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15436
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15437
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 15438
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15439
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15440
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15441
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 15442
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15443
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15444
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15445
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15446
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15447
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15448
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15449
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15450
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15451
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006a0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15452
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15453
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 15454
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15455
          },
          {
            "timestamp": "2026-03-05 10:24:47,041",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15456
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15457
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a0"
              },
              {
                "name": "SubKey",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 15458
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15459
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15460
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15461
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15462
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15463
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15464
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15465
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15466
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21802"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15467
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15468
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15469
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15470
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15471
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15472
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15473
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15474
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15475
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15476
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15477
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15478
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15479
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15480
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15481
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15482
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15483
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{1E87508D-89C2-42F0-8A7E-645A0F50CA58}"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1E87508D-89C2-42F0-8A7E-645A0F50CA58}"
              }
            ],
            "repeated": 0,
            "id": 15484
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15485
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15486
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15487
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15488
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15489
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15490
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{4234d49b-0245-4df3-b780-3893943456e1}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15491
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15492
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15493
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15494
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15495
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15496
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15497
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15498
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15499
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15500
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15501
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15502
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15503
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15504
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15505
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15506
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15507
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15508
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15509
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 15510
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15511
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15512
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PrintHood"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15513
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15514
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15515
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Printer Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15516
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15517
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15518
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15519
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15520
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15521
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15522
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15523
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15524
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15525
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15526
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15527
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15528
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15529
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15530
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15531
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15532
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15533
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15534
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15535
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 15536
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15537
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15538
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Development Files"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15539
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15540
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15541
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "DevelopmentFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15542
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15543
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15544
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15545
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15546
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15547
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15548
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15549
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15550
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15551
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15552
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15553
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15554
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15555
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15556
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15557
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15558
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15559
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15560
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15561
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 15562
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15563
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15564
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PhotoAlbums"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15565
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15566
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15567
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Slide Shows"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15568
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15569
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15570
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21819"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15571
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15572
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15573
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15574
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15575
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15576
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15577
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15578
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15579
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15580
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15581
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15582
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15583
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15584
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15585
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15586
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15587
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15588
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15589
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15590
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15591
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xf8:N\\xed\\x01\\x00\\x00\\xe0\\xf9:N\\xed\\x01\\x00\\x00\\xa4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15592
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15593
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15594
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15595
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 15596
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15597
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15598
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15599
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15600
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15601
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15602
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15603
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15604
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 15605
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 15606
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15607
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 15608
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15609
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15610
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15611
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 15612
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15613
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15614
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 15615
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15616
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15617
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppMods"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15618
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15619
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15620
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppMods"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15621
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15622
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15623
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21829"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15624
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15625
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15626
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15627
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15628
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15629
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15630
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15631
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15632
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15633
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15634
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15635
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15636
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15637
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15638
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15639
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 15640
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15641
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15642
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b604a08",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15643
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15644
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15645
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b604e1c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 15646
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 15647
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15648
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa27\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\xa4\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15649
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15650
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 15651
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15652
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b605374",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 15653
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15654
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xf8:N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15655
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 15656
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d316b14",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 15657
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d316ba0",
            "parentcaller": "0x7ff97d3157df",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 15658
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              }
            ],
            "repeated": 0,
            "id": 15659
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15660
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15661
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15662
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15663
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15664
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 15665
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 15666
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15667
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15668
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15669
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xfa:N\\xed\\x01\\x00\\x00\\xa0\\xf8:N\\xed\\x01\\x00\\x00\\x98\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15670
          },
          {
            "timestamp": "2026-03-05 10:24:47,072",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15671
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15672
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000698"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15673
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 15674
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15675
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15676
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15677
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15678
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15679
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15680
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15681
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15682
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 15683
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 15684
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15685
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 15686
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15687
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15688
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 15689
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15690
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15691
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15692
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{A305CE99-F527-492B-8B1A-7E76FA98D6E4}"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A305CE99-F527-492B-8B1A-7E76FA98D6E4}"
              }
            ],
            "repeated": 0,
            "id": 15693
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15694
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15695
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppUpdatesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15696
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15697
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15698
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15699
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15700
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15701
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15702
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15703
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15704
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15705
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15706
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15707
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15708
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15709
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15710
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15711
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15712
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15713
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15714
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15715
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15716
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15717
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15718
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "{3D644C9B-1FB8-4F30-9B45-F670235F79C0}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 15719
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15720
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15721
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonDownloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15722
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15723
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15724
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15725
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15726
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15727
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21808"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15728
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15729
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15730
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15731
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15732
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15733
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15734
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15735
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15736
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15737
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15738
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15739
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15740
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15741
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15742
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15743
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15744
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 15745
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 15746
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 15747
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15748
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15749
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15750
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xff:N\\xed\\x01\\x00\\x00\\xa0\\xf9:N\\xed\\x01\\x00\\x00\\x98\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15751
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15752
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15753
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000698"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15754
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 15755
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15756
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15757
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15758
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e75a",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15759
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15760
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 15761
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64df3c",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 15762
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 15763
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 15764
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 15765
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15766
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 15767
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15768
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15769
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 15770
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15771
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 15772
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15773
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              }
            ],
            "repeated": 0,
            "id": 15774
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15775
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15776
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "OneDriveMusic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15777
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15778
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15779
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15780
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15781
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15782
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15783
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15784
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15785
          },
          {
            "timestamp": "2026-03-05 10:24:47,087",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15786
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15787
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15788
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15789
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15790
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15791
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15792
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "Data",
                "value": "64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15793
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15794
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{672ECD7E-AF04-4399-875C-0290845B6247}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15795
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15796
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15797
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15798
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15799
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "{12D4C69E-24AD-4923-BE19-31321C43A767}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}"
              }
            ],
            "repeated": 0,
            "id": 15800
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15801
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15802
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Retail Demo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15803
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15804
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15805
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\RetailDemo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15806
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15807
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15808
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15809
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15810
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15811
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15812
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15813
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15814
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15815
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15816
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15817
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15818
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15819
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15820
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15821
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15822
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15823
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15824
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15825
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 15826
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15827
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15828
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Start Menu Places"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15829
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15830
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15831
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Start Menu Places"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15832
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15833
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15834
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15835
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15836
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15837
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15838
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15839
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15840
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15841
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15842
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15843
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15844
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15845
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15846
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15847
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15848
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15849
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15850
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15851
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a8"
              },
              {
                "name": "SubKey",
                "value": "{A990AE9F-A03B-4E80-94BC-9912D7504104}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4E80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 15852
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15853
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15854
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PicturesLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15855
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15856
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15857
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15858
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15859
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15860
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34595"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15861
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1003"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15862
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15863
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15864
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15865
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15866
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15867
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15868
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15869
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15870
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15871
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15872
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15873
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15874
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15875
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15876
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15877
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 15878
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15879
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15880
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Public"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15881
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15882
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15883
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15884
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15885
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15886
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21816"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15887
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15888
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "D:PAI(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICIIO;0x1301ff;;;IU)(A;;0x1200af;;;IU)(A;OICIIO;0x1301ff;;;SU)(A;;0x1200af;;;SU)(A;OICIIO;0x1301ff;;;S-1-5-3)(A;;0x1200af;;;S-1-5-3)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15889
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15890
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15891
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15892
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15893
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15894
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15895
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15896
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15897
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15898
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15899
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15900
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15901
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 15902
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15903
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b8"
              },
              {
                "name": "SubKey",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 15904
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 15905
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15906
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "RecordedTVLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15907
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15908
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15909
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "RecordedTV.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15910
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15911
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15912
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-34615"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15913
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1008"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15914
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15915
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15916
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15917
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15918
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15919
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15920
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15921
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15922
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60873d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15923
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b6087ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15924
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608817",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15925
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60887c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15926
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15927
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15928
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15929
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 15930
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15931
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60830d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15932
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b608370",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataProgramData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15933
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60844a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15934
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15935
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "ProgramData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15936
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15937
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15938
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "7136",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97b60860b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15939
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 15940
          },
          {
            "timestamp": "2026-03-05 10:24:47,119",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 15941
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 15942
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "5092",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5acc86",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15943
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15944
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15945
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15946
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15947
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15948
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15949
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15950
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15951
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15952
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15953
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15954
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15955
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15956
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15957
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15958
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15959
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 15960
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15961
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b8"
              },
              {
                "name": "SubKey",
                "value": "{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 15962
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 15963
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15964
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "HomeGroupCurrentUserFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15965
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15966
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15967
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15968
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\$CurrentUser$"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15969
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15970
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15971
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15972
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15973
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 15974
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 15975
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 15976
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 15977
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 15978
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 15979
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 15980
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 15981
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15982
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 15983
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 15984
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 15985
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15986
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 15987
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 15988
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 15989
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category"
              }
            ],
            "repeated": 0,
            "id": 15990
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "LocalAppDataLow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name"
              }
            ],
            "repeated": 0,
            "id": 15991
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 15992
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description"
              }
            ],
            "repeated": 0,
            "id": 15993
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AppData\\LocalLow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 15994
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 15995
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 15996
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 15997
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 15998
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "S:(ML;OICI;NW;;;LW)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security"
              }
            ],
            "repeated": 0,
            "id": 15999
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16000
          },
          {
            "timestamp": "2026-03-05 10:24:47,134",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16001
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16002
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16003
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16004
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16005
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16006
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16007
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "8192"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16008
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16009
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16010
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16011
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16012
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16013
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 16014
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16015
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16016
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Roamed Tile Images"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16017
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16018
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16019
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\RoamedTileImages"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16020
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16021
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16022
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16023
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16024
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16025
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16026
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16027
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16028
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16029
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16030
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16031
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16032
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16033
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16034
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16035
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16036
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16037
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16038
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16039
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}"
              }
            ],
            "repeated": 0,
            "id": 16040
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16041
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16042
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ProgramFilesCommonX64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16043
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16044
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16045
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16046
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16047
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16048
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16049
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16050
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16051
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16052
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16053
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16054
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16055
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16056
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16057
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16058
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16059
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16060
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16061
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16062
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16063
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16064
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16065
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 16066
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16067
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16068
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CryptoKeys"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16069
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16070
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16071
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16072
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16073
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16074
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16075
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16076
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16077
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16078
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16079
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16080
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16081
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16082
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16083
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16084
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16085
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16086
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16087
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16088
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16089
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16090
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16091
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 16092
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16093
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16094
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Original Images"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16095
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16096
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16097
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows Photo Gallery\\Original Images"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16098
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16099
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16100
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16101
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16102
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16103
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16104
          },
          {
            "timestamp": "2026-03-05 10:24:47,150",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16105
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16106
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16107
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16108
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16109
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16110
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16111
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16112
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16113
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16114
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16115
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16116
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16117
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{9E3995AB-1F9C-4F13-B827-48B24B6C7174}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}"
              }
            ],
            "repeated": 0,
            "id": 16118
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16119
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16120
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "User Pinned"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16121
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16122
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16123
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "User Pinned"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16124
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16125
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16126
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16127
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16128
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16129
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16130
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16131
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16132
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16133
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16134
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16135
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16136
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16137
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16138
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16139
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16140
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16141
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16142
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16143
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{DF7266AC-9274-4867-8D55-3BD661DE872D}"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DF7266AC-9274-4867-8D55-3BD661DE872D}"
              }
            ],
            "repeated": 0,
            "id": 16144
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16145
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16146
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ChangeRemoveProgramsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16147
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16148
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16149
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16150
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16151
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df6e8",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16152
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16153
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16154
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16155
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16156
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16157
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16158
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16159
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16160
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16161
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16162
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16163
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16164
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16165
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16166
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16167
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16168
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16169
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16170
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000067c"
              },
              {
                "name": "SubKey",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 16171
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16172
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16173
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Common Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16174
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16175
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16176
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16177
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16178
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16179
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21801"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16180
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16181
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16182
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16183
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16184
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16185
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16186
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16187
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16188
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16189
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16190
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16191
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16192
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16193
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000067c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16194
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16195
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16196
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006b4"
              },
              {
                "name": "SubKey",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 16197
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b4"
              }
            ],
            "repeated": 0,
            "id": 16198
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16199
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SystemX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16200
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16201
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16202
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16203
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16204
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16205
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16206
          },
          {
            "timestamp": "2026-03-05 10:24:47,166",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16207
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16208
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16209
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16210
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16211
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16212
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16213
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16214
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16215
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16216
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16217
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16218
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16219
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16220
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 16221
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16222
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              }
            ],
            "repeated": 0,
            "id": 16223
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 16224
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16225
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16226
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16227
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16228
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\AccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16229
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16230
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16231
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38305"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16232
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16233
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16234
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16235
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16236
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16237
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16238
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16239
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16240
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16241
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16242
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16243
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16244
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16245
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16246
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 16247
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16248
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000698"
              },
              {
                "name": "SubKey",
                "value": "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              }
            ],
            "repeated": 0,
            "id": 16249
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 16250
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16251
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "OneDrivePictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16252
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16253
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16254
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16255
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16256
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16257
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16258
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16259
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16260
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16261
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16262
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16263
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16264
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16265
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16266
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16267
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16268
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16269
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{71D642A9-F2B1-42cd-AD92-EB9300C7CC0A}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16270
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16271
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000698"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16272
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 16273
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16274
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000690"
              },
              {
                "name": "SubKey",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 16275
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 16276
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16277
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CommonMusic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16278
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16279
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16280
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16281
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16282
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16283
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21803"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16284
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16285
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16286
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16287
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16288
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16289
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16290
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16291
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16292
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16293
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16294
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16295
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16296
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16297
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16298
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16299
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16300
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              },
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              }
            ],
            "repeated": 0,
            "id": 16301
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16302
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16303
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SearchHistoryFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16304
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16305
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16306
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\ConnectedSearch\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16307
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16308
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16309
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16310
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16311
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16312
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16313
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16314
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16315
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16316
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16317
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16318
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16319
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16320
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16321
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16322
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16323
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006ac"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16324
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              }
            ],
            "repeated": 0,
            "id": 16325
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16326
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006ac"
              },
              {
                "name": "SubKey",
                "value": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
              }
            ],
            "repeated": 0,
            "id": 16327
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              }
            ],
            "repeated": 0,
            "id": 16328
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16329
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ProgramFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16330
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16331
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16332
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16333
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16334
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16335
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21781"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16336
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16337
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16338
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16339
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16340
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16341
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16342
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16343
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16344
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16345
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16346
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16347
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16348
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16349
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16350
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16351
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16352
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 16353
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16354
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16355
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Startup"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16356
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16357
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16358
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "StartUp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16359
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16360
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16361
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21787"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16362
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16363
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16364
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16365
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16366
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16367
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16368
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16369
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16370
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16371
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16372
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16373
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16374
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16375
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000634"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16376
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 16377
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16378
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000634"
              },
              {
                "name": "SubKey",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 16379
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 16380
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16381
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AppDataFavorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16382
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16383
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16384
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16385
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16386
          },
          {
            "timestamp": "2026-03-05 10:24:47,197",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16387
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16388
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16389
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16390
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16391
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16392
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16393
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16394
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16395
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16396
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16397
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16398
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16399
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16400
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16401
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16402
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16403
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16404
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 16405
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16406
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16407
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Recorded Calls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16408
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16409
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16410
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Recorded Calls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16411
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16412
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16413
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21827"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16414
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16415
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16416
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16417
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16418
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16419
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16420
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16421
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16422
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16423
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16424
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16425
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16426
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16427
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000634"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16428
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 16429
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 16430
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16431
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16432
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16433
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6df040",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16434
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16435
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16436
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 16437
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 16438
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16439
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 16440
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16441
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16442
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xa27\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x80 \\x00\\x00\\x08\\x00\\x00\\xa4\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16443
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16444
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 16445
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16446
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 16447
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16448
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 16449
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 16450
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              }
            ],
            "repeated": 0,
            "id": 16451
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 16452
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "{0762D272-C50A-4BB0-A382-697DCD729B80}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}"
              }
            ],
            "repeated": 0,
            "id": 16453
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              }
            ],
            "repeated": 0,
            "id": 16454
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              }
            ],
            "repeated": 0,
            "id": 16455
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "{0ddd015d-b06c-45d5-8c4c-f59713854639}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}"
              }
            ],
            "repeated": 0,
            "id": 16456
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}"
              }
            ],
            "repeated": 0,
            "id": 16457
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              }
            ],
            "repeated": 0,
            "id": 16458
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "{12D4C69E-24AD-4923-BE19-31321C43A767}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}"
              }
            ],
            "repeated": 0,
            "id": 16459
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 16460
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 16461
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "{190337d1-b8ca-4121-a639-6d472d16972a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}"
              }
            ],
            "repeated": 0,
            "id": 16462
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 16463
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 16464
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 16465
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 16466
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "Name",
                "value": "{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              }
            ],
            "repeated": 0,
            "id": 16467
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "Name",
                "value": "{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 16468
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "Name",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 16469
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "Name",
                "value": "{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              }
            ],
            "repeated": 0,
            "id": 16470
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "Name",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 16471
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "Name",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 16472
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "Name",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 16473
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "Name",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 16474
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16475
          },
          {
            "timestamp": "2026-03-05 10:24:47,212",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "Name",
                "value": "{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 16476
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "Name",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 16477
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "Name",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 16478
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "Name",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 16479
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "Name",
                "value": "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              }
            ],
            "repeated": 0,
            "id": 16480
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "Name",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 16481
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "Name",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 16482
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "Name",
                "value": "{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              }
            ],
            "repeated": 0,
            "id": 16483
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "Name",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 16484
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "Name",
                "value": "{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              }
            ],
            "repeated": 0,
            "id": 16485
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "Name",
                "value": "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 16486
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "Name",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 16487
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "Name",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 16488
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "Name",
                "value": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              }
            ],
            "repeated": 0,
            "id": 16489
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "Name",
                "value": "{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 16490
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "Name",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 16491
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "Name",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 16492
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "Name",
                "value": "{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 16493
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "Name",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 16494
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "Name",
                "value": "{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 16495
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "Name",
                "value": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              }
            ],
            "repeated": 0,
            "id": 16496
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "Name",
                "value": "{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 16497
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "Name",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 16498
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "Name",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 16499
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "Name",
                "value": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              }
            ],
            "repeated": 0,
            "id": 16500
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "Name",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 16501
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "Name",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 16502
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "Name",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 16503
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "Name",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 16504
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "Name",
                "value": "{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              }
            ],
            "repeated": 0,
            "id": 16505
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "Name",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 16506
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "Name",
                "value": "{6D809377-6AF0-444b-8957-A3773F02200E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}"
              }
            ],
            "repeated": 0,
            "id": 16507
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "Name",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 16508
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "Name",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 16509
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "Name",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 16510
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "Name",
                "value": "{767E6811-49CB-4273-87C2-20F355E1085B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}"
              }
            ],
            "repeated": 0,
            "id": 16511
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "Name",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 16512
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "Name",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 16513
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "Name",
                "value": "{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              }
            ],
            "repeated": 0,
            "id": 16514
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "Name",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 16515
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "Name",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 16516
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "68"
              },
              {
                "name": "Name",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 16517
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "69"
              },
              {
                "name": "Name",
                "value": "{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              }
            ],
            "repeated": 0,
            "id": 16518
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "70"
              },
              {
                "name": "Name",
                "value": "{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              }
            ],
            "repeated": 0,
            "id": 16519
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "71"
              },
              {
                "name": "Name",
                "value": "{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              }
            ],
            "repeated": 0,
            "id": 16520
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "72"
              },
              {
                "name": "Name",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 16521
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "73"
              },
              {
                "name": "Name",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 16522
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "74"
              },
              {
                "name": "Name",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 16523
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "75"
              },
              {
                "name": "Name",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 16524
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "76"
              },
              {
                "name": "Name",
                "value": "{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              }
            ],
            "repeated": 0,
            "id": 16525
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "77"
              },
              {
                "name": "Name",
                "value": "{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 16526
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "78"
              },
              {
                "name": "Name",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 16527
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "79"
              },
              {
                "name": "Name",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 16528
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "80"
              },
              {
                "name": "Name",
                "value": "{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 16529
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "81"
              },
              {
                "name": "Name",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              }
            ],
            "repeated": 0,
            "id": 16530
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "82"
              },
              {
                "name": "Name",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 16531
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "83"
              },
              {
                "name": "Name",
                "value": "{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              }
            ],
            "repeated": 0,
            "id": 16532
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "84"
              },
              {
                "name": "Name",
                "value": "{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 16533
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "85"
              },
              {
                "name": "Name",
                "value": "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              }
            ],
            "repeated": 0,
            "id": 16534
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "86"
              },
              {
                "name": "Name",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 16535
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "87"
              },
              {
                "name": "Name",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 16536
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "88"
              },
              {
                "name": "Name",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 16537
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "89"
              },
              {
                "name": "Name",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 16538
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "90"
              },
              {
                "name": "Name",
                "value": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 16539
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "91"
              },
              {
                "name": "Name",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 16540
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "92"
              },
              {
                "name": "Name",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 16541
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "93"
              },
              {
                "name": "Name",
                "value": "{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 16542
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "94"
              },
              {
                "name": "Name",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 16543
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "95"
              },
              {
                "name": "Name",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 16544
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "96"
              },
              {
                "name": "Name",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 16545
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "97"
              },
              {
                "name": "Name",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 16546
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "98"
              },
              {
                "name": "Name",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 16547
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "99"
              },
              {
                "name": "Name",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 16548
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "100"
              },
              {
                "name": "Name",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 16549
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "101"
              },
              {
                "name": "Name",
                "value": "{b7bede81-df94-4682-a7d8-57a52620b86f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}"
              }
            ],
            "repeated": 0,
            "id": 16550
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "102"
              },
              {
                "name": "Name",
                "value": "{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 16551
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "103"
              },
              {
                "name": "Name",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 16552
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "104"
              },
              {
                "name": "Name",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 16553
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "105"
              },
              {
                "name": "Name",
                "value": "{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              }
            ],
            "repeated": 0,
            "id": 16554
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "106"
              },
              {
                "name": "Name",
                "value": "{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              }
            ],
            "repeated": 0,
            "id": 16555
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "107"
              },
              {
                "name": "Name",
                "value": "{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              }
            ],
            "repeated": 0,
            "id": 16556
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "108"
              },
              {
                "name": "Name",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 16557
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "109"
              },
              {
                "name": "Name",
                "value": "{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              }
            ],
            "repeated": 0,
            "id": 16558
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16559
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "110"
              },
              {
                "name": "Name",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 16560
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "111"
              },
              {
                "name": "Name",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 16561
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "112"
              },
              {
                "name": "Name",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 16562
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "113"
              },
              {
                "name": "Name",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 16563
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "114"
              },
              {
                "name": "Name",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 16564
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "115"
              },
              {
                "name": "Name",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 16565
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "116"
              },
              {
                "name": "Name",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 16566
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "117"
              },
              {
                "name": "Name",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 16567
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "118"
              },
              {
                "name": "Name",
                "value": "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              }
            ],
            "repeated": 0,
            "id": 16568
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "119"
              },
              {
                "name": "Name",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 16569
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "120"
              },
              {
                "name": "Name",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 16570
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "121"
              },
              {
                "name": "Name",
                "value": "{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 16571
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "122"
              },
              {
                "name": "Name",
                "value": "{df7266ac-9274-4867-8d55-3bd661de872d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}"
              }
            ],
            "repeated": 0,
            "id": 16572
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "123"
              },
              {
                "name": "Name",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 16573
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "124"
              },
              {
                "name": "Name",
                "value": "{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 16574
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "125"
              },
              {
                "name": "Name",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 16575
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "126"
              },
              {
                "name": "Name",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 16576
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "127"
              },
              {
                "name": "Name",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 16577
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "128"
              },
              {
                "name": "Name",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 16578
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "129"
              },
              {
                "name": "Name",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 16579
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "130"
              },
              {
                "name": "Name",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 16580
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "131"
              },
              {
                "name": "Name",
                "value": "{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              }
            ],
            "repeated": 0,
            "id": 16581
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "132"
              },
              {
                "name": "Name",
                "value": "{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              }
            ],
            "repeated": 0,
            "id": 16582
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "133"
              },
              {
                "name": "Name",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 16583
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "134"
              },
              {
                "name": "Name",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 16584
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "135"
              },
              {
                "name": "Name",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 16585
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Index",
                "value": "136"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\"
              }
            ],
            "repeated": 0,
            "id": 16586
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7100",
            "caller": "0x7ff97b651b1a",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16587
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16588
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x02;N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16589
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 16590
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 16591
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 16592
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16593
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16594
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 16595
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16596
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16597
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 16598
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16599
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16600
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "NetworkPlacesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16601
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16602
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16603
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16604
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16605
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16606
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16607
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16608
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16609
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16610
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16611
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16612
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16613
          },
          {
            "timestamp": "2026-03-05 10:24:47,259",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16614
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16615
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16616
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16617
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16618
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16619
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000634"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16620
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000634"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16621
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 16622
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16623
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000634"
              },
              {
                "name": "SubKey",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 16624
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 16625
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16626
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Playlists"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16627
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16628
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16629
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Playlists"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16630
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16631
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16632
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21818"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16633
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16634
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16635
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16636
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16637
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16638
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16639
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16640
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16641
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16642
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16643
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16644
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16645
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16646
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000634"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16647
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16648
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16649
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              }
            ],
            "repeated": 0,
            "id": 16650
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16651
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16652
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "DpapiKeys"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16653
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16654
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16655
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16656
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16657
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16658
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16659
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16660
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16661
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16662
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16663
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16664
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16665
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16666
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16667
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16668
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16669
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16670
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16671
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16672
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16673
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16674
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16675
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16676
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16677
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16678
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x90C\\xe6J\\xed\\x01\\x00\\x00 \\x04;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16679
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 16680
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16681
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 16682
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16683
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16684
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 16685
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 16686
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16687
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 16688
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 16689
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16690
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 16691
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 16692
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16693
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 16694
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16695
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7100",
            "caller": "0x7ff97b62d8eb",
            "parentcaller": "0x7ff97b62cfdf",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16696
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16697
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16698
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 16699
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16700
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 16701
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16702
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16703
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "OEM Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16704
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16705
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16706
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "OEM Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16707
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16708
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16709
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16710
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16711
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16712
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16713
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16714
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16715
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16716
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16717
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16718
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16719
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16720
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16721
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16722
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16723
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16724
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16725
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16726
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "{190337D1-B8CA-4121-A639-6D472D16972A}"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337D1-B8CA-4121-A639-6D472D16972A}"
              }
            ],
            "repeated": 0,
            "id": 16727
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16728
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16729
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SearchHomeFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16730
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16731
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16732
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16733
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{9343812e-1c37-4a49-a12e-4b2d810d956b}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16734
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16735
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16736
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16737
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16738
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16739
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16740
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16741
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16742
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16743
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16744
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16745
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16746
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16747
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16748
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16749
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16750
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16751
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16752
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16753
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16754
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16755
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16756
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 16757
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16758
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 16759
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16760
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16761
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16762
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16763
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\x04;N\\xed\\x01\\x00\\x00\\xe0\\x0e;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16764
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 16765
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16766
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 16767
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 16768
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16769
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 16770
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 16771
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xff\\xff\\xff\\xffY\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xcb'\\x0c\\xc6\\x00\\x00\\x00`\\x0f;N"
              }
            ],
            "repeated": 0,
            "id": 16772
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 16773
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16774
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 16775
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 16776
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16777
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 16778
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 16779
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16780
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16781
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16782
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 16783
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 16784
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16785
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16786
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 16787
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16788
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 16789
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16790
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16791
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 16792
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16793
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 16794
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16795
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16796
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 16797
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 16798
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16799
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16800
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16801
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16802
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{f8278c54-a712-415b-b593-b77a2be0dda9}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16803
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16804
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16805
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16806
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16807
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16808
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16809
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16810
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16811
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16812
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16813
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16814
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16815
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16816
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16817
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16818
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16819
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16820
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16821
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 16822
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16823
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16824
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SystemCertificates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16825
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16826
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16827
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16828
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16829
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16830
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16831
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16832
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16833
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16834
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16835
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16836
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16837
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16838
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16839
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16840
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16841
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16842
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16843
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16844
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16845
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16846
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16847
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              }
            ],
            "repeated": 0,
            "id": 16848
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16849
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16850
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16851
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16852
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16853
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16854
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16855
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16856
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df6e8",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16857
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16858
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21810"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16859
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-185"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16860
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16861
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16862
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16863
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16864
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16865
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16866
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16867
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16868
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16869
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16870
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16871
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16872
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16873
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16874
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 1,
            "id": 16875
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16876
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b604a4a",
            "parentcaller": "0x7ff97b606ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16877
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b604b00",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xa67\\x0c\\xc6\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16878
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16879
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 16880
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16881
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16882
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 16883
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 16884
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b65a672",
            "parentcaller": "0x7ff97b604e5a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 16885
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b604e79",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16886
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16887
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 16888
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b604f51",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 16889
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97b604f75",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16890
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              }
            ],
            "repeated": 0,
            "id": 16891
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57fffd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16892
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b58009e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x0c;N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16893
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d3157af",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 16894
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 16895
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 16896
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d3157ed",
            "parentcaller": "0x7ff97d312b6b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 16897
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b58001b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 16898
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b605aa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16899
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b605aba",
            "parentcaller": "0x7ff97b606ea1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16900
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16901
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}"
              }
            ],
            "repeated": 0,
            "id": 16902
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16903
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16904
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "UserProgramFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16905
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16906
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16907
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16908
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16909
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16910
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16911
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16912
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16913
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16914
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16915
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16916
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16917
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16918
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16919
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16920
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16921
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16922
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16923
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16924
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16925
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16926
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16927
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 16928
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 16929
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16930
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Common Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16931
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16932
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16933
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16934
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16935
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16936
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16937
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16938
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16939
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16940
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16941
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16942
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16943
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16944
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16945
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16946
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16947
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16948
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16949
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16950
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16951
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16952
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16953
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 16954
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16955
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16956
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16957
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16958
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16959
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16960
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16961
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16962
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16963
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16964
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16965
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16966
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16967
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16968
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16969
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16970
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16971
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16972
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16973
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 16974
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 16975
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 16976
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 16977
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16978
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 16979
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 16980
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16981
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category"
              }
            ],
            "repeated": 0,
            "id": 16982
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Device Metadata Store"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name"
              }
            ],
            "repeated": 0,
            "id": 16983
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 16984
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description"
              }
            ],
            "repeated": 0,
            "id": 16985
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\DeviceMetadataStore"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 16986
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 16987
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 16988
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 16989
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16990
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security"
              }
            ],
            "repeated": 0,
            "id": 16991
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 16992
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 16993
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 16994
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 16995
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 16996
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 16997
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 16998
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 16999
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 17000
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 17001
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 17002
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17003
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17004
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17005
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 17006
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17007
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category"
              }
            ],
            "repeated": 0,
            "id": 17008
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ControlPanelFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name"
              }
            ],
            "repeated": 0,
            "id": 17009
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 17010
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description"
              }
            ],
            "repeated": 0,
            "id": 17011
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 17012
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 17013
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 17014
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 17015
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 17016
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security"
              }
            ],
            "repeated": 0,
            "id": 17017
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 17018
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 17019
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 17020
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 17021
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 17022
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 17023
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 17024
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 17025
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 17026
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 17027
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 17028
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17029
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 17030
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17031
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c8"
              },
              {
                "name": "SubKey",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 17032
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c8"
              }
            ],
            "repeated": 0,
            "id": 17033
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 17034
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ProgramFilesX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 17035
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 17036
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 17037
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 17038
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 17039
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 17040
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21817"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 17041
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 17042
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 17043
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 17044
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 17045
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 17046
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 17047
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 17048
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 17049
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 17050
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 17051
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 17052
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 17053
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 17054
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17055
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17056
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17057
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 17058
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17059
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 17060
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SyncCenterFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 17061
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 17062
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 17063
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 17064
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 17065
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df6e8",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 17066
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 17067
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 17068
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 17069
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 17070
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 17071
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 17072
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 17073
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 17074
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 17075
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 17076
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 17077
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 17078
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 17079
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 17080
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 17081
          },
          {
            "timestamp": "2026-03-05 10:24:47,337",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17082
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17083
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17084
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": "{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 17085
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17086
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category"
              }
            ],
            "repeated": 0,
            "id": 17087
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CredentialManager"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name"
              }
            ],
            "repeated": 0,
            "id": 17088
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 17089
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description"
              }
            ],
            "repeated": 0,
            "id": 17090
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 17091
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 17092
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 17093
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 17094
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 17095
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security"
              }
            ],
            "repeated": 0,
            "id": 17096
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 17097
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 17098
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 17099
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 17100
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 17101
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 17102
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 17103
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 17104
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 17105
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 17106
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 17107
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b6088de",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17108
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97b608aa2",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17109
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17110
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17111
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17112
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17113
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17114
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17115
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\x08;N\\xed\\x01\\x00\\x00`\\xa4;N\\xed\\x01\\x00\\x00\\xcc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17116
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17117
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17118
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17119
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17120
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17121
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17122
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17123
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17124
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17125
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17126
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17127
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17128
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17129
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17130
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17131
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17132
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17133
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17134
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17135
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17136
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17137
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17138
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xc2\\xcf0\\x12\\xac\\xdc\\x01\\xf5\\xbbA:\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00:\\x97\\x01\\x00\\x00\\x00\\x04\\x003\\x003\\x008\\x003\\x008\\x008\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17139
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17140
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17141
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17142
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17143
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17144
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17145
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17146
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17147
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97b679aad",
            "parentcaller": "0x7ff97b651a23",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17148
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17149
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              }
            ],
            "repeated": 0,
            "id": 17150
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17151
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17152
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "{00BCFC5A-ED94-4e48-96A1-3F6217F21990}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}"
              }
            ],
            "repeated": 0,
            "id": 17153
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 17154
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              }
            ],
            "repeated": 0,
            "id": 17155
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 17156
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17157
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17158
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "{12D4C69E-24AD-4923-BE19-31321C43A767}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}"
              }
            ],
            "repeated": 0,
            "id": 17159
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 17160
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 17161
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "{190337d1-b8ca-4121-a639-6d472d16972a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}"
              }
            ],
            "repeated": 0,
            "id": 17162
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 17163
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 17164
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 17165
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 17166
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "Name",
                "value": "{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              }
            ],
            "repeated": 0,
            "id": 17167
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "Name",
                "value": "{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 17168
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "Name",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 17169
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "Name",
                "value": "{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"
              }
            ],
            "repeated": 0,
            "id": 17170
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "Name",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 17171
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "Name",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 17172
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "Name",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 17173
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "Name",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 17174
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "Name",
                "value": "{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 17175
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "Name",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 17176
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "Name",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 17177
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "Name",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 17178
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "Name",
                "value": "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
              }
            ],
            "repeated": 0,
            "id": 17179
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "Name",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 17180
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "Name",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 17181
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "Name",
                "value": "{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              }
            ],
            "repeated": 0,
            "id": 17182
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "Name",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 17183
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17184
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "Name",
                "value": "{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              }
            ],
            "repeated": 0,
            "id": 17185
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "Name",
                "value": "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 17186
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "Name",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 17187
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "Name",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 17188
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "Name",
                "value": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              }
            ],
            "repeated": 0,
            "id": 17189
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "Name",
                "value": "{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 17190
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "Name",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 17191
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "Name",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 17192
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "Name",
                "value": "{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 17193
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "Name",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 17194
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "Name",
                "value": "{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 17195
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "Name",
                "value": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              }
            ],
            "repeated": 0,
            "id": 17196
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "Name",
                "value": "{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 17197
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "Name",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 17198
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "Name",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 17199
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "Name",
                "value": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              }
            ],
            "repeated": 0,
            "id": 17200
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "Name",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 17201
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "Name",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 17202
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "Name",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 17203
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "Name",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 17204
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "Name",
                "value": "{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              }
            ],
            "repeated": 0,
            "id": 17205
          },
          {
            "timestamp": "2026-03-05 10:24:47,416",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "Name",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 17206
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "Name",
                "value": "{6D809377-6AF0-444b-8957-A3773F02200E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}"
              }
            ],
            "repeated": 0,
            "id": 17207
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "Name",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 17208
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "Name",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 17209
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "Name",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 17210
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "Name",
                "value": "{767E6811-49CB-4273-87C2-20F355E1085B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}"
              }
            ],
            "repeated": 0,
            "id": 17211
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "Name",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 17212
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "Name",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 17213
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "Name",
                "value": "{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              }
            ],
            "repeated": 0,
            "id": 17214
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "Name",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 17215
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "Name",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 17216
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "68"
              },
              {
                "name": "Name",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 17217
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "69"
              },
              {
                "name": "Name",
                "value": "{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              }
            ],
            "repeated": 0,
            "id": 17218
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "70"
              },
              {
                "name": "Name",
                "value": "{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              }
            ],
            "repeated": 0,
            "id": 17219
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "71"
              },
              {
                "name": "Name",
                "value": "{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              }
            ],
            "repeated": 0,
            "id": 17220
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "72"
              },
              {
                "name": "Name",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 17221
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "73"
              },
              {
                "name": "Name",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 17222
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "74"
              },
              {
                "name": "Name",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 17223
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "75"
              },
              {
                "name": "Name",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 17224
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "76"
              },
              {
                "name": "Name",
                "value": "{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              }
            ],
            "repeated": 0,
            "id": 17225
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "77"
              },
              {
                "name": "Name",
                "value": "{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 17226
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "78"
              },
              {
                "name": "Name",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 17227
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "79"
              },
              {
                "name": "Name",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 17228
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "80"
              },
              {
                "name": "Name",
                "value": "{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 17229
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "81"
              },
              {
                "name": "Name",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              }
            ],
            "repeated": 0,
            "id": 17230
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "82"
              },
              {
                "name": "Name",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 17231
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "83"
              },
              {
                "name": "Name",
                "value": "{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              }
            ],
            "repeated": 0,
            "id": 17232
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "84"
              },
              {
                "name": "Name",
                "value": "{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 17233
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "85"
              },
              {
                "name": "Name",
                "value": "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              }
            ],
            "repeated": 0,
            "id": 17234
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "86"
              },
              {
                "name": "Name",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 17235
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "87"
              },
              {
                "name": "Name",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 17236
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "88"
              },
              {
                "name": "Name",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 17237
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "89"
              },
              {
                "name": "Name",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 17238
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "90"
              },
              {
                "name": "Name",
                "value": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 17239
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "91"
              },
              {
                "name": "Name",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 17240
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "92"
              },
              {
                "name": "Name",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 17241
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "93"
              },
              {
                "name": "Name",
                "value": "{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 17242
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "94"
              },
              {
                "name": "Name",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 17243
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "95"
              },
              {
                "name": "Name",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 17244
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "96"
              },
              {
                "name": "Name",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 17245
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "97"
              },
              {
                "name": "Name",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 17246
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "98"
              },
              {
                "name": "Name",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 17247
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "99"
              },
              {
                "name": "Name",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 17248
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "100"
              },
              {
                "name": "Name",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 17249
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "101"
              },
              {
                "name": "Name",
                "value": "{b7bede81-df94-4682-a7d8-57a52620b86f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}"
              }
            ],
            "repeated": 0,
            "id": 17250
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "102"
              },
              {
                "name": "Name",
                "value": "{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 17251
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "103"
              },
              {
                "name": "Name",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 17252
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "104"
              },
              {
                "name": "Name",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 17253
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "105"
              },
              {
                "name": "Name",
                "value": "{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              }
            ],
            "repeated": 0,
            "id": 17254
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "106"
              },
              {
                "name": "Name",
                "value": "{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              }
            ],
            "repeated": 0,
            "id": 17255
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "107"
              },
              {
                "name": "Name",
                "value": "{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              }
            ],
            "repeated": 0,
            "id": 17256
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "108"
              },
              {
                "name": "Name",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 17257
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "109"
              },
              {
                "name": "Name",
                "value": "{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"
              }
            ],
            "repeated": 0,
            "id": 17258
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "110"
              },
              {
                "name": "Name",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 17259
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "111"
              },
              {
                "name": "Name",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 17260
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "112"
              },
              {
                "name": "Name",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 17261
          },
          {
            "timestamp": "2026-03-05 10:24:47,431",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "113"
              },
              {
                "name": "Name",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 17262
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "114"
              },
              {
                "name": "Name",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 17263
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "115"
              },
              {
                "name": "Name",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 17264
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "116"
              },
              {
                "name": "Name",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 17265
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "117"
              },
              {
                "name": "Name",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 17266
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "118"
              },
              {
                "name": "Name",
                "value": "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              }
            ],
            "repeated": 0,
            "id": 17267
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "119"
              },
              {
                "name": "Name",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 17268
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "120"
              },
              {
                "name": "Name",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 17269
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "121"
              },
              {
                "name": "Name",
                "value": "{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 17270
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "122"
              },
              {
                "name": "Name",
                "value": "{df7266ac-9274-4867-8d55-3bd661de872d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}"
              }
            ],
            "repeated": 0,
            "id": 17271
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "123"
              },
              {
                "name": "Name",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 17272
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "124"
              },
              {
                "name": "Name",
                "value": "{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 17273
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "125"
              },
              {
                "name": "Name",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 17274
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "126"
              },
              {
                "name": "Name",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 17275
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "127"
              },
              {
                "name": "Name",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 17276
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "128"
              },
              {
                "name": "Name",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 17277
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "129"
              },
              {
                "name": "Name",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 17278
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "130"
              },
              {
                "name": "Name",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 17279
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "131"
              },
              {
                "name": "Name",
                "value": "{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              }
            ],
            "repeated": 0,
            "id": 17280
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "132"
              },
              {
                "name": "Name",
                "value": "{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              }
            ],
            "repeated": 0,
            "id": 17281
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "133"
              },
              {
                "name": "Name",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 17282
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "134"
              },
              {
                "name": "Name",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 17283
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "135"
              },
              {
                "name": "Name",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 17284
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651a6c",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "Index",
                "value": "136"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\"
              }
            ],
            "repeated": 0,
            "id": 17285
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b651b1a",
            "parentcaller": "0x7ff97b5ae771",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17286
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17287
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17288
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17289
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17290
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17291
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17292
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17293
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17294
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17295
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17296
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17297
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17298
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17299
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa7;N\\xed\\x01\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xcc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17300
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17301
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 \\xa5;N\\xed\\x01\\x00\\x00 \\xa7;N\\xed\\x01\\x00\\x00\\xc4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17302
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17303
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17304
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17305
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17306
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17307
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17308
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17309
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17310
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17311
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17312
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17313
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17314
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17315
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17316
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17317
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17318
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17319
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17320
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17321
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17322
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17323
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17324
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17325
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 1,
            "id": 17326
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17327
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17328
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17329
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17330
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17331
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17332
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xa1;N\\xed\\x01\\x00\\x00\\xe0\\xa2;N\\xed\\x01\\x00\\x00\\xc4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17333
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17334
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17335
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17336
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17337
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17338
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17339
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17340
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17341
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17342
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17343
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17344
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17345
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17346
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17347
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17348
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17349
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17350
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17351
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17352
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17353
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17354
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17355
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 17356
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17357
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17358
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17359
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17360
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17361
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17362
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17363
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17364
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 17365
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17366
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17367
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17368
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17369
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa5;N\\xed\\x01\\x00\\x00 \\xa2;N\\xed\\x01\\x00\\x00\\xcc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17370
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17371
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17372
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6e01e6",
            "parentcaller": "0x7ff97d6de648",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17373
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17374
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17375
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17376
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17377
          },
          {
            "timestamp": "2026-03-05 10:24:47,447",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17378
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17379
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17380
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17381
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17382
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17383
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17384
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17385
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17386
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17387
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17388
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17389
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17390
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17391
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17392
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17393
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17394
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17395
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17396
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17397
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17398
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17399
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17400
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17401
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17402
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17403
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17404
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xa4;N\\xed\\x01\\x00\\x00\\xe0\\xa3;N\\xed\\x01\\x00\\x00\\xcc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17405
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17406
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17407
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17408
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17409
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17410
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17411
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17412
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17413
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17414
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17415
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17416
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17417
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17418
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17419
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17420
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17421
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17422
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17423
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17424
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17425
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 \\xa7;N\\xed\\x01\\x00\\x00 \\xa1;N\\xed\\x01\\x00\\x00\\xc4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17426
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17427
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17428
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17429
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17430
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17431
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17432
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17433
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17434
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17435
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17436
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17437
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17438
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17439
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17440
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17441
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17442
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17443
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17444
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17445
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17446
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17447
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17448
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17449
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17450
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17451
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17452
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17453
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 17454
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17455
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17456
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17457
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17458
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00`\\xa3;N\\xed\\x01\\x00\\x00\\xc4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17459
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17460
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17461
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17462
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17463
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17464
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17465
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17466
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17467
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17468
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17469
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17470
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17471
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17472
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17473
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17474
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17475
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17476
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17477
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17478
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17479
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17480
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17481
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17482
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17483
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17484
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17485
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17486
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17487
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17488
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17489
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17490
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17491
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17492
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17493
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17494
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17495
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17496
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17497
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17498
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17499
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17500
          },
          {
            "timestamp": "2026-03-05 10:24:47,462",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17501
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17502
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17503
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17504
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17505
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 17506
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17507
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "DelegateFolders"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 17508
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17509
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52fb31",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 17510
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17511
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17512
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f5305ef",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 17513
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17514
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97f5505f0",
            "parentcaller": "0x7ff97f4b2329",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 17515
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\"
              }
            ],
            "repeated": 0,
            "id": 17516
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17517
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653f9a",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17518
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xa2;N\\xed\\x01\\x00\\x00`\\xa0;N\\xed\\x01\\x00\\x00\\xc4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17519
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17520
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17521
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17522
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17523
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17524
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17525
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              }
            ],
            "repeated": 0,
            "id": 17526
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\"
              }
            ],
            "repeated": 0,
            "id": 17527
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653f9a",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17528
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a4ba",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 17529
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17530
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17531
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17532
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a4f1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 17533
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17534
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6e01e6",
            "parentcaller": "0x7ff97b64dde1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17535
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17536
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17537
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17538
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17539
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17540
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17541
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17542
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 17543
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17544
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17545
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 17546
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 17547
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17548
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17549
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17550
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17551
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa0;N\\xed\\x01\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xc4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17552
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17553
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17554
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17555
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17556
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17557
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17558
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17559
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17560
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17561
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17562
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17563
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17564
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17565
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 17566
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc87\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17567
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17568
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17569
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17570
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17571
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17572
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17573
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17574
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17575
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97b5e8013",
            "parentcaller": "0x7ff97b664fb2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17576
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17577
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17578
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b665003",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006ce"
              },
              {
                "name": "SubKey",
                "value": "InitPropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000006a6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17579
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17580
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 17581
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17582
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 17583
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17584
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17585
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xbf'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xc0'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17586
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17587
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17588
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17589
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17590
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 17591
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17592
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17593
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17594
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17595
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbf'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xc0'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17596
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7136",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17597
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17598
          },
          {
            "timestamp": "2026-03-05 10:24:47,478",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 17599
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 17600
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17601
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbf'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xc0'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17602
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17603
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 17604
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 17605
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17606
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xbf'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xa0\\xc0'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17607
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17608
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "ValueName",
                "value": "RecursiveSearch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch"
              }
            ],
            "repeated": 0,
            "id": 17609
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 17610
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17611
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbf'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xc0'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17612
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17613
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 17614
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 17615
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17616
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbf'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xa6\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xc0'\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17617
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 17618
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a6"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 17619
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b62e10b",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 17620
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b62e153",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 17621
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b62e194",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c4"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 17622
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b62e21a",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 17623
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b62e1d6",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006c0"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000006c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 17624
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a6"
              }
            ],
            "repeated": 0,
            "id": 17625
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b6018b9",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17626
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b6018ab",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ce"
              }
            ],
            "repeated": 0,
            "id": 17627
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 17628
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 17629
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17630
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17631
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17632
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc6\\xedJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17633
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17634
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 17635
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006cc"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 17636
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17637
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 17638
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17639
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17640
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17641
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17642
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17643
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 17644
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17645
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17646
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17647
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17648
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17649
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17650
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17651
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17652
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17653
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17654
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17655
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17656
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17657
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17658
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17659
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd~\\x85\\xb9\\x11\\xac\\xdc\\x01\\xb4\\x1b\\x8d\\x13\\x8a\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa3\\x01\\x00\\x00\\x00\\x02\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17660
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17661
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17662
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17663
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17664
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17665
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17666
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17667
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17668
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17669
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17670
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17671
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00O\\x00N\\x00T\\x00E\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00S\\x00D\\x00K\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17672
          },
          {
            "timestamp": "2026-03-05 10:24:47,509",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17673
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17674
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17675
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17676
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17677
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17678
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17679
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00*^\\xcd0\\x12\\xac\\xdc\\x01^Y?:\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd16\\x01\\x00\\x00\\x00\\x03\\x003\\x003\\x008\\x003\\x008\\x007\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 17680
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17681
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17682
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17683
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17684
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17685
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17686
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17687
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17688
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17689
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17690
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa3;N\\xed\\x01\\x00\\x00\\xa0\\xa0;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17691
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17692
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17693
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17694
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17695
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17696
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17697
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17698
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17699
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17700
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17701
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17702
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17703
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17704
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17705
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17706
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17707
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17708
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17709
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17710
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17711
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17712
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17713
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17714
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17715
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17716
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17717
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa0;N\\xed\\x01\\x00\\x00 \\xa1;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17718
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17719
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17720
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17721
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17722
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17723
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17724
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17725
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17726
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17727
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17728
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17729
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17730
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17731
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17732
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17733
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17734
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17735
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17736
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17737
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17738
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17739
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17740
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17741
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 17742
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17743
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17744
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17745
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17746
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17747
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17748
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17749
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17750
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17751
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17752
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17753
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17754
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17755
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17756
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17757
          },
          {
            "timestamp": "2026-03-05 10:24:47,525",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xa1;N\\xed\\x01\\x00\\x00 \\xa1;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17758
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17759
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17760
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000590"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17761
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17762
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17763
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17764
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17765
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17766
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 17767
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17768
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17769
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 17770
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17771
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17772
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17773
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000590"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17774
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17775
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17776
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17777
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17778
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17779
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17780
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17781
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17782
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17783
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17784
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17785
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17786
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17787
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17788
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17789
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0b\\xe6J\\xed\\x01\\x00\\x00`\\xf9:N\\xed\\x01\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17790
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17791
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17792
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000590"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17793
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17794
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17795
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17796
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17797
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17798
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 17799
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17800
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17801
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 17802
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17803
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17804
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17805
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000590"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17806
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17807
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17808
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17809
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17810
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17811
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17812
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000590"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 17813
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17814
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17815
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17816
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17817
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17818
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17819
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xf9:N\\xed\\x01\\x00\\x00\\xa0\\xa0;N\\xed\\x01\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17820
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17821
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17822
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000590"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17823
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000474"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17824
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17825
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17826
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17827
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17828
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 17829
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17830
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17831
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 17832
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17833
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17834
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17835
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000590"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17836
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 17837
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 17838
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17839
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17840
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17841
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17842
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17843
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17844
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17845
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17846
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa3;N\\xed\\x01\\x00\\x00 \\xa5;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17847
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17848
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17849
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17850
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17851
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17852
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17853
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17854
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17855
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17856
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17857
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17858
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17859
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17860
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17861
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17862
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17863
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17864
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17865
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 17866
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 17867
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17868
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17869
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17870
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17871
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17872
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17873
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17874
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17875
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17876
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17877
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17878
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa4;N\\xed\\x01\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17879
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17880
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17881
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17882
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17883
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17884
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17885
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17886
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17887
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17888
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17889
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17890
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17891
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17892
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17893
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17894
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17895
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17896
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17897
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17898
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17899
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17900
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17901
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17902
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17903
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17904
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17905
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17906
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17907
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa3;N\\xed\\x01\\x00\\x00 \\xa1;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17908
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17909
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17910
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17911
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17912
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17913
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17914
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17915
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17916
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17917
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17918
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17919
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17920
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17921
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17922
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17923
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17924
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17925
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17926
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17927
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17928
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17929
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17930
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17931
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17932
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17933
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17934
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17935
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17936
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17937
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa0;N\\xed\\x01\\x00\\x00 \\xa1;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17938
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17939
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17940
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17941
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17942
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17943
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17944
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17945
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17946
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17947
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17948
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17949
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17950
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17951
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17952
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17953
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17954
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17955
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17956
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17957
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 17958
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17959
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 17960
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17961
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17962
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17963
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00 \\xa2;N\\xed\\x01\\x00\\x00\\xbc\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17964
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17965
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 17966
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 17967
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006c0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 17968
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17969
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17970
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17971
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17972
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17973
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 17974
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 17975
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 17976
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 17977
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 17978
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17979
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 17980
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c0"
              }
            ],
            "repeated": 0,
            "id": 17981
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17982
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17983
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17984
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17985
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17986
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17987
          },
          {
            "timestamp": "2026-03-05 10:24:47,556",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17988
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 17989
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17990
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 17991
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 17992
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 17993
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17994
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 17995
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17996
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 17997
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 17998
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 17999
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18000
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18001
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18002
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accc1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18003
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18004
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18005
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18006
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18007
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18008
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18009
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18010
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accfa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18011
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18012
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18013
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18014
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18015
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18016
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18017
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18018
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18019
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18020
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18021
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18022
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18023
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18024
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18025
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18026
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18027
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18028
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18029
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18030
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 18031
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18032
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be92d",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18033
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be946",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18034
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5be956",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18035
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18036
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18037
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000544"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e1d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18038
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 18039
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18040
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 18041
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000544"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 18042
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18043
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18044
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````+*````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 18045
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 18046
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18047
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18048
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 18049
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 18050
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000544"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000678"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 18051
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18052
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18053
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18054
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000678"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18055
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18056
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18057
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 18058
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 18059
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000678"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000544"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 18060
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18061
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18062
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 18063
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000544"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e1f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18064
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18065
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 18066
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000544"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60bd7e1f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18067
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18068
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18069
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18070
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 18071
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "5092",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 18072
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 18073
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d8"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 18074
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18075
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 18076
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18077
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18078
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18079
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18080
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18081
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18082
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18083
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18084
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18085
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18086
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18087
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18088
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18089
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18090
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18091
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18092
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18093
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18094
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18095
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18096
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18097
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd~\\x85\\xb9\\x11\\xac\\xdc\\x01\\xb4\\x1b\\x8d\\x13\\x8a\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa3\\x01\\x00\\x00\\x00\\x02\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18098
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18099
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18100
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18101
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18102
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18103
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18104
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18105
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18106
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18107
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18108
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18109
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00O\\x00N\\x00T\\x00E\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00S\\x00D\\x00K\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18110
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18111
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18112
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18113
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18114
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18115
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18116
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18117
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|H\\xd90\\x12\\xac\\xdc\\x01\\xf5\\xbbA:\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\xa0\\x01\\x00\\x00\\x00\\x06\\x003\\x005\\x003\\x006\\x009\\x004\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18118
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18119
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e398000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18120
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18121
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18122
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18123
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 18124
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 18125
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18126
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18127
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18128
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 18129
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 18130
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18131
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d8eb",
            "parentcaller": "0x7ff97b62cfdf",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18132
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18133
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18134
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18135
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18136
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18137
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18138
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18139
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18140
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x90!1N\\xed\\x01\\x00\\x00\\x10\"1N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18141
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18142
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18143
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18144
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18145
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18146
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18147
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18148
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18149
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18150
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18151
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18152
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18153
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18154
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18155
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18156
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18157
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18158
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18159
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18160
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18161
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18162
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18163
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18164
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18165
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18166
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18167
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0%6N\\xed\\x01\\x00\\x00 .6N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18168
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18169
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18170
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18171
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18172
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18173
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18174
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18175
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18176
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18177
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18178
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18179
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18180
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18181
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18182
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18183
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18184
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18185
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18186
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18187
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18188
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18189
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18190
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18191
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 18192
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18193
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18194
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18195
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18196
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18197
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18198
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18199
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18200
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18201
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18202
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18203
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18204
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18205
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18206
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18207
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18208
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18209
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18210
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18211
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18212
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18213
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18214
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18215
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18216
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18217
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18218
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18219
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18220
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18221
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18222
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18223
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18224
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18225
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18226
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18227
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18228
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18229
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18230
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18231
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18232
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18233
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18234
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18235
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18236
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18237
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18238
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18239
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xe0\\xa0;N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18240
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18241
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18242
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18243
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18244
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18245
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18246
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18247
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18248
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18249
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18250
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18251
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18252
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18253
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18254
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18255
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18256
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18257
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18258
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18259
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18260
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18261
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18262
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 18263
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18264
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18265
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18266
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18267
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18268
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18269
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xa0;N\\xed\\x01\\x00\\x00`\\xa4;N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18270
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18271
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18272
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18273
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18274
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18275
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18276
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18277
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18278
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18279
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18280
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18281
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18282
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18283
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18284
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18285
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18286
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18287
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18288
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18289
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18290
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18291
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18292
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18293
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18294
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18295
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18296
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18297
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18298
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18299
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18300
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18301
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18302
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18303
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18304
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18305
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18306
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18307
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18308
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18309
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18310
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18311
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18312
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18313
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18314
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18315
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18316
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 18317
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18318
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18319
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18320
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18321
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18322
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18323
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18324
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18325
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18326
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18327
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18328
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00`\\xa4;N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18329
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18330
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18331
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18332
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18333
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18334
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18335
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18336
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18337
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18338
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18339
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18340
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18341
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18342
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18343
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18344
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18345
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18346
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18347
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18348
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18349
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18350
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18351
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18352
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18353
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18354
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18355
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18356
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18357
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00`\\xa4;N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18358
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18359
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18360
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18361
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18362
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18363
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18364
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18365
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18366
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18367
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18368
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18369
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18370
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18371
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18372
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18373
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18374
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18375
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18376
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18377
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18378
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18379
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18380
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18381
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18382
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18383
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18384
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18385
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18386
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18387
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00P\\x92\\xeeJ\\xed\\x01\\x00\\x00\\xd0\\x92\\xeeJ\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18388
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18389
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18390
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18391
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18392
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18393
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18394
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18395
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18396
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18397
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18398
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18399
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18400
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18401
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18402
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18403
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18404
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18405
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18406
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18407
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18408
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18409
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18410
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18411
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18412
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18413
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x90!1N\\xed\\x01\\x00\\x00\\x10&1N\\xed\\x01\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18414
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18415
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18416
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18417
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18418
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18419
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18420
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18421
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18422
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18423
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18424
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18425
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18426
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18427
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18428
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18429
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18430
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18431
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18432
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18433
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18434
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18435
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18436
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18437
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18438
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18439
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18440
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18441
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 18442
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "DelegateFolders"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 18443
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52fb31",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000246"
              },
              {
                "name": "SubKey",
                "value": "DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 3,
            "id": 18444
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\"
              }
            ],
            "repeated": 0,
            "id": 18445
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653f9a",
            "parentcaller": "0x7ff97b62a40a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18446
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a425",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 18447
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 18448
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              }
            ],
            "repeated": 0,
            "id": 18449
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653f25",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\"
              }
            ],
            "repeated": 0,
            "id": 18450
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653f9a",
            "parentcaller": "0x7ff97b62a489",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18451
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a4ba",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 18452
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b59dec8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1"
              }
            ],
            "repeated": 0,
            "id": 18453
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a4f1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 18454
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b653eb7",
            "parentcaller": "0x7ff97b62a52b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 18455
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62a535",
            "parentcaller": "0x7ff97b622789",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18456
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 18457
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18458
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18459
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xbd\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xf0\\xbe\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18460
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 18461
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 18462
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18463
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18464
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18465
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18466
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 18467
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\Windows.Storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18468
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 18469
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 18470
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5e8013",
            "parentcaller": "0x7ff97b664fb2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18471
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b665003",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000546"
              },
              {
                "name": "SubKey",
                "value": "InitPropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000005da"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18472
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18473
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18474
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18475
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18476
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 18477
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18478
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18479
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18480
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18481
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "17"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 18482
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18483
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18484
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18485
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18486
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "DescriptionID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID"
              }
            ],
            "repeated": 0,
            "id": 18487
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18488
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18489
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18490
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18491
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 18492
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18493
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18494
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18495
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18496
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 18497
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18498
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18499
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18500
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18501
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "RecursiveSearch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch"
              }
            ],
            "repeated": 0,
            "id": 18502
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18503
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18504
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18505
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18506
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 18507
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18508
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18509
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00`\\xba\\xd7\\x0b\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18510
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18511
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 18512
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62e10b",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 18513
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62e153",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 18514
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62e194",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000059c"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 18515
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62e21a",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 18516
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b62e1d6",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 18517
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005da"
              }
            ],
            "repeated": 0,
            "id": 18518
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b6018b9",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18519
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b6018ab",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 18520
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 18521
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 18522
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18523
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18524
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18525
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc6\\xedJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18526
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18527
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 18528
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 18529
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18530
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 18531
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18532
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18533
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18534
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18535
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18536
          },
          {
            "timestamp": "2026-03-05 10:24:47,697",
            "thread_id": "5092",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18537
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18538
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18539
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18540
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18541
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18542
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18543
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18544
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18545
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18546
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18547
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18548
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18549
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18550
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18551
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18552
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd~\\x85\\xb9\\x11\\xac\\xdc\\x01\\xb4\\x1b\\x8d\\x13\\x8a\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa3\\x01\\x00\\x00\\x00\\x02\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18553
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18554
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18555
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18556
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18557
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18558
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18559
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18560
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18561
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18562
          },
          {
            "timestamp": "2026-03-05 10:24:47,712",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18563
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18564
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00O\\x00N\\x00T\\x00E\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00S\\x00D\\x00K\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18565
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18566
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18567
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18568
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18569
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18570
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18571
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18572
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|H\\xd90\\x12\\xac\\xdc\\x01\\xf5\\xbbA:\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01R\\x93::\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\xa0\\x01\\x00\\x00\\x00\\x06\\x003\\x005\\x003\\x006\\x009\\x004\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 18573
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18574
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18575
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18576
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18577
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18578
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18579
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18580
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18581
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18582
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18583
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18584
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xfa:N\\xed\\x01\\x00\\x00`\\xf9:N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18585
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18586
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18587
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18588
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18589
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18590
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18591
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18592
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18593
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18594
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18595
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18596
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18597
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18598
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18599
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18600
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18601
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18602
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18603
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18604
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18605
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18606
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18607
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18608
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18609
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18610
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18611
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18612
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18613
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18614
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18615
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18616
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18617
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18618
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18619
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18620
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18621
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18622
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18623
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18624
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18625
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18626
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18627
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18628
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18629
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18630
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18631
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18632
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18633
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18634
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18635
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 18636
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18637
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18638
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18639
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18640
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18641
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18642
          },
          {
            "timestamp": "2026-03-05 10:24:47,728",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18643
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18644
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18645
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18646
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18647
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18648
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18649
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18650
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18651
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18652
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18653
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18654
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18655
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18656
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18657
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18658
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18659
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18660
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18661
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18662
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18663
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18664
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18665
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18666
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18667
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18668
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18669
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18670
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18671
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18672
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18673
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18674
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18675
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18676
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18677
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18678
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18679
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18680
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18681
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18682
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18683
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xe0\\xa3;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18684
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18685
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18686
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18687
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18688
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18689
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18690
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18691
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18692
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18693
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18694
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18695
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18696
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18697
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18698
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18699
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18700
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18701
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18702
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18703
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18704
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18705
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18706
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 18707
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18708
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18709
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18710
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18711
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18712
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18713
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18714
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18715
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18716
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18717
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18718
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18719
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18720
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18721
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18722
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18723
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18724
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18725
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18726
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18727
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18728
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18729
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18730
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18731
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18732
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18733
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18734
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18735
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18736
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18737
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18738
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18739
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18740
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18741
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18742
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18743
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18744
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18745
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18746
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18747
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18748
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18749
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18750
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18751
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18752
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18753
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18754
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18755
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18756
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18757
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18758
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18759
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18760
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 18761
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18762
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18763
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18764
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18765
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18766
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18767
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18768
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18769
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18770
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18771
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18772
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa4;N\\xed\\x01\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18773
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18774
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18775
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18776
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18777
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18778
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18779
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18780
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18781
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18782
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18783
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18784
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18785
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18786
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18787
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18788
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18789
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18790
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18791
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18792
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18793
          },
          {
            "timestamp": "2026-03-05 10:24:47,744",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18794
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18795
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18796
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18797
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18798
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18799
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18800
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18801
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa1;N\\xed\\x01\\x00\\x00\\xe0\\xa3;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18802
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18803
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18804
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18805
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18806
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18807
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18808
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18809
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18810
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18811
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18812
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18813
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18814
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18815
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18816
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18817
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18818
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18819
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18820
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18821
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18822
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18823
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18824
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18825
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18826
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18827
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18828
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18829
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18830
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18831
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0b\\xe6J\\xed\\x01\\x00\\x00`\\xf9:N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18832
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18833
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18834
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18835
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18836
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18837
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18838
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18839
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18840
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18841
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18842
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18843
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18844
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18845
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18846
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18847
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18848
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18849
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18850
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18851
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 18852
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18853
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 18854
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18855
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18856
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18857
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xf9:N\\xed\\x01\\x00\\x00\\xe0\\x01;N\\xed\\x01\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18858
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18859
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18860
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000678"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 18861
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 18862
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18863
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18864
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18865
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18866
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18867
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 18868
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 18869
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18870
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc4\\xd7\\x0b\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 18871
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 18872
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18873
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000678"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18874
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 18875
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18876
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18877
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18878
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18879
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18880
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18881
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18882
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 18883
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18884
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 18885
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 18886
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000678"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 18887
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18888
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 18889
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18890
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e302000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18891
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18892
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 18893
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18894
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e386000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18895
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18896
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e32b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18897
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 1,
            "id": 18898
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b59e63b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 18899
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 18900
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 18901
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "5092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x88\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5092"
              }
            ],
            "repeated": 0,
            "id": 18902
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18903
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18904
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3764",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18905
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3764",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aed6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18906
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3764",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aede000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18907
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18908
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18909
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18910
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e341000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18911
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e39d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18912
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18913
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca6b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18914
          },
          {
            "timestamp": "2026-03-05 10:24:48,072",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18915
          },
          {
            "timestamp": "2026-03-05 10:24:48,947",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b01c6"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 18916
          },
          {
            "timestamp": "2026-03-05 10:24:48,947",
            "thread_id": "3764",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18917
          },
          {
            "timestamp": "2026-03-05 10:24:48,947",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 18918
          },
          {
            "timestamp": "2026-03-05 10:24:48,947",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18919
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 18920
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18921
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFileStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 18922
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00i\\x00l\\x00e\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffa6;N\\xffed\\x01\\x00\\x00\\xfff8\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00P\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00`\\xffa6;N\\xffed\\x01\\x00\\x00\\xffa0\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffa6;N\\xffed\\x01\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00P\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00\\xffa0\\xff868N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa6\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffe2\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18923
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 18924
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 18925
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 18926
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 18927
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 18928
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000057c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 18929
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 18930
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 18931
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 18932
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 18933
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 1,
            "id": 18934
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 18935
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 18936
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 18937
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 18938
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.StorageFileStaticsBrokered"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered"
              }
            ],
            "repeated": 0,
            "id": 18939
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00F\\x00i\\x00l\\x00e\\x00S\\x00t\\x00a\\x00t\\x00i\\x00c\\x00s\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00e\\x00d\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\xffff\\xffff\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x06x\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffa6;N\\xffed\\x01\\x00\\x00\\xfff8\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00`\\xffa6;N\\xffed\\x01\\x00\\x00\\x10\\xff858N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffa6;N\\xffed\\x01\\x00\\x00\\xffb0\\xffab\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0\\xffab\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffab\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffd0\\xffdc\\xffe9J\\xffed\\x01\\x00\\x00\\x10\\xff858N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffa2\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18940
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 18941
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server"
              }
            ],
            "repeated": 0,
            "id": 18942
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 18943
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading"
              }
            ],
            "repeated": 0,
            "id": 18944
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 18945
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000057c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 18946
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 18947
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 18948
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 18949
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 18950
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 1,
            "id": 18951
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 18952
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 18953
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 1,
            "id": 18954
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00X\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2392"
              }
            ],
            "repeated": 0,
            "id": 18955
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18956
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 1,
            "id": 18957
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 18958
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000216"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000006be"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 18959
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18960
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18961
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xe0\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18962
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 18963
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18964
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 18965
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 18966
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18967
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x000\\xcb\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18968
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 18969
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 18970
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18971
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18972
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18973
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 18974
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18975
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18976
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18977
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xb0\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18978
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 18979
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18980
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006be"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000546"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 18981
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18982
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18983
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18984
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 18985
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 18986
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18987
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18988
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18989
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 18990
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18991
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18992
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18993
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00 \\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18994
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 18995
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18996
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6df5f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 18997
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 18998
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc8\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\xd0\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18999
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6df63c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 19000
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000546"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 19001
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000546"
              }
            ],
            "repeated": 0,
            "id": 19002
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19003
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19004
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19005
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 19006
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19007
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 19008
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19009
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19010
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00p\\xca\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19011
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 19012
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19013
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 19014
          },
          {
            "timestamp": "2026-03-05 10:24:49,416",
            "thread_id": "2452",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006be"
              }
            ],
            "repeated": 0,
            "id": 19015
          },
          {
            "timestamp": "2026-03-05 10:24:49,431",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19016
          },
          {
            "timestamp": "2026-03-05 10:24:49,431",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19017
          },
          {
            "timestamp": "2026-03-05 10:24:49,431",
            "thread_id": "2392",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff67c002af5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19018
          },
          {
            "timestamp": "2026-03-05 10:24:49,431",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 19019
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19020
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19021
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 19022
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b57e2d0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000e"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 19023
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19024
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b57e076",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "8"
              },
              {
                "name": "TokenInformation",
                "value": "\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19025
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97b57e125",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19026
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57deff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 19027
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b57df19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19028
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcefdde",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 19029
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcefe08",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "packageContents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents"
              }
            ],
            "repeated": 0,
            "id": 19030
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcec6d8",
            "parentcaller": "0x7ff97fceff14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xdd\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19031
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fceff50",
            "parentcaller": "0x7ff97f99d773",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19032
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19033
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eb54e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19034
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19035
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x82:N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19036
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19037
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19038
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19039
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19040
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19041
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 19042
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 19043
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 19044
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19045
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19046
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 19047
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 19048
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 19049
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 19050
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19051
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19052
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19053
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e386000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19054
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e387000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19055
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19056
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19057
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19058
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19059
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19060
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19061
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19062
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 19063
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 19064
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 19065
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 19066
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19067
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc6\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19068
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19069
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 3,
            "id": 19070
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b6493e9",
            "parentcaller": "0x7ff97b649045",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Unknown"
              },
              {
                "name": "Handle",
                "value": "0x000006be"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Unknown"
              }
            ],
            "repeated": 0,
            "id": 19071
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19072
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19073
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00@\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19074
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 19075
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19076
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 19077
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006be"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000005da"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\"
              }
            ],
            "repeated": 0,
            "id": 19078
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b649086",
            "parentcaller": "0x7ff97b631f9c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006be"
              }
            ],
            "repeated": 0,
            "id": 19079
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Unknown"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19080
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19081
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xda\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x80\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19082
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 19083
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19084
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 19085
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\."
              }
            ],
            "repeated": 1,
            "id": 19086
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19087
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19088
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 19089
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 19090
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\."
              }
            ],
            "repeated": 0,
            "id": 19091
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19092
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19093
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 19094
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004a2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 19095
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\."
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\."
              }
            ],
            "repeated": 0,
            "id": 19096
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b648c7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19097
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b648cd2",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19098
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97b648f31",
            "parentcaller": "0x7ff97b648b99",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19099
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b648d4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19100
          },
          {
            "timestamp": "2026-03-05 10:24:49,572",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\."
              }
            ],
            "repeated": 1,
            "id": 19101
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": ".\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 19102
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids"
              }
            ],
            "repeated": 0,
            "id": 19103
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97e743d65",
            "parentcaller": "0x7ff97b622b2d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005a0"
              },
              {
                "name": "SubKey",
                "value": "."
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\."
              }
            ],
            "repeated": 0,
            "id": 19104
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b5d02d6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 19105
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b5d0227",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc6\\xedJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19106
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5d024f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 19107
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "*"
              },
              {
                "name": "Handle",
                "value": "0x0000051a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\*"
              }
            ],
            "repeated": 0,
            "id": 19108
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\*"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19109
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 1,
            "id": 19110
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 19111
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 19112
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df21596",
            "parentcaller": "0x7ff97e74668d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000005b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 19113
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19114
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19115
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xb2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x90\\xd4\\x07\\x0c\\xc6\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19116
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 19117
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19118
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\LibraryDescriptionHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler"
              }
            ],
            "repeated": 0,
            "id": 19119
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005da"
              }
            ],
            "repeated": 0,
            "id": 19120
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051a"
              }
            ],
            "repeated": 0,
            "id": 19121
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97df35eff",
            "parentcaller": "0x7ff97df369fb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b2"
              }
            ],
            "repeated": 0,
            "id": 19122
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97b62540b",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97b5e8e10"
              },
              {
                "name": "EventName",
                "value": "Global\\WSearchMigPluginActive"
              }
            ],
            "repeated": 0,
            "id": 19123
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 19124
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25ee4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19125
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 19126
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19127
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97b6a7b3a",
            "parentcaller": "0x7ff97b6ae502",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19128
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19129
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19130
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19131
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "528",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19132
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19133
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19134
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19135
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19136
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19137
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19138
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19139
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19140
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e87e5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19141
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e8833",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0a;N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19142
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6ea57c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19143
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6ea481",
            "parentcaller": "0x7ff97d6e976a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19144
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6ea51c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19145
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19146
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19147
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 19148
          },
          {
            "timestamp": "2026-03-05 10:24:49,587",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 19149
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 19150
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19151
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19152
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 19153
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 19154
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 19155
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9115",
            "parentcaller": "0x7ff97d6e8dcc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 19156
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6e8ead",
            "parentcaller": "0x7ff97d6e8f2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19157
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19158
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19159
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 19160
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 19161
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 19162
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19163
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19164
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19165
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 19166
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 19167
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b0"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 19168
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6e9aba",
            "parentcaller": "0x7ff97d6c6996",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19169
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19170
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19171
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19172
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19173
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97d6eaea7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19174
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf0f",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19175
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eaf98",
            "parentcaller": "0x7ff97d6eae70",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19176
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6eaeb5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19177
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e341000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19178
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b633fa8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19179
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b634031",
            "parentcaller": "0x7ff97b633fc5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19180
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b633fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19181
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "528",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 19182
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19183
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19184
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19185
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19186
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6581f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19187
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b65821f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19188
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b658249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19189
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19190
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19191
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e186d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19192
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19193
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19194
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19195
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19196
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19197
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xf58N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x01$\\x01\\x00\\x00\\x00\\x00\\x00\\xf58N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19198
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19199
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19200
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19201
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19202
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x07\\x0c\\xc6\\x00\\x00\\x00$J\\xe2\\x7f\\xf9\\x7f\\x00\\x00\\xc0\\xc7\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x90\\x02\\xd2J\\xed\\x01\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x01\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x02\\xd2J\\xed\\x01\\x00\\x00\\x08\\xe52N\\xed\\x01\\x00\\x00\\xab\\x8e\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\xaf\\x06\\x01\\x04\\x01\\x00\\xaf\\x06\\x00\\x00\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xaf\\x06\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2J\\xed\\x01\\x00\\x00\\xe9\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00\\xa9\\xae\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x18\\x01\\x00\\x00\\x00@\\x00\\x00\\x86\\x00\\x00\\x00\\x18\\x01.\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19203
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19204
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19205
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19206
          },
          {
            "timestamp": "2026-03-05 10:24:49,603",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19207
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19208
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19209
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00@p\\xeeJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x01\\x16\\x01\\x00\\x00\\x00\\x00@p\\xeeJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19210
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19211
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19212
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19213
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19214
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19215
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19216
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19217
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19218
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19219
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19220
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19221
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\x144N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x00\\x02\\x01\\x00\\x00\\x00\\x00\\x80\\x144N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19222
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19223
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19224
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19225
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19226
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19227
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19228
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19229
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19230
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19231
          },
          {
            "timestamp": "2026-03-05 10:24:49,619",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19232
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19233
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0*8N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\xd0*8N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19234
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19235
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19236
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19237
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19238
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19239
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19240
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19241
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19242
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19243
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19244
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19245
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xb9\\xefJ\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\x00\\xc2\\x00\\x00\\x00\\x00\\x00\\x80\\xb9\\xefJ\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19246
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19247
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19248
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19249
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19250
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19251
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19252
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19253
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19254
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19255
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19256
          },
          {
            "timestamp": "2026-03-05 10:24:49,634",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19257
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000544"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x000\\xcb5N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00T\\x00\\x00\\x00\\x00\\x000\\xcb5N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19258
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 19259
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19260
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19261
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19262
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19263
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19264
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19265
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19266
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19267
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19268
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19269
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\x9064N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00B\\x00\\x00\\x00\\x00\\x00\\x9064N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19270
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19271
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19272
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19273
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19274
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19275
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19276
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19277
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19278
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19279
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19280
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19281
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xa9;N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x006\\x00\\x00\\x00\\x00\\x00\\xa0\\xa9;N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19282
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19283
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19284
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19285
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19286
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19287
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19288
          },
          {
            "timestamp": "2026-03-05 10:24:49,650",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19289
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19290
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19291
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19292
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19293
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0i;N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00&\\x00\\x00\\x00\\x00\\x00\\xa0i;N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19294
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19295
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19296
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19297
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19298
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19299
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19300
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19301
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19302
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19303
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d979f",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc00000ba",
            "pretty_return": "FILE_IS_A_DIRECTORY",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19304
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19305
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d97ca",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xb0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\xe0\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xffU\\x1d\\xbf\\x9e.~\\x00\\x00\\xe85\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0b2N\\xed\\x01\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\x97m}\\xf9\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x07\\x0c\\xc6\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc0b2N\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xc2\\x07\\x0c\\xc6\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19306
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19307
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d97f8",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19308
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9894",
            "parentcaller": "0x7ff97d6d8fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19309
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d904a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19310
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d904a",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8J\\xed\\x01\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\n\\xa0\\\\xf9\\x7f\\x00\\x00\\x1e\\xb7\\xef\\xbf\\x01\\x00\\x00\\x00\\x9e\\xb1m}\\xf9\\x7f\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x006@\\xf9\\x7f\\x00\\x00\\x98\\xc6\\x07\\x0c\\xc6\\x00\\x00\\x00`\\xcd\\xa1\\\\xf9\\x7f\\x00\\x00\\xcdG\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08^\\xc8\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00hj\\xc3\\\\xf9\\x7f\\x00\\x00~\\xb5\\xef\\xbfE\\xb7\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x069N\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00 #\\xa6L\\xed\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19311
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d904a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19312
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9a5b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19313
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6d9aa3",
            "parentcaller": "0x7ff97d6d9064",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x000900a8",
                "pretty_value": "FSCTL_GET_REPARSE_POINT"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19314
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6d9aca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19315
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da52e",
            "parentcaller": "0x7ff97d6d912b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19316
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da572",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 19317
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da580",
            "parentcaller": "0x7ff97d6d912b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19318
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6da73a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19319
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19320
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da77b",
            "parentcaller": "0x7ff97d6d912b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000590"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\xd19\\x84\\xc4\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 19321
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97d6da78f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19322
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19323
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19324
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19325
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19326
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19327
          },
          {
            "timestamp": "2026-03-05 10:24:49,666",
            "thread_id": "2452",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 19328
          },
          {
            "timestamp": "2026-03-05 10:24:49,759",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 19329
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "2452",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x94\t\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 19330
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 19331
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4eafe6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19332
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4eafe6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19333
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 19334
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97b6b73b4",
            "parentcaller": "0x7ff97b6b5fe3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "D105A4D4-344C-48EB-9866-EE378D90658B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "04B0F1A7-9490-44BC-96E1-4296A31252E2"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19335
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97b67a1bc",
            "parentcaller": "0x7ff97b679f13",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3AD05575-8857-4850-9277-11B85BDB8E09"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "947AAB5F-0A5C-4C13-B4D6-4BF7836FC9F8"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19336
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97fce6798",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 19337
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97fce67b9",
            "parentcaller": "0x7ff97d715336",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19338
          },
          {
            "timestamp": "2026-03-05 10:24:49,806",
            "thread_id": "7100",
            "caller": "0x7ff97b67c970",
            "parentcaller": "0x7ff97b68871b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 6,
            "id": 19339
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19340
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "NoFileFolderConnection"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection"
              }
            ],
            "repeated": 0,
            "id": 19341
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97b5c0542",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19342
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97eb7ee41",
            "parentcaller": "0x7ff97b5bf5c6",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "43"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00N\\x00P\\x00\\x00\\x00\\x00\\x00\\xf8\\xdb\\xe9J\\xed\\x01\\x00\\x00\\x03\\xc5\\x00\\x00\\x00\\x00\\x00\\x00H\\xdc\\xe9J\\xed\\x01\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19343
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf5e4",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19344
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fc30",
            "parentcaller": "0x7ff97b5bf666",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19345
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19346
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0D\\xe7J\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19347
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19348
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19349
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19350
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19351
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b59fd40",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a4"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\xcc[\\xc8\\xde\\xac\\xd5\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\xc9O\\x03\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00\\x00\\x00\\x00\\x00\\x03\\x00$\\x00R\\x00e\\x00c\\x00y\\x00c\\x00l\\x00e\\x00.\\x00B\\x00i\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e,o\\x97\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\xf9\\xbe\\xff\\x98\\x01\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\xab\\x01\\x00\\x00\\x00\\x04\\x005\\x00o\\x007\\x002\\x002\\x00x\\x00t\\x00n\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19352
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cff86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19353
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 19354
          },
          {
            "timestamp": "2026-03-05 10:24:49,822",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e378000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19355
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19356
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19357
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19358
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19359
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19360
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19361
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19362
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19363
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19364
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e379000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19365
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19366
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19367
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19368
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00110080",
                "pretty_value": "FILE_READ_ATTRIBUTES|DELETE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\1772665622"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19369
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b568194",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19370
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19371
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19372
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19373
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19374
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19375
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19376
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19377
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e399000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19378
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e398000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19379
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19380
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19381
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19382
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19383
          },
          {
            "timestamp": "2026-03-05 10:24:49,837",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19384
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19385
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19386
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19387
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19388
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19389
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19390
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19391
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19392
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19393
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19394
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19395
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19396
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19397
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19398
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19399
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19400
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19401
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19402
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19403
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19404
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19405
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19406
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19407
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19408
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19409
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19410
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19411
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19412
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19413
          },
          {
            "timestamp": "2026-03-05 10:24:49,853",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19414
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19415
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19416
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19417
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19418
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19419
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19420
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19421
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19422
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19423
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19424
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19425
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19426
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19427
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b6b5da0",
            "parentcaller": "0x7ff97b6b7af4",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F324E4F9-8496-40B2-A1FF-9617C1C9AFFE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "387FDB83-DD33-4995-9D2D-1F647E846705"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19428
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19429
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b678ed7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19430
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b678da4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19431
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              }
            ],
            "repeated": 0,
            "id": 19432
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MaxUndoItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems"
              }
            ],
            "repeated": 0,
            "id": 19433
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19434
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              }
            ],
            "repeated": 0,
            "id": 19435
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "MaxUndoItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems"
              }
            ],
            "repeated": 0,
            "id": 19436
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19437
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5d9c94",
            "parentcaller": "0x7ff97b5be814",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 19438
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19439
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eea0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19440
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19441
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19442
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19443
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000da0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19444
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19445
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````H-````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 19446
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19447
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19448
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00H\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 19449
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19450
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000da0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19451
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19452
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19453
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19454
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19455
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19456
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19457
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00H\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 19458
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19459
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000da0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19460
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19461
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eec0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19462
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19463
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eec0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19464
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19465
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19466
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e302000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19467
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e304000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19468
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e305000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19469
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19470
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eea0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19471
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19472
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19473
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19474
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19475
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19476
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````Z+````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 19477
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19478
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19479
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Z\\x00+\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 19480
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19481
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000be8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19482
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19483
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19484
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19485
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19486
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19487
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19488
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Z\\x00+\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 19489
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19490
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000be8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19491
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19492
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eec0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19493
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19494
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eec0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19495
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19496
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19497
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e303000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19498
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 19499
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19500
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d3e99",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19501
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97b5cf4dd",
            "parentcaller": "0x7ff97b5cf3bd",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00010000",
                "pretty_value": "DELETE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\1772665622"
              },
              {
                "name": "ShareAccess",
                "value": "4",
                "pretty_value": "FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 19502
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5cf545",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19503
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19504
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e270"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19505
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19506
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19507
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19508
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19509
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19510
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````^,````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19511
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19512
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19513
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19514
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19515
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19516
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19517
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e2c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19518
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19519
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e2c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19520
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19521
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19522
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19523
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19524
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19525
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19526
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19527
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19528
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19529
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19530
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19531
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 19532
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19533
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e270"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19534
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19535
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19536
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19537
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002284"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19538
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19539
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````AB````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 19540
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19541
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19542
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 19543
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19544
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19545
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19546
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e2c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19547
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19548
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e2c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19549
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19550
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19551
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 19552
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19553
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19554
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19555
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19556
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19557
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e290"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19558
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19559
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19560
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 19561
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 19562
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 19563
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 19564
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa3;N\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\xffe0\\xffa3;N\\xffed\\x01\\x00\\x00P\\xff818N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa3;N\\xffed\\x01\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\xffebJ\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00P\\xff818N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0F\\xffebJ\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19565
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc4bc",
            "parentcaller": "0x7ff97e0604c0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "FILE_READ_ACCESS"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\??"
              }
            ],
            "repeated": 0,
            "id": 19566
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc5cf",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 19567
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dcc24",
            "parentcaller": "0x7ff97e0604c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19568
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 19569
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              }
            ],
            "repeated": 0,
            "id": 19570
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 19571
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388240",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x30bf0ee2"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac12"
              }
            ],
            "repeated": 0,
            "id": 19572
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19573
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19574
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19575
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              }
            ],
            "repeated": 0,
            "id": 19576
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 19577
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e388100",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe1701f7d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19578
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 19579
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 19580
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              }
            ],
            "repeated": 0,
            "id": 19581
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e364a00",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19582
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19583
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              }
            ],
            "repeated": 0,
            "id": 19584
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3438c0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc6de08c9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19585
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19586
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              }
            ],
            "repeated": 0,
            "id": 19587
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3438c0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb9857ecd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19588
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19589
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 19590
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3434b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19591
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19592
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 19593
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4e3430f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19594
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19595
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 19596
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4ae651e0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 19597
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19598
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e0884f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 19599
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e147c",
            "parentcaller": "0x7ff97e0886af",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x1ed4ae651e0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 19600
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff97e0886e5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19601
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70e9e6",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 19602
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70ebbf",
            "parentcaller": "0x7ff97d70ea13",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 19603
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70ea6d",
            "parentcaller": "0x7ff97e0b5860",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 19604
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70ea7a",
            "parentcaller": "0x7ff97e0b5860",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19605
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97e0b4cfd",
            "parentcaller": "0x7ff97e0b4a3f",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 19606
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e7478ef",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\1772665622"
              }
            ],
            "repeated": 0,
            "id": 19607
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19608
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19609
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19610
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19611
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19612
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002284"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19613
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19614
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````AB````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 19615
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19616
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19617
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 19618
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19619
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19620
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19621
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19622
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19623
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19624
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19625
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19626
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 19627
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19628
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19629
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19630
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19631
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19632
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19633
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19634
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19635
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19636
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27eef0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19637
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19638
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19639
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19640
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19641
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19642
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````^,````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19643
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19644
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19645
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19646
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19647
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x00000598"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19648
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19649
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19650
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19651
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19652
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19653
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19654
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19655
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19656
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006bc"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19657
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19658
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19659
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19660
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27ef10"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19661
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19662
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19663
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 19664
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97b67bbc1",
            "parentcaller": "0x7ff97b5acbc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19665
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19666
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 0,
            "id": 19667
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              }
            ],
            "repeated": 0,
            "id": 19668
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutexf01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19669
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19670
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19671
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19672
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19673
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19674
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19675
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19676
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19677
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19678
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19679
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19680
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19681
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19682
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19683
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19684
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19685
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19686
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19687
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19688
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19689
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19690
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19691
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19692
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19693
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19694
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe1'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00`\\x00\\xed\\x01\\x00\\x00\\x88\\xe3\\x04\\x00\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19695
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "EventName",
                "value": "OleDfRoot9E1799E77DC58D66"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19696
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19697
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\\xa6\\xfb<J\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19698
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19699
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19700
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19701
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\\x87YBL\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19702
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19703
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\n<\\x0f\\xd0\\x11\\xac\\xdc\\x01\\x87YBL\\x8a\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01\\xaa`\\xbe\t\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19704
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19705
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19706
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19707
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\x06\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19708
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19709
          },
          {
            "timestamp": "2026-03-05 10:24:49,916",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90V\\xbe\t\\x12\\xac\\xdc\\x01\\x03\\x00\\x00\\x00\\xc0\\x10\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19710
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19711
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x02\\x00\\x03\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x9c\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19712
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19713
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x08\\x00\\x00\\x00\t\\x00\\x00\\x00\n\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\r\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\x10\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x18\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x1f\\x00\\x00\\x00 \\x00\\x00\\x00!\\x00\\x00\\x00\"\\x00\\x00\\x00#\\x00\\x00\\x00$\\x00\\x00\\x00%\\x00\\x00\\x00&\\x00\\x00\\x00'\\x00\\x00\\x00(\\x00\\x00\\x00)\\x00\\x00\\x00*\\x00\\x00\\x00+\\x00\\x00\\x00,\\x00\\x00\\x00-\\x00\\x00\\x005\\x00\\x00\\x00/\\x00\\x00\\x000\\x00\\x00\\x001\\x00\\x00\\x002\\x00\\x00\\x003\\x00\\x00\\x004\\x00\\x00\\x00\\xfe\\xff\\xff\\xff6\\x00\\x00\\x007\\x00\\x00\\x00?\\x00\\x00\\x009\\x00\\x00\\x00:\\x00\\x00\\x00;\\x00\\x00\\x00<\\x00\\x00\\x00=\\x00\\x00\\x00>\\x00\\x00\\x00\\xfe\\xff\\xff\\xff@\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19714
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x11\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19715
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x85]B\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x03\\x95C\\xbfk\\xdf\\xb3\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf[\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\xccl@c\\xfe\\xbb\t\\x12\\xac\\xdc\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x001\\x008\\x009\\x008\\x009\\x00B\\x001\\x00D\\x00-\\x009\\x009\\x00B\\x005\\x00-\\x004\\x005\\x005\\x00B\\x00-\\x008\\x004\\x001\\x00C\\x00-\\x00A\\x00B\\x007\\x00C\\x007\\x004\\x00E\\x004\\x00D\\x00D\\x00"
              },
              {
                "name": "Length",
                "value": "1024"
              }
            ],
            "repeated": 0,
            "id": 19716
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "@\\x17\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19717
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "_\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0A[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x007\\x005\\x004\\x00A\\x00C\\x008\\x008\\x006\\x00-\\x00D\\x00F\\x006\\x004\\x00-\\x004\\x00C\\x00B\\x00A\\x00-\\x008\\x006\\x00B\\x005\\x00-\\x00F\\x007\\x00F\\x00B\\x00F\\x004\\x00F\\x00B\\x00C\\x00E\\x00F\\x005\\x00}\\x00\\x00\\x00\\x00\\x00@\n\\xf0\\xc8\\xf6\\x1ck\\x8a\\xe4/#6\\x16\\x02"
              },
              {
                "name": "Length",
                "value": "192"
              }
            ],
            "repeated": 0,
            "id": 19718
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xc0\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19719
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89\\xe4/#6\\x16\\x02\\xc5H\\x94\\xed\\xaf\\x05l\\x02qf`\\xa3\\xe0\\xda\\x04\\x18\\xf1\\x11\\xb6\\xca\\xc6\\x00\\xe8)\\xdc\\x89desktop-pc01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\xd7\\x9fA[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00k\\x00n\\x00o\\x00w\\x00n\\x00f\\x00o\\x00l\\x00d\\x00e\\x00r\\x00:\\x00{\\x003\\x007\\x004\\x00D\\x00E\\x002\\x009\\x000\\x00-\\x001\\x002\\x003\\x00F\\x00-\\x004\\x005\\x006\\x005\\x00-\\x009\\x001\\x006\\x004\\x00-\\x003\\x009\\x00C\\x004\\x009\\x002\\x005\\x00E\\x004\\x006\\x007\\x00B\\x00}\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "220"
              }
            ],
            "repeated": 0,
            "id": 19720
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19721
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 19722
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19723
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 19724
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19725
          },
          {
            "timestamp": "2026-03-05 10:24:49,931",
            "thread_id": "7100",
            "caller": "0x7ff97b631cc9",
            "parentcaller": "0x7ff97b62f5bf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
              }
            ],
            "repeated": 1,
            "id": 19726
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97d6c6dcb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              }
            ],
            "repeated": 1,
            "id": 19727
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97b5ac665",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "MutexName",
                "value": "Local\\Mutex5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19728
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19729
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5af122",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19730
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19731
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19732
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19733
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19734
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19735
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19736
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19737
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19738
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19739
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19740
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19741
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19742
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19743
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19744
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19745
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19746
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19747
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19748
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19749
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97b5ac6df",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 19750
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97b67cccb",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 19751
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 19752
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19753
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97e9b7e40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe1'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00@\\x00\\x00\\x00P\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00P\\x00\\xed\\x01\\x00\\x00C\\xe3\\x04\\x00\\xed\\x01\\x00\\x00d\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19754
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d71299b",
            "parentcaller": "0x7ff97e9b7da0",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              },
              {
                "name": "EventName",
                "value": "OleDfRootB44C384AB4A8F86C"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19755
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19756
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x010\\xablJ\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19757
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19758
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19759
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19760
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01y\\x1eGL\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19761
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b671084",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19762
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d7241ff",
            "parentcaller": "0x7ff97b6710b1",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "[\\x9e\\x11\\xd0\\x11\\xac\\xdc\\x01y\\x1eGL\\x8a\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01V\\xaa\\x92/\\x12\\xac\\xdc\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19763
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19764
          },
          {
            "timestamp": "2026-03-05 10:24:49,947",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xd0\\xcf\\x11\\xe0\\xa1\\xb1\\x1a\\xe1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x03\\x00\\xfe\\xff\t\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19765
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19766
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "\\xfd\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19767
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d700a13",
            "parentcaller": "0x7ff97b65fcf4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19768
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b65fd26",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
              },
              {
                "name": "Buffer",
                "value": "R\\x00o\\x00o\\x00t\\x00 \\x00E\\x00n\\x00t\\x00r\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x05\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa2\\x92/\\x12\\xac\\xdc\\x01\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D\\x00e\\x00s\\x00t\\x00L\\x00i\\x00s\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x02\\x01\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 19769
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aeda000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 19770
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5b0b28",
            "parentcaller": "0x7ff97b5b0a2a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19771
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5ac50f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 19772
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19773
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97b67b6f3",
            "parentcaller": "0x7ff97df43106",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9E175B6D-F52A-11D8-B9A5-505054503030"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "A5EBA07A-DAE8-4D15-B12F-728EFD8A9866"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19774
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19775
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19776
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19777
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19778
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19779
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19780
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97e9cab0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 19781
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b66adb3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19782
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 19783
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "2392",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 19784
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ace34",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19785
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5acc86",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19786
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19787
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19788
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19789
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19790
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19791
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19792
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19793
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accc1",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19794
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19795
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19796
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19797
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19798
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19799
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19800
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19801
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5ab6d8",
            "parentcaller": "0x7ff97b5accfa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19802
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19803
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19804
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19805
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19806
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19807
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19808
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19809
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19810
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19811
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19812
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19813
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19814
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19815
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19816
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97b5acff1",
            "parentcaller": "0x7ff97b5ac8ea",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F0AE1542-F497-484B-A175-A20DB09144BA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E9C5EF8D-FD41-4F72-BA87-EB03BAD5817C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19817
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19818
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19819
          },
          {
            "timestamp": "2026-03-05 10:24:49,962",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa68",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19820
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19821
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "ShowFrequent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent"
              }
            ],
            "repeated": 0,
            "id": 19822
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff97df2aa9b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19823
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be92d",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19824
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97eb7fd1f",
            "parentcaller": "0x7ff97b5be946",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "44"
              },
              {
                "name": "InputBuffer",
                "value": "\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19825
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b5be956",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19826
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19827
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e800"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19828
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19829
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1bb0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19830
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19831
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005f4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x000006d4"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19832
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f0a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19833
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97eb72a0e",
            "parentcaller": "0x7ff97df1b793",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-%D4#!`````^,````````P:$````````"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19834
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1b6f8",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19835
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1b707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19836
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19837
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19838
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000005f4"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19839
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19840
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e850"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19841
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19842
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e850"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19843
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19844
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b61e8e0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19845
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 19846
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff97df1d5cd",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000040",
                "pretty_value": "PROCESS_DUP_HANDLE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4524"
              },
              {
                "name": "ProcessName",
                "value": "Error obtaining target process name"
              }
            ],
            "repeated": 0,
            "id": 19847
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0x000006d4"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19848
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1f082",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19849
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e820"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19850
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19851
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc60c27e820"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19852
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19853
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97b62116e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ebf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19854
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b5da8d9",
            "parentcaller": "0x7ff97b5da871",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100b4"
              },
              {
                "name": "Message",
                "value": "0x00000403"
              }
            ],
            "repeated": 0,
            "id": 19855
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 19856
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005f4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 19857
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19858
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 19859
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19860
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19861
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19862
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19863
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19864
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 19865
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19866
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19867
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19868
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19869
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19870
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19871
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19872
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19873
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19874
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19875
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19876
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19877
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19878
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19879
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19880
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd~\\x85\\xb9\\x11\\xac\\xdc\\x01\\xb4\\x1b\\x8d\\x13\\x8a\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa3\\x01\\x00\\x00\\x00\\x02\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19881
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19882
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19883
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19884
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19885
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19886
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19887
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19888
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19889
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19890
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19891
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19892
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00O\\x00N\\x00T\\x00E\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00S\\x00D\\x00K\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19893
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19894
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19895
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19896
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19897
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19898
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19899
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19900
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe2\\x0e\\xbf0\\x12\\xac\\xdc\\x01\\xf5\\xbbA:\\x8a\\xac\\xdc\\x01&\\xf7<:\\x8a\\xac\\xdc\\x01&\\xf7<:\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x8e\\x00\\x00\\x00\\x00\\x03\\x003\\x001\\x000\\x000\\x009\\x001\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 19901
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19902
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19903
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 19904
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19905
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19906
          },
          {
            "timestamp": "2026-03-05 10:24:49,994",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19907
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19908
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19909
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19910
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19911
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00` 6N\\xed\\x01\\x00\\x00\\xa0 6N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19912
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 19913
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19914
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19915
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 19916
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19917
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19918
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 19919
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 19920
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19921
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 19922
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 19923
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19924
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 19925
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 19926
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19927
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 19928
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19929
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19930
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 19931
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19932
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19933
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19934
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19935
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19936
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19937
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19938
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00` 6N\\xed\\x01\\x00\\x00\\xa0 6N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19939
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 19940
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19941
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19942
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 19943
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19944
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19945
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 19946
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 19947
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19948
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 19949
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 19950
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19951
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 19952
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 19953
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19954
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 19955
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19956
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19957
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19958
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 19959
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19960
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19961
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 19962
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 19963
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19964
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 19965
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19966
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19967
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19968
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 19969
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19970
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19971
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19972
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 19973
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 19974
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 19975
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19976
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19977
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19978
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19979
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 19980
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19981
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 19982
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 19983
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19984
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19985
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 19986
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 19987
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19988
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 19989
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 19990
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 19991
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 19992
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 19993
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19994
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 19995
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 19996
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 19997
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 19998
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 19999
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20000
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20001
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20002
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20003
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20004
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20005
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20006
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20007
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20008
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20009
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20010
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20011
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20012
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20013
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20014
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20015
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20016
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20017
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20018
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20019
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20020
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20021
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20022
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20023
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20024
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20025
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20026
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20027
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20028
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20029
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20030
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20031
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20032
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 20033
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 20034
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20035
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20036
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20037
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20038
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20039
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20040
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20041
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20042
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20043
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20044
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20045
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20046
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20047
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20048
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20049
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20050
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20051
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20052
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20053
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20054
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20055
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20056
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20057
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20058
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20059
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20060
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20061
          },
          {
            "timestamp": "2026-03-05 10:24:50,009",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20062
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20063
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20064
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20065
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20066
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20067
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20068
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20069
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20070
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20071
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20072
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20073
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20074
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20075
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20076
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20077
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20078
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20079
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20080
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20081
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20082
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20083
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20084
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20085
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20086
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 20087
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 20088
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20089
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20090
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20091
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20092
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20093
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20094
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20095
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20096
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20097
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20098
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20099
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20100
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20101
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20102
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20103
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20104
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20105
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20106
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20107
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20108
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20109
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20110
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20111
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20112
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20113
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20114
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20115
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20116
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20117
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20118
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20119
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20120
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20121
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20122
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20123
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20124
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20125
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20126
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20127
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20128
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa2;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20129
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20130
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20131
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20132
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20133
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20134
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20135
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20136
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20137
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20138
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20139
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20140
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20141
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20142
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20143
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20144
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20145
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20146
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20147
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20148
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20149
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20150
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20151
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20152
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20153
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20154
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20155
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20156
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20157
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20158
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20159
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x10\\x97\\xeeJ\\xed\\x01\\x00\\x00\\x90\\x94\\xeeJ\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20160
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20161
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20162
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20163
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20164
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20165
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20166
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20167
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20168
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20169
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20170
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20171
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20172
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20173
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20174
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20175
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20176
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20177
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20178
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20179
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20180
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20181
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20182
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20183
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20184
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20185
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x10\\x97\\xeeJ\\xed\\x01\\x00\\x00\\xd0#1N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20186
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20187
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20188
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20189
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20190
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20191
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20192
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20193
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20194
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20195
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20196
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20197
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20198
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20199
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20200
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20201
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20202
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20203
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20204
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20205
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20206
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20207
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20208
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20209
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20210
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20211
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20212
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20213
          },
          {
            "timestamp": "2026-03-05 10:24:50,025",
            "thread_id": "7100",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 20214
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 20215
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006dc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20216
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20217
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20218
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b6322ef",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10y\\xedJ\\xed\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20219
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b6313c1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20220
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000006dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 20221
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006dc"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 20222
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20223
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 20224
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20225
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20226
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20227
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20228
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20229
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 20230
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20231
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20232
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20233
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20234
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 20235
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20236
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20237
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20238
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20239
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20240
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20241
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\xc7\\xb7\\x87\\x9d\\x16\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\xa2\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20242
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20243
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20244
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20245
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd~\\x85\\xb9\\x11\\xac\\xdc\\x01\\xb4\\x1b\\x8d\\x13\\x8a\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\xf4\\xd2\\x1c\\x13.\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xa3\\x01\\x00\\x00\\x00\\x02\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20246
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20247
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20248
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20249
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000598"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x04\\xcd\\xe2\\xc6\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00.\\x00C\\x00O\\x00N\\x00\\x00\\x00o\\xa5\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00D\\x00e\\x00l\\x00i\\x00v\\x00e\\x00r\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00_\\x00c\\x00w\\x005\\x00n\\x001\\x00h\\x002\\x00t\\x00x\\x00y\\x00e\\x00w\\x00y\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20250
          },
          {
            "timestamp": "2026-03-05 10:24:50,041",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20251
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20252
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20253
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x08\\xde\\xc6\\x11\\xac\\xdc\\x01\\xf5\\xfd\\x14,\\x8a\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\xd4\\xaat\\xc8\\x13\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00L\\x00O\\x00C\\x00A\\x00L\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xa5\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00t\\x00a\\x00t\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20254
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20255
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20256
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20257
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\xf9\\x8b\\xcaI\\x8a\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00O\\x00N\\x00T\\x00E\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00o\\x00n\\x00t\\x00e\\x00n\\x00t\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00S\\x00D\\x00K\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20258
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20259
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20260
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20261
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x1fp\\xe1\\x11\\xac\\xdc\\x01\\x9a\\xc5\\x11-\\x8a\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01, \\xf10\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00C\\x00R\\x00E\\x00A\\x00T\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xa7\\x01\\x00\\x00\\x00\\x02\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00v\\x00e\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20262
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20263
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20264
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 20265
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xfff8\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\x00\\xff818N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xff90|1N\\xffed\\x01\\x00\\x00\\xff90|1N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90|1N\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffe0\\xffca\\xffe5J\\xffed\\x01\\x00\\x00\\x00\\xff818N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0t1N\\xffed\\x01\\x00\\x00\\xffd0\\xffe9\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20266
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 20267
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 20268
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20269
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe2\\x0e\\xbf0\\x12\\xac\\xdc\\x01\\xf5\\xbbA:\\x8a\\xac\\xdc\\x01&\\xf7<:\\x8a\\xac\\xdc\\x01&\\xf7<:\\x8a\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x8e\\x00\\x00\\x00\\x00\\x03\\x003\\x001\\x000\\x000\\x009\\x001\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 20270
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 20271
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 20272
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 20273
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 20274
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 20275
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20276
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6df040",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 20277
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20278
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20279
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20280
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20281
          },
          {
            "timestamp": "2026-03-05 10:24:50,056",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20282
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20283
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20284
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20285
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20286
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0#1N\\xed\\x01\\x00\\x00\\xa0 6N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20287
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20288
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20289
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20290
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20291
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20292
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20293
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20294
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20295
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20296
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20297
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20298
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20299
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20300
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20301
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20302
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20303
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20304
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20305
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20306
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20307
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20308
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20309
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20310
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20311
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20312
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20313
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0 6N\\xed\\x01\\x00\\x00`(6N\\xed\\x01\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20314
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20315
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20316
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20317
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006dc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20318
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20319
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20320
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20321
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20322
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 20323
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20324
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20325
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 20326
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20327
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20328
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20329
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20330
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20331
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20332
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20333
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20334
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20335
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20336
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 20337
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 20338
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20339
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20340
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20341
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20342
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20343
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20344
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20345
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20346
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20347
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20348
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20349
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20350
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20351
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20352
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20353
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00`\\xf9:N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\x98\\x05\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20354
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20355
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20356
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000598"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20357
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006dc"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20358
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20359
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20360
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20361
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20362
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 20363
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20364
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20365
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 20366
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20367
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20368
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20369
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000006dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20370
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 0,
            "id": 20371
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 20372
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20373
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20374
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20375
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20376
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20377
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20378
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20379
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20380
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20381
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20382
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20383
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20384
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20385
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20386
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20387
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20388
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20389
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20390
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20391
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20392
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20393
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20394
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20395
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20396
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20397
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20398
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20399
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20400
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20401
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20402
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20403
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20404
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20405
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20406
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20407
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 20408
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 20409
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20410
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20411
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20412
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20413
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20414
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20415
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20416
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20417
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20418
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20419
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20420
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20421
          },
          {
            "timestamp": "2026-03-05 10:24:50,072",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20422
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20423
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20424
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20425
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20426
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20427
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20428
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20429
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20430
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20431
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20432
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20433
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20434
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20435
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20436
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20437
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20438
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20439
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20440
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20441
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20442
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20443
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20444
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20445
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20446
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20447
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20448
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20449
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20450
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20451
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20452
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20453
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20454
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20455
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20456
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20457
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20458
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20459
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20460
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20461
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b60822a",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000006d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 20462
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b60827d",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 20463
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b6082a6",
            "parentcaller": "0x7ff97b608ee2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20464
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20465
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20466
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20467
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20468
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20469
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20470
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20471
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20472
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20473
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20474
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xa0\\xa3;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20475
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20476
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20477
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20478
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20479
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20480
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20481
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20482
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20483
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20484
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20485
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20486
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20487
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20488
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20489
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20490
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20491
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20492
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20493
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20494
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20495
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20496
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20497
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20498
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20499
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20500
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20501
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20502
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20503
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xa1;N\\xed\\x01\\x00\\x00\\xa0\\xa4;N\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20504
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20505
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20506
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20507
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20508
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20509
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20510
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20511
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20512
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20513
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20514
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20515
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20516
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20517
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20518
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20519
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20520
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20521
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20522
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20523
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20524
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20525
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20526
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20527
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20528
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20529
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20530
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20531
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20532
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20533
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x10\\x95\\xeeJ\\xed\\x01\\x00\\x00P\\x96\\xeeJ\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20534
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20535
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20536
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20537
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20538
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20539
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20540
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20541
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20542
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20543
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20544
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20545
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20546
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20547
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20548
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20549
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20550
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20551
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d8b2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20552
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20553
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 20554
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20555
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 20556
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64eee8",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20557
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64ef27",
            "parentcaller": "0x7ff97b64dac0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20558
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64ef4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20559
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc9'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc6\\x00\\x00\\x00\\x05@\\x00\\x80\\x00\\x00\\x00\\x00\\xfc\\xe6\\xa0\\\\xf9\\x7f\\x00\\x00\\x10\\x95\\xeeJ\\xed\\x01\\x00\\x00\\x10\\x97\\xeeJ\\xed\\x01\\x00\\x00\\xd4\\x06\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20560
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 20561
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 20562
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 20563
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 20564
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b64dc2a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20565
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97b64dcd5",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20566
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e718",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20567
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20568
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64e774",
            "parentcaller": "0x7ff97b64dec2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20569
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64def9",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 20570
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6df46f",
            "parentcaller": "0x7ff97d6dee23",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 20571
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97b64df56",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20572
          },
          {
            "timestamp": "2026-03-05 10:24:50,087",
            "thread_id": "7100",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97b64df89",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xca'\\x0c\\xc6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xd85\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 20573
          },
          {
            "timestamp": "2026-03-05 10:24:50,103",
            "thread_id": "7100",
            "caller": "0x7ff97b64e607",
            "parentcaller": "0x7ff97b64dcfa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 20574
          },
          {
            "timestamp": "2026-03-05 10:24:50,103",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b64dd66",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20575
          },
          {
            "timestamp": "2026-03-05 10:24:50,103",
            "thread_id": "7100",
            "caller": "0x7ff97b64ddb8",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000005f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 20576
          },
          {
            "timestamp": "2026-03-05 10:24:50,103",
            "thread_id": "7100",
            "caller": "0x7ff97b64dde1",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 20577
          },
          {
            "timestamp": "2026-03-05 10:24:50,103",
            "thread_id": "7100",
            "caller": "0x7ff97b64de03",
            "parentcaller": "0x7ff97b62d859",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 20578
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20579
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20580
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20581
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20582
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20583
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20584
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62cba4",
            "parentcaller": "0x7ff97b62d0ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 20585
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62d14a",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20586
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b62d232",
            "parentcaller": "0x7ff97b60a8ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 20587
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 20588
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x000006a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 20589
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20590
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5d2730",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20591
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20592
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20593
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f53c163",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 20594
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20595
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e378000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20596
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20597
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 20598
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20599
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97f55ff06",
            "parentcaller": "0x7ff97f50c8c8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 20600
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20601
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b59e63b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 20602
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 20603
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 20604
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "7100",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x89\\x0b\\xc6\\x00\\x00\\x00P\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 20605
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0012029c"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 20606
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2452",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20607
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20608
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e341000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20609
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 20610
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa1;N\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\xffe0\\xffa1;N\\xffed\\x01\\x00\\x00@V2N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa1;N\\xffed\\x01\\x00\\x00\\xfff0r1N\\xffed\\x01\\x00\\x00\\xfff0r1N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0r1N\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x000l\\xffeaJ\\xffed\\x01\\x00\\x00@V2N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0y1N\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20611
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 20612
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 20613
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 20614
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 20615
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 20616
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 20617
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 20618
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 20619
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 20620
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 20621
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 20622
          },
          {
            "timestamp": "2026-03-05 10:24:50,119",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 20623
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 20624
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20625
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20626
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20627
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20628
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20629
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 20630
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "2392",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20631
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 20632
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00q\\x1cx\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xffd0W2N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0n\\xffeaJ\\xffed\\x01\\x00\\x00\\xffd0W2N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd9/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa8\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20633
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 20634
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 20635
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 20636
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 20637
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 20638
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 20639
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 20640
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 20641
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 20642
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 20643
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 20644
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 20645
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 20646
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20647
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator"
              }
            ],
            "repeated": 0,
            "id": 20648
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00.\\x00O\\x00n\\x00l\\x00i\\x00n\\x00e\\x00I\\x00d\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00o\\x00r\\x00\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd1/\\x0c\\xffc6\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0d\\xffeaJ\\xffed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb1\\x06x\\xff9c:@\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xfff8\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0d\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00\\xffb0d\\xffeaJ\\xffed\\x01\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\x00Z2N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffa1;N\\xffed\\x01\\x00\\x00\\xff80\\xffa2\\xffe9J\\xffed\\x01\\x00\\x00\\xff80\\xffa2\\xffe9J\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0d\\xffeaJ\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffa2\\xffe9J\\xffed\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x01\\x00\\x00\\xffb0d\\xffeaJ\\xffed\\x01\\x00\\x00\\x00Z2N\\xffed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd2/\\x0c\\xffc6\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa0\\xffe9J\\xffed\\x01\\x00\\x00\\xffd0\\xffdb\\xffe9J\\xffed\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20649
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 20650
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server"
              }
            ],
            "repeated": 0,
            "id": 20651
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 20652
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading"
              }
            ],
            "repeated": 0,
            "id": 20653
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 20654
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000006a4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 20655
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 20656
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 20657
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 20658
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 20659
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 20660
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 20661
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20662
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20663
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20664
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00p\t\\xeeJ\\xed\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\n\\xeeJ\\xed\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\n\\xeeJ\\xed\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xa6\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xe0\\x0b\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xeeJ\\xed\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x08\\x0c\\xeeJ\\xed\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x0c\\xeeJ\\xed\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xac\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 20665
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aee1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20666
          },
          {
            "timestamp": "2026-03-05 10:24:50,228",
            "thread_id": "2392",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 20667
          },
          {
            "timestamp": "2026-03-05 10:24:50,431",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20668
          },
          {
            "timestamp": "2026-03-05 10:24:50,431",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e3bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20669
          },
          {
            "timestamp": "2026-03-05 10:24:50,431",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20670
          },
          {
            "timestamp": "2026-03-05 10:24:50,431",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e397000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20671
          },
          {
            "timestamp": "2026-03-05 10:24:50,431",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca6b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20672
          },
          {
            "timestamp": "2026-03-05 10:24:50,431",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4ca61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20673
          },
          {
            "timestamp": "2026-03-05 10:24:56,291",
            "thread_id": "1996",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1996"
              }
            ],
            "repeated": 0,
            "id": 20674
          },
          {
            "timestamp": "2026-03-05 10:24:56,291",
            "thread_id": "1996",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20675
          },
          {
            "timestamp": "2026-03-05 10:24:56,806",
            "thread_id": "2392",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 20676
          },
          {
            "timestamp": "2026-03-05 10:24:56,806",
            "thread_id": "2392",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 20677
          },
          {
            "timestamp": "2026-03-05 10:25:00,228",
            "thread_id": "5712",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 20678
          },
          {
            "timestamp": "2026-03-05 10:25:08,744",
            "thread_id": "1352",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20679
          },
          {
            "timestamp": "2026-03-05 10:25:08,744",
            "thread_id": "1352",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 20680
          },
          {
            "timestamp": "2026-03-05 10:25:08,744",
            "thread_id": "1352",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 20681
          },
          {
            "timestamp": "2026-03-05 10:25:08,744",
            "thread_id": "1352",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523b8c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 20682
          },
          {
            "timestamp": "2026-03-05 10:25:08,759",
            "thread_id": "1352",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 20683
          },
          {
            "timestamp": "2026-03-05 10:25:08,759",
            "thread_id": "1352",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 20684
          },
          {
            "timestamp": "2026-03-05 10:25:08,759",
            "thread_id": "1352",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 20685
          },
          {
            "timestamp": "2026-03-05 10:25:08,759",
            "thread_id": "1352",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20686
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20687
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 20688
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5860"
              }
            ],
            "repeated": 0,
            "id": 20689
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523b8c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 20690
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 20691
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 20692
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 20693
          },
          {
            "timestamp": "2026-03-05 10:25:08,853",
            "thread_id": "5860",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20694
          },
          {
            "timestamp": "2026-03-05 10:25:12,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20695
          },
          {
            "timestamp": "2026-03-05 10:25:12,103",
            "thread_id": "3376",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 20696
          },
          {
            "timestamp": "2026-03-05 10:25:12,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20697
          },
          {
            "timestamp": "2026-03-05 10:25:12,119",
            "thread_id": "1064",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 20698
          },
          {
            "timestamp": "2026-03-05 10:25:12,150",
            "thread_id": "3864",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20699
          },
          {
            "timestamp": "2026-03-05 10:25:12,150",
            "thread_id": "3864",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 20700
          },
          {
            "timestamp": "2026-03-05 10:25:12,369",
            "thread_id": "3424",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20701
          },
          {
            "timestamp": "2026-03-05 10:25:12,369",
            "thread_id": "3424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 20702
          },
          {
            "timestamp": "2026-03-05 10:25:17,541",
            "thread_id": "7136",
            "caller": "0x7ff97e03f2d7",
            "parentcaller": "0x7ff97e0b5725",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 20703
          },
          {
            "timestamp": "2026-03-05 10:25:17,541",
            "thread_id": "7136",
            "caller": "0x7ff97b5eccb5",
            "parentcaller": "0x7ff97b5ec644",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 20704
          },
          {
            "timestamp": "2026-03-05 10:25:17,541",
            "thread_id": "7136",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20705
          },
          {
            "timestamp": "2026-03-05 10:25:17,541",
            "thread_id": "7136",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 20706
          },
          {
            "timestamp": "2026-03-05 10:25:17,759",
            "thread_id": "5092",
            "caller": "0x7ff97e03f2d7",
            "parentcaller": "0x7ff97e0b5725",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 20707
          },
          {
            "timestamp": "2026-03-05 10:25:17,759",
            "thread_id": "5092",
            "caller": "0x7ff97b5eccb5",
            "parentcaller": "0x7ff97b5ec644",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 20708
          },
          {
            "timestamp": "2026-03-05 10:25:17,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20709
          },
          {
            "timestamp": "2026-03-05 10:25:17,759",
            "thread_id": "5092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 20710
          },
          {
            "timestamp": "2026-03-05 10:25:18,775",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20711
          },
          {
            "timestamp": "2026-03-05 10:25:18,775",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e359000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20712
          },
          {
            "timestamp": "2026-03-05 10:25:18,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20713
          },
          {
            "timestamp": "2026-03-05 10:25:18,962",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 20714
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20715
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 20716
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "528"
              }
            ],
            "repeated": 0,
            "id": 20717
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523b8c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 20718
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 20719
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 20720
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 20721
          },
          {
            "timestamp": "2026-03-05 10:25:19,603",
            "thread_id": "528",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20722
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97e03f2d7",
            "parentcaller": "0x7ff97e0b5725",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 20723
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97b5eccb5",
            "parentcaller": "0x7ff97b5ec644",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 20724
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20725
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 20726
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7100"
              }
            ],
            "repeated": 0,
            "id": 20727
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 20728
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 20729
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 20730
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "7100",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20731
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 20732
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4af1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20733
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 20734
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 20735
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2452"
              }
            ],
            "repeated": 0,
            "id": 20736
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 20737
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 20738
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 20739
          },
          {
            "timestamp": "2026-03-05 10:25:20,150",
            "thread_id": "2452",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20740
          },
          {
            "timestamp": "2026-03-05 10:25:20,931",
            "thread_id": "3764",
            "caller": "0x7ff97ea7d257",
            "parentcaller": "0x7ff97ea7d1b6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 20741
          },
          {
            "timestamp": "2026-03-05 10:25:20,931",
            "thread_id": "3764",
            "caller": "0x7ff97ea5df31",
            "parentcaller": "0x7ff97ea5dea4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 20742
          },
          {
            "timestamp": "2026-03-05 10:25:20,931",
            "thread_id": "3764",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea5ddb8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 20743
          },
          {
            "timestamp": "2026-03-05 10:25:20,947",
            "thread_id": "5092",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 20744
          },
          {
            "timestamp": "2026-03-05 10:25:20,947",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 20745
          },
          {
            "timestamp": "2026-03-05 10:25:20,947",
            "thread_id": "5092",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 20746
          },
          {
            "timestamp": "2026-03-05 10:25:20,947",
            "thread_id": "5092",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 20747
          },
          {
            "timestamp": "2026-03-05 10:25:20,947",
            "thread_id": "5092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 20748
          },
          {
            "timestamp": "2026-03-05 10:25:20,947",
            "thread_id": "5092",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 20749
          },
          {
            "timestamp": "2026-03-05 10:25:21,166",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4aef5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20750
          },
          {
            "timestamp": "2026-03-05 10:25:21,166",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e33b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20751
          },
          {
            "timestamp": "2026-03-05 10:25:21,166",
            "thread_id": "2876",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ed4e373000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 20752
          },
          {
            "timestamp": "2026-03-05 10:25:26,822",
            "thread_id": "3764",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 20753
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c00372f",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 20754
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c0037c8",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 20755
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c0034a2",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 20756
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c0034ba",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000200"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 20757
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c0034ba",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000200"
              }
            ],
            "repeated": 0,
            "id": 20758
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c0034d9",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 20759
          },
          {
            "timestamp": "2026-03-05 10:25:50,978",
            "thread_id": "7156",
            "caller": "0x7ff67c0034fd",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 20760
          }
        ],
        "threads": [
          "7156",
          "3032",
          "1744",
          "432",
          "1676",
          "5092",
          "3424",
          "5712",
          "3764",
          "6592",
          "5056",
          "2876",
          "5264",
          "2452",
          "1352",
          "528",
          "5860",
          "7100",
          "2392",
          "7136",
          "3376",
          "1064",
          "3864",
          "6992",
          "1996"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff67c000000",
          "MainExeSize": "0x0001c000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 4524,
        "process_name": "explorer.exe",
        "parent_id": 4448,
        "module_path": "C:\\Windows\\explorer.exe",
        "first_seen": "2026-03-05 10:24:45,134",
        "calls": [
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b6144c6",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Drive\\shellex\\FolderExtensions"
              },
              {
                "name": "Handle",
                "value": "0x00000ab2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b61450a",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab2"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b68e",
            "parentcaller": "0x7ff97b5b771f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b6b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "DriveMask"
              },
              {
                "name": "Data",
                "value": "32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b6c5",
            "parentcaller": "0x7ff97b5b771f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b61450a",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab2"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b61455e",
            "parentcaller": "0x7ff97b60c094",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab2"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000ab0"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000ab0"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000ab0"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000ab0"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:24:45,572",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000ab0"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000ab0"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:24:45,587",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:24:45,697",
            "thread_id": "7028",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7028"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:24:45,697",
            "thread_id": "7028",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc74ed",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:24:45,697",
            "thread_id": "6676",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:24:45,697",
            "thread_id": "6676",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x02b60035"
              },
              {
                "name": "Parameter",
                "value": "0x02b6001d"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "3644",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "3644",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x02b70035"
              },
              {
                "name": "Parameter",
                "value": "0x02b7001d"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "892",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "892",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "4260",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "4260",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "3244",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "3244",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "4048",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "4048",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "7028",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "7028",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f9c"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:24:45,712",
            "thread_id": "7028",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f9c"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:24:45,759",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c072"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:24:45,837",
            "thread_id": "6676",
            "caller": "0x02b60044",
            "parentcaller": "0x02b6001d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\bx_3000n\\dll\\KWXNIGCf.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95c960000"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:24:45,837",
            "thread_id": "6676",
            "caller": "0x02b60044",
            "parentcaller": "0x02b6001d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95c960000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\bx_3000n\\dll\\KWXNIGCf.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:24:45,837",
            "thread_id": "6676",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6676"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:24:45,837",
            "thread_id": "6676",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:24:45,853",
            "thread_id": "6708",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97ec5c4a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtUpdateWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd509a0"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f9c"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00001f9e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f9e"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f9e"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00@\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000209c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00@\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000209c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000209c"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:24:45,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:24:45,900",
            "thread_id": "4296",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "<\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "3980",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "3980",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "<\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "<\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "=\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "3980",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "3980",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "=\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:24:46,072",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "=\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:24:46,103",
            "thread_id": "3644",
            "caller": "0x02b70044",
            "parentcaller": "0x02b7001d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\bx_3000n\\dll\\KWXNIGCf.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95c960000"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:24:46,103",
            "thread_id": "3644",
            "caller": "0x02b70044",
            "parentcaller": "0x02b7001d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95c960000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\bx_3000n\\dll\\KWXNIGCf.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:24:46,103",
            "thread_id": "3644",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3644"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:24:46,103",
            "thread_id": "3644",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:24:46,119",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:24:46,228",
            "thread_id": "4296",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`i\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4296"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:24:46,228",
            "thread_id": "4944",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80k\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4944"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:24:46,244",
            "thread_id": "4944",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00010116"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 2,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:24:46,244",
            "thread_id": "4944",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80k\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4944"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000209c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000209c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000209c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:24:46,306",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x005\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00G\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001f9c"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f9c"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:24:46,322",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "4528",
            "caller": "0x7ff7ce5a47c9",
            "parentcaller": "0x7ff7ce622c96",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7e0000"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:24:46,353",
            "thread_id": "4528",
            "caller": "0x7ff7ce5a47c9",
            "parentcaller": "0x7ff7ce622c96",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "261"
              },
              {
                "name": "y",
                "value": "127"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "4604",
            "caller": "0x7ff7ce7aa85c",
            "parentcaller": "0x7ff7ce7b11f2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000066"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "4604",
            "caller": "0x7ff7ce79e4a0",
            "parentcaller": "0x7ff7ce7aa8b9",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "543"
              },
              {
                "name": "y",
                "value": "767"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:24:46,384",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": ">\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000022dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000022dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000022dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000022dc"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:24:46,400",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 1,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": ">\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:24:46,416",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": ">\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:24:46,431",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 10,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000022dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000022dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000022dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000022dc"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x000022de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000022de"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000022de"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Q\\x00?\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00001fc6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc6"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc6"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:24:46,494",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:24:46,509",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 8,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00001fc4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:24:46,572",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:24:46,603",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xdf\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00\\xf8\\xe0\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:24:46,634",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xdf\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00\\xf8\\xe0\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:24:46,666",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:24:46,681",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:24:46,697",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:24:46,712",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xdf\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00\\xf8\\xe0\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:24:46,728",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:24:46,744",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xdf\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00\\xf8\\xe0\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:24:46,806",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:24:46,837",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:24:46,853",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:24:46,869",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:24:46,884",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000ab0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001fc4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001fc4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001fc4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001fc4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001fc4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:24:46,900",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001fc4"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000ab0"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 1,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:24:46,916",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 1,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:24:46,931",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xdd\\xcf\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x98?\\xf9\\x7f\\x00\\x00(\\xde\\xcf\\x02\\x00\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa020",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:24:46,947",
            "thread_id": "4604",
            "caller": "0x7ff7ce5fa048",
            "parentcaller": "0x7ff7ce5e9fa4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 h\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00H\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4424"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001f80"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x094288b0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              },
              {
                "name": "ProcessId",
                "value": "4524"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00001f80",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x094288b0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              },
              {
                "name": "ProcessId",
                "value": "4524"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00001f80"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              },
              {
                "name": "ProcessId",
                "value": "4524"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25f99",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001fc4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "3612",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "3612",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x094288b0"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "3612",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:24:46,978",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00001f80"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00001f80"
              },
              {
                "name": "KeyInformation",
                "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00P\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00T\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xfff7,\\x07\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\x00\\x00\\x00\\x00\\x00\\xff89\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x1f_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x0c_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\x08#-\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe7\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\t\\x18\r\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\"-\r\\x00\\x00\\x00\\x00P\t\\x18\r\\x00\\x00\\x00\\x00\\xffc0/h\r\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\x05\\x18\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0/h\r\\x00\\x00\\x00\\x00 \\xff93/\\x07\\x00\\x00\\x00\\x00 \\xff93/\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\t\\x18\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\xff8fW\\x7f\\xfff9\\x7f\\x00\\x00\\xff80.5\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe8\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe8\\xfff6\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001f80"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\xffb8\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00R\\x00i\\x00\\x02\\x00\\x00\\x00\\xffe3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xfff7,\\x07\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x1f_\\x00\\x00\\x00\\x00\\x00\\xffa1&\\xffd0\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\xffa0J_\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x0c_\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Cx\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8/-\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffe3\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000.5\r\\x00\\x00\\x00\\x00\\xffd0\\xffef\\x17\r\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0/-\r\\x00\\x00\\x00\\x000.5\r\\x00\\x00\\x00\\x00\\xff80+h\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffef\\x17\r\\x00\\x00\\x00\\x00[jL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc00h\r\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8d/\\x07\\x00\\x00\\x00\\x00\\xff80+h\r\\x00\\x00\\x00\\x00\\x00\\xff8d/\\x07\\x00\\x00\\x00\\x00\\x00\\xff8d/\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000.5\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff8d/\\x07\\x00\\x00\\x00\\x00\\xffd3rL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0/-\r\\x00\\x00\\x00\\x00\\xfff8\\xffe4\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8d/\\x07\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x15\\xffb0T\\x7f\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7ff900000003"
              },
              {
                "name": "DataLength",
                "value": "184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f559e40",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Data",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00001f80"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00001f80"
              },
              {
                "name": "KeyInformation",
                "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00P\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00U\\x00i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xfff7,\\x07\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\x00\\x00\\x00\\x00\\x00y\\xffe4\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x1f_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x0c_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8/-\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe5\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\x02\\x18\r\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0/-\r\\x00\\x00\\x00\\x00\\xffd0\\x02\\x18\r\\x00\\x00\\x00\\x00\\xff80*h\r\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00P\r\\x18\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xff80*h\r\\x00\\x00\\x00\\x00@\\xff92/\\x07\\x00\\x00\\x00\\x00@\\xff92/\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\x02\\x18\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00K\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\xff8fW\\x7f\\xfff9\\x7f\\x00\\x00\\x0065\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00001f80"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001f80"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:24:47,056",
            "thread_id": "3612",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:24:47,103",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f8da3",
            "parentcaller": "0x7ff7ce5f8c0c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "777"
              },
              {
                "name": "y",
                "value": "767"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:24:47,181",
            "thread_id": "4604",
            "caller": "0x7ff7ce5c7344",
            "parentcaller": "0x7ff7ce59ed89",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 7,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "4604",
            "caller": "0x7ff7ce6101dd",
            "parentcaller": "0x7ff7ce5d795c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c440000"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "4604",
            "caller": "0x7ff7ce6101dd",
            "parentcaller": "0x7ff7ce5d795c",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000100c2"
              },
              {
                "name": "Message",
                "value": "0x00000417"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "4604",
            "caller": "0x7ff7ce740404",
            "parentcaller": "0x7ff7ce73e3bb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7e0000"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f88ee",
            "parentcaller": "0x7ff7ce5f87f6",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "815"
              },
              {
                "name": "y",
                "value": "767"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:24:47,228",
            "thread_id": "4604",
            "caller": "0x7ff7ce5c7344",
            "parentcaller": "0x7ff7ce6e2482",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 15,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "4604",
            "caller": "0x7ff7ce740404",
            "parentcaller": "0x7ff7ce73e3bb",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000201f8"
              },
              {
                "name": "Message",
                "value": "0x0000c11a"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f88ee",
            "parentcaller": "0x7ff7ce5f87f6",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "827"
              },
              {
                "name": "y",
                "value": "767"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:24:47,244",
            "thread_id": "4604",
            "caller": "0x7ff7ce5c7344",
            "parentcaller": "0x7ff7ce6e2482",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 14,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000035a"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xbf\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00V\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc0\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00002256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:24:47,275",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce740404",
            "parentcaller": "0x7ff7ce73e3bb",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000101dc"
              },
              {
                "name": "Message",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f88ee",
            "parentcaller": "0x7ff7ce5f87f6",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "852"
              },
              {
                "name": "y",
                "value": "767"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce5c7344",
            "parentcaller": "0x7ff7ce6e2482",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002256"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f263c",
            "parentcaller": "0x7ff7ce5f2508",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbe\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00V\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00002256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbe\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00V\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00002256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "3612",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:24:47,291",
            "thread_id": "4604",
            "caller": "0x7ff7ce5c7344",
            "parentcaller": "0x7ff7ce5cd1e6",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 7,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:24:47,306",
            "thread_id": "4604",
            "caller": "0x7ff7ce740404",
            "parentcaller": "0x7ff7ce73e3bb",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000101dc"
              },
              {
                "name": "Message",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:24:47,322",
            "thread_id": "4604",
            "caller": "0x7ff7ce5c7344",
            "parentcaller": "0x7ff7ce6e2482",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 15,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:24:47,353",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:24:47,369",
            "thread_id": "4604",
            "caller": "0x7ff7ce604c17",
            "parentcaller": "0x7ff7ce604b8f",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 4,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.PackageLocation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "KeyInformation",
                "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00`\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00L\\x00o\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x10\\xffa5\\xff9d\\x08\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\x00\\x00\\x00\\x00\\x00\\xff89\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffeah\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe7\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfff4h\r\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffeah\r\\x00\\x00\\x00\\x00`\\xfff4h\r\\x00\\x00\\x00\\x00\\xffb0\\xffe9,\r\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\xff90 \\x1d\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffb0\\xffe9,\r\\x00\\x00\\x00\\x00p*\\x17\r\\x00\\x00\\x00\\x00p*\\x17\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfff4h\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\xff8fW\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffc9\\xffd5\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe8\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe8\\xfff6\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Server"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002254"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000209c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000209c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\xffb8\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xffb8\\x00%\\x00\\x02\\x00\\x00\\x00\\xffbb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffa5\\xff9d\\x08\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14_\\x00\\x00\\x00\\x00\\x00\\xffa1&\\xffd0\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\xffe0\\x19_\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c_\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Cx\\x7f\\xfff9\\x7f\\x00\\x00\\x18\\xffd1h\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffe3\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffbc\\xffd5\\x08\\x00\\x00\\x00\\x00\\x10#\\x1d\r\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd0h\r\\x00\\x00\\x00\\x000\\xffbc\\xffd5\\x08\\x00\\x00\\x00\\x00p\\xffed,\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10#\\x1d\r\\x00\\x00\\x00\\x00[jL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0\\xffe3,\r\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P$\\x17\r\\x00\\x00\\x00\\x00p\\xffed,\r\\x00\\x00\\x00\\x00P$\\x17\r\\x00\\x00\\x00\\x00P$\\x17\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffbc\\xffd5\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80$\\x17\r\\x00\\x00\\x00\\x00\\xffd3rL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0\\xffd0h\r\\x00\\x00\\x00\\x00\\xfff8\\xffe4\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P$\\x17\r\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x15\\xffb0T\\x7f\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7ff900000003"
              },
              {
                "name": "DataLength",
                "value": "184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f559e40",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Data",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000209c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.PackageLocation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "KeyInformation",
                "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00`\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00L\\x00o\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x10\\xffa5\\xff9d\\x08\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\x00\\x00\\x00\\x00\\x00y\\xffe4\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffa8\\xffdah\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe5\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfff0h\r\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdah\r\\x00\\x00\\x00\\x00p\\xfff0h\r\\x00\\x00\\x00\\x000\\xffe6,\r\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\xff90$\\x1d\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff0\\xffe6,\r\\x00\\x00\\x00\\x00P$\\x17\r\\x00\\x00\\x00\\x00P$\\x17\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfff0h\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00K\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\xff8fW\\x7f\\xfff9\\x7f\\x00\\x00p\\xffc2\\xffd5\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Server"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002254"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:24:47,400",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000035a"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xbf\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00V\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc0\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00002256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002256"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbe\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00V\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00002256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbe\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00V\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbf\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00002256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "3612",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff9683ce9dd",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4524:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683d1974",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683cf91d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683cf91d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683cf91d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683cf91d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683cfa2e",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9683cfa2e",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9683cec2b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9683cec2b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff9683d040f",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9683cec2b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:24:47,494",
            "thread_id": "972",
            "caller": "0x7ff9683cfd60",
            "parentcaller": "0x7ff9683d04e7",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000035a"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x0000223e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc7\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xc8\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000223e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000223e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000223e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000223e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000223e"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000189a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000189a"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000189a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000189a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000189a"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000189a"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc6\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000223e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc6\\xf6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00>\"\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xc7\\xf6\\x07\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000223e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000223e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:24:47,541",
            "thread_id": "3612",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000223e"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000223c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000223c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000223c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000223c"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00+\\x00*\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000a2c"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:24:47,572",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c070"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00W\\x00g\\x00\\x00\\x00\\x00\\x00k\\xffb8\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00V\\x00g\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xfff7,\\x07\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\x00\\x00\\x00\\x00\\x00\\xff89\\xffe6\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x1f_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffc4\\x02_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x0c_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8/-\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe7\\xfff6\\x07\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff9b/\\x07\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0/-\r\\x00\\x00\\x00\\x00\\xffe0\\xff9b/\\x07\\x00\\x00\\x00\\x00\\xffc0$h\r\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00_\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00P\n\\x18\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0$h\r\\x00\\x00\\x00\\x00p\\xff94/\\x07\\x00\\x00\\x00\\x00p\\xff94/\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff9b/\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\xff8fW\\x7f\\xfff9\\x7f\\x00\\x00\\xff8035\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe8\\xfff6\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe8\\xfff6\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002254"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:24:47,587",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f51adbb",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:24:47,603",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 1,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:24:47,619",
            "thread_id": "972",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0k\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "972"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff9697c1288",
            "parentcaller": "0x7ff9697bedb6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "90AA3A4E-1CBA-4233-B8BB-535773D48449"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0DD79AE2-D156-45D4-9EEB-3B549769E940"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97df3cf71",
            "parentcaller": "0x7ff97df3cd6a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband"
              },
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97df3ce97",
            "parentcaller": "0x7ff97df3cd6a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\Favorites"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97df3cedd",
            "parentcaller": "0x7ff97df3cd6a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "Favorites"
              },
              {
                "name": "Data",
                "value": "\\x00V\\x01\\x00\\x00:\\x00\\x1f\\x80\\xc8'4\\x1f\\x10\\\\x10B\\xaa\\x03.\\xe4R\\x87\\xd6h&\\x00\\x01\\x00&\\x00\\xef\\xbe\\x12\\x00\\x00\\x00mM\\xb1\\xb8\\x11\\xac\\xdc\\x01\\xdd\\x17r\t\\x12\\xac\\xdc\\x01\\x95yt\t\\x12\\xac\\xdc\\x01\\x14\\x00V\\x001\\x00\\x00\\x00\\x00\\x00d\\\\x80\\xa0\\x10\\x00TaskBar\\x00@\\x00\t\\x00\\x04\\x00\\xef\\xbed\\\\x80\\xa0d\\\\x80\\xa0.\\x00\\x00\\x00\\x9d\\x8d\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00k>\\x0e\\x01T\\x00a\\x00s\\x00k\\x00B\\x00a\\x00r\\x00\\x00\\x00\\x16\\x00\\xc4\\x002\\x00\\x99\t\\x00\\x00d\\b\\xa0 \\x00MICROS~1.LNK\\x00\\x00V\\x00\t\\x00\\x04\\x00\\xef\\xbed\\\\x80\\xa0d\\\\x80\\xa0.\\x00\\x00\\x00\\x9e\\x8d\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00-\\xee\\xc1\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00d\\x00g\\x00e\\x00.\\x00l\\x00n\\x00k\\x00\\x00\\x00\\x1c\\x00\\x12\\x00\\x00\\x00+\\x00\\xef\\xbe\\xa0\\xdcv\t\\x12\\xac\\xdc\\x01\\x1c\\x00\\x1a\\x00\\x00\\x00\\x1d\\x00\\xef\\xbe\\x02\\x00M\\x00S\\x00E\\x00d\\x00g\\x00e\\x00\\x00\\x00\\x1c\\x00&\\x00\\x00\\x00\\x1e\\x00\\xef\\xbe\\x02\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00P\\x00i\\x00n\\x00n\\x00e\\x00d\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa4\\x01\\x00\\x00:\\x00\\x1f\\x80\\xc8'4\\x1f\\x10\\\\x10B\\xaa\\x03.\\xe4R\\x87\\xd6h&\\x00\\x01\\x00&\\x00\\xef\\xbe\\x12\\x00\\x00\\x00mM\\xb1\\xb8\\x11\\xac\\xdc\\x01\\xdd\\x17r\t\\x12\\xac\\xdc\\x01A\\xc7\\x82\t\\x12\\xac\\xdc\\x01\\x14\\x00V\\x001\\x00\\x00\\x00\\x00\\x00d\\\\x80\\xa0\\x11\\x00TaskBar\\x00@\\x00\t\\x00\\x04\\x00\\xef\\xbed\\\\x80\\xa0d\\\\x80\\xa0.\\x00\\x00\\x00\\x9d\\x8d\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\xf0\\xff\\x00T\\x00a\\x00s\\x00k\\x00B\\x00a\\x00r\\x00\\x00\\x00\\x16\\x00\\x12\\x012\\x00\\x97\\x01\\x00\\x00\\x87O\\x07I \\x00FI"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\Favorites"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97df3cf03",
            "parentcaller": "0x7ff97df3cd6a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97e036ce5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "FavoritesVersion"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesVersion"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97e036ce5",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Data",
                "value": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:24:47,634",
            "thread_id": "3612",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209c"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5e8013",
            "parentcaller": "0x7ff97b664fb2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000214E6-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97e744404",
            "parentcaller": "0x7ff97b665003",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002256"
              },
              {
                "name": "SubKey",
                "value": "InitPropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "17"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "DescriptionID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\DescriptionID"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "RecursiveSearch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\RecursiveSearch"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b658",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "Data",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b62e10b",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b62e153",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b62e194",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x0000223c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b62e21a",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000a2c"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b62e1d6",
            "parentcaller": "0x7ff97b67ac35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000223c"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x00000a2c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97e744304",
            "parentcaller": "0x7ff97e74665a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000209e"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b6018b9",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000223c"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b6018ab",
            "parentcaller": "0x7ff97b5e795b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002256"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b68835b",
            "parentcaller": "0x7ff97b5ebb3a",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000a2c"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5b1d9f",
            "parentcaller": "0x7ff97b5b1c77",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002254"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "Handle",
                "value": "0x0000223c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5b1ed2",
            "parentcaller": "0x7ff97b5b1dc2",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5ebb6a",
            "parentcaller": "0x7ff97b5eb063",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97b606f92",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b606d7b",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00002254"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00002254"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000944"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002254"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x06\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x003\\x00\r\\x00\n\\x00"
              },
              {
                "name": "Length",
                "value": "174"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "-j\\xb5\\xc9\\xde\\xac\\xd5\\x01\\x1e\\xa5\\xe8J\\x8a\\xac\\xdc\\x01\\xb8\\x818{\\xde\\xac\\xd5\\x01\\xd9\\x81w\\x97\\xf6\\xab\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5efd75",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xbdP\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01R\\x14!\\x16\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\xa1\\x01\\x00\\x00\\x00\\x02\\x00c\\x00a\\x00p\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:24:47,650",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\x04>o\\x0f\\x8a\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01gt\\xbe\\xb4\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf1\\xa1\\x01\\x00\\x00\\x00\\x02\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01G\\xbf\\xb1\\xdf-\\xac\\xdc\\x01G\\xbf\\xb1\\xdf-\\xac\\xdc\\x01G\\xbf\\xb1\\xdf-\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf2\\xa1\\x01\\x00\\x00\\x00\\x02\\x00R\\x00o\\x00a\\x00m\\x00i\\x00n\\x00g\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xae\\\\xb4\\x11\\xac\\xdc\\x01\\xb4\\xcax\\x0f\\x8a\\xac\\xdc\\x01\\x9c\\xd9F\\x06\\x14\\xac\\xdc\\x01\\x9c\\xd9F\\x06\\x14\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\xa1\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x7ff95ca1b324"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5efd75",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\xb4\\xcax\\x0f\\x8a\\xac\\xdc\\x01\\xd2\\x8e\\xd6\\xb9\\x11\\xac\\xdc\\x01\\xd2\\x8e\\xd6\\xb9\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00I\\x00N\\x00T\\x00E\\x00R\\x00N\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa2\\x01\\x00\\x00\\x00\\x02\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00e\\x00t\\x00 \\x00E\\x00x\\x00p\\x00l\\x00o\\x00r\\x00e\\x00r\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x13_\\xb4\\x11\\xac\\xdc\\x01\\x92\\xe8*\\x92+\\xac\\xdc\\x01m\\xbaE\\xbb\\x11\\xac\\xdc\\x01m\\xbaE\\xbb\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00Q\\x00U\\x00I\\x00C\\x00K\\x00L\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\xa2\\x01\\x00\\x00\\x00\\x02\\x00Q\\x00u\\x00i\\x00c\\x00k\\x00 \\x00L\\x00a\\x00u\\x00n\\x00c\\x00h\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b611c4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b0c5",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:24:47,666",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97b62b18b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d6daf23",
            "parentcaller": "0x7ff97b62b1ea",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\r\n[LocalizedFileNames]\r\nWindow Switcher.lnk=@%SystemRoot%\\system32\\shell32.dll,-10114\r\nShows Desktop.lnk=@%SystemRoot%\\system32\\shell32.dll,-10113\r\n"
              },
              {
                "name": "Length",
                "value": "148"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b62b256",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xfc\\xfcj\\xb4\\x11\\xac\\xdc\\x010i\\xedJ\\x8a\\xac\\xdc\\x01\\xdew\\x12~\\xde\\xac\\xd5\\x01\\xa6`m\\xb4\\x11\\xac\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b62b275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b62b285",
            "parentcaller": "0x7ff97b62afbb",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b65917a",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b6591c3",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b659208",
            "parentcaller": "0x7ff97b62b2cf",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006cc281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5efd75",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d701627",
            "parentcaller": "0x7ff97b5cfc95",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b5cfd3c",
            "parentcaller": "0x7ff97b60f6d3",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000944"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00mM\\xb1\\xb8\\x11\\xac\\xdc\\x01\\xa6\\xc5\\xdcA\\x00\\xac\\xdc\\x01\\xdd\\x17r\t\\x12\\xac\\xdc\\x01\\xdd\\x17r\t\\x12\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00U\\x00S\\x00E\\x00R\\x00P\\x00I\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00&\\xa3\\x01\\x00\\x00\\x00\\x02\\x00U\\x00s\\x00e\\x00r\\x00 \\x00P\\x00i\\x00n\\x00n\\x00e\\x00d\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b60f712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:24:47,681",
            "thread_id": "3612",
            "caller": "0x7ff97b600289",
            "parentcaller": "0x7ff97b5a5166",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3612",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3612",
            "caller": "0x7ff97fcbed8a",
            "parentcaller": "0x7ff97fcddb07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3612",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e276e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{00021401-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{00021401-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3612",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e39fe",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3612",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e39fe",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:24:47,759",
            "thread_id": "3612",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e39fe",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b5e2ae6",
            "parentcaller": "0x7ff97b5e29b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00021401-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000bea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{00021401-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b5e29ee",
            "parentcaller": "0x7ff97b5e2ca9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000bea"
              },
              {
                "name": "ValueName",
                "value": "EnableShareDenyNone"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97df1fb58",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f3c0",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f3f5",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f3f5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df2f411",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97df1a6a8",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x99\t\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002284"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "SectionOffset",
                "value": "0x07f6ddf0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f47d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f47d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df2f4a2",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 1,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df20032",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1fd7f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df1fdaa",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1fdca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000205c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000205c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000205c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000205c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff97df30a54",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff979d8c1d6",
            "parentcaller": "0x7ff979d8bde6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1aeaa",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1af2c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b5e2d60",
            "parentcaller": "0x7ff97b5e35b7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000bea"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b61f776",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:24:47,775",
            "thread_id": "3612",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e75fc",
            "parentcaller": "0x7ff97b617c6b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e276e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{00021401-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{00021401-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e4c0b",
            "parentcaller": "0x7ff97b5e39fe",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e4c5b",
            "parentcaller": "0x7ff97b5e39fe",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e4c87",
            "parentcaller": "0x7ff97b5e39fe",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e2ae6",
            "parentcaller": "0x7ff97b5e29b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{00021401-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000bea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{00021401-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e29ee",
            "parentcaller": "0x7ff97b5e2ca9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000bea"
              },
              {
                "name": "ValueName",
                "value": "EnableShareDenyNone"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97df1fb58",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000205c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f3c0",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f3f5",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f3f5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df2f411",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d71d787",
            "parentcaller": "0x7ff97df1a6a8",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000205c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x97\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97d6e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000205c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "SectionOffset",
                "value": "0x07f6ddf0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f47d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df2f47d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df2f4a2",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 1,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df20032",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1fd7f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97df1fdaa",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1fdca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6defbc",
            "parentcaller": "0x7ff97d6deb59",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000840"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00002284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000840"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97b621b7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1aeaa",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07480000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1af2c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e2d60",
            "parentcaller": "0x7ff97b5e35b7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000bea"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b618e8f",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b618edf",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b618f03",
            "parentcaller": "0x7ff97b618d71",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97b61f776",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97f4af313",
            "parentcaller": "0x7ff97f4ae803",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b601774",
            "parentcaller": "0x7ff97b5e7901",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dff0000"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97b5e7f14",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97b5e7f3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97e0705b0"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97e070802",
            "parentcaller": "0x7ff97b5e7f6e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5d306c",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5d30d9",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5d3111",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5d3153",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5d3358",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000da0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\appresolver.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5d33ec",
            "parentcaller": "0x7ff97b5e79d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b5e7ec2",
            "parentcaller": "0x7ff97b5eb585",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4234D49B-0245-4DF3-B780-3893943456E1"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "000214E6-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97df2b3e7",
            "parentcaller": "0x7ff97b5e7ee5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{4234D49B-0245-4DF3-B780-3893943456E1}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{4234D49B-0245-4DF3-B780-3893943456E1}"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97b606b8d",
            "parentcaller": "0x7ff97b604373",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:24:47,791",
            "thread_id": "3612",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0l\\x00\\x00\\x00\\x00\\x00\\xac\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3612"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00H\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000da0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000944"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000944"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000944"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000946"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000946"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000946"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00H\\x00-\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000da0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000da0"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c077"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Z\\x00+\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000be8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000da0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000da0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000da0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da0"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000da2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da2"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000da2"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00Z\\x00+\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000be8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:24:49,869",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c075"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000be8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000be8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002284"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:24:49,884",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000205c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000205c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000205c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205c"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x0000205e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205e"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000205e"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00A\\x00B\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00002284"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002284"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c07b"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00002284"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002284"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00002284"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f220"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002284"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b5e25c9",
            "parentcaller": "0x7ff97b60c868",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00002286"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002286"
              },
              {
                "name": "ValueName",
                "value": "SortOrderIndex"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b60c8be",
            "parentcaller": "0x7ff97b60c0eb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00002286"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8e7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97b5a54a0",
            "parentcaller": "0x7ff97b60c8ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e0340d4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:24:49,900",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000be8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000be8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97df1d567",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000be8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x06d1f280"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df1d5a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff97e064e62",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97eb72755",
            "parentcaller": "0x7ff97eb72699",
            "category": "synchronization",
            "api": "NtQueryInformationAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "-\\x00%\\x00D\\x004\\x00#\\x00!\\x00`\\x00`\\x00`\\x00`\\x00`\\x00^\\x00,\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00P\\x00:\\x00$\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00`\\x00"
              },
              {
                "name": "Size",
                "value": "64"
              },
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97df1f034",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000cf8"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3fb6a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:24:49,978",
            "thread_id": "4624",
            "caller": "0x7ff97eb72897",
            "parentcaller": "0x7ff97df3fb7b",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c07a"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:24:50,134",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "@\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:24:50,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000cf8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000cf8"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000be8"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000cf8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000cf8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000cf8"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b6042c0",
            "parentcaller": "0x7ff97b603da7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b65bd16",
            "parentcaller": "0x7ff97b657bd3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x00000be8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c0f",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000be8"
              },
              {
                "name": "SubKey",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000cf8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c37",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000be8"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97df2b76b",
            "parentcaller": "0x7ff97df2b5e2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97b657c7b",
            "parentcaller": "0x7ff97b5b65d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000cf8"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:24:50,400",
            "thread_id": "4624",
            "caller": "0x7ff97d6dc045",
            "parentcaller": "0x7ff97e74212a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:24:51,400",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 13,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e3813d3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "0"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e381400",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e38147f",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.12"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.12"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e3814b7",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.11"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.11"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e3814f3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.10"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.10"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e3813d3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "0"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e381400",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e38147f",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.12"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.12"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e3814b7",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.11"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.11"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:24:51,572",
            "thread_id": "5700",
            "caller": "0x7ff95e3814f3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.10"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.10"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:24:51,587",
            "thread_id": "5700",
            "caller": "0x7ff95e3813d3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "0"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:24:51,587",
            "thread_id": "5700",
            "caller": "0x7ff95e381400",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:24:51,587",
            "thread_id": "5700",
            "caller": "0x7ff95e38147f",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.12"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.12"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:24:51,587",
            "thread_id": "5700",
            "caller": "0x7ff95e3814b7",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.11"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.11"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:24:51,587",
            "thread_id": "5700",
            "caller": "0x7ff95e3814f3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.10"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.10"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:24:51,634",
            "thread_id": "5700",
            "caller": "0x7ff95e3813d3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "0"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:24:51,634",
            "thread_id": "5700",
            "caller": "0x7ff95e381400",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:24:51,634",
            "thread_id": "5700",
            "caller": "0x7ff95e38147f",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.12"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.12"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:24:51,634",
            "thread_id": "5700",
            "caller": "0x7ff95e3814b7",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.11"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.11"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:24:51,634",
            "thread_id": "5700",
            "caller": "0x7ff95e3814f3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.10"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.10"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:24:51,744",
            "thread_id": "5700",
            "caller": "0x7ff95e3813d3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "0"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:24:51,759",
            "thread_id": "5700",
            "caller": "0x7ff95e381400",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:24:51,759",
            "thread_id": "5700",
            "caller": "0x7ff95e38147f",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.12"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.12"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:24:51,759",
            "thread_id": "5700",
            "caller": "0x7ff95e3814b7",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.11"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.11"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:24:51,759",
            "thread_id": "5700",
            "caller": "0x7ff95e3814f3",
            "parentcaller": "0x7ff95e3815e8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Outlook.Application.10"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Outlook.Application.10"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:24:51,791",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:24:52,119",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:24:52,134",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:24:52,150",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "G\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4424",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4424",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "G\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969925808",
            "parentcaller": "0x7ff97fcc0ebc",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:24:52,166",
            "thread_id": "4296",
            "caller": "0x7ff969923a7d",
            "parentcaller": "0x7ff969924730",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "G\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:24:53,072",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 4,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:24:53,134",
            "thread_id": "4528",
            "caller": "0x7ff7ce5a47c9",
            "parentcaller": "0x7ff7ce622c96",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "1013"
              },
              {
                "name": "y",
                "value": "709"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:24:53,134",
            "thread_id": "4604",
            "caller": "0x7ff7ce5f9ea0",
            "parentcaller": "0x7ff7ce5eb243",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 5,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb4515",
            "parentcaller": "0x7ff97fcb3dab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d330000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d2f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d5eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d4d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d62d000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d4a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d474000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d37c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0dba9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0daf5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0da7c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0dc32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0dcb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d6b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0726f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d4fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d284000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0dcaf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08bd6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcbed8a",
            "parentcaller": "0x7ff97fcd64ab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00058000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cdd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0942b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcbed8a",
            "parentcaller": "0x7ff97fcd6068",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcbed8a",
            "parentcaller": "0x7ff97fcd64ab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ecc2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcb9b1a",
            "parentcaller": "0x7ff97fcd095c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ecbe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcbed8a",
            "parentcaller": "0x7ff97fcd64ab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ece3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:24:53,884",
            "thread_id": "4624",
            "caller": "0x7ff97fcbed8a",
            "parentcaller": "0x7ff97fcd64ab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0eced000"
              },
              {
                "name": "RegionSize",
                "value": "0x000af000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1237
          }
        ],
        "threads": [
          "4624",
          "7028",
          "6676",
          "3644",
          "892",
          "4260",
          "3244",
          "4048",
          "6708",
          "4296",
          "4424",
          "3980",
          "4944",
          "4528",
          "4604",
          "3612",
          "972",
          "5700"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\Explorer.EXE",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff7ce580000",
          "MainExeSize": "0x004e2000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 1872,
        "process_name": "backgroundTaskHost.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
        "first_seen": "2026-03-05 10:24:55,790",
        "calls": [
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "6324",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "6324",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff77c631420"
              },
              {
                "name": "Parameter",
                "value": "0x94c9126000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "2256",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 2,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "6524",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6431000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "6524",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "7096",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "7096",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "2256",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "2256",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "6936",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6432000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:24:56,961",
            "thread_id": "6936",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6505000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6936",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6936",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6524",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6524",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6324",
            "caller": "0x7ff77c6314d1",
            "parentcaller": "0x7ff77c6312f9",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff77c631480"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:24:56,977",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6427000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Ole\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "DisableThresholdAppLaunchPerfFeature"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisableThresholdAppLaunchPerfFeature"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6324"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2ef000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:24:57,071",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "3768",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:24:57,086",
            "thread_id": "3768",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f8"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f8"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001fc"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f8"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000001fc"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\r\\xee2\\xea[<I\\xf5\\xd1\\xda\\x0b\\x8a\\xbc\\xee\\xda\\x0b\\xfc@\\xed\\x8e0\\x17\\xd8\\xcaW\\x88\\xe2Z\\x81 H\\xe1\\x1a1\\xe7\\x0c\\xae^\\xcf+\\xab3\\x91\\x08\\xde\\xc5\\xac\\xd3"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6433000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c631029",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6434000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CLSIDFromOle1Class"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f52fa90"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000214"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1872:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c8f4f2a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "Com+Enabled"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "clbcatq.dll"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000a9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f254000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6444000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "3768",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\MaximumCommitCondition"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\clbcatq"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97f1cd990"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:24:57,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6439000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x247e6402340"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff97f52f190",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x94c94ff550"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000228"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e643a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97f55eb77",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.1872"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "3768",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff97d723b9e",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000234"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000023c"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00B\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00\\xffa0\\xffe2\\xff82\\xffd0\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00(\\xffef\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffd0\\xffe1\\xff82\\xffd0\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffe9@\\xffe6G\\x02\\x00\\x00\\xfff0\"c|\\xfff7\\x7f\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffbdB\\xffe6G\\x02\\x00\\x00p\\xffef\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xfff0\"c|\\xfff7\\x7f\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffe0\\xffbdB\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x004\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00`\\xffef\\xfff4\\xffc8\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00p\\xffef\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xfff0%C\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0\\xfff0\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffe0\\xffbdB\\xffe6G\\x02\\x00\\x00\\x10\\xffe9@\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\x0c&C\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00G\\x02\\x00\\x004\\x02\\x00\\x00\\x00\\x00\\x00\\x00`\\xffef\\xfff4\\xffc8\\xff94\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffbdB\\xffe6G\\x02\\x00\\x00ylM\\x7f\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000023c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "MaxSxSHashCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:24:57,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\twinapi.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978400000"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff978400000"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff978400000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff978451f00"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97844e9b0"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff978400000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97845d6b0"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310b1",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:24:57,227",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Collections.PropertySet"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00C\\x00o\\x00l\\x00l\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00S\\x00e\\x00t\\x00\\x00\\x00\\x00\\x00>\\x06\\x00\\x00\\xff94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffe9\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffc8\\xffcbC\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffea\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffc9C\\xffe6G\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffe9\\xfff4\\xffc8\\xff94\\x00\\x00\\x00k\\xffc1=\\xfff32*\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff87D\\xffe6G\\x02\\x00\\x00\\xffc8\\xffcbC\\xffe6G\\x02\\x00\\x00\\xffa0\\xffcbC\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffa0\\xffc9C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffcbC\\xffe6G\\x02\\x00\\x00\\xffa0\\xffc9C\\xffe6G\\x02\\x00\\x00\\xff90\\xff87D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff87D\\xffe6G\\x02\\x00\\x00P\\xff90D\\xffe6G\\x02\\x00\\x00P\\xff90D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffc9C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff90D\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffa0\\xffc9C\\xffe6G\\x02\\x00\\x00\\xfff0 C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff92D\\xffe6G\\x02\\x00\\x00\\xffa0\\xffcbC\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000028c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\WinTypes"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979c20000"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979c20000"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff979c20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979c20000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979c29590"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979c20000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979c290f0"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979c20000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979c347b0"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979d5c000"
              },
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979d5c000"
              },
              {
                "name": "ModuleName",
                "value": "WinTypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e643f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xa0\\xcdC\\xe6G\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00h\\xceC\\xe6G\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xceC\\xe6G\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00f\\xcfC\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xcfC\\xe6G\\x02\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x80\\xcfC\\xe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xcfC\\xe6G\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xa0\\xcfC\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xcfC\\xe6G\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xc8\\xcfC\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\xcfC\\xe6G\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00f\\x00f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1872:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\XAML"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\XAML"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "OneCoreTransformsEnabledByDefault"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000029c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              },
              {
                "name": "ValueName",
                "value": "InProcBgTaskResumeOverride"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM\\InProcBgTaskResumeOverride"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x247e6403d50",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000ad000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df92000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:24:57,243",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df92000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00R\\x00E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00R\\x00Y\\x00\\\\x00M\\x00\\x02\\x00\\x00\\x00H\\x00I\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\x00F\\x00T\\x00W\\x00\\x02\\x00\\x00\\x00E\\x00\\\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00s\\x00e\\x00s\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\SHCore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97df4b150"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "CommandLineToArgvW",
            "status": true,
            "return": "0x247e642eba0",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "NumArgs",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e644a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000234"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002a8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisablePerAppHive"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisablePerAppHive"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\ActivatableClasses"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:24:57,258",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ac"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 1,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 1,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 1,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlIsStateSeparationEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd284d0"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "PackageRepositoryRoot"
              },
              {
                "name": "Data",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ActivationStore.dat"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\ActivatableClasses"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ActivationStore.dat"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtLoadKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TrustClassKey",
                "value": "0x00000000"
              },
              {
                "name": "TargetKeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "TargetKeyName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}"
              },
              {
                "name": "TargetKey",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}"
              },
              {
                "name": "SourceFile",
                "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ActivationStore.dat"
              },
              {
                "name": "Flags",
                "value": "0x00002010"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShadowServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ShadowServer"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x12\\xff9c)E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00A\\x00p\\x00p\\x00.\\x00A\\x00p\\x00p\\x00X\\x00a\\x00p\\x00s\\x00k\\x00v\\x00k\\x001\\x006\\x00g\\x00k\\x008\\x00d\\x00a\\x008\\x00k\\x00c\\x00h\\x005\\x00g\\x004\\x00q\\x00x\\x00h\\x004\\x002\\x00v\\x00x\\x00c\\x00c\\x00v\\x00e\\x00d\\x00.\\x00m\\x00c\\x00a\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\xffd0\\x10c|\\xfff7\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe8\\xffa2D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffee\\xff82\\xffd0\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x008\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00 \\xffec\\xff82\\xffd0\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffe0C\\xffe6G\\x02\\x00\\x00\\xffc0\\xffd5C\\xffe6G\\x02\\x00\\x00h\\xffd9C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00 \\xff84D\\xffe6G\\x02\\x00\\x00\\xff80\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00h\\xffd9C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00 \\xff84D\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00p\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff80\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00`\\xffa8B\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0\\xffec\\xfff4\\xffc8\\xff94\\x00\\x00\\x00 \\xff84D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa2D\\xffe6G\\x02\\x00\\x00\\xffe0\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x0c\\x00\\x0e\\x00\\x00\\x00\\x00\\x00|\\xffa8B\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "31"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\system32\\backgroundTaskHost.exe"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "AppUserModelId"
              },
              {
                "name": "Data",
                "value": "Microsoft.YourPhone_8wekyb3d8bbwe!App"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\AppUserModelId"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ExecutionPackageFamily"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExecutionPackageFamily"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Instancing"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Instancing"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x9400000003"
              },
              {
                "name": "DataLength",
                "value": "200"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\xac\\x00\\x00\\x00\\xb8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00|\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x000\\x00\\x0b\\x00\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x80f\\xe6f\\x87\\x03\\x12g\\xcc\\xbas\\x04o\\x1f\\x94\\xe5f\\x96A\\x80\\xf8R\\xfc\\xd7\\xf1\\xccH\\xd7\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "RunFullTrust"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RunFullTrust"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Proxied"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Proxied"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "RuntimeBehavior"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RuntimeBehavior"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "HostRuntimeId"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\HostRuntimeId"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:24:57,274",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e644b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00A\\x00p\\x00p\\x00.\\x00A\\x00p\\x00p\\x00X\\x00n\\x009\\x005\\x008\\x00k\\x007\\x00n\\x00s\\x00j\\x008\\x00m\\x00x\\x00x\\x00m\\x00s\\x00e\\x00p\\x00q\\x00d\\x00a\\x00m\\x008\\x00x\\x00k\\x009\\x004\\x008\\x00t\\x003\\x000\\x00s\\x00c\\x00.\\x00m\\x00c\\x00a\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\xffd0\\x10c|\\xfff7\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe8\\xffa2D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffee\\xff82\\xffd0\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffc8\\xffea\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffb0\\xffed\\xff82\\xffd0\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\\\xffa9D\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff84D\\xffe6G\\x02\\x00\\x00\\x10\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\\\xffa9D\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffa0\\xff84D\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x00\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x10\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00@!C\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00!\\xffed\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffa0\\xff84D\\xffe6G\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa0D\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\!C\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Server"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Threading"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Private"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002a8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e644c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 1,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "2"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff87\\x12\\xffc9\\xff94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff94\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffa5D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffb0vD\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfffb\\xffff=\\xfff32*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff83D\\xffe6G\\x02\\x00\\x00h\\xffa5D\\xffe6G\\x02\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0vD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00\\xffb0vD\\xffe6G\\x02\\x00\\x00\\xff90\\xff83D\\xffe6G\\x02\\x00\\x00\\xffa0/C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff83D\\xffe6G\\x02\\x00\\x00@\\xff9bD\\xffe6G\\x02\\x00\\x00@\\xff9bD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0vD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xff9bD\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffb0vD\\xffe6G\\x02\\x00\\x00\\xffa0/C\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdc\\xfff4\\xffc8\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93D\\xffe6G\\x02\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "0x00000001",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "84"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Data",
                "value": "YourPhone.Background.Tasks.BackgroundTask"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:24:57,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00A\\x00p\\x00p\\x00.\\x00A\\x00p\\x00p\\x00X\\x007\\x00w\\x00e\\x008\\x00p\\x00p\\x00y\\x00v\\x00b\\x00c\\x00w\\x001\\x00q\\x00g\\x00y\\x00w\\x00t\\x00e\\x00g\\x00d\\x00c\\x00n\\x00y\\x00z\\x00f\\x005\\x00x\\x00b\\x003\\x00m\\x00m\\x00b\\x00.\\x00m\\x00c\\x00a\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\xffd0\\x10c|\\xfff7\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xffa7D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffee\\xff82\\xffd0\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffc8\\xffea\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffb0\\xffed\\xff82\\xffd0\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\xffdc\\xffa6D\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00`\\xff86D\\xffe6G\\x02\\x00\\x00\\x10\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xffdc\\xffa6D\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00`\\xff86D\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x00\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x10\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00@!C\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00!\\xffed\\xfff4\\xffc8\\xff94\\x00\\x00\\x00`\\xff86D\\xffe6G\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa1D\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\!C\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Server"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Threading"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Private"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002a8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 1,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "2"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "0x00000001",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "100"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Data",
                "value": "YourPhone.Background.Tasks.PreInstalledConfigTask"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00A\\x00p\\x00p\\x00.\\x00A\\x00p\\x00p\\x00X\\x00t\\x00t\\x00z\\x00r\\x00w\\x007\\x009\\x008\\x00r\\x000\\x00n\\x00w\\x00e\\x008\\x00t\\x004\\x000\\x00r\\x00g\\x007\\x00e\\x00n\\x00p\\x008\\x004\\x00t\\x00v\\x00m\\x00y\\x00g\\x00w\\x00f\\x00.\\x00m\\x00c\\x00a\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\xffd0\\x10c|\\xfff7\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xffa7D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffee\\xff82\\xffd0\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffc8\\xffea\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffb0\\xffed\\xff82\\xffd0\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\\\xffadD\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff87D\\xffe6G\\x02\\x00\\x00\\x10\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\\\xffadD\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffa0\\xff87D\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x00\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x10\\xffeb\\xfff4\\xffc8\\xff94\\x00\\x00\\x00@!C\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00!\\xffed\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xffa0\\xff87D\\xffe6G\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffadD\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\!C\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Server"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Threading"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Private"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002a8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:24:57,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 1,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021c"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "2"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.Aliased"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Type",
                "value": "0x00000001",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "76"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "AppObject.EntryPoint"
              },
              {
                "name": "Data",
                "value": "YourPhone.Background.Tasks.UpdateTask"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H!C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00e\\x00r\\x00s\\x00o\\x00n\\x00a\\x00t\\x00i\\x00o\\x00n\\x00 \\x00D\\x00y\\x00n\\x00a\\x00m\\x00i\\x00c\\x00 \\x00F\\x00a\\x00l\\x00s\\x00e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xaaB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "XvD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00p\\xdb\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xda\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xda\\xf4\\xc8\\x94\\x00\\x00\\x00\\x98\\xda\\xf4\\xc8\\x94\\x00\\x00\\x00\\xb8\\xda\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PvD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd8\\xf4\\xc8\\x94\\x00\\x00\\x00\\xcc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00t\\x00i\\x00v\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00C\\x00l\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80qD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xacB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8rD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\xc7\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xd7\\xf4\\xc8\\x94\\x00\\x00\\x00(\\xd7\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf8\\xd6\\xf4\\xc8\\x94\\x00\\x00\\x00\\x18\\xd7\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0rD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd5\\xf4\\xc8\\x94\\x00\\x00\\x00\\xcc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00t\\x00i\\x00v\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00C\\x00l\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80wD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xaaB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "XvD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x90\\xd9\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xd9\\xf4\\xc8\\x94\\x00\\x00\\x00(\\xd9\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf8\\xd8\\xf4\\xc8\\x94\\x00\\x00\\x00\\x18\\xd9\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PvD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd7\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h$C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0@`D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xacB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xqD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x000\\xc4\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xd5\\xf4\\xc8\\x94\\x00\\x00\\x00\\x88\\xd5\\xf4\\xc8\\x94\\x00\\x00\\x00X\\xd5\\xf4\\xc8\\x94\\x00\\x00\\x00x\\xd5\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pqD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xd3\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd6\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xdc\\xf4\\xc8\\x94\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\xac\\xe3\\xa7\\x03"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "2"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "2"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xf7C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe4\\xf7C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xf7C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xf7C\\xe6G\\x02\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\xc0\\x00\\x00\\x00\\x00l\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xf8C\\xe6G\\x02\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xf8C\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6440000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:24:57,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6441000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x16C\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "AppID\\backgroundTaskHost.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\backgroundTaskHost.exe"
              }
            ],
            "repeated": 1,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x16C\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e644d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e644e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e644f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x000002e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e0"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x9b\\x01\\x00\\x02\\x00\\x00\\x00\\x13\\x00\r\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\x02\\x00\\x00\\x00\\x01\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80tD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00S\\x81\\x91\\x9b\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00m\\x003\\x00\\xd0tD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xacB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18zD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x00\\xd1\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\x98\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00h\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\x88\\xe0\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10zD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h$C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0@`D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0vD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xacB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xqD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xdd\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xdd\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf8\\xdc\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xdc\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe8\\xdc\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pqD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xda\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:24:57,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x247e6448250"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "6864"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000002e8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x247e6448250"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "6864"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x9b\\x01\\x00\\x02\\x00\\x00\\x00\\x13\\x00\r\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\x02\\x00\\x00\\x00\\x01\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xqD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0\\xd2\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00h\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x008\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00X\\xe4\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pqD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h$C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0@`D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0vD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xadB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8qD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00p\\xd1\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\x98\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xb8\\xe0\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0qD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x9b\\x01\\x00\\x02\\x00\\x00\\x00\\x13\\x00\r\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\x02\\x00\\x00\\x00\\x01\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`vD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xacB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18zD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0\\xd2\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00h\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x008\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00X\\xe4\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10zD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h$C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0@`D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0vD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xadB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6864",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6864",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x247e6448250"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6864",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6450000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xqD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00p\\xd1\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\x98\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xb8\\xe0\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pqD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x9b\\x01\\x00\\x02\\x00\\x00\\x00\\x13\\x00\r\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\x02\\x00\\x00\\x00\\x01\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`vD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xadB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18zD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0\\xd2\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00h\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x008\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00X\\xe4\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10zD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h$C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0@`D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0vD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xadB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xqD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00p\\xd1\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\x98\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xb8\\xe0\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pqD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xf0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x9b\\x01\\x00\\x02\\x00\\x00\\x00\\x13\\x00\r\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\x02\\x00\\x00\\x00\\x01\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`vD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xacB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18zD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd0\\xd2\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00h\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x008\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00X\\xe4\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10zD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h$C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0@`D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80qD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:24:57,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8qD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00p\\xd1\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\x98\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xb8\\xe0\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0qD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6451000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6452000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6453000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6454000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "5448",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "5448",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x247e6402340"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8-C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3k\\x7f\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "XvD\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00 \\xd3\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00x\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00H\\xe2\\xf4\\xc8\\x94\\x00\\x00\\x00h\\xe2\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PvD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xe0\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H+C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0zD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0vD\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xafB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x}D\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00@\\xdf\\x82\\xd0\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xd8\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xa8\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\xde\\xf4\\xc8"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p}D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xdc\\xf4\\xc8\\x94\\x00\\x00\\x00\\xc8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6455000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "mrmcorer.dll"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:24:57,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MrmCoreR.dll"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MrmCoreR.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MrmCoreR.dll"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff972150000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000f4000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97220e000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97220e000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97220e000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97220e000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97220e000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97220e000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e645f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6460000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00G\\x02\\x00\\x00\\x80CA\\xe6G\\x02\\x00\\x00\\xb4\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00^\\x03\\xd4G`JA\\xe6G\\x02\\x00\\x00|\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00G\\x02\\x00\\x00\\x10OA\\xe6G\\x02\\x00\\x00\\x18\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00^\\x03\\xd4G\\x80MA\\xe6G\\x02\\x00\\x00\\xd0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00G\\x02\\x00\\x00PAA\\xe6G\\x02\\x00\\x00\\xb8\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00^\\x03\\xd4G\\xa0!C\\xe6G\\x02\\x00\\x00\\xb8\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0*C\\xe6G\\x02\\x00\\x00\\xd0\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0#C\\xe6G\\x02\\x00\\x00H\\x15\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\mrmcorer"
              },
              {
                "name": "DllBase",
                "value": "0x7ff972150000"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "5448",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002f0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6456000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6457000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd9 /\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6458000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55448f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544b9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55450d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554537",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554561",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55458b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "5300",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f55439f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:24:57,461",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f54d7b1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000300"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(-C\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x7fD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8|D\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x80\\xb59\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xc5O\\xc9\\x94\\x00\\x00\\x00\\x18\\xc5O\\xc9\\x94\\x00\\x00\\x00\\xe8\\xc4O\\xc9\\x94\\x00\\x00\\x00\\x08\\xc5O\\xc9"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0|D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xc3O\\xc9\\x94\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6461000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x19F\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " }D\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98~D\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00 \\xb09\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xc1O\\xc9\\x94\\x00\\x00\\x00x\\xc1O\\xc9\\x94\\x00\\x00\\x00H\\xc1O\\xc9\\x94\\x00\\x00\\x00h\\xc1O\\xc9"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90~D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xbfO\\xc9\\x94\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4c0e54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ec8a0"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e8f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0eac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "3768",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e645b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000214"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000214"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:24:57,477",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000214"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:24:57,493",
            "thread_id": "5448",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e805e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e806d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8062000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8064000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e806b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8102000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8202000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:24:57,993",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8302000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd19eb0"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d71cf80"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd05420"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\MrmCoreR"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff972150000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff972192040"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00P\\x97E\\xe6G\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18\\x98E\\xe6G\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x98E\\xe6G\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x16\\x99E\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x99E\\xe6G\\x02\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x000\\x99E\\xe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x99E\\xe6G\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00P\\x99E\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x99E\\xe6G\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00x\\x99E\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\x99E\\xe6G\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00f\\x00f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows.staterepositoryclient.dll"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.staterepositoryclient.dll"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000021c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.staterepositoryclient.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000021c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryClient.dll"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00040000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969702000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696f6000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696f6000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696f6000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696f6000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696f5000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696f5000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.staterepositoryclient"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9696d0000"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:24:58,118",
            "thread_id": "5300",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:24:58,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\Windows.StateRepositoryClient"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9696d0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9696d5b20"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:24:58,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:24:58,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows.staterepositorycore.dll"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.staterepositorycore.dll"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000021c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.staterepositorycore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000304"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000021c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryCore.dll"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000304"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad9000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad9000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad9000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad9000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad9000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad9000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.staterepositorycore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff973ad0000"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\Windows.StateRepositoryCore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff973ad3900"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969702000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969702000"
              },
              {
                "name": "ModuleName",
                "value": "windows.staterepositoryclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:24:58,290",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x99P\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:24:58,305",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "5300",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "5300",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x247e6402340"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "5448",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x9cP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x9cP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x9cP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x9cP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:24:58,321",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff977880000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9778964c0"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff977896570"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x17F\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`|D\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8|D\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00P\\xcf)\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xce_\\xc9\\x94\\x00\\x00\\x00\\xe8\\xce_\\xc9\\x94\\x00\\x00\\x00\\xb8\\xce_\\xc9\\x94\\x00\\x00\\x00\\xd8\\xce_\\xc9"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0|D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xcc_\\xc9\\x94\\x00\\x00\\x00\\x08\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x11F\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@~D\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xaeB\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8~D\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf0\\xcb)\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xcb_\\xc9\\x94\\x00\\x00\\x00H\\xcb_\\xc9\\x94\\x00\\x00\\x00\\x18\\xcb_\\xc9\\x94\\x00\\x00\\x008\\xcb_\\xc9"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0~D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xc9_\\xc9\\x94\\x00\\x00\\x00\\x08\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "5448",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:24:58,336",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "5448",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977f8b000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "5448",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977f8b000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e645c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e645d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "5448",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "PackageFullName"
              },
              {
                "name": "Data",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFullName"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "PackageFamily"
              },
              {
                "name": "Data",
                "value": "86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFamily"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "PackageType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageType"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "41975884"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "Flags2"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags2"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "PackageOrigin"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageOrigin"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "Volume"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Volume"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "OSMaxVersionTested"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\xf4e\\x00\\x00\n\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\OSMaxVersionTested"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "MutableLocation"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLocation"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "TargetDeviceFamilyName"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\TargetDeviceFamilyName"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "UBR"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2006"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "DeviceForm"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:24:58,352",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:24:58,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-03-05 10:24:58,383",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000214"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000304"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000304"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000304"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000304"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000304"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000304"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000304"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-03-05 10:24:58,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14f"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\14f"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "150"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\150"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6462000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-03-05 10:24:58,415",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14f"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\14f"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "150"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\150"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-03-05 10:24:58,430",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14f"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\14f"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "150"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\150"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-03-05 10:24:58,446",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14f"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\14f"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14f"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14f"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x9dP\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "150"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\150"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^150"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002cc"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^150"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "47"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 1,
            "id": 1622
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 1,
            "id": 1623
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xaeB\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d954000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "41975884"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-03-05 10:24:58,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000021c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000021c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d310000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d32c000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-03-05 10:24:58,758",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-03-05 10:24:59,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-03-05 10:24:59,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-03-05 10:24:59,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-03-05 10:24:59,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d322000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-03-05 10:24:59,368",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d310000"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\profapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d310000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d318d30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe0\\xefq}\\xf9\\x7f\\x00\\x00 \\x93\"r\\xf9\\x7f\\x00\\x00\\xd0\\xd3#r\\xf9\\x7f\\x00\\x00\\xdc\\x04\\xcc\\x7f\\xf9\\x7f\\x00\\x00\\xf0'1}\\xf9\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000308"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000308"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "CachedMergedResourcesPriFileName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "CachedMergedResourcesPriFileName"
              },
              {
                "name": "Data",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Mrt"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Mrt"
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "ValueName",
                "value": "UseSystemMetadataPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\UseSystemMetadataPath"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-03-05 10:24:59,399",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-03-05 10:24:59,586",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\AppxDeploymentClient"
              },
              {
                "name": "DllBase",
                "value": "0x7ff975fe0000"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-crt-private-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d5b0000"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff975fe0000"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff975fe0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff975fe0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetadataRootForPackage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff975fe93f0"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ext-ms-onecore-appmodel-staterepository-cache-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ad0000"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff973ad0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ext-ms-onecore-appmodel-staterepository-cache-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "FunctionName",
                "value": "SRCacheManager_Open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff973ad1200"
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "FunctionName",
                "value": "SRCacheContext_Open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff973ad10c0"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "FunctionName",
                "value": "SRCacheContext_EnumerateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff973ad16e0"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "FunctionName",
                "value": "SRCacheContext_Close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff973ad1630"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "_o__ui64tow_s"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5c71a0"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "FunctionName",
                "value": "SRCacheContext_GetField_UInt32"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff973ad1670"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "41975884"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.staterepositorycore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff973ad0000"
              },
              {
                "name": "FunctionName",
                "value": "SRCacheManager_Close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff973ad17d0"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "_o_free"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5c5f10"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "memcpy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5f8b70"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "41975884"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6464000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6465000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "_o__execute_onexit_table"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5c4120"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "_o___std_type_info_destroy_list"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5c4140"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppxDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\AppxDeploymentClient"
              },
              {
                "name": "DllBase",
                "value": "0x7ff975fe0000"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff975fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\microsoft.system.package.metadata\\S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6475000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000308"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-03-05 10:24:59,727",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "PackageFullName"
              },
              {
                "name": "Data",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFullName"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "PackageFamily"
              },
              {
                "name": "Data",
                "value": "86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFamily"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "PackageType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageType"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "41975884"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "Flags2"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags2"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "PackageOrigin"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageOrigin"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "Volume"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Volume"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "OSMaxVersionTested"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\xf4e\\x00\\x00\n\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\OSMaxVersionTested"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "MutableLocation"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLocation"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "ValueName",
                "value": "TargetDeviceFamilyName"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\TargetDeviceFamilyName"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.UI.Core.CoreWindow"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb9\\xffaej3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x004\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff87\\x12\\xffc9\\xff94\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfff9\\x7f\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffa9D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffdd\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00P\\x7fD\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x1b\\xfffd=\\xfff32*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff89D\\xffe6G\\x02\\x00\\x00\\xffe8\\xffa9D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa9D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\x7fD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa9D\\xffe6G\\x02\\x00\\x00P\\x7fD\\xffe6G\\x02\\x00\\x00\\xff90\\xff89D\\xffe6G\\x02\\x00\\x00\\xffe0\\x16F\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff89D\\xffe6G\\x02\\x00\\x00\\xfff0\\xff99D\\xffe6G\\x02\\x00\\x00\\xfff0\\xff99D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x7fD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff99D\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00P\\x7fD\\xffe6G\\x02\\x00\\x00\\xffe0\\x16F\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffde\\xfff4\\xffc8\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff99D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa9D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6476000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Server"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.UI.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-03-05 10:24:59,743",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-03-05 10:25:01,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\CoreMessaging"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a910000"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-03-05 10:25:01,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WindowManagementAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978600000"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-03-05 10:25:01,180",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c0d0000"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-03-05 10:25:01,180",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\CoreUIComponents"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a5b0000"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-03-05 10:25:01,180",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\TextInputFramework"
              },
              {
                "name": "DllBase",
                "value": "0x7ff971e90000"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-03-05 10:25:01,618",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-03-05 10:25:02,461",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\InputHost"
              },
              {
                "name": "DllBase",
                "value": "0x7ff971d30000"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-03-05 10:25:02,508",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.UI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff971f90000"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.UI.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971f90000"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff971f90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.UI.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff971f90000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff971fb3740"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff971f90000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff971fb1a70"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff971f90000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff971fb5510"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1872:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-03-05 10:25:05,055",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1842
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1845
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1848
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1853
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling"
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e647b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e647c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.UI.Core.CoreWindow"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb9\\xffaej3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x004\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff87\\x12\\xffc9\\xff94\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xfff9\\x7f\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffa5D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffdd\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0\\xff9aG\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00K\\xfffc=\\xfff32*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8aD\\xffe6G\\x02\\x00\\x00h\\xffa5D\\xffe6G\\x02\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xff9aG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00\\xffd0\\xff9aG\\xffe6G\\x02\\x00\\x00\\xffd0\\xff8aD\\xffe6G\\x02\\x00\\x00@\\x11F\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff8aD\\xffe6G\\x02\\x00\\x00\\xffc0\\xff9eD\\xffe6G\\x02\\x00\\x00\\xffc0\\xff9eD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff9aG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xff9eD\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0\\xff9aG\\xffe6G\\x02\\x00\\x00@\\x11F\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffde\\xfff4\\xffc8\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff93D\\xffe6G\\x02\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Server"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.UI.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1874
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ShouldMergeInProc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6467000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\microsoft.system.package.metadata\\S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\microsoft.system.package.metadata\\S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "HandleName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\microsoft.system.package.metadata\\S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x90\\x03\\x00\\x00\\x00\\x00\\x00\\x08\\x80\\x03\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\microsoft.system.package.metadata\\S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c8f4e240"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e647d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcp47mrm.dll"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\bcp47mrm.dll"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\bcp47mrm.dll"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\bcp47mrm.dll"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\BCP47mrm.dll"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\BCP47mrm.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000348"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\BCP47mrm.dll"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0002d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cda000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cc9000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cc9000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cc9000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cc9000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cc9000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cc9000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-03-05 10:25:05,071",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\bcp47mrm"
              },
              {
                "name": "DllBase",
                "value": "0x7ff971cb0000"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\BCP47mrm"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cb0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff971cb7cd0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97223d000"
              },
              {
                "name": "ModuleName",
                "value": "mrmcorer.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6468000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`SG\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\11e"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "11e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\11e"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\11e"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\Flags"
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x94\\x00\\x00\\x00\\xf05!r\\xf9\\x7f\\x00\\x00f\\x83q}\\xf9\\x7f\\x00\\x00\t\\x00\\x00\\x00\\xc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x80\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-03-05 10:25:05,102",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.WindowsAppRuntime.1.7_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.WindowsAppRuntime.1.7_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": "CachedMergedResourcesPriFileName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.windowsappruntime.1.7_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00PqF\\xe6G\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x18rF\\xe6G\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x008rF\\xe6G\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x16sF\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00(sF\\xe6G\\x02\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x000sF\\xe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00HsF\\xe6G\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00PsF\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00psF\\xe6G\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00xsF\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98sF\\xe6G\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00f\\x00f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1953
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": "ShouldMergeInProc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\resources.pri"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000034c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\resources.pri"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00p\\x14\\x00\\x00\\x00\\x00\\x00\\x90m\\x14\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000350"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000034c"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000350"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9800000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c8f4e1b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00147000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6469000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e646a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000a0"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97eb60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb6a190"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7fe60"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000354"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000348"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9950000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c8f4df70"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10XG\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\f0"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\f0"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\f0"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x94\\x00\\x00\\x00\\xf05!r\\xf9\\x7f\\x00\\x00f\\x83q}\\xf9\\x7f\\x00\\x00\t\\x00\\x00\\x00\\xc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x80\\xe4\\xf4\\xc8\\x94\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e647e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "CachedMergedResourcesPriFileName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.vclibs.140.00.uwpdesktop_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xd0\\x96F\\xe6G\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x98\\x97F\\xe6G\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x97F\\xe6G\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x96\\x98F\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x98F\\xe6G\\x02\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb0\\x98F\\xe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\x98F\\xe6G\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd0\\x98F\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x98F\\xe6G\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xf8\\x98F\\xe6G\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x99F\\xe6G\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00f\\x00f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2018
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ShouldMergeInProc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 1,
            "id": 2023
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xe5\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x94\\x00\\x00\\x00\\x80\\x1fC\\xe6G\\x02\\x00\\x00f\\x83q}\\xf9\\x7f\\x00\\x00\t\\x00\\x00\\x00G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xe6\\xf4\\xc8\\x94\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000348"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "Language"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\Language"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-03-05 10:25:05,118",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cda000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cda000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xe1\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe0\\xefq}\\xf9\\x7f\\x00\\x00\\xe0R\\xcdq\\xf9\\x7f\\x00\\x000\\xa0\\xcdq\\xf9\\x7f\\x00\\x00\\xdc\\x04\\xcc\\x7f\\xf9\\x7f\\x00\\x00\\xf0'1}\\xf9\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000035c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd7\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x001\\xda\\xf4\\xc8\\x94\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xd9\\xf4\\xc8\\x94\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000360"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000360"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000360"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xde\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x94\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000035c"
              },
              {
                "name": "SubKey",
                "value": "Control Panel\\International\\User Profile"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "Languages"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "Languages"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cda000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff971cda000"
              },
              {
                "name": "ModuleName",
                "value": "bcp47mrm.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ManifestLanguagesList"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "ManifestLanguagesList"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "OverrideLanguagesList"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000348"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97217e700"
              },
              {
                "name": "Parameter",
                "value": "0x247e647e2d0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "844"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "mrmcorer.dll"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000348",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97217e700"
              },
              {
                "name": "Parameter",
                "value": "0x247e647e2d0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "844"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xe6\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xe1\\xf4\\xc8\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000344"
              },
              {
                "name": "SubKey",
                "value": "Control Panel\\International\\User Profile"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "Languages"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "Languages"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ManifestLanguagesList"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ManifestLanguagesList"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "OverrideLanguagesList"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e647f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.UI.ViewManagement.AccessibilitySettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "KeyInformation",
                "value": "\\xfff2\\x10m3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00^\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00V\\x00i\\x00e\\x00w\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00A\\x00c\\x00c\\x00e\\x00s\\x00s\\x00i\\x00b\\x00i\\x00l\\x00i\\x00t\\x00y\\x00S\\x00e\\x00t\\x00t\\x00i\\x00n\\x00g\\x00s\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffa1D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe5\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\xffa3D\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfffb\\xffc5=\\xfff32*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8cD\\xffe6G\\x02\\x00\\x00\\xffe8\\xffa1D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa1D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffa3D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa1D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa3D\\xffe6G\\x02\\x00\\x00\\xff90\\xff8cD\\xffe6G\\x02\\x00\\x00`\\xffe4G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff8cD\\xffe6G\\x02\\x00\\x00\\xffa0\\xfff8G\\xffe6G\\x02\\x00\\x00\\xffa0\\xfff8G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa3D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xfff8G\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\xffa3D\\xffe6G\\x02\\x00\\x00`\\xffe4G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe6\\xfff4\\xffc8\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xfffaG\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa1D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Server"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.UI.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000350"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-03-05 10:25:05,133",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 2132
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e646b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e650b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97217e700"
              },
              {
                "name": "Parameter",
                "value": "0x247e647e2d0"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff9721818e8",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9721967be",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9721817a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff972181806",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff972194e89",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff972195fbb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9721818ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97217e5ee",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1872:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97217e6c0",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97217dd51",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97217dd51",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97217dd51",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97217dd51",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97218f1a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97218f1a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97218ffb7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97218f1a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xf3o\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x94\\x00\\x00\\x00\\x00\\x89G\\xe6G\\x02\\x00\\x00f\\x83q}\\xf9\\x7f\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\xc0\\xf3o\\xc9\\x94\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000364"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d3128c0",
            "parentcaller": "0x7ff97216d2ef",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d3128f6",
            "parentcaller": "0x7ff97216d2ef",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97216d14e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "Language"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\Language"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97216d09b",
            "parentcaller": "0x7ff97216506e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xeeo\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d3128c0",
            "parentcaller": "0x7ff971cb2d0d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d3128f6",
            "parentcaller": "0x7ff971cb2d0d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xe5o\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xd1\\xe7o\\xc9\\x94\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xe6o\\xc9\\x94\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000034c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d73152c",
            "parentcaller": "0x7ff97d7311f8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d731268",
            "parentcaller": "0x7ff97d7310fe",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-03-05 10:25:05,149",
            "thread_id": "844",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000360"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d73143e",
            "parentcaller": "0x7ff97d73128e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d73144a",
            "parentcaller": "0x7ff97d73128e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d731268",
            "parentcaller": "0x7ff97d7310fe",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000360"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d73143e",
            "parentcaller": "0x7ff97d73128e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d73144a",
            "parentcaller": "0x7ff97d73128e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d731268",
            "parentcaller": "0x7ff97d7310fe",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000360"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d73143e",
            "parentcaller": "0x7ff97d73128e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Flags"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d73144a",
            "parentcaller": "0x7ff97d73128e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d731268",
            "parentcaller": "0x7ff97d7310fe",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d731344",
            "parentcaller": "0x7ff97d7310fe",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad12d2",
            "parentcaller": "0x7ff97d6e34b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad1a81",
            "parentcaller": "0x7ff973ad138a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e848d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e8511",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e821c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7c4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad17f2",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff973ad180b",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xeco\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x94\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d6e3e98",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff971cb203f",
            "parentcaller": "0x7ff971cb1f4a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff971cb20e4",
            "parentcaller": "0x7ff971cb1f4a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Control Panel\\International\\User Profile"
              },
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile"
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff971cb2123",
            "parentcaller": "0x7ff971cb1f4a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff971cb1a0f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "ValueName",
                "value": "Languages"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff971cb1abc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "ValueName",
                "value": "Languages"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff971cb3cc9",
            "parentcaller": "0x7ff971cb2247",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff971cb3cde",
            "parentcaller": "0x7ff971cb2247",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff971cb1a0f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "ManifestLanguagesList"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff971cb1abc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "ManifestLanguagesList"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff971cb1a0f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "OverrideLanguagesList"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff971cb34f3",
            "parentcaller": "0x7ff971cb29d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xf5o\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xe2G\\xe6G\\x02\\x00\\x00\\xb7\\x91\\xa2\\\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb9\\x00'@\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d6e3e98",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000360"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97217ea50",
            "parentcaller": "0x7ff97eb77034",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000360"
              },
              {
                "name": "SubKey",
                "value": "Control Panel\\International\\User Profile"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xf4o\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00G\\x02\\x00\\x00\\x10\\x82\\x00\\x00G\\x02\\x00\\x00\\xd0H\\xcd\\x7f\\xf9\\x7f\\x00\\x00\\x08\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xef\\xe7G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000370"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d3128c0",
            "parentcaller": "0x7ff97217f0ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000370"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              },
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig"
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97d3128f6",
            "parentcaller": "0x7ff97217f0ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97217ec2b",
            "parentcaller": "0x7ff97eb77034",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000005"
              },
              {
                "name": "WatchSubtree",
                "value": "0"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "844",
            "caller": "0x7ff97217ec03",
            "parentcaller": "0x7ff97eb77034",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9720c3000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.UI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\xfff9\\x7f\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffa9D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffe3\\xfff4\\xffc8\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\xffaeD\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffbb\\xffc7=\\xfff32*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8eD\\xffe6G\\x02\\x00\\x00\\xffe8\\xffa9D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa9D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffaeD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa9D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffaeD\\xffe6G\\x02\\x00\\x00\\x10\\xff8eD\\xffe6G\\x02\\x00\\x00\\xff80\\xffe7G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff8eD\\xffe6G\\x02\\x00\\x00p\\xfff6G\\xffe6G\\x02\\x00\\x00p\\xfff6G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffaeD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfff6G\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\xffaeD\\xffe6G\\x02\\x00\\x00\\xff80\\xffe7G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffe4\\xfff4\\xffc8\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfff9G\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa9D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000378"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\resources.pri"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "HandleName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\resources.pri"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x06\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\resources.pri"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9c90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c8f4e8e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00062000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9d00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9d00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e646c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb8F\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "ApplicationService:7501dcac8a4f549572"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "ApplicationService:7501dcac8a4f549572"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c8f4f000"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting"
              },
              {
                "name": "Handle",
                "value": "0x0000037c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              },
              {
                "name": "ValueName",
                "value": "DontSendAdditionalData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting"
              },
              {
                "name": "Handle",
                "value": "0x00000380"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000380"
              },
              {
                "name": "ValueName",
                "value": "DontSendAdditionalData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000380"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "6324",
            "caller": "0x7ff77c6310d0",
            "parentcaller": "0x7ff77c63139d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9785f2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "5448",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Background.BackgroundTaskInstance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "5448",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "KeyInformation",
                "value": "\\x109U3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00t\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00T\\x00a\\x00s\\x00k\\x00I\\x00n\\x00s\\x00t\\x00a\\x00n\\x00c\\x00e\\x00\\xfff9\\x7f\\x00\\x00h\\xffa5D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffca_\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00;\\xffe1\\xff96\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff88D\\xffe6G\\x02\\x00\\x00h\\xffa5D\\xffe6G\\x02\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\xffd0\\xff88D\\xffe6G\\x02\\x00\\x00\\x10\\xffe4G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff88D\\xffe6G\\x02\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x10\\xffe4G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffcb_\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xfff8G\\xffe6G\\x02\\x00\\x00@\\xffa5D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Server"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-03-05 10:25:05,165",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\biwinrt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000384"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5448",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\biwinrt"
              },
              {
                "name": "DllBase",
                "value": "0x7ff962f90000"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2279
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-03-05 10:25:05,180",
            "thread_id": "5300",
            "caller": "0x7ff978453b27",
            "parentcaller": "0x7ff9784531aa",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "02844640-E37C-4322-A3B8-4C61A2E58879"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "33C255C3-1A86-45FC-9498-F60D8F56B9D3"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-03-05 10:25:05,196",
            "thread_id": "5448",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\biwinrt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff962f90000"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-03-05 10:25:05,196",
            "thread_id": "5448",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff962f90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\biwinrt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-03-05 10:25:05,196",
            "thread_id": "5448",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "biwinrt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff962f90000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff962fabbd0"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-03-05 10:25:05,196",
            "thread_id": "5448",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "biwinrt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff962f90000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff962f9dd20"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-03-05 10:25:05,196",
            "thread_id": "5448",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "biwinrt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff962f90000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff962f9ee00"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-03-05 10:25:05,196",
            "thread_id": "5448",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-03-05 10:25:05,211",
            "thread_id": "5448",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-03-05 10:25:05,211",
            "thread_id": "5448",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-03-05 10:25:05,211",
            "thread_id": "5448",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-03-05 10:25:05,211",
            "thread_id": "5448",
            "caller": "0x7ff97ea356e3",
            "parentcaller": "0x7ff97ea729cb",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-03-05 10:25:05,211",
            "thread_id": "5448",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2295
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}"
              },
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000388"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000214"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000388"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000388"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000388"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000388"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}"
              },
              {
                "name": "Handle",
                "value": "0x00000388"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000388"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e646e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6481000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6482000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97ea356e3",
            "parentcaller": "0x7ff97ea729cb",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-03-05 10:25:05,243",
            "thread_id": "5448",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}"
              },
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000038c"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xe8G\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00vD\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x002\\x001\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8ZG\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18}D\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00`\\xa5)\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xb4_\\xc9\\x94\\x00\\x00\\x00\\xb8\\xb4_\\xc9\\x94\\x00\\x00\\x00\\x88\\xb4_\\xc9\\x94\\x00\\x00\\x00\\xa8\\xb4_\\xc9"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10}D\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xb2_\\xc9\\x94\\x00\\x00\\x00\\xa4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xe4G\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0}D\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x002\\x001\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00\\x00\\x00-\\x00"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "xZG\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x99G\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x80\\xa1)\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xb1_\\xc9\\x94\\x00\\x00\\x00\\x18\\xb1_\\xc9\\x94\\x00\\x00\\x00\\xe8\\xb0_\\xc9\\x94\\x00\\x00\\x00\\x08\\xb1_\\xc9"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x99G\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xaf_\\xc9\\x94\\x00\\x00\\x00\\xa4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-03-05 10:25:05,258",
            "thread_id": "5448",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Background.BackgroundWorkManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x109U3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00W\\x00o\\x00r\\x00k\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00x\\x7f\\xfff9\\x7f\\x00\\x00h\\xffaaD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffcb_\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfffb\\xffef\\xff96\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x07H\\xffe6G\\x02\\x00\\x00h\\xffaaD\\xffe6G\\x02\\x00\\x00@\\xffaaD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffaaD\\xffe6G\\x02\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00P\\x07H\\xffe6G\\x02\\x00\\x00\\x00\\xffeaG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x07H\\xffe6G\\x02\\x00\\x00\\x00\\xfffdG\\xffe6G\\x02\\x00\\x00\\x00\\xfffdG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfffdG\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00`\\xffbdG\\xffe6G\\x02\\x00\\x00\\x00\\xffeaG\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffcc_\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfffdG\\xffe6G\\x02\\x00\\x00@\\xffaaD\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\biwinrt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4adb85",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e646f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2377
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000278"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}"
              },
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a4"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xe7G\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\\\x00L\\x00R\\x00P\\x00C\\x00-\\x009\\x000\\x000\\x00c\\x008\\x00b\\x00b\\x004\\x00b\\x000\\x001\\x002\\x004\\x00a\\x008\\x003\\x00a\\x00b\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x95G\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x002\\x07\\xa18\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00b\\x00i\\x00w\\x00i\\x00n\\x00r\\x00t\\x00.\\x00"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18ZG\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\x92G\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xa0\\xb0)\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xc2_\\xc9\\x94\\x00\\x00\\x00\\xf8\\xc1_\\xc9\\x94\\x00\\x00\\x00\\xc8\\xc1_\\xc9\\x94\\x00\\x00\\x00\\xe8\\xc1_\\xc9"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x92G\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xbf_\\xc9\\x94\\x00\\x00\\x00\\x8c\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xe8G\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x96G\\xe6G\\x02\\x00\\x00`\\x00\\x00\\x00d\\x00o\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00t\\x00w\\x00i\\x00n\\x00a\\x00p\\x00i\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "xZG\\xe6G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x9eG\\xe6G\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xc0\\xbc)\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xbe_\\xc9\\x94\\x00\\x00\\x00X\\xbe_\\xc9\\x94\\x00\\x00\\x00(\\xbe_\\xc9\\x94\\x00\\x00\\x00H\\xbe_\\xc9"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x9eG\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xbc_\\xc9\\x94\\x00\\x00\\x00\\x8c\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Collections.ValueSet"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet"
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000038c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00N\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00C\\x00o\\x00l\\x00l\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00.\\x00V\\x00a\\x00l\\x00u\\x00e\\x00S\\x00e\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00P\\x00\\x1a\\x00\\x00\\x00G\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00(\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffaaD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffca_\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00[\\xffe1\\xff96\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x06H\\xffe6G\\x02\\x00\\x00h\\xffaaD\\xffe6G\\x02\\x00\\x00@\\xffaaD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffaaD\\xffe6G\\x02\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\x10\\x06H\\xffe6G\\x02\\x00\\x00\\xff80\\xffe7G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x06H\\xffe6G\\x02\\x00\\x00p\\xfff6G\\xffe6G\\x02\\x00\\x00p\\xfff6G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfff6G\\xffe6G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0\\xfff3G\\xffe6G\\x02\\x00\\x00\\xff80\\xffe7G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffcb_\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfff9G\\xffe6G\\x02\\x00\\x00@\\xffaaD\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000038c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-03-05 10:25:05,274",
            "thread_id": "5448",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4adb85",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Background.Tasks.UpdateTask"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6470000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000038c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Background.Tasks.UpdateTask"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a4"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00J\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00T\\x00a\\x00s\\x00k\\x00s\\x00.\\x00U\\x00p\\x00d\\x00a\\x00t\\x00e\\x00T\\x00a\\x00s\\x00k\\x00M\\x7f\\xfff9\\x7f\\x00\\x00\\x04\\xffb3\\x00\\xffe8G\\x02\\x00\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\x02yM\\x7f\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe8\\xffaaD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe3\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xff98\\xffeeg\\xffc9\\xff94\\x00\\x00\\x00@\\xffe1\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\xfffc\\xff9dD\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00`\\x00H\\xffe6G\\x02\\x00\\x00\\xffe0\\xffeeg\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xfffc\\xff9dD\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00`\\x00H\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffd0\\xffeeg\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffe0\\xffeeg\\xffc9\\xff94\\x00\\x00\\x00\\x10\\xffe4G\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff1\\xfff0g\\xffc9\\xff94\\x00\\x00\\x00`\\x00H\\xffe6G\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfffcG\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00,\\xffe4G\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Server"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "NativeHostNE.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Private"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad12d2",
            "parentcaller": "0x7ff97d6e34b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1a81",
            "parentcaller": "0x7ff973ad138a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000003b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e848d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e8511",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6eff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90VG\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e7afd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7b81",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e821c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-03-05 10:25:05,290",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7c4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad17f2",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad180b",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad12d2",
            "parentcaller": "0x7ff97d6e34b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1a81",
            "parentcaller": "0x7ff973ad138a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000003b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e848d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e8511",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6eff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xa2B\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00H\\x00O\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e7afd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7b81",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e821c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7c4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad17f2",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad180b",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Background.Tasks.UpdateTask"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f4d7902",
            "parentcaller": "0x7ff97f4d7833",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000038c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Background.Tasks.UpdateTask"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a4"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00J\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00T\\x00a\\x00s\\x00k\\x00s\\x00.\\x00U\\x00p\\x00d\\x00a\\x00t\\x00e\\x00T\\x00a\\x00s\\x00k\\x00M\\x7f\\xfff9\\x7f\\x00\\x00\\x04\\xffb3\\x00\\xffe8G\\x02\\x00\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00\\x02yM\\x7f\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe8\\xffaaD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffee\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00(\\xffebg\\xffc9\\xff94\\x00\\x00\\x00\\xffd0\\xffed\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\xfffc\\xff9dD\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffa0\\x04H\\xffe6G\\x02\\x00\\x00p\\xffebg\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xfffc\\xff9dD\\xffe6G\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffa0\\x04H\\xffe6G\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00`\\xffebg\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00p\\xffebg\\xffc9\\xff94\\x00\\x00\\x00\\xffc0\\xffe8G\\xffe6G\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff81\\xffedg\\xffc9\\xff94\\x00\\x00\\x00\\xffa0\\x04H\\xffe6G\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfff0G\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xffdc\\xffe8G\\xffe6G\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Server"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "NativeHostNE.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Threading"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Private"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad12d2",
            "parentcaller": "0x7ff97d6e34b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1a81",
            "parentcaller": "0x7ff973ad138a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000003b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e848d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e8511",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6eff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0ZG\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2496
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e7afd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7b81",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e821c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7c4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad17f2",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad180b",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad12d2",
            "parentcaller": "0x7ff97d6e34b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1a81",
            "parentcaller": "0x7ff973ad138a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000003b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e848d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e8511",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6ea1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97d6e6eff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0ZG\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e7afd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1732",
            "parentcaller": "0x7ff97d6e86ec",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7b81",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e78c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1166",
            "parentcaller": "0x7ff97d6e821c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad15ac",
            "parentcaller": "0x7ff973ad14ff",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad1651",
            "parentcaller": "0x7ff97d6e7c4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad17f2",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff973ad180b",
            "parentcaller": "0x7ff97d6e3683",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f54d7f2",
            "parentcaller": "0x7ff97f54e4ae",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-03-05 10:25:05,305",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHostNE"
              },
              {
                "name": "DllBase",
                "value": "0x7ff964f50000"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff964fc60b3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff964fc60b3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96500eceb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-2"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96500eceb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96500eceb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHostNE.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964f50000"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff964f50000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHostNE.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "NativeHostNE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964f50000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "NativeHostNE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964f50000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964f5bae0"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "NativeHostNE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964f50000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964f58f60"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6485000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff964f7e616",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "hostfxr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff964f7c2da",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr.dll"
              }
            ],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-03-05 10:25:05,336",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff964f72fc5",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr"
              },
              {
                "name": "DllBase",
                "value": "0x7ff969170000"
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff9691aa497",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff9691aa497",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff964f72fc5",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969170000"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff964f72fc5",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff969170000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff964f7300f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostfxr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969170000"
              },
              {
                "name": "FunctionName",
                "value": "hostfxr_initialize_for_dotnet_command_line"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96917b490"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff964f73065",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostfxr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969170000"
              },
              {
                "name": "FunctionName",
                "value": "hostfxr_initialize_for_runtime_config"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96917b770"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff964f730bb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostfxr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969170000"
              },
              {
                "name": "FunctionName",
                "value": "hostfxr_get_runtime_delegate"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96917b9f0"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff964f73119",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostfxr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969170000"
              },
              {
                "name": "FunctionName",
                "value": "hostfxr_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96917c0b0"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\backgroundTaskHost.exe"
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6486000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6487000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6488000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.runtimeconfig.dev.json"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.runtimeconfig.json"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.deps.json"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff96919db56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll"
              }
            ],
            "repeated": 1,
            "id": 2562
          },
          {
            "timestamp": "2026-03-05 10:25:05,352",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96919b9f2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965fd0000"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96600e4c7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96600e4c7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96919b9f2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965fd0000"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96919b9f2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff965fd0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00001100"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff96919ba51",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff969172205",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_main"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965feedf0"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96917223b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_load"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965fee140"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff969172271",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_unload"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965feffa0"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff9691722be",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_main_with_output_buffer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965fef050"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff9691722f4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_set_error_writer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965ff0f40"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96917232a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_initialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965fefb00"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.deps.json"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\coreservicing"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff966002db0",
            "parentcaller": "0x7ff96600313b",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x247e647e5a0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x5d3c8f29"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac2e"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-03-05 10:25:05,461",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6491000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97d6c777d",
            "parentcaller": "0x7ff966002fbd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-03-05 10:25:05,477",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2642
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2650
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6494000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e648c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f16000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6489000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e649e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\coreservicing"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\coreservicing"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff9660029e6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6487000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff966000942",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr"
              },
              {
                "name": "DllBase",
                "value": "0x7ff963350000"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-03-05 10:25:05,493",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff9634abf77",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff9634abf77",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff966000942",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963350000"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff966000942",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff963350000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00001100"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d7124c6",
            "parentcaller": "0x7ff9660009a1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963350000"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff965fd1410",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963350000"
              },
              {
                "name": "FunctionName",
                "value": "coreclr_initialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9634830a0"
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff965fd1446",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963350000"
              },
              {
                "name": "FunctionName",
                "value": "coreclr_set_error_writer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9634a2810"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff965fd147c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963350000"
              },
              {
                "name": "FunctionName",
                "value": "coreclr_shutdown_2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff963496cc0"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff965fd14b2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963350000"
              },
              {
                "name": "FunctionName",
                "value": "coreclr_execute_assembly"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff963483380"
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff965fd14e8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963350000"
              },
              {
                "name": "FunctionName",
                "value": "coreclr_create_delegate"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9636c5d10"
              }
            ],
            "repeated": 0,
            "id": 2714
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f69000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff963370b41",
            "parentcaller": "0x7ff96346c539",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff963370b79",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff963370b89",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeContext2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb9a640"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff963370b9d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff963370bad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6e1e71",
            "parentcaller": "0x7ff97eb7bd0a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f000f",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97eb60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96349c87b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "IsWow64Process2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d7205c0"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96349c8c3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "QueueUserAPC2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97eb7c155",
            "parentcaller": "0x7ff96336db5d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 2727
          },
          {
            "timestamp": "2026-03-05 10:25:05,508",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903790000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967dee0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633fc9a3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903790000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967dfc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff9633fca9d",
            "parentcaller": "0x7ff963370dfa",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fd86d75",
            "parentcaller": "0x7ff97d76a496",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8gM\\xe6G\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00p\\x00P\\x00r\\x00o\\x00x\\x00y\\x00C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fd86da0",
            "parentcaller": "0x7ff97d76a496",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d72715b",
            "parentcaller": "0x7ff97ebc07b0",
            "category": "synchronization",
            "api": "NtCreateNamedPipeFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NamedPipeHandle",
                "value": "0x000003c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0180000"
              },
              {
                "name": "PipeName",
                "value": "\\??\\pipe\\dotnet-diagnostic-1872"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96349a529",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000003c8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff96345d010"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "7056"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000003d4",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96345d010"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "7056"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96345d712",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff96349ea7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963703000"
              },
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff96349eabb",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963703000"
              },
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f82000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff963370fdc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlVirtualUnwind"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fce0de0"
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96344b264",
            "parentcaller": "0x7ff96344afa8",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d72cf34",
            "parentcaller": "0x7ff96344b29f",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "55"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97eb7c155",
            "parentcaller": "0x7ff96344b32d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fd8a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967dde0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967dc80"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d70c282",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2771
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e174f",
            "parentcaller": "0x7ff96345b1cb",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ff97d7129bc"
              },
              {
                "name": "EventName",
                "value": "TelestoStartupEvent_00000750"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96345a5d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96345a3f1",
            "parentcaller": "0x7ff96345a362",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x247e8429000",
            "arguments": [
              {
                "name": "Options",
                "value": "0"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96345a3f1",
            "parentcaller": "0x7ff96345a375",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x247e7ff0000",
            "arguments": [
              {
                "name": "Options",
                "value": "262144"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcb6861",
            "parentcaller": "0x7ff97fcb678c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb002000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff96345a9df",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff96345ab3b",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96345cee1",
            "parentcaller": "0x7ff96345b0a4",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000041c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff963390d80"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4588"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000041c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff963390d80"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4588"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff96345a92e",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000041c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4588"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d72bde0",
            "parentcaller": "0x7ff96348ce52",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\LowMemoryCondition"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fe1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000043c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff963460290"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2608"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000043c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff963460290"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010004"
              },
              {
                "name": "ThreadId",
                "value": "2608"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97eb60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96349d054",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadDescription"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d71d0b0"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96343d466",
            "parentcaller": "0x7ff96348cf23",
            "category": "threading",
            "api": "SetThreadDescription",
            "status": true,
            "return": "0x10000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000043c"
              },
              {
                "name": "ThreadDescription",
                "value": ".NET Finalizer"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff96343d107",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000043c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2608"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff9633fb378",
            "parentcaller": "0x7ff9633fb255",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "42"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "4096"
              }
            ],
            "repeated": 2,
            "id": 2800
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff963450289",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d7133f2",
            "parentcaller": "0x7ff9634502b2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633fb64c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb200000"
              },
              {
                "name": "RegionSize",
                "value": "0x4000000000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633fb6cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287eb200000"
              },
              {
                "name": "RegionSize",
                "value": "0x94aa7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287eb200000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287f31ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287fb1ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287fb21f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287ff21e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x287ff22e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcb6861",
            "parentcaller": "0x7ff97fcb678c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28880000000"
              },
              {
                "name": "RegionSize",
                "value": "0x01000000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcb6861",
            "parentcaller": "0x7ff97fcb651a",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df500530000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28880000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcb6861",
            "parentcaller": "0x7ff97fcb651a",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df5fb4e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28880010000"
              },
              {
                "name": "RegionSize",
                "value": "0x000c8000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff9633fa556",
            "parentcaller": "0x7ff9633fac4b",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "42"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247ed400000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247ed800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247ee000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb400000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e6487000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96349cba8",
            "parentcaller": "0x7ff96337130e",
            "category": "hooking",
            "api": "RtlAddVectoredExceptionHandler",
            "status": true,
            "return": "0x247e7f107e0",
            "arguments": [
              {
                "name": "First",
                "value": "1"
              },
              {
                "name": "Handler",
                "value": "0x7ff963486fd0"
              }
            ],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff96337131b",
            "parentcaller": "0x7ff96346c539",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff9636e0000"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-03-05 10:25:05,524",
            "thread_id": "7056",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "7056",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff964fc6165",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d6f9900"
              }
            ],
            "repeated": 3,
            "id": 2832
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "7056",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "7056",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff96345d010"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "7056",
            "caller": "0x7ff96345d048",
            "parentcaller": "0x7ff97eb77034",
            "category": "threading",
            "api": "SetThreadDescription",
            "status": true,
            "return": "0x10000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadDescription",
                "value": ".NET EventPipe"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "4588",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "4588",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "4588",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff963390d80"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "4588",
            "caller": "0x7ff963390dd3",
            "parentcaller": "0x7ff97eb77034",
            "category": "threading",
            "api": "SetThreadDescription",
            "status": true,
            "return": "0x10000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000041c"
              },
              {
                "name": "ThreadDescription",
                "value": ".NET Debugger"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e650c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff963460290"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff96343cce7",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000464"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff963393348",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff963393348",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff963392f7d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9467a0000"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-03-05 10:25:05,540",
            "thread_id": "2608",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9467a0000"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9467a0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ce50"
              },
              {
                "name": "ViewSize",
                "value": "0x00080000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90383c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90383d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-03-05 10:25:05,555",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903840000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c700"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903844000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c7a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341e0e2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f84000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-03-05 10:25:05,649",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903850000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bff0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903854000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c090"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341e0e2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f87000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90383e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f89000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903860000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967afd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2892
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903861000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90383f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903862000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903863000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903864000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903865000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903866000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903867000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2902
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903868000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903869000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90386a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90386b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903870000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9678ae0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90386c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90386d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90386e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903871000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90386f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903880000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9676b70"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903880000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903872000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903881000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903882000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-03-05 10:25:05,696",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903883000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903884000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903885000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903873000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903886000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903887000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903888000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903889000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90388a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90388b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90388c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2932
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90388d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903874000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90388e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90388f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903890000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c4a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903890000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903891000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903892000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903893000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903894000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903875000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903895000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2944
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903896000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2945
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903897000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903898000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903899000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90389a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90389b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2950
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90389c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903876000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90389d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90389e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903877000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90389f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c96772c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903878000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2960
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903879000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2964
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90387a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2968
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2970
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90387b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90387c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9678650"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90387d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2985
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-03-05 10:25:05,711",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb401000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90387e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90387f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967be60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3004
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c020"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96349d5be",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28881000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00400000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96349d5e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28881000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96337142b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff963393348",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff963393348",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff963393055",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000480"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff96343a310"
              },
              {
                "name": "Parameter",
                "value": "0x247e64f4f40"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "372"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000480",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96343a310"
              },
              {
                "name": "Parameter",
                "value": "0x247e64f4f40"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010004"
              },
              {
                "name": "ThreadId",
                "value": "372"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff96343d466",
            "parentcaller": "0x7ff96348cd9f",
            "category": "threading",
            "api": "SetThreadDescription",
            "status": true,
            "return": "0x10000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000480"
              },
              {
                "name": "ThreadDescription",
                "value": ".NET Tiered Compilation Worker"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff96343d107",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000480"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "372"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-03-05 10:25:05,727",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d320"
              },
              {
                "name": "ViewSize",
                "value": "0x00080000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff96343a310"
              },
              {
                "name": "Parameter",
                "value": "0x247e64f4f40"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcb30fd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e63e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff9634acb81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "RoInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f52e0b0"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff9634ac5fd",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff9634ac61a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "AcquireSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcd90a0"
              }
            ],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff9634ac636",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcc2c70"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff9634ac878",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9637f0000"
              },
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff9634ac878",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9637f0000"
              },
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff9634acb81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "RoUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5609a0"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff9634ac878",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9637f0000"
              },
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff9634ac878",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9637f0000"
              },
              {
                "name": "ModuleName",
                "value": "coreclr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-03-05 10:25:05,743",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d400"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fcbe273",
            "parentcaller": "0x7ff97fcbe175",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f10000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00010000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fcbe273",
            "parentcaller": "0x7ff97fcbe175",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9700000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fd18466",
            "parentcaller": "0x7ff963457184",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fcc354a",
            "parentcaller": "0x7ff97fcc2252",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fe31000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fcc354a",
            "parentcaller": "0x7ff97fcc2296",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fe31000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fcbe273",
            "parentcaller": "0x7ff97fcbe175",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f10000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00010000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97fcbe273",
            "parentcaller": "0x7ff97fcbe175",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9700000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903960000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a370"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903960000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-03-05 10:25:05,758",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903961000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff96344fb02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247ee001000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3072
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3078
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3082
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fda000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fdc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fdd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fdb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fde000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fdf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9feb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f93000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903962000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903963000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3107
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3109
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3110
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903964000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903965000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903966000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903967000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3114
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903968000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x4ec9d1116f30",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903969000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x4ec9d1116f30",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90396a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x4ec9d1116f30",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90396b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3118
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x4ec9d1116d90",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90396c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90396d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90396e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-03-05 10:25:05,774",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90396f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903970000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967abe0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903970000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f320000"
              }
            ],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f320000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96335f7c2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f320000"
              },
              {
                "name": "FunctionName",
                "value": "EventRegister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf2ec0"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96335f7c2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f320000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf2b30"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903971000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903972000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903973000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d240"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903974000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903975000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903976000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3144
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903977000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903978000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3146
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903979000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fa5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3148
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90397a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90397b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3150
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90397c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90397d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90397e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90397f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903980000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ada0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903981000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3158
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903982000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903983000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903984000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903985000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903986000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903987000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903988000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-03-05 10:25:05,790",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903989000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\clrjit"
              },
              {
                "name": "DllBase",
                "value": "0x7ff963170000"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff963294927",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff963294927",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\clrjit.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963170000"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff963170000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\clrjit.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff963371bb5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963170000"
              },
              {
                "name": "FunctionName",
                "value": "jitStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff963288810"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff963371be7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff963170000"
              },
              {
                "name": "FunctionName",
                "value": "getJit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9632904c0"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fa5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90398a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x4ec9d1116e20",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90398b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x4ec9d1117bb0",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90398c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3179
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90398d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90398e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90398f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903990000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a5e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903990000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a740"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3186
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903991000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3190
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3191
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3194
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903992000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-03-05 10:25:05,805",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3200
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3202
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9678530"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fbd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb102000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb103000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb113000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb123000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903993000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-03-05 10:25:05,821",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903858000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6c09",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90385c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b4b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341e0e2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903994000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fe3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903995000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fcc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb133000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb135000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb137000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb139000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb143000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb144000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb13b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ae70"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3254
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-03-05 10:25:05,836",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-03-05 10:25:05,868",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3258
          },
          {
            "timestamp": "2026-03-05 10:25:05,977",
            "thread_id": "372",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c98ff580"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-03-05 10:25:06,071",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fee000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-03-05 10:25:06,071",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb143000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-03-05 10:25:06,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-03-05 10:25:06,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-03-05 10:25:06,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903996000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903997000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118fb0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118fb0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118d00",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9678820"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118ce0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118420",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118420",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d11185d0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d11185d0",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118440",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118440",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97eb60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetLastError"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb75bf0"
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SetLastError"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb75cb0"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetEnvironmentVariableW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7b620"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetLocaleInfoEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7cb40"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "372",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c98ff620"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "372",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341e0e2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-03-05 10:25:06,086",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-03-05 10:25:06,165",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\icu"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95f110000"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "icu.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95f110000"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95f110000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "icu.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_charsToUChars"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f137650"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_getVersion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f142650"
              }
            ],
            "repeated": 0,
            "id": 3307
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_strcmp"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f13d2d0"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_strcpy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f13d330"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_strlen"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1131a0"
              }
            ],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_strncpy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f13d460"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_tolower"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f13e3f0"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_toupper"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f13e410"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "u_uastrncpy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f137d10"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ubrk_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3315
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ubrk_openRules"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f14ec70"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_add"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b5d80"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_get"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b5e10"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getAttribute"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b5e30"
              }
            ],
            "repeated": 0,
            "id": 3320
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getKeywordValuesForLocale"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b62b0"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getLimit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6510"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6610"
              }
            ],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getTimeZoneDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b66a0"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6b90"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_openTimeZoneIDEnumeration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6d00"
              }
            ],
            "repeated": 0,
            "id": 3326
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_set"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6d60"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_setMillis"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6ef0"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_closeElements"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b8010"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_getOffset"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b8090"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_getRules"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b72d0"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_getSortKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b7450"
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_getStrength"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b7480"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_getVersion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f14ed40"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_next"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b80a0"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_previous"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b81a0"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f11f5f0"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_openElements"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b80c0"
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_openRules"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bc140"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_setAttribute"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f122f80"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_strcoll"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f112570"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_countSymbols"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bc730"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_format"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bc970"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_getSymbols"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bcf20"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bd290"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_setCalendar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f14e970"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udat_toPattern"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bda30"
              }
            ],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udatpg_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udatpg_getBestPattern"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1bde60"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "udatpg_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1be130"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uenum_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1126f0"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uenum_count"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1126b0"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uenum_next"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1229d0"
              }
            ],
            "repeated": 0,
            "id": 3355
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uidna_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uidna_nameToASCII"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f15da80"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uidna_nameToUnicode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f15dcd0"
              }
            ],
            "repeated": 0,
            "id": 3358
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uidna_openUTS46"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f15df20"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_canonicalize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f112770"
              }
            ],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_countAvailable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f14e7d0"
              }
            ],
            "repeated": 0,
            "id": 3361
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getAvailable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f163b90"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getBaseName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f162440"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getCharacterOrientation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f164150"
              }
            ],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getCountry"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f112af0"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getDefault"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f162580"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getDisplayCountry"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1648a0"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getDisplayLanguage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f164b80"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f164bc0"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getISO3Country"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1625a0"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getISO3Language"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f162680"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getKeywordValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f162780"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getLanguage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1129e0"
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getLCID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f162a90"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123110"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_getParent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f162c90"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uloc_setKeywordValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1217b0"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ulocdata_getCLDRVersion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1227f0"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ulocdata_getMeasurementSystem"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c0860"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unorm2_getNFCInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f140bd0"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unorm2_getNFDInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f140be0"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unorm2_getNFKCInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f165920"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unorm2_getNFKDInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f165930"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unorm2_isNormalized"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f113fa0"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unorm2_normalize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f140d20"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unum_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unum_getAttribute"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c15a0"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unum_getSymbol"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c1700"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unum_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c1a10"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "unum_toPattern"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c27c0"
              }
            ],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ures_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1146e0"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ures_getByKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f114f40"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ures_getSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f168890"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ures_getStringByIndex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f116130"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ures_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f137ef0"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c86d0"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_first"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c87a0"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_getBreakIterator"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c88b0"
              }
            ],
            "repeated": 0,
            "id": 3398
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_getMatchedLength"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c88f0"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_last"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c8c10"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_openFromCollator"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c8eb0"
              }
            ],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_setPattern"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c9fa0"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "usearch_setText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1c9ff0"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getWindowsTimeZoneID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b6a30"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucal_getTimeZoneIDForWindowsID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f113920"
              }
            ],
            "repeated": 0,
            "id": 3405
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_setMaxVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b78b0"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_clone"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucurr_forLocale"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f159a10"
              }
            ],
            "repeated": 0,
            "id": 3408
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucurr_getName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f15a550"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uldn_close"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f123070"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uldn_keyValueDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f161270"
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-03-05 10:25:06,196",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "uldn_open"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1614f0"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-03-05 10:25:06,211",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-03-05 10:25:06,368",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-03-05 10:25:06,415",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-03-05 10:25:06,415",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\globalization\\ICU\\icudtl.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004a0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\ICU\\icudtl.dat"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28881400000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967aa30"
              },
              {
                "name": "ViewSize",
                "value": "0x01a07000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "icu.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95f110000"
              },
              {
                "name": "FunctionName",
                "value": "ucol_safeClone"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95f1b7840"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-03-05 10:25:06,477",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-03-05 10:25:06,555",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-03-05 10:25:06,602",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-03-05 10:25:06,633",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-03-05 10:25:06,711",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-03-05 10:25:06,727",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-03-05 10:25:06,727",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-03-05 10:25:06,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-03-05 10:25:06,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903998000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3432
          },
          {
            "timestamp": "2026-03-05 10:25:06,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-03-05 10:25:06,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903999000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-03-05 10:25:06,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90399a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-03-05 10:25:06,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3438
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x4ec9d11168c0",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb13d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1116de0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x4ec9d1114590",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb140000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x4ec9d11158f0",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x4ec9d1114010",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3444
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90399b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9679990"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90399c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90399d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90399e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1116bb0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1116ba0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90399f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1117bb0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3466
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115530",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115520",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1117c00",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9677920"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1117fe0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1116c30",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1118c70",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9678950"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1117400",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115390",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a12000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115300",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3480
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115530",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115540",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1116010",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d11152f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1114720",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d11150f0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9675dd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115250",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1115790",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a04000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1116360",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1114770",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d11164f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a07000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d11160d0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-03-05 10:25:06,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x4ec9d1114730",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3506
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a09000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2633",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a29000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a2a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a2b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a2d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a2f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-03-05 10:25:06,868",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-03-05 10:25:06,883",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-03-05 10:25:06,883",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965fd0000"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-03-05 10:25:06,883",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff965fd0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-03-05 10:25:06,883",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_set_error_writer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965ff0f40"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-03-05 10:25:06,883",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "hostpolicy.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965fd0000"
              },
              {
                "name": "FunctionName",
                "value": "corehost_resolve_component_dependencies"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965ff0280"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-03-05 10:25:06,883",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.deps.json"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\coreservicing"
              }
            ],
            "repeated": 0,
            "id": 3525
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x247e9fec280",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x5d3c8f29"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac2e"
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3531
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb143000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb144000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e64e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb145000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb146000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb147000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb150000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3554
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb151000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb152000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb148000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb154000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb155000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb153000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb156000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb157000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb158000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb159000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb149000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb160000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb161000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb162000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb163000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb164000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb166000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3578
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb167000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb168000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb169000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb165000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb171000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb173000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb174000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb177000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb178000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3592
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb179000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb175000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb172000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb176000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3604
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb145000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\coreservicing"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\coreservicing"
              }
            ],
            "repeated": 0,
            "id": 3610
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2dc8",
            "parentcaller": "0x7ff9038e2cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247ee019000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00053000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cb70"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3613
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-03-05 10:25:06,899",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-03-05 10:25:06,930",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-03-05 10:25:06,930",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-03-05 10:25:06,930",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-03-05 10:25:06,930",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a0c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-03-05 10:25:06,977",
            "thread_id": "5300",
            "caller": "0x7ff9038e2e60",
            "parentcaller": "0x7ff9038e2cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-03-05 10:25:06,977",
            "thread_id": "5300",
            "caller": "0x7ff9038e32f4",
            "parentcaller": "0x7ff9038e2cf1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a37000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-03-05 10:25:06,977",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-03-05 10:25:06,977",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a0d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb145000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb146000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb149000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb138000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fcd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3648
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a340"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb138000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb133000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3692
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3697
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3700
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3703
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3708
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3712
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3719
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3723
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3728
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3732
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3734
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fcd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fcf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3739
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb133000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fcf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-03-05 10:25:06,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3750
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3752
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3755
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3758
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3761
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a4a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3764
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9f5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb138000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3773
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb139000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3774
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b110"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3780
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb137000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb137000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb139000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3783
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a4e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a51000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a4f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3786
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb137000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b1c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3789
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3791
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a53000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3792
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a62000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a63000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3794
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3796
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3798
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a67000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a69000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3801
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a55000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3804
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a6b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-03-05 10:25:07,008",
            "thread_id": "5300",
            "caller": "0x7ff9038e2cf1",
            "parentcaller": "0x7ff9038e254c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3806
          },
          {
            "timestamp": "2026-03-05 10:25:07,118",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3807
          },
          {
            "timestamp": "2026-03-05 10:25:07,118",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3808
          },
          {
            "timestamp": "2026-03-05 10:25:07,118",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff5000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-03-05 10:25:07,118",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb145000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3810
          },
          {
            "timestamp": "2026-03-05 10:25:07,118",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb168000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3811
          },
          {
            "timestamp": "2026-03-05 10:25:07,118",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3812
          },
          {
            "timestamp": "2026-03-05 10:25:07,243",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3813
          },
          {
            "timestamp": "2026-03-05 10:25:07,243",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 3814
          },
          {
            "timestamp": "2026-03-05 10:25:07,274",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-03-05 10:25:07,274",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a56000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3816
          },
          {
            "timestamp": "2026-03-05 10:25:07,290",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-03-05 10:25:07,290",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a6d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-03-05 10:25:07,305",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3819
          },
          {
            "timestamp": "2026-03-05 10:25:07,305",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3820
          },
          {
            "timestamp": "2026-03-05 10:25:07,305",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3821
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\BCrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\BCrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\BCrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3824
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\BCrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "BCrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d580000"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97d580000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "BCrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcrypt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d580000"
              },
              {
                "name": "FunctionName",
                "value": "BCryptGenRandom"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d583070"
              }
            ],
            "repeated": 0,
            "id": 3828
          },
          {
            "timestamp": "2026-03-05 10:25:07,430",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-03-05 10:25:07,446",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000194"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x06\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\xff\\xff\\xff\\xffP\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffR\\x00N\\x00G\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-03-05 10:25:07,446",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000194"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00R\\x00N\\x00G\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffR\\x00N\\x00G\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3831
          },
          {
            "timestamp": "2026-03-05 10:25:07,446",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptprimitives.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 3832
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dc80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\bcryptprimitives.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e2d16",
            "parentcaller": "0x7ff9038e254c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "FunctionName",
                "value": "GetRngInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dca0940"
              }
            ],
            "repeated": 0,
            "id": 3834
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c4b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a57000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb137000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-03-05 10:25:07,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b4b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a84000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b550"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a74000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a76000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3852
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a79000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a7a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4c8b",
            "parentcaller": "0x7ff9038e255e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a7c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb139000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a7d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3860
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a7e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb140000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fc6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3863
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a7f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b030"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-03-05 10:25:07,493",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e4cd6",
            "parentcaller": "0x7ff9038e4c8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a59000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3870
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb145000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a93000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-03-05 10:25:07,508",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a97000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a5a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a98000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3879
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb84df0"
              }
            ],
            "repeated": 0,
            "id": 3880
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadErrorMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7bae0"
              }
            ],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb84d50"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-03-05 10:25:07,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost"
              },
              {
                "name": "DllBase",
                "value": "0x7ff975ce0000"
              }
            ],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-03-05 10:25:07,571",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3885
          },
          {
            "timestamp": "2026-03-05 10:25:07,649",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff975ce0000"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-03-05 10:25:07,649",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff975ce0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-03-05 10:25:07,649",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3888
          },
          {
            "timestamp": "2026-03-05 10:25:07,680",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-03-05 10:25:07,790",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3890
          },
          {
            "timestamp": "2026-03-05 10:25:07,790",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3891
          },
          {
            "timestamp": "2026-03-05 10:25:07,790",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-03-05 10:25:07,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-03-05 10:25:07,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-03-05 10:25:07,836",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb18f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x288800e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00080000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7df50052f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb168000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3901
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb169000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-03-05 10:25:08,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00031000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-03-05 10:25:08,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x288800e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00080000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-03-05 10:25:08,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00031000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-03-05 10:25:08,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-03-05 10:25:08,321",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3907
          },
          {
            "timestamp": "2026-03-05 10:25:08,321",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-03-05 10:25:08,321",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-03-05 10:25:09,040",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3910
          },
          {
            "timestamp": "2026-03-05 10:25:09,040",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-03-05 10:25:09,586",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00046000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-03-05 10:25:09,586",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3913
          },
          {
            "timestamp": "2026-03-05 10:25:09,586",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00046000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-03-05 10:25:09,711",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-03-05 10:25:09,711",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00087000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3916
          },
          {
            "timestamp": "2026-03-05 10:25:09,711",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-03-05 10:25:09,711",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.dll"
              }
            ],
            "repeated": 0,
            "id": 3918
          },
          {
            "timestamp": "2026-03-05 10:25:09,711",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime"
              },
              {
                "name": "DllBase",
                "value": "0x2887fce0000"
              }
            ],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-03-05 10:25:09,711",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fce0000"
              }
            ],
            "repeated": 0,
            "id": 3921
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x2887fce0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3925
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3928
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a260"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3931
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3933
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3934
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3937
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a9b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3938
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a9c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3940
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a9f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3943
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cc40"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3946
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3948
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb17e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-03-05 10:25:09,727",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3951
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903a8c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a7b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3955
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3958
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices.dll"
              }
            ],
            "repeated": 0,
            "id": 3961
          },
          {
            "timestamp": "2026-03-05 10:25:09,774",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices"
              },
              {
                "name": "DllBase",
                "value": "0x7ff972330000"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-03-05 10:25:09,836",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff972330000"
              }
            ],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff972330000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3965
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3968
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ab9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3971
          },
          {
            "timestamp": "2026-03-05 10:25:09,852",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-03-05 10:25:09,868",
            "thread_id": "5300",
            "caller": "0x7ff9038e255e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aa9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3973
          },
          {
            "timestamp": "2026-03-05 10:25:09,868",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff946a1aacc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime.dll"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-03-05 10:25:09,868",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9638d0000"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9638d0000"
              }
            ],
            "repeated": 0,
            "id": 3976
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9638d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ac0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b800"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ac0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3979
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903abb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ad0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b5e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ad0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff946a1aacc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent.dll"
              }
            ],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-03-05 10:25:09,915",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965af0000"
              }
            ],
            "repeated": 0,
            "id": 3984
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965af0000"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff965af0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ad1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3987
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903abc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903abd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903abe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3990
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903abf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff946a1aacc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.dll"
              }
            ],
            "repeated": 0,
            "id": 3992
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965aa0000"
              }
            ],
            "repeated": 0,
            "id": 3993
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965aa0000"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff965aa0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-03-05 10:25:09,930",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ad4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a560"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3997
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3999
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff96335f84d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsGetStringRawBuffer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4d2330"
              }
            ],
            "repeated": 0,
            "id": 4002
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fd4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d6dd3ec",
            "parentcaller": "0x7ff946a1aacc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks.dll"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks"
              },
              {
                "name": "DllBase",
                "value": "0x7ff972310000"
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-03-05 10:25:09,946",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4007
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff972310000"
              }
            ],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff972310000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ad9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4012
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903adb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903add000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ade000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4017
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903adf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903af0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c3d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903af0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903af1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4022
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903af2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903af3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903af4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4027
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c360"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c2d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4032
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4037
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6398",
            "parentcaller": "0x7ff9038e6359",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6398",
            "parentcaller": "0x7ff9038e6359",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6398",
            "parentcaller": "0x7ff9038e6359",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6398",
            "parentcaller": "0x7ff9038e6359",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4042
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6398",
            "parentcaller": "0x7ff9038e6359",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9678ad0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4047
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4048
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4050
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4051
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e63e3",
            "parentcaller": "0x7ff9038e6398",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ae9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4052
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e65fb",
            "parentcaller": "0x7ff9038e64c3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4053
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6b55",
            "parentcaller": "0x7ff9038e65fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aeb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-03-05 10:25:09,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e6fa7",
            "parentcaller": "0x7ff9038e64dc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-03-05 10:25:09,977",
            "thread_id": "5300",
            "caller": "0x7ff9038e6fa7",
            "parentcaller": "0x7ff9038e64dc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4056
          },
          {
            "timestamp": "2026-03-05 10:25:09,977",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-03-05 10:25:09,977",
            "thread_id": "5300",
            "caller": "0x7ff9038e68fc",
            "parentcaller": "0x7ff9038e7ad5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-03-05 10:25:09,977",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4060
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b2a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4062
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b2d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e7b13",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903aef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e7b13",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a220"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e7b13",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4067
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e7b13",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e7b13",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb153000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e68fc",
            "parentcaller": "0x7ff9038e7ad5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff9038e7c15",
            "parentcaller": "0x7ff9038e7b13",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4072
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96cf20000"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96cf20000"
              }
            ],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96cf20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b2f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4077
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bd20"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-03-05 10:25:09,993",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-03-05 10:25:10,008",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-03-05 10:25:10,008",
            "thread_id": "5300",
            "caller": "0x7ff97d6da070",
            "parentcaller": "0x7ff97d6d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-03-05 10:25:10,008",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET"
              },
              {
                "name": "DllBase",
                "value": "0x28882e10000"
              }
            ],
            "repeated": 0,
            "id": 4082
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x28882e10000"
              }
            ],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff96336e0e3",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x28882e10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967acc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00340000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b50000"
              },
              {
                "name": "RegionSize",
                "value": "0x0033b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb184000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4087
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb187000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb192000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb193000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb195000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4091
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb188000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4092
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-03-05 10:25:10,024",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b37000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-03-05 10:25:10,055",
            "thread_id": "5300",
            "caller": "0x7ff9038e7e55",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4097
          },
          {
            "timestamp": "2026-03-05 10:25:10,055",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-03-05 10:25:10,055",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96d0a0000"
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-03-05 10:25:10,055",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96d0a0000"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96d0a0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4102
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e8c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4107
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e8d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb18b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb196000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4112
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb197000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903b3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a6b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4118
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-03-05 10:25:10,071",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96bdf0000"
              }
            ],
            "repeated": 0,
            "id": 4120
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96bdf0000"
              }
            ],
            "repeated": 0,
            "id": 4121
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96bdf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e8e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96cf90000"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96cf90000"
              }
            ],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96cf90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e93000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ab00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4130
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-03-05 10:25:10,086",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e97000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4136
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e98000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4138
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e9b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-03-05 10:25:10,102",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors"
              },
              {
                "name": "DllBase",
                "value": "0x2887fcf0000"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcf0000"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x2887fcf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4146
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e9c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4148
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903e9f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4151
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4152
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a6b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4156
          },
          {
            "timestamp": "2026-03-05 10:25:10,118",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel"
              },
              {
                "name": "DllBase",
                "value": "0x7ff973cb0000"
              }
            ],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-03-05 10:25:10,133",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973cb0000"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-03-05 10:25:10,133",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff973cb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-03-05 10:25:10,133",
            "thread_id": "5300",
            "caller": "0x7ff9038e80c0",
            "parentcaller": "0x7ff9038e7eaf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-03-05 10:25:10,133",
            "thread_id": "5300",
            "caller": "0x7ff9038e8c25",
            "parentcaller": "0x7ff9038e82a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e8c25",
            "parentcaller": "0x7ff9038e82a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e496a",
            "parentcaller": "0x7ff9038e936d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e9688",
            "parentcaller": "0x7ff9038e80d3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e9c8d",
            "parentcaller": "0x7ff9038e9c2d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e9a7b",
            "parentcaller": "0x7ff9038e99f2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e9a7b",
            "parentcaller": "0x7ff9038e99f2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4167
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038e9fa1",
            "parentcaller": "0x7ff9038e9a7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038ea153",
            "parentcaller": "0x7ff9038e9fa1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4169
          },
          {
            "timestamp": "2026-03-05 10:25:10,149",
            "thread_id": "5300",
            "caller": "0x7ff9038ea153",
            "parentcaller": "0x7ff9038e9fa1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ea9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-03-05 10:25:10,165",
            "thread_id": "5300",
            "caller": "0x7ff9038ea153",
            "parentcaller": "0x7ff9038e9fa1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-03-05 10:25:10,165",
            "thread_id": "5300",
            "caller": "0x7ff9038ea153",
            "parentcaller": "0x7ff9038e9fa1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eb9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4172
          },
          {
            "timestamp": "2026-03-05 10:25:10,165",
            "thread_id": "5300",
            "caller": "0x7ff9038ea3dd",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4173
          },
          {
            "timestamp": "2026-03-05 10:25:10,165",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eaa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4175
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038eaf98",
            "parentcaller": "0x7ff9038eaf58",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038eaef2",
            "parentcaller": "0x7ff9038eadc2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb784c0"
              }
            ],
            "repeated": 0,
            "id": 4177
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038ea44c",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ebb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4178
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038ea46a",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ebc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4179
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038eb685",
            "parentcaller": "0x7ff9038ea46a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ebd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038eb685",
            "parentcaller": "0x7ff9038ea46a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-03-05 10:25:10,180",
            "thread_id": "5300",
            "caller": "0x7ff9038ea935",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4182
          },
          {
            "timestamp": "2026-03-05 10:25:10,211",
            "thread_id": "5300",
            "caller": "0x7ff9038ea9b9",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-03-05 10:25:10,211",
            "thread_id": "5300",
            "caller": "0x7ff9038ec2f0",
            "parentcaller": "0x7ff9038ea169",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ebe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-03-05 10:25:10,211",
            "thread_id": "5300",
            "caller": "0x7ff9038e9a91",
            "parentcaller": "0x7ff9038e99f2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4185
          },
          {
            "timestamp": "2026-03-05 10:25:10,211",
            "thread_id": "5300",
            "caller": "0x7ff9038ec8d0",
            "parentcaller": "0x7ff9038ea3f2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ebf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-03-05 10:25:10,211",
            "thread_id": "5300",
            "caller": "0x7ff9038ec8d0",
            "parentcaller": "0x7ff9038ea3f2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ec0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c710"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038ec8d0",
            "parentcaller": "0x7ff9038ea3f2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4188
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038ec8d0",
            "parentcaller": "0x7ff9038ea3f2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ec4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038ec8d0",
            "parentcaller": "0x7ff9038ea3f2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c7b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038ec8d0",
            "parentcaller": "0x7ff9038ea3f2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4191
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ead000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ed0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b7b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-03-05 10:25:10,274",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ed0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4194
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4197
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4200
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ee0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c8b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4203
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eac94",
            "parentcaller": "0x7ff9038ea432",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ef7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4206
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4adb85",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004e8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004ec"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-03-05 10:25:10,290",
            "thread_id": "5300",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ef8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-03-05 10:25:10,305",
            "thread_id": "5300",
            "caller": "0x7ff9038ed74f",
            "parentcaller": "0x7ff9038ed57d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ef9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-03-05 10:25:10,305",
            "thread_id": "5300",
            "caller": "0x7ff9038ed74f",
            "parentcaller": "0x7ff9038ed57d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-03-05 10:25:10,352",
            "thread_id": "5300",
            "caller": "0x7ff9038edd3f",
            "parentcaller": "0x7ff9038edcac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903efa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-03-05 10:25:10,399",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-03-05 10:25:10,461",
            "thread_id": "5300",
            "caller": "0x7ff9038ede00",
            "parentcaller": "0x7ff9038edd3f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-03-05 10:25:10,477",
            "thread_id": "5300",
            "caller": "0x7ff9038ee2c1",
            "parentcaller": "0x7ff9038ee1f4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903efb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-03-05 10:25:10,477",
            "thread_id": "5300",
            "caller": "0x7ff9038ee2c1",
            "parentcaller": "0x7ff9038ee1f4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eaf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-03-05 10:25:10,477",
            "thread_id": "5300",
            "caller": "0x7ff9038ee2c1",
            "parentcaller": "0x7ff9038ee1f4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903efc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-03-05 10:25:10,508",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-03-05 10:25:10,555",
            "thread_id": "5300",
            "caller": "0x7ff9038ee879",
            "parentcaller": "0x7ff9038ee5cd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsGetStringRawBuffer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4d2330"
              }
            ],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-03-05 10:25:10,555",
            "thread_id": "5300",
            "caller": "0x7ff9038ee915",
            "parentcaller": "0x7ff9038ee8be",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsDeleteString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4c7680"
              }
            ],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-03-05 10:25:10,586",
            "thread_id": "5300",
            "caller": "0x7ff9038ecbd0",
            "parentcaller": "0x7ff9038eec8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903efd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-03-05 10:25:10,586",
            "thread_id": "5300",
            "caller": "0x7ff9038ecbd0",
            "parentcaller": "0x7ff9038eec8b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a150"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4223
          },
          {
            "timestamp": "2026-03-05 10:25:10,602",
            "thread_id": "5300",
            "caller": "0x7ff9038ecbd0",
            "parentcaller": "0x7ff9038eec8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-03-05 10:25:10,602",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-03-05 10:25:10,602",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb196000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4226
          },
          {
            "timestamp": "2026-03-05 10:25:10,602",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb196000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4227
          },
          {
            "timestamp": "2026-03-05 10:25:10,602",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903efe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-03-05 10:25:10,602",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4229
          },
          {
            "timestamp": "2026-03-05 10:25:10,696",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-03-05 10:25:10,743",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4231
          },
          {
            "timestamp": "2026-03-05 10:25:10,758",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions"
              },
              {
                "name": "DllBase",
                "value": "0x7ff961750000"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff961750000"
              }
            ],
            "repeated": 0,
            "id": 4233
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff961750000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903eff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b6b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4237
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeda0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-03-05 10:25:10,774",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb18c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c390"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4241
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-03-05 10:25:10,790",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-03-05 10:25:10,805",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-03-05 10:25:10,805",
            "thread_id": "5300",
            "caller": "0x7ff9038eeffa",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-03-05 10:25:10,821",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4249
          },
          {
            "timestamp": "2026-03-05 10:25:10,836",
            "thread_id": "5300",
            "caller": "0x7ff9038ef2bb",
            "parentcaller": "0x7ff9038eeda0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f37000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4250
          },
          {
            "timestamp": "2026-03-05 10:25:10,946",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038ef89f",
            "parentcaller": "0x7ff9038ef2bb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038ef89f",
            "parentcaller": "0x7ff9038ef2bb",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d970"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4253
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038ef89f",
            "parentcaller": "0x7ff9038ef2bb",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038e4777",
            "parentcaller": "0x7ff9038e4734",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038f01f0",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9037b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4256
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038ed9f3",
            "parentcaller": "0x7ff9038ed74f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-03-05 10:25:10,961",
            "thread_id": "5300",
            "caller": "0x7ff9038f065d",
            "parentcaller": "0x7ff9038f03da",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-03-05 10:25:10,977",
            "thread_id": "5300",
            "caller": "0x7ff9038f065d",
            "parentcaller": "0x7ff9038f03da",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-03-05 10:25:11,008",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f7c",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4260
          },
          {
            "timestamp": "2026-03-05 10:25:11,024",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-03-05 10:25:11,024",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-03-05 10:25:11,024",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4263
          },
          {
            "timestamp": "2026-03-05 10:25:11,040",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-03-05 10:25:11,055",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-03-05 10:25:11,055",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4266
          },
          {
            "timestamp": "2026-03-05 10:25:11,055",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-03-05 10:25:11,055",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-03-05 10:25:11,071",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-03-05 10:25:11,071",
            "thread_id": "5300",
            "caller": "0x7ff9038f0f9d",
            "parentcaller": "0x7ff9038ed5cd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4270
          },
          {
            "timestamp": "2026-03-05 10:25:11,086",
            "thread_id": "5300",
            "caller": "0x7ff9038f22c5",
            "parentcaller": "0x7ff9038f21f7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-03-05 10:25:11,102",
            "thread_id": "5300",
            "caller": "0x7ff9038f25b3",
            "parentcaller": "0x7ff9038f22c5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-03-05 10:25:11,211",
            "thread_id": "5300",
            "caller": "0x7ff9038f115c",
            "parentcaller": "0x7ff9038f0f9d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4273
          },
          {
            "timestamp": "2026-03-05 10:25:11,227",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4274
          },
          {
            "timestamp": "2026-03-05 10:25:11,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f2669",
            "parentcaller": "0x7ff9038f22c5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-03-05 10:25:11,258",
            "thread_id": "5300",
            "caller": "0x7ff9038f33ec",
            "parentcaller": "0x7ff9038f2dca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4276
          },
          {
            "timestamp": "2026-03-05 10:25:11,305",
            "thread_id": "5300",
            "caller": "0x7ff9038f3b10",
            "parentcaller": "0x7ff9038f3762",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-03-05 10:25:11,321",
            "thread_id": "5300",
            "caller": "0x7ff9038f3799",
            "parentcaller": "0x7ff9038f358b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4278
          },
          {
            "timestamp": "2026-03-05 10:25:11,336",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-03-05 10:25:11,336",
            "thread_id": "5300",
            "caller": "0x7ff9038f1d03",
            "parentcaller": "0x7ff9038f0f9d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-03-05 10:25:11,352",
            "thread_id": "5300",
            "caller": "0x7ff9038f49d4",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4281
          },
          {
            "timestamp": "2026-03-05 10:25:11,540",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4282
          },
          {
            "timestamp": "2026-03-05 10:25:11,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f4e43",
            "parentcaller": "0x7ff9038f4da4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-03-05 10:25:11,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f535e",
            "parentcaller": "0x7ff9038f530a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d010"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4284
          },
          {
            "timestamp": "2026-03-05 10:25:11,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f535e",
            "parentcaller": "0x7ff9038f530a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-03-05 10:25:11,633",
            "thread_id": "5300",
            "caller": "0x7ff9038f2916",
            "parentcaller": "0x7ff9038f27da",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-03-05 10:25:11,649",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4287
          },
          {
            "timestamp": "2026-03-05 10:25:11,649",
            "thread_id": "5300",
            "caller": "0x7ff9038ed349",
            "parentcaller": "0x7ff9038ed304",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-03-05 10:25:11,758",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-03-05 10:25:11,758",
            "thread_id": "5300",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff96343ada3",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000464"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x13\\xc9\\x94\\x00\\x00\\x00P\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5300"
              }
            ],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-03-05 10:25:11,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f5f4c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-03-05 10:25:11,805",
            "thread_id": "5300",
            "caller": "0x7ff9038f5f4c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4292
          },
          {
            "timestamp": "2026-03-05 10:25:11,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000500"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-03-05 10:25:11,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9625f0000"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9625f0000"
              }
            ],
            "repeated": 0,
            "id": 4295
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9625f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d2b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00030000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4298
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96b630000"
              }
            ],
            "repeated": 0,
            "id": 4301
          },
          {
            "timestamp": "2026-03-05 10:25:11,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96b630000"
              }
            ],
            "repeated": 0,
            "id": 4302
          },
          {
            "timestamp": "2026-03-05 10:25:11,852",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96b630000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4303
          },
          {
            "timestamp": "2026-03-05 10:25:11,852",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4304
          },
          {
            "timestamp": "2026-03-05 10:25:11,868",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-03-05 10:25:11,868",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-03-05 10:25:11,883",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff962440000"
              }
            ],
            "repeated": 0,
            "id": 4307
          },
          {
            "timestamp": "2026-03-05 10:25:11,883",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff962440000"
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-03-05 10:25:11,883",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff962440000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-03-05 10:25:11,899",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-03-05 10:25:11,899",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c310"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4311
          },
          {
            "timestamp": "2026-03-05 10:25:11,899",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-03-05 10:25:12,024",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-03-05 10:25:12,024",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4314
          },
          {
            "timestamp": "2026-03-05 10:25:12,024",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-03-05 10:25:12,024",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities"
              },
              {
                "name": "DllBase",
                "value": "0x7ff962140000"
              }
            ],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4317
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6c09",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9039dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c98ff6f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341e0e2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4321
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4322
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-03-05 10:25:12,071",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff962140000"
              }
            ],
            "repeated": 0,
            "id": 4324
          },
          {
            "timestamp": "2026-03-05 10:25:12,086",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff962140000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-03-05 10:25:12,086",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 4326
          },
          {
            "timestamp": "2026-03-05 10:25:12,086",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fa0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c310"
              },
              {
                "name": "ViewSize",
                "value": "0x00030000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-03-05 10:25:12,102",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fa0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-03-05 10:25:12,102",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4329
          },
          {
            "timestamp": "2026-03-05 10:25:12,102",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb16f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-03-05 10:25:12,102",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-03-05 10:25:12,133",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-03-05 10:25:12,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-03-05 10:25:12,149",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4334
          },
          {
            "timestamp": "2026-03-05 10:25:12,149",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-03-05 10:25:12,149",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-03-05 10:25:12,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-03-05 10:25:12,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff964980000"
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-03-05 10:25:12,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964980000"
              }
            ],
            "repeated": 0,
            "id": 4339
          },
          {
            "timestamp": "2026-03-05 10:25:12,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff964980000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-03-05 10:25:12,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d2b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-03-05 10:25:12,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4342
          },
          {
            "timestamp": "2026-03-05 10:25:12,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-03-05 10:25:12,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fd7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-03-05 10:25:12,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4345
          },
          {
            "timestamp": "2026-03-05 10:25:12,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-03-05 10:25:12,258",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4347
          },
          {
            "timestamp": "2026-03-05 10:25:12,258",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-03-05 10:25:12,274",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions"
              },
              {
                "name": "DllBase",
                "value": "0x7ff973ce0000"
              }
            ],
            "repeated": 0,
            "id": 4349
          },
          {
            "timestamp": "2026-03-05 10:25:12,274",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973ce0000"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-03-05 10:25:12,274",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff973ce0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-03-05 10:25:12,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4352
          },
          {
            "timestamp": "2026-03-05 10:25:12,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fd8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-03-05 10:25:12,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fda000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-03-05 10:25:12,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4355
          },
          {
            "timestamp": "2026-03-05 10:25:12,305",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-03-05 10:25:12,305",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-03-05 10:25:12,321",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities"
              },
              {
                "name": "DllBase",
                "value": "0x7ff964da0000"
              }
            ],
            "repeated": 0,
            "id": 4358
          },
          {
            "timestamp": "2026-03-05 10:25:12,321",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964da0000"
              }
            ],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-03-05 10:25:12,321",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff964da0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-03-05 10:25:12,321",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fe0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d680"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-03-05 10:25:12,336",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4362
          },
          {
            "timestamp": "2026-03-05 10:25:12,336",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb14f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-03-05 10:25:12,336",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-03-05 10:25:12,352",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f4a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4365
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f73e5",
            "parentcaller": "0x7ff9038f730d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-com-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 4366
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f73e5",
            "parentcaller": "0x7ff9038f730d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-com-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f73e5",
            "parentcaller": "0x7ff9038f730d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4368
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f73e5",
            "parentcaller": "0x7ff9038f730d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoIncrementMTAUsage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f523020"
              }
            ],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7670",
            "parentcaller": "0x7ff9038f7538",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsCreateStringReference"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4c7ab0"
              }
            ],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "RoGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ac1b0"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.ApplicationData"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData"
              }
            ],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00>\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00D\\x00a\\x00t\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffc7\\x13\\xffc9\\xff94\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffa0D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffe5g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0t\\x17\\xffebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00[\\xffc4\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffef\\x16\\xffebG\\x02\\x00\\x00h\\xffa0D\\xffe6G\\x02\\x00\\x00@\\xffa0D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0t\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa0D\\xffe6G\\x02\\x00\\x00\\xffd0t\\x17\\xffebG\\x02\\x00\\x00@\\xffef\\x16\\xffebG\\x02\\x00\\x00\\xffa0_\\x16\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffef\\x16\\xffebG\\x02\\x00\\x00 \\xfffc\\x14\\xffebG\\x02\\x00\\x00 \\xfffc\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0t\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfffc\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0t\\x17\\xffebG\\x02\\x00\\x00\\xffa0_\\x16\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffe6g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff2\\x14\\xffebG\\x02\\x00\\x00@\\xffa0D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4379
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000050c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData"
              },
              {
                "name": "DllBase",
                "value": "0x7ff962ff0000"
              }
            ],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-03-05 10:25:12,368",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-03-05 10:25:12,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff962ff0000"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-03-05 10:25:12,430",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff962ff0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-03-05 10:25:12,430",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff962ff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff963015b40"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-03-05 10:25:12,430",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff962ff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9630020e0"
              }
            ],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-03-05 10:25:12,430",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff962ff0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff963004100"
              }
            ],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-03-05 10:25:12,493",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 4396
          },
          {
            "timestamp": "2026-03-05 10:25:12,493",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4397
          },
          {
            "timestamp": "2026-03-05 10:25:12,524",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 4398
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4401
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f4e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903f4f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-03-05 10:25:12,555",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 4405
          },
          {
            "timestamp": "2026-03-05 10:25:12,571",
            "thread_id": "372",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c98fd590"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-03-05 10:25:12,571",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-03-05 10:25:12,571",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4408
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4410
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4411
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-03-05 10:25:12,586",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4415
          },
          {
            "timestamp": "2026-03-05 10:25:12,602",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-03-05 10:25:12,602",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-03-05 10:25:12,602",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb152000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4418
          },
          {
            "timestamp": "2026-03-05 10:25:12,602",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb153000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-03-05 10:25:12,618",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903feb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-03-05 10:25:12,821",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4421
          },
          {
            "timestamp": "2026-03-05 10:25:12,836",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-03-05 10:25:12,836",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e805e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-03-05 10:25:12,836",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8074000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-03-05 10:25:12,836",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4425
          },
          {
            "timestamp": "2026-03-05 10:25:12,852",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-03-05 10:25:12,852",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ff9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-03-05 10:25:12,852",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ffa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4428
          },
          {
            "timestamp": "2026-03-05 10:25:12,852",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb154000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-03-05 10:25:12,868",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ffb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-03-05 10:25:12,868",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ffc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4431
          },
          {
            "timestamp": "2026-03-05 10:25:12,946",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-03-05 10:25:12,961",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-03-05 10:25:12,961",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4434
          },
          {
            "timestamp": "2026-03-05 10:25:12,961",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-03-05 10:25:12,961",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4439
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Status",
                "value": "Log limit reached"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xf0g\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90E\\xc4\\xedG\\x02\\x00\\x00ategory\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xf0C\\xc4\\xedG\\x02\\x00\\x00\\x90\\xf0g\\xc9"
              }
            ],
            "repeated": 0,
            "id": 4442
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4445
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\xfff9\\x7f\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffaeD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffeb\\xffc4\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffeb\\x16\\xffebG\\x02\\x00\\x00h\\xffaeD\\xffe6G\\x02\\x00\\x00@\\xffaeD\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffaeD\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00\\x00\\xffeb\\x16\\xffebG\\x02\\x00\\x00\\xff80\\x03\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffeb\\x16\\xffebG\\x02\\x00\\x00\\xffa0\\xfff1\\x14\\xffebG\\x02\\x00\\x00\\xffa0\\xfff1\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xfff1\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00\\xff80\\x03\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffe5g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xfff3\\x14\\xffebG\\x02\\x00\\x00@\\xffaeD\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4448
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4452
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-03-05 10:25:14,165",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4455
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4458
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1872:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4461
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4464
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 4467
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4471
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4474
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff963054000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4477
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\x00\\x00p\\x00P\\x00:\\x00\\x00\\x00\\xff94\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x008\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xnH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00{\\xfff9\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x16\\xffebG\\x02\\x00\\x00xnH\\xffe6G\\x02\\x00\\x00PnH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PnH\\xffe6G\\x02\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x00\\xfff0\\x16\\xffebG\\x02\\x00\\x000\\x03\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x16\\xffebG\\x02\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x000\\x03\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe3g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfff9\\x14\\xffebG\\x02\\x00\\x00PnH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4481
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4484
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4487
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4489
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4492
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_USERS"
              }
            ],
            "repeated": 0,
            "id": 4495
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR"
              }
            ],
            "repeated": 0,
            "id": 4498
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "WnfStateName"
              },
              {
                "name": "Data",
                "value": "\\xe5\\xa8\\xbd\\xa3mN\\xc6A"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR\\WnfStateName"
              }
            ],
            "repeated": 0,
            "id": 4499
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f0a2b",
            "parentcaller": "0x7ff9038f065d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ffd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4502
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4503
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4505
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4508
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4511
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-03-05 10:25:14,180",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtLoadKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TrustClassKey",
                "value": "0x00000000"
              },
              {
                "name": "TargetKeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "TargetKeyName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}"
              },
              {
                "name": "TargetKey",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}"
              },
              {
                "name": "SourceFile",
                "value": "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.YourPhone_8wekyb3d8bbwe\\Settings\\settings.dat"
              },
              {
                "name": "Flags",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ffe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000530"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000534"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xnH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe6g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00+\\xffc5\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe07\\xfffe\\xffe9G\\x02\\x00\\x00xnH\\xffe6G\\x02\\x00\\x00PnH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PnH\\xffe6G\\x02\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\xffe07\\xfffe\\xffe9G\\x02\\x00\\x000\\x03\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe07\\xfffe\\xffe9G\\x02\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0r\\x17\\xffebG\\x02\\x00\\x000\\x03\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe7g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfff9\\x14\\xffebG\\x02\\x00\\x00PnH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4523
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4527
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4530
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 4535
          },
          {
            "timestamp": "2026-03-05 10:25:14,383",
            "thread_id": "5300",
            "caller": "0x7ff9038ed47a",
            "parentcaller": "0x7ff9038ed2f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904000000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cd10"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904000000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904001000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904002000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904003000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4543
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904004000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904005000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903fef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904006000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-03-05 10:25:14,399",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f32",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904007000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-03-05 10:25:14,415",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f32",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-03-05 10:25:14,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f4a57",
            "parentcaller": "0x7ff9038ecbd0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-03-05 10:25:14,446",
            "thread_id": "5300",
            "caller": "0x7ff9038faff2",
            "parentcaller": "0x7ff9038f4a57",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904010000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bca0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-03-05 10:25:14,446",
            "thread_id": "5300",
            "caller": "0x7ff9038faff2",
            "parentcaller": "0x7ff9038f4a57",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904010000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4552
          },
          {
            "timestamp": "2026-03-05 10:25:14,461",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904008000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-03-05 10:25:14,461",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904009000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4554
          },
          {
            "timestamp": "2026-03-05 10:25:14,461",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90400a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-03-05 10:25:14,477",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904011000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-03-05 10:25:14,477",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90400b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-03-05 10:25:14,477",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90400c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-03-05 10:25:14,477",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90400d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-03-05 10:25:14,477",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90400e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-03-05 10:25:14,477",
            "thread_id": "5300",
            "caller": "0x7ff9038fa13f",
            "parentcaller": "0x7ff9038f9f32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90400f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-03-05 10:25:14,493",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-03-05 10:25:14,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4563
          },
          {
            "timestamp": "2026-03-05 10:25:14,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography"
              },
              {
                "name": "DllBase",
                "value": "0x7ff961f30000"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-03-05 10:25:14,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff961f30000"
              }
            ],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-03-05 10:25:14,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff961f30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4566
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904020000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b350"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4567
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904020000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904030000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b1f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038f9f88",
            "parentcaller": "0x7ff9038f9ef0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904030000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb60c",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904021000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4571
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ec8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903ecc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4573
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d6b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904022000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetVersion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcee520"
              }
            ],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcrypt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d580000"
              },
              {
                "name": "FunctionName",
                "value": "BCryptHash"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5835e0"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000194"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00S\\x00H\\x00A\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00A\\x001\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffS\\x00H\\x00A\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-03-05 10:25:14,508",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "FunctionName",
                "value": "GetHashInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97dc94460"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-03-05 10:25:14,524",
            "thread_id": "5300",
            "caller": "0x7ff9038e72b6",
            "parentcaller": "0x7ff9038f92b5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904043000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-03-05 10:25:14,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f9eae",
            "parentcaller": "0x7ff9038f9d1f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904023000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4588
          },
          {
            "timestamp": "2026-03-05 10:25:14,586",
            "thread_id": "5300",
            "caller": "0x7ff9038ea550",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904024000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4591
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4592
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff943a90000"
              }
            ],
            "repeated": 0,
            "id": 4593
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff943a90000"
              }
            ],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff943a90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4596
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904050000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c2b0"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904050000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e2000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-03-05 10:25:14,602",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904025000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904132000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28881010000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4603
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb162000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb163000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904026000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904027000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904133000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904028000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904029000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90402a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90402b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904134000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4613
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc1e6",
            "parentcaller": "0x7ff9038ea58d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90402c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc4c2",
            "parentcaller": "0x7ff9038ea5d1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90402d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4615
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc58b",
            "parentcaller": "0x7ff9038ea5d1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90402e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4616
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038fc58b",
            "parentcaller": "0x7ff9038ea5d1",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb156000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4617
          },
          {
            "timestamp": "2026-03-05 10:25:14,618",
            "thread_id": "5300",
            "caller": "0x7ff9038eccfe",
            "parentcaller": "0x7ff9038ecb9e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-03-05 10:25:14,633",
            "thread_id": "5300",
            "caller": "0x7ff9038ea7d6",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904135000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-03-05 10:25:14,633",
            "thread_id": "5300",
            "caller": "0x7ff9038ea7d6",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90402f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-03-05 10:25:14,633",
            "thread_id": "5300",
            "caller": "0x7ff9038ea7d6",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904140000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9679bd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-03-05 10:25:14,633",
            "thread_id": "5300",
            "caller": "0x7ff9038ea7d6",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904140000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-03-05 10:25:14,649",
            "thread_id": "5300",
            "caller": "0x7ff9038ea7d6",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904141000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-03-05 10:25:14,649",
            "thread_id": "5300",
            "caller": "0x7ff9038ea818",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904142000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-03-05 10:25:14,649",
            "thread_id": "5300",
            "caller": "0x7ff9038ea818",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904143000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-03-05 10:25:14,649",
            "thread_id": "5300",
            "caller": "0x7ff9038ea818",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904136000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-03-05 10:25:14,649",
            "thread_id": "5300",
            "caller": "0x7ff9038ea818",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904144000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-03-05 10:25:14,665",
            "thread_id": "5300",
            "caller": "0x7ff9038ea818",
            "parentcaller": "0x7ff9038ea153",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-03-05 10:25:14,680",
            "thread_id": "5300",
            "caller": "0x7ff9038ec2f0",
            "parentcaller": "0x7ff9038ea169",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904145000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-03-05 10:25:14,696",
            "thread_id": "5300",
            "caller": "0x7ff9038fe9dd",
            "parentcaller": "0x7ff9038fbe71",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904137000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-03-05 10:25:14,711",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-03-05 10:25:14,711",
            "thread_id": "5300",
            "caller": "0x7ff9038fe9dd",
            "parentcaller": "0x7ff9038fbe71",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904146000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4632
          },
          {
            "timestamp": "2026-03-05 10:25:14,711",
            "thread_id": "5300",
            "caller": "0x7ff9038feead",
            "parentcaller": "0x7ff9038fed4a",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-03-05 10:25:14,727",
            "thread_id": "5300",
            "caller": "0x7ff9038feead",
            "parentcaller": "0x7ff9038fed4a",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-03-05 10:25:14,727",
            "thread_id": "5300",
            "caller": "0x7ff9038feead",
            "parentcaller": "0x7ff9038fed4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904147000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-03-05 10:25:14,727",
            "thread_id": "5300",
            "caller": "0x7ff9038feead",
            "parentcaller": "0x7ff9038fed4a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9038ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-03-05 10:25:14,758",
            "thread_id": "5300",
            "caller": "0x7ff9038ff81e",
            "parentcaller": "0x7ff9038ff4fa",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904138000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4637
          },
          {
            "timestamp": "2026-03-05 10:25:14,758",
            "thread_id": "5300",
            "caller": "0x7ff9038ffd4a",
            "parentcaller": "0x7ff9038fead4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904148000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-03-05 10:25:14,774",
            "thread_id": "5300",
            "caller": "0x7ff9038ffd4a",
            "parentcaller": "0x7ff9038fead4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903900000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-03-05 10:25:14,774",
            "thread_id": "5300",
            "caller": "0x7ff9038ffd4a",
            "parentcaller": "0x7ff9038fead4",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967dfd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4640
          },
          {
            "timestamp": "2026-03-05 10:25:14,774",
            "thread_id": "5300",
            "caller": "0x7ff9038ffd4a",
            "parentcaller": "0x7ff9038fead4",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Probe"
              },
              {
                "name": "Type",
                "value": "100000011"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x19\\xf9\\x15[\\x8a\\xac\\xdc\\x01"
              },
              {
                "name": "BufferLength",
                "value": "9"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe"
              }
            ],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4644
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4645
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc000007c",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "9"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcdG\\xcd\\x7f"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xecg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc000007c",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "9"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0f\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xebg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4652
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x08\\x15\\xebG\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00e\\x00-\\x004\\x008\\x005\\x006\\x00-\\x008\\x009\\x008\\x002\\x00-\\x00c\\x003\\x00f\\x00a\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x00\\x00\\x00\\xff\\xff"
              }
            ],
            "repeated": 0,
            "id": 4656
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0u\\x17\\xebG\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc1\\x17\\xebG\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8q\\x17\\xebG\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xe0\\xd5\\x11\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe5g\\xc9\\x94\\x00\\x00\\x008\\xe5g\\xc9\\x94\\x00\\x00\\x00\\x08\\xe5g\\xc9\\x94\\x00\\x00\\x00(\\xe5g\\xc9"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0q\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe3g\\xc9\\x94\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xad\\x06/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x06/\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x00\\x15\\xebG\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x80\\x8f\\xa5\\x03\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xdb\\\\x00\\x90\\x03\\x00\\x00\\x00G\\x02\\x00\\x00\\x05\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@u\\x17\\xebG\\x02\\x00\\x00`\\x00\\x00\\x00\r\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xf9\\x7f\\x00\\x00@\\xbb\\x1f\\xebG\\x02\\x00\\x00\\x80\\xfe\\xff\\xe9G\\x02\\x00\\x00\\xc0\\x9a\\x19\\xebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xc5\\x17\\xebG\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4669
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8v\\x17\\xebG\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x00\\xd0\\x11\\xd1\\xc9N\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xe1g\\xc9\\x94\\x00\\x00\\x00\\x98\\xe1g\\xc9\\x94\\x00\\x00\\x00h\\xe1g\\xc9\\x94\\x00\\x00\\x00\\x88\\xe1g\\xc9"
              }
            ],
            "repeated": 0,
            "id": 4671
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0v\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xdfg\\xc9\\x94\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 4673
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4675
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4676
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-03-05 10:25:14,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Rpc\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-03-05 10:25:14,805",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "TrustRidDll"
              },
              {
                "name": "Data",
                "value": "logoncli.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\TrustRidDll"
              }
            ],
            "repeated": 0,
            "id": 4679
          },
          {
            "timestamp": "2026-03-05 10:25:14,805",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-03-05 10:25:14,821",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-03-05 10:25:14,930",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 4682
          },
          {
            "timestamp": "2026-03-05 10:25:14,930",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-03-05 10:25:14,946",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 4684
          },
          {
            "timestamp": "2026-03-05 10:25:14,961",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904149000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-03-05 10:25:14,961",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 4686
          },
          {
            "timestamp": "2026-03-05 10:25:15,008",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-03-05 10:25:15,008",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-03-05 10:25:15,008",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-03-05 10:25:15,008",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-03-05 10:25:15,024",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903901000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4691
          },
          {
            "timestamp": "2026-03-05 10:25:15,024",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4692
          },
          {
            "timestamp": "2026-03-05 10:25:15,024",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-03-05 10:25:15,024",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904139000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-03-05 10:25:15,024",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90414a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4695
          },
          {
            "timestamp": "2026-03-05 10:25:15,040",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90414b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-03-05 10:25:15,040",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90414c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-03-05 10:25:15,040",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90413a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-03-05 10:25:15,040",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 6,
            "id": 4699
          },
          {
            "timestamp": "2026-03-05 10:25:15,149",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903902000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-03-05 10:25:15,149",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-03-05 10:25:15,149",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90414d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-03-05 10:25:15,165",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-03-05 10:25:15,165",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-03-05 10:25:15,165",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 2,
            "id": 4705
          },
          {
            "timestamp": "2026-03-05 10:25:15,180",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-03-05 10:25:15,180",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90414e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-03-05 10:25:15,180",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90413b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-03-05 10:25:15,180",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90414f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-03-05 10:25:15,196",
            "thread_id": "372",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904150000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c98fa4b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4710
          },
          {
            "timestamp": "2026-03-05 10:25:15,196",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904150000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-03-05 10:25:15,274",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904151000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-03-05 10:25:15,274",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90413c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-03-05 10:25:15,274",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904152000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-03-05 10:25:15,274",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-03-05 10:25:15,274",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904153000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-03-05 10:25:15,274",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-03-05 10:25:15,305",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903903000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-03-05 10:25:15,321",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 4719
          },
          {
            "timestamp": "2026-03-05 10:25:15,321",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90413d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4720
          },
          {
            "timestamp": "2026-03-05 10:25:15,321",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-03-05 10:25:15,321",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904154000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4722
          },
          {
            "timestamp": "2026-03-05 10:25:15,336",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903904000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-03-05 10:25:15,336",
            "thread_id": "372",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-03-05 10:25:15,336",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 4725
          },
          {
            "timestamp": "2026-03-05 10:25:15,352",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904155000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-03-05 10:25:15,352",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 4,
            "id": 4727
          },
          {
            "timestamp": "2026-03-05 10:25:15,383",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-03-05 10:25:15,383",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\logoncli"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97c8e0000"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "logoncli.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c8e0000"
              }
            ],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97c8e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "logoncli.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "logoncli.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97c8e0000"
              },
              {
                "name": "FunctionName",
                "value": "I_RpcExtInitializeExtensionPoint"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97c8e7e20"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c920000"
              },
              {
                "name": "ModuleName",
                "value": "logoncli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4734
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97c920000"
              },
              {
                "name": "ModuleName",
                "value": "logoncli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-03-05 10:25:16,633",
            "thread_id": "5300",
            "caller": "0x7ff9038fbe71",
            "parentcaller": "0x7ff9038fbdfd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4737
          },
          {
            "timestamp": "2026-03-05 10:25:16,649",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-03-05 10:25:16,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xf0g\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x90E\\xc4\\xedG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xf0g\\xc9"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-03-05 10:25:16,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xeH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0cH\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffeb\\xffc4\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfff6\\x16\\xffebG\\x02\\x00\\x00xeH\\xffe6G\\x02\\x00\\x00PeH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0cH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PeH\\xffe6G\\x02\\x00\\x00\\xffd0cH\\xffe6G\\x02\\x00\\x00@\\xfff6\\x16\\xffebG\\x02\\x00\\x00p\t\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfff6\\x16\\xffebG\\x02\\x00\\x00\\xfff0\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\xfff0\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0cH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0cH\\xffe6G\\x02\\x00\\x00p\t\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffe5g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfff9\\x14\\xffebG\\x02\\x00\\x00PeH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4741
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 4743
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4746
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000560"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4752
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 4754
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 4756
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000560"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000554"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00G\\x02\\x00\\x00\\x00\\x00\\x00\\x00p\\x00P\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffa6D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe6g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00p!\\xfff4\\xffe9G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00+\\xffc5\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffff\\x16\\xffebG\\x02\\x00\\x00\\xffe8\\xffa6D\\xffe6G\\x02\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00p!\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00p!\\xfff4\\xffe9G\\x02\\x00\\x00@\\xffff\\x16\\xffebG\\x02\\x00\\x00 \t\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffff\\x16\\xffebG\\x02\\x00\\x00\\xffa0\\xfff8\\x14\\xffebG\\x02\\x00\\x00\\xffa0\\xfff8\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p!\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xfff8\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00p!\\xfff4\\xffe9G\\x02\\x00\\x00 \t\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe7g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xffc0\\xffa6D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4760
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000548"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90413e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904156000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-03-05 10:25:16,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904157000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4775
          },
          {
            "timestamp": "2026-03-05 10:25:16,680",
            "thread_id": "5300",
            "caller": "0x7ff903904ca8",
            "parentcaller": "0x7ff903904bb8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              },
              {
                "name": "ValueName",
                "value": "Probe"
              },
              {
                "name": "Data",
                "value": "\\x01\\x19\\xf9\\x15[\\x8a\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-03-05 10:25:16,680",
            "thread_id": "5300",
            "caller": "0x7ff903904daf",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904158000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-03-05 10:25:16,680",
            "thread_id": "5300",
            "caller": "0x7ff903904daf",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90413f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-03-05 10:25:16,696",
            "thread_id": "5300",
            "caller": "0x7ff903904daf",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904159000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-03-05 10:25:16,696",
            "thread_id": "5300",
            "caller": "0x7ff903904daf",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90415a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-03-05 10:25:16,711",
            "thread_id": "5300",
            "caller": "0x7ff903904daf",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903905000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-03-05 10:25:16,727",
            "thread_id": "5300",
            "caller": "0x7ff903904db8",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904160000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967afd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-03-05 10:25:16,727",
            "thread_id": "5300",
            "caller": "0x7ff903904db8",
            "parentcaller": "0x7ff9038f05ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904160000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90415b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\"\\x00\\x00\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xiH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffe5g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0\"\\xfff4\\xffe9G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff8b\\xffc5\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfffc\\x16\\xffebG\\x02\\x00\\x00xiH\\xffe6G\\x02\\x00\\x00PiH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0\"\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PiH\\xffe6G\\x02\\x00\\x00\\xfff0\"\\xfff4\\xffe9G\\x02\\x00\\x00\\xff80\\xfffc\\x16\\xffebG\\x02\\x00\\x00P\\x06\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfffc\\x16\\xffebG\\x02\\x00\\x000\\xfff1\\x14\\xffebG\\x02\\x00\\x000\\xfff1\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\"\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xfff1\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0\"\\xfff4\\xffe9G\\x02\\x00\\x00P\\x06\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffe6g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xfff8\\x14\\xffebG\\x02\\x00\\x00PiH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4787
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server"
              }
            ],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4791
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000548"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4795
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 4799
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel"
              },
              {
                "name": "DllBase",
                "value": "0x7ff969920000"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-03-05 10:25:16,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969920000"
              }
            ],
            "repeated": 0,
            "id": 4801
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff969920000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4803
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969920000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96992e310"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969920000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96992eed0"
              }
            ],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4806
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4807
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4811
          },
          {
            "timestamp": "2026-03-05 10:25:16,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4818
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateChange\\PackageList\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateChange\\PackageList\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xefg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00c\\x00r\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00e\\x00_\\x001\\x00.\\x002\\x005\\x000\\x007\\x002\\x00.\\x007\\x009\\x00.\\x000\\x00_\\x00x\\x006\\x004\\x00_\\x00_\\x00"
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4822
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4824
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "PackageStatus"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\PackageStatus"
              }
            ],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 4829
          },
          {
            "timestamp": "2026-03-05 10:25:16,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90415c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-03-05 10:25:17,352",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4831
          },
          {
            "timestamp": "2026-03-05 10:25:17,477",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 4,
            "id": 4832
          },
          {
            "timestamp": "2026-03-05 10:25:17,493",
            "thread_id": "372",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903907000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-03-05 10:25:17,493",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 3,
            "id": 4834
          },
          {
            "timestamp": "2026-03-05 10:25:17,508",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-03-05 10:25:17,508",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90415d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe12000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904161000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xefg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x96\\xff\\xef.3\\xc2\\x00\\x00p\\x11rc\\xf9\\x7f\\x00\\x00\\x10\\xf0g\\xc9\\x94\\x00\\x00\\x00\\x17r\\x90\\x03\\xf9\\x7f\\x00\\x00\\x90E\\xc4\\xed"
              }
            ],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xfff8hH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0iH\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00k\\xffc7\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00 9\\xfffe\\xffe9G\\x02\\x00\\x00\\xfff8hH\\xffe6G\\x02\\x00\\x00\\xffd0hH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0iH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0hH\\xffe6G\\x02\\x00\\x00\\xffd0iH\\xffe6G\\x02\\x00\\x00 9\\xfffe\\xffe9G\\x02\\x00\\x00p\t\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00 9\\xfffe\\xffe9G\\x02\\x00\\x00 \\xfff5\\x14\\xffebG\\x02\\x00\\x00 \\xfff5\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0iH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfff5\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0iH\\xffe6G\\x02\\x00\\x00p\t\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe5g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xfff1\\x14\\xffebG\\x02\\x00\\x00\\xffd0hH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000544"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-03-05 10:25:19,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb151000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FlightsDataStore"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore"
              }
            ],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FlightsDataStore"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90415e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000564"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00^\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00E\\x00x\\x00p\\x00.\\x00W\\x00i\\x00n\\x00R\\x00T\\x00.\\x00R\\x00e\\x00m\\x00o\\x00t\\x00e\\x00C\\x00o\\x00n\\x00f\\x00i\\x00g\\x00u\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00I\\x00n\\x00s\\x00t\\x00a\\x00n\\x00c\\x00e\\x00\\x00\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe8\\xffa8D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffe9\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00H\\xffe4g\\xffc9\\xff94\\x00\\x00\\x000\\xffd7\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\xfff4\\xfffc\\x01\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe8\\x16\\xffebG\\x02\\x00\\x00\\xff90\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xfff4\\xfffc\\x01\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffd0\\xffe8\\x16\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff80\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff90\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xffe0\\x0c\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffa1\\xffe6g\\xffc9\\xff94\\x00\\x00\\x00\\xffd0\\xffe8\\x16\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa1D\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xfffc\\x0c\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Server"
              }
            ],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000568"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Private"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000056c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000570"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4884
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc7\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4889
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 4891
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 4892
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 4893
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000056c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 4898
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000570"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4903
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xcb\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4904
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 4917
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4920
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000564"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance"
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-03-05 10:25:19,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00^\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00E\\x00x\\x00p\\x00.\\x00W\\x00i\\x00n\\x00R\\x00T\\x00.\\x00R\\x00e\\x00m\\x00o\\x00t\\x00e\\x00C\\x00o\\x00n\\x00f\\x00i\\x00g\\x00u\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00I\\x00n\\x00s\\x00t\\x00a\\x00n\\x00c\\x00e\\x00\\x00\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff8jH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd7\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x08\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00\\xfff0\\xffd2\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\xfff4\\xfffc\\x01\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe8\\x16\\xffebG\\x02\\x00\\x00P\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xfff4\\xfffc\\x01\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffd0\\xffe8\\x16\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00@\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00P\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00p\\x13\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00a\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xffd0\\xffe8\\x16\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PjH\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xff8c\\x13\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Server"
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Threading"
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000568"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Private"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000056c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000570"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 4934
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x7fK\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00i\\x00n\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4940
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 4947
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x0000056c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000570"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80}K\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00x\\x00p\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000056c"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 4963
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-03-05 10:25:19,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 4971
          },
          {
            "timestamp": "2026-03-05 10:25:19,586",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-03-05 10:25:19,696",
            "thread_id": "372",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-03-05 10:25:19,696",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-03-05 10:25:19,696",
            "thread_id": "372",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9633b76aa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-03-05 10:25:20,680",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8058000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-03-05 10:25:20,680",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e8074000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-03-05 10:25:20,680",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e806d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4978
          },
          {
            "timestamp": "2026-03-05 10:25:23,743",
            "thread_id": "372",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-03-05 10:25:23,743",
            "thread_id": "372",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4980
          },
          {
            "timestamp": "2026-03-05 10:25:23,899",
            "thread_id": "372",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-03-05 10:25:23,899",
            "thread_id": "372",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96346ed5c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-03-05 10:25:23,899",
            "thread_id": "372",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96343d686",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-03-05 10:25:23,899",
            "thread_id": "372",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff96343d686",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-03-05 10:25:23,915",
            "thread_id": "372",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "372"
              }
            ],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-03-05 10:25:23,915",
            "thread_id": "372",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc74ed",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 4986
          },
          {
            "timestamp": "2026-03-05 10:25:25,508",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\VCRUNTIME140"
              },
              {
                "name": "DllBase",
                "value": "0x7ff974db0000"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-03-05 10:25:26,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\VCRUNTIME140_1"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a450000"
              }
            ],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-03-05 10:25:26,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\MSVCP140"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9630e0000"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-03-05 10:25:27,336",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.WinRT"
              },
              {
                "name": "DllBase",
                "value": "0x7ff964560000"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-03-05 10:25:27,915",
            "thread_id": "5448",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-03-05 10:25:27,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-03-05 10:25:27,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 4993
          },
          {
            "timestamp": "2026-03-05 10:25:27,946",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-03-05 10:25:27,946",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964560000"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff964560000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964560000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964560000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964562120"
              }
            ],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.Exp.WinRT.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964560000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9645620f0"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000584"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff96343a310"
              },
              {
                "name": "Parameter",
                "value": "0x247e6456860"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5576"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              },
              {
                "name": "Module",
                "value": "coreclr.dll"
              }
            ],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000584",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff96343a310"
              },
              {
                "name": "Parameter",
                "value": "0x247e6456860"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010004"
              },
              {
                "name": "ThreadId",
                "value": "5576"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-03-05 10:25:30,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "threading",
            "api": "SetThreadDescription",
            "status": true,
            "return": "0x10000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000584"
              },
              {
                "name": "ThreadDescription",
                "value": ".NET Tiered Compilation Worker"
              }
            ],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-03-05 10:25:30,665",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000584"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5576"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-03-05 10:25:30,665",
            "thread_id": "372",
            "caller": "0x7ff97d6b53dc",
            "parentcaller": "0x7ff97a45357e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d6f9900"
              }
            ],
            "repeated": 2,
            "id": 5005
          },
          {
            "timestamp": "2026-03-05 10:25:30,680",
            "thread_id": "372",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Data.Json.JsonObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject"
              }
            ],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffe8\\xfffeY3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x008\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00.\\x00J\\x00s\\x00o\\x00n\\x00.\\x00J\\x00s\\x00o\\x00n\\x00O\\x00b\\x00j\\x00e\\x00c\\x00t\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdbq\\xff9dd\\x06\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xVH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff90u\\x17\\xffebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff9b\\xffc4\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfffe\\x16\\xffebG\\x02\\x00\\x00xVH\\xffe6G\\x02\\x00\\x00PVH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff90u\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PVH\\xffe6G\\x02\\x00\\x00\\xff90u\\x17\\xffebG\\x02\\x00\\x00@\\xfffe\\x16\\xffebG\\x02\\x00\\x00\\xffe0\\x11\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfffe\\x16\\xffebG\\x02\\x00\\x00\\xffb0\\xfff4\\x14\\xffebG\\x02\\x00\\x00\\xffb0\\xfff4\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90u\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xfff4\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff90u\\x17\\xffebG\\x02\\x00\\x00\\xffe0\\x11\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe5g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6\\x14\\xffebG\\x02\\x00\\x00PVH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server"
              }
            ],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000058c"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5576",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 5022
          },
          {
            "timestamp": "2026-03-05 10:25:30,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\iertutil"
              },
              {
                "name": "DllBase",
                "value": "0x7ff970920000"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-03-05 10:25:31,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.Web"
              },
              {
                "name": "DllBase",
                "value": "0x7ff964e00000"
              }
            ],
            "repeated": 0,
            "id": 5024
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964e00000"
              }
            ],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff964e00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.Web.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964e00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964e5eab0"
              }
            ],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964e00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964e0d670"
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff964e00000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff964e0dbe0"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff964eb6000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.Web.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90415f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ucrtbase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5035
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ucrtbase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ucrtbase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ucrtbase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5038
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d5b0000"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97d5b0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff9039078a9",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "calloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5bdce0"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff90390790c",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904162000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff90390790c",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904170000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a6c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5043
          },
          {
            "timestamp": "2026-03-05 10:25:31,821",
            "thread_id": "5300",
            "caller": "0x7ff90390790c",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904170000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-03-05 10:25:31,836",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ffc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-03-05 10:25:31,836",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e650d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-03-05 10:25:31,836",
            "thread_id": "5576",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-03-05 10:25:31,836",
            "thread_id": "5576",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff96343a310"
              },
              {
                "name": "Parameter",
                "value": "0x247e6456860"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-03-05 10:25:31,836",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-03-05 10:25:31,868",
            "thread_id": "5300",
            "caller": "0x7ff903907a4c",
            "parentcaller": "0x7ff90390790c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903908000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-03-05 10:25:31,868",
            "thread_id": "5300",
            "caller": "0x7ff9038fb61a",
            "parentcaller": "0x7ff9038f9f88",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb190000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5051
          },
          {
            "timestamp": "2026-03-05 10:25:32,040",
            "thread_id": "5300",
            "caller": "0x7ff903907dd5",
            "parentcaller": "0x7ff903907a4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cfd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-03-05 10:25:32,040",
            "thread_id": "5300",
            "caller": "0x7ff903907dd5",
            "parentcaller": "0x7ff903907a4c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-03-05 10:25:32,649",
            "thread_id": "5300",
            "caller": "0x7ff903908429",
            "parentcaller": "0x7ff903907b9d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904171000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "5300",
            "caller": "0x7ff9039084c1",
            "parentcaller": "0x7ff903907b9d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904172000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "5300",
            "caller": "0x7ff9039084c1",
            "parentcaller": "0x7ff903907b9d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904163000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "5300",
            "caller": "0x7ff9038ed8bc",
            "parentcaller": "0x7ff9038ed74f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904173000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-03-05 10:25:33,977",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-03-05 10:25:34,180",
            "thread_id": "5300",
            "caller": "0x7ff903908efa",
            "parentcaller": "0x7ff903908e73",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903909000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-03-05 10:25:34,180",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-03-05 10:25:34,180",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-03-05 10:25:34,180",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 1,
            "id": 5062
          },
          {
            "timestamp": "2026-03-05 10:25:35,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904174000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-03-05 10:25:35,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904164000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-03-05 10:25:35,461",
            "thread_id": "5300",
            "caller": "0x7ff9038e579f",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc51000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-03-05 10:25:35,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904175000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-03-05 10:25:35,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904176000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-03-05 10:25:35,477",
            "thread_id": "5300",
            "caller": "0x7ff90390960c",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904177000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-03-05 10:25:35,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-03-05 10:25:35,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-03-05 10:25:35,555",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-03-05 10:25:35,571",
            "thread_id": "5300",
            "caller": "0x7ff903909950",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904165000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5072
          },
          {
            "timestamp": "2026-03-05 10:25:35,586",
            "thread_id": "5300",
            "caller": "0x7ff9039099ac",
            "parentcaller": "0x7ff903909950",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28881020000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5073
          },
          {
            "timestamp": "2026-03-05 10:25:35,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904178000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5074
          },
          {
            "timestamp": "2026-03-05 10:25:35,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Contracts.Exp.RemoteConfiguration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration"
              }
            ],
            "repeated": 0,
            "id": 5075
          },
          {
            "timestamp": "2026-03-05 10:25:35,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-03-05 10:25:35,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5077
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000594"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Contracts.Exp.RemoteConfiguration"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration"
              }
            ],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00V\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00C\\x00o\\x00n\\x00t\\x00r\\x00a\\x00c\\x00t\\x00s\\x00.\\x00E\\x00x\\x00p\\x00.\\x00R\\x00e\\x00m\\x00o\\x00t\\x00e\\x00C\\x00o\\x00n\\x00f\\x00i\\x00g\\x00u\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff8hH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe8\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffa8\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00P\\xffd7\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\x1c\\x00\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xff90\\xfffc\\x16\\xffebG\\x02\\x00\\x00\\xfff0\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\x1c\\x00\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff90\\xfffc\\x16\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffe0\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xfff0\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00P\\x10\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\xffe7g\\xffc9\\xff94\\x00\\x00\\x00\\xff90\\xfffc\\x16\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PVH\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00l\\x10\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Server"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-03-05 10:25:35,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Private"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5091
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5092
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`vK\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5100
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5110
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`vK\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5114
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5116
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-03-05 10:25:36,133",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 5127
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Contracts.Exp.RemoteConfiguration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration"
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5129
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000594"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.Contracts.Exp.RemoteConfiguration"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration"
              }
            ],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00V\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00C\\x00o\\x00n\\x00t\\x00r\\x00a\\x00c\\x00t\\x00s\\x00.\\x00E\\x00x\\x00p\\x00.\\x00R\\x00e\\x00m\\x00o\\x00t\\x00e\\x00C\\x00o\\x00n\\x00f\\x00i\\x00g\\x00u\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00Pb\\xffce\\\\xfff9\\x7f\\x00\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffd7\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00h\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00\\x10\\xffd5\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\x1c\\x00\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xff90\\xfffc\\x16\\xffebG\\x02\\x00\\x00\\xffb0\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\x1c\\x00\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff90\\xfffc\\x16\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffa0\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb0\\xffe2g\\xffc9\\xff94\\x00\\x00\\x00P\\x0b\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffc1\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff90\\xfffc\\x16\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PVH\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00l\\x0b\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5134
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Server"
              }
            ],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Private"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5146
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-03-05 10:25:36,149",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x7fK\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00H\\x00o\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-03-05 10:25:36,227",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-03-05 10:25:36,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-03-05 10:25:36,243",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5154
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5156
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-03-05 10:25:36,649",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 5161
          },
          {
            "timestamp": "2026-03-05 10:25:36,743",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5162
          },
          {
            "timestamp": "2026-03-05 10:25:36,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-03-05 10:25:36,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-03-05 10:25:36,758",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-03-05 10:25:36,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-03-05 10:25:36,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-03-05 10:25:36,774",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-03-05 10:25:36,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-03-05 10:25:36,774",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-03-05 10:25:36,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x7fK\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00i\\x00n\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-03-05 10:25:36,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-03-05 10:25:36,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff9633e2857",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5179
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5576",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904179000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5182
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-03-05 10:25:37,227",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Exp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97aaa0000"
              }
            ],
            "repeated": 0,
            "id": 5188
          },
          {
            "timestamp": "2026-03-05 10:25:37,290",
            "thread_id": "5576",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90390a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-03-05 10:25:37,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97aaa0000"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-03-05 10:25:37,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97aaa0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-03-05 10:25:37,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97aaa0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5192
          },
          {
            "timestamp": "2026-03-05 10:25:37,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97aaa0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97aaa1c60"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-03-05 10:25:37,290",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.Contracts.Exp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97aaa0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97aaa1c30"
              }
            ],
            "repeated": 0,
            "id": 5194
          },
          {
            "timestamp": "2026-03-05 10:25:37,821",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-03-05 10:25:37,836",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90417a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5196
          },
          {
            "timestamp": "2026-03-05 10:25:37,836",
            "thread_id": "5300",
            "caller": "0x7ff90390a7cb",
            "parentcaller": "0x7ff9038ede59",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetObjectContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f552910"
              }
            ],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-03-05 10:25:37,836",
            "thread_id": "5300",
            "caller": "0x7ff90390a940",
            "parentcaller": "0x7ff9038ede63",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetContextToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f521880"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-03-05 10:25:37,836",
            "thread_id": "5300",
            "caller": "0x7ff90390ab1e",
            "parentcaller": "0x7ff903907217",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90417b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-03-05 10:25:37,836",
            "thread_id": "5300",
            "caller": "0x7ff90390ab1e",
            "parentcaller": "0x7ff903907217",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904166000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-03-05 10:25:38,133",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-03-05 10:25:38,133",
            "thread_id": "5300",
            "caller": "0x7ff90390ab1e",
            "parentcaller": "0x7ff903907217",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90417c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-03-05 10:25:38,446",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5203
          },
          {
            "timestamp": "2026-03-05 10:25:38,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90390b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5204
          },
          {
            "timestamp": "2026-03-05 10:25:38,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Devices.DeviceDataStore"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore"
              }
            ],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-03-05 10:25:38,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-03-05 10:25:38,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-03-05 10:25:38,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-03-05 10:25:38,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 5209
          },
          {
            "timestamp": "2026-03-05 10:25:38,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000594"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Devices.DeviceDataStore"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-03-05 10:25:38,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00^\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00A\\x00p\\x00p\\x00C\\x00o\\x00r\\x00e\\x00.\\x00W\\x00i\\x00n\\x00R\\x00T\\x00.\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00.\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00D\\x00a\\x00t\\x00a\\x00S\\x00t\\x00o\\x00r\\x00e\\x00\\x00\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00xfH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffe8\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffd8\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff80\\xffd7\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00\\xff84\\x01\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00P\\xfffd\\x16\\xffebG\\x02\\x00\\x00 \\xffe5g\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xff84\\x01\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00P\\xfffd\\x16\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x10\\xffe5g\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00 \\xffe5g\\xffc9\\xff94\\x00\\x00\\x00\\xffa0\\x0b\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x001\\xffe7g\\xffc9\\xff94\\x00\\x00\\x00P\\xfffd\\x16\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PVH\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xffbc\\x0b\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5211
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5212
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Server"
              }
            ],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5214
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Private"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc6\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5225
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5232
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5236
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc7\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x007\\x00f\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Devices.DeviceDataStore"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5260
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5263
          },
          {
            "timestamp": "2026-03-05 10:25:38,477",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-03-05 10:25:39,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WTSAPI32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a420000"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-03-05 10:25:39,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5266
          },
          {
            "timestamp": "2026-03-05 10:25:39,446",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-03-05 10:25:39,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\icuuc"
              },
              {
                "name": "DllBase",
                "value": "0x2887fcc0000"
              }
            ],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-03-05 10:25:39,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.WinRT"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95dae0000"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95dae0000"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95dae0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95dae0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95dae0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95dae22a0"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff90390afd4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff95dae0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff95dae2270"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90417d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.ApplicationData"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData"
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00>\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00D\\x00a\\x00t\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00-\tS\\xffca\\x04\\x00\\x00\\x00:\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xmH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffb0&\\xfff4\\xffe9G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00{\\xffc7\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x04\\x17\\xffebG\\x02\\x00\\x00xmH\\xffe6G\\x02\\x00\\x00PmH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffb0&\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PmH\\xffe6G\\x02\\x00\\x00\\xffb0&\\xfff4\\xffe9G\\x02\\x00\\x00\\xffc0\\x04\\x17\\xffebG\\x02\\x00\\x00\\xffc0\\x0e\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x04\\x17\\xffebG\\x02\\x00\\x00 \\xfff5\\x14\\xffebG\\x02\\x00\\x00 \\xfff5\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0&\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfff5\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffb0&\\xfff4\\xffe9G\\x02\\x00\\x00\\xffc0\\x0e\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe5g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xfff9\\x14\\xffebG\\x02\\x00\\x00PmH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server"
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 5290
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xedg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x96\\xff\\xef.3\\xc2\\x00\\x00 \\x08rc\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xjH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe2g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00+\\xfff9\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x03\\x17\\xffebG\\x02\\x00\\x00xjH\\xffe6G\\x02\\x00\\x00PjH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PjH\\xffe6G\\x02\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00\\xffc0\\x03\\x17\\xffebG\\x02\\x00\\x00\\xffc0nM\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x03\\x17\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00\\xffc0nM\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe3g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xfff7\\x14\\xffebG\\x02\\x00\\x00PjH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5298
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005b4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e650e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "FlightsDataStore"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FlightsDataStore"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xeeg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x0c\\xde4\\x02"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5319
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Devices"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices"
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Devices"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5323
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5324
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-03-05 10:25:39,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              }
            ],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-03-05 10:25:39,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 5327
          },
          {
            "timestamp": "2026-03-05 10:25:39,680",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-03-05 10:25:39,680",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005b4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xoH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe4g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00p]M\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00k\\xffc7\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x05\\x17\\xffebG\\x02\\x00\\x00xoH\\xffe6G\\x02\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00p]M\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00p]M\\xffe6G\\x02\\x00\\x00\\xff80\\x05\\x17\\xffebG\\x02\\x00\\x00 \\x04\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x05\\x17\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p]M\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00p]M\\xffe6G\\x02\\x00\\x00 \\x04\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe5g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff2\\x14\\xffebG\\x02\\x00\\x00PoH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005bc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5341
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5345
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Type",
                "value": "100000009"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x10@\\xe9\\xbalj\\x8a\\xac\\xdc\\x01"
              },
              {
                "name": "BufferLength",
                "value": "16"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Version"
              }
            ],
            "repeated": 0,
            "id": 5346
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xeeg\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a0\\xc4\\\\xf9\\x7f\\x00\\x00\\x0c\\xde4\\x02"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005b4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              },
              {
                "name": "ValueName",
                "value": "DefaultRemoteDevice"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\DefaultRemoteDevice"
              }
            ],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 5355
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-03-05 10:25:40,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "IdMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\IdMap"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5358
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "IdMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\IdMap"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5361
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Deleted"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5363
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Deleted"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005bc"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted\\"
              }
            ],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "Deleted"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted"
              }
            ],
            "repeated": 0,
            "id": 5369
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "IdMap"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\IdMap"
              }
            ],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-03-05 10:25:40,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b8"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Deleted"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted"
              }
            ],
            "repeated": 0,
            "id": 5373
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "IdMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\IdMap"
              }
            ],
            "repeated": 0,
            "id": 5375
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005b8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000528"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5378
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "DefaultRemoteDevice"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\DefaultRemoteDevice"
              }
            ],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b1fd",
            "parentcaller": "0x7ff9038f5fde",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904167000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90417e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90417f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe59000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904180000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cb90"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904180000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5386
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904181000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904182000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904168000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904183000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-03-05 10:25:40,555",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904190000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c8d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-03-05 10:25:41,665",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-03-05 10:25:41,711",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904190000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-03-05 10:25:41,711",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904194000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-03-05 10:25:41,711",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c970"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-03-05 10:25:41,711",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-03-05 10:25:41,711",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904184000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-03-05 10:25:42,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904185000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-03-05 10:25:42,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f5fde",
            "parentcaller": "0x7ff9038f5f4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904169000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-03-05 10:25:42,774",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-03-05 10:25:42,774",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing"
              },
              {
                "name": "DllBase",
                "value": "0x2887fcd0000"
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-03-05 10:25:42,774",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fcd0000"
              }
            ],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x2887fcd0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90416a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-03-05 10:25:42,805",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97aa90000"
              }
            ],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-03-05 10:25:42,868",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97aa90000"
              }
            ],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-03-05 10:25:42,868",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97aa90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-03-05 10:25:43,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904186000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-03-05 10:25:43,008",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5413
          },
          {
            "timestamp": "2026-03-05 10:25:43,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90416c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-03-05 10:25:43,024",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5415
          },
          {
            "timestamp": "2026-03-05 10:25:43,040",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard"
              },
              {
                "name": "DllBase",
                "value": "0x2887fd40000"
              }
            ],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-03-05 10:25:43,040",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd40000"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-03-05 10:25:43,040",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x2887fd40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5418
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90416d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90416e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9679d40"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5426
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5435
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5436
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5437
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5444
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5446
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5449
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9679cd0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5453
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5456
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fea5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-03-05 10:25:43,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904187000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-03-05 10:25:43,899",
            "thread_id": "5576",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90390c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5461
          },
          {
            "timestamp": "2026-03-05 10:25:43,899",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5462
          },
          {
            "timestamp": "2026-03-05 10:25:43,915",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904188000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5463
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904189000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90418a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90418b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff9039033de",
            "parentcaller": "0x7ff9039037eb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90418c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90418d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90418e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90418f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ca00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-03-05 10:25:44,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-03-05 10:25:44,336",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5480
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5484
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-03-05 10:25:44,993",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90390d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-03-05 10:25:44,993",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ccf0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cd60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f10000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00010000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9700000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5495
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fe31000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fe31000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-03-05 10:25:45,008",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7f10000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00010000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-03-05 10:25:45,165",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9700000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-03-05 10:25:45,180",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-03-05 10:25:45,180",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-03-05 10:25:45,180",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a690"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-03-05 10:25:45,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-03-05 10:25:45,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-03-05 10:25:45,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-03-05 10:25:45,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5507
          },
          {
            "timestamp": "2026-03-05 10:25:45,227",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-03-05 10:25:45,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5509
          },
          {
            "timestamp": "2026-03-05 10:25:46,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-03-05 10:25:46,102",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5511
          },
          {
            "timestamp": "2026-03-05 10:25:46,399",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-03-05 10:25:46,399",
            "thread_id": "5576",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d714692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c997eea0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-03-05 10:25:46,415",
            "thread_id": "5576",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-03-05 10:25:46,415",
            "thread_id": "5576",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6f4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-03-05 10:25:46,415",
            "thread_id": "5576",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c997ef40"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-03-05 10:25:46,415",
            "thread_id": "5576",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341e0e2",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-03-05 10:25:46,508",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-03-05 10:25:46,508",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-03-05 10:25:46,524",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-03-05 10:25:46,524",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-03-05 10:25:46,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904200000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cd70"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-03-05 10:25:46,540",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5523
          },
          {
            "timestamp": "2026-03-05 10:25:46,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-03-05 10:25:46,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904201000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-03-05 10:25:46,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5526
          },
          {
            "timestamp": "2026-03-05 10:25:46,540",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-03-05 10:25:46,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904202000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-03-05 10:25:46,555",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904203000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5529
          },
          {
            "timestamp": "2026-03-05 10:25:47,024",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-03-05 10:25:47,024",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904204000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-03-05 10:25:47,024",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-03-05 10:25:47,024",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904205000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-03-05 10:25:47,040",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5534
          },
          {
            "timestamp": "2026-03-05 10:25:47,040",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5535
          },
          {
            "timestamp": "2026-03-05 10:25:47,040",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904206000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-03-05 10:25:47,055",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904207000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-03-05 10:25:47,055",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904208000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967da00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f320000"
              },
              {
                "name": "FunctionName",
                "value": "EnumerateTraceGuidsEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f337d60"
              }
            ],
            "repeated": 0,
            "id": 5541
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb84890"
              }
            ],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904209000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90420a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90420b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90420c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5547
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-03-05 10:25:47,133",
            "thread_id": "5300",
            "caller": "0x7ff90390d1b5",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90420d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-03-05 10:25:47,665",
            "thread_id": "5300",
            "caller": "0x7ff90390d1b5",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904198000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-03-05 10:25:47,665",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-03-05 10:25:47,665",
            "thread_id": "5300",
            "caller": "0x7ff90390d1b5",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90419c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-03-05 10:25:47,680",
            "thread_id": "5300",
            "caller": "0x7ff90390d1b5",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a4b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5553
          },
          {
            "timestamp": "2026-03-05 10:25:47,680",
            "thread_id": "5300",
            "caller": "0x7ff90390d1b5",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-03-05 10:25:47,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90420e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-03-05 10:25:47,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f320000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f336010"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-03-05 10:25:47,821",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Winevt\\Publishers\\{b890aaa3-4228-5767-2a99-3d9293a5c3f0}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Winevt\\Publishers\\{b890aaa3-4228-5767-2a99-3d9293a5c3f0}"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-03-05 10:25:47,821",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-03-05 10:25:47,821",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Winevt\\Publishers\\{b890aaa3-4228-5767-2a99-3d9293a5c3f0}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Winevt\\Publishers\\{b890aaa3-4228-5767-2a99-3d9293a5c3f0}"
              }
            ],
            "repeated": 2,
            "id": 5559
          },
          {
            "timestamp": "2026-03-05 10:25:47,852",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90420f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904210000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c9d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904210000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5562
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967cb60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5565
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904211000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904212000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904213000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904214000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904215000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5571
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904216000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904217000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904218000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904219000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5577
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90421a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90421b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90421c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90421d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9041ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5583
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90421e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90421f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904220000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bb10"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-03-05 10:25:48,227",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904220000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-03-05 10:25:49,086",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-03-05 10:25:49,086",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904230000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ceb0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5589
          },
          {
            "timestamp": "2026-03-05 10:25:49,086",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904230000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5590
          },
          {
            "timestamp": "2026-03-05 10:25:49,086",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904221000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904222000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904223000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904231000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904224000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5595
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904232000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904225000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904226000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904227000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904233000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904228000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5601
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904229000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904234000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90422a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90422b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904235000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90422c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5607
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90422d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90422e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904236000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5610
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90422f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904240000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bb90"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5613
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904240000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904237000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904241000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904242000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904238000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904243000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5619
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904244000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904239000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-03-05 10:25:49,102",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904245000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-03-05 10:25:49,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904246000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-03-05 10:25:49,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-03-05 10:25:49,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95d920000"
              }
            ],
            "repeated": 0,
            "id": 5625
          },
          {
            "timestamp": "2026-03-05 10:25:49,133",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95d920000"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-03-05 10:25:49,305",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95d920000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-03-05 10:25:49,321",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904250000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d070"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-03-05 10:25:49,321",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904250000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-03-05 10:25:49,321",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904247000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5630
          },
          {
            "timestamp": "2026-03-05 10:25:49,321",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904248000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-03-05 10:25:49,321",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904260000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bc10"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904249000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90424a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90424b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904261000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90424c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90424d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904262000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5640
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90424e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90424f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904270000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904263000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-03-05 10:25:50,399",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904271000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5648
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dde0000"
              }
            ],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97dde0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97dde0000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateGuid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4d39a0"
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              }
            ],
            "repeated": 0,
            "id": 5655
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 5659
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000478"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              }
            ],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00`\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00A\\x00p\\x00p\\x00C\\x00o\\x00r\\x00e\\x00.\\x00W\\x00i\\x00n\\x00R\\x00T\\x00.\\x00U\\x00t\\x00i\\x00l\\x00i\\x00t\\x00i\\x00e\\x00s\\x00.\\x00T\\x00e\\x00l\\x00e\\x00m\\x00e\\x00t\\x00r\\x00y\\x00U\\x00t\\x00i\\x00l\\x00s\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd4\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x18\\xffe1g\\xffc9\\xff94\\x00\\x00\\x00\\xffc0\\xffd3\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00tO\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00PU\\x1a\\xffebG\\x02\\x00\\x00`\\xffe1g\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00tO\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00PU\\x1a\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00P\\xffe1g\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00`\\xffe1g\\xffc9\\xff94\\x00\\x00\\x00@\\x16\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00q\\xffe3g\\xffc9\\xff94\\x00\\x00\\x00PU\\x1a\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P`H\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\\\x16\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5661
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Server"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5664
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Private"
              }
            ],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5670
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0~K\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00R\\x00a\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5676
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-03-05 10:25:50,446",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-03-05 10:25:50,461",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-03-05 10:25:50,493",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0~K\\xe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5697
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5705
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002b0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000478"
              },
              {
                "name": "ObjectAttributesName",
                "value": "YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils"
              }
            ],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "KeyInformation",
                "value": "b;'E\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00`\\x00\\x00\\x00Y\\x00o\\x00u\\x00r\\x00P\\x00h\\x00o\\x00n\\x00e\\x00.\\x00A\\x00p\\x00p\\x00C\\x00o\\x00r\\x00e\\x00.\\x00W\\x00i\\x00n\\x00R\\x00T\\x00.\\x00U\\x00t\\x00i\\x00l\\x00i\\x00t\\x00i\\x00e\\x00s\\x00.\\x00T\\x00e\\x00l\\x00e\\x00m\\x00e\\x00t\\x00r\\x00y\\x00U\\x00t\\x00i\\x00l\\x00s\\x00xp\\xff8f\\x03\\xfff9\\x7f\\x00\\x00\\xffc9\n\\xffa0\\\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xffa4D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd2\\x11\\xffd1\\xffc9N\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffd8\\xffdeg\\xffc9\\xff94\\x00\\x00\\x00\\xff80\\xffd1\\x11\\xffd1\\xffc9N\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x07\\xff80\\x00\\x00\\x00\\x00tO\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x10R\\x1a\\xffebG\\x02\\x00\\x00 \\xffdfg\\xffc9\\xff94\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00tO\\x02\\xff81\\xff88\\x02\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x10R\\x1a\\xffebG\\x02\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00G\\x02\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x10\\xffdfg\\xffc9\\xff94\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00 \\xffdfg\\xffc9\\xff94\\x00\\x00\\x00\\xff90\\x16\\x15\\xffebG\\x02\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x001\\xffe1g\\xffc9\\xff94\\x00\\x00\\x00\\x10R\\x1a\\xffebG\\x02\\x00\\x00'uL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffa1D\\xffe6G\\x02\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xffac\\x16\\x15\\xffebG\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Server"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "YourPhone.AppCore.WinRT.dll"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "IsPackageRelativePath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\IsPackageRelativePath"
              }
            ],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000598"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "Private"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Private"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5724
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5727
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc8\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              },
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Metadata"
              },
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata"
              }
            ],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "14e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\14e"
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc7\\x17\\xebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000\\2"
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e"
              }
            ],
            "repeated": 0,
            "id": 5751
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005d4"
              },
              {
                "name": "SubKey",
                "value": "Package\\Data\\14e"
              },
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "InstalledLocation"
              },
              {
                "name": "Data",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "MutableLink"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002bc"
              },
              {
                "name": "KeyInformation",
                "value": "/\\x15^M\\xff8a\\xffac\\xffdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.ApplicationData"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData"
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffbbLh3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00>\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00D\\x00a\\x00t\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffdfg\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0{\\x17\\xffebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff9b\\xfffb\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00R\\x1a\\xffebG\\x02\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0{\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00\\xfff0{\\x17\\xffebG\\x02\\x00\\x00\\x00R\\x1a\\xffebG\\x02\\x00\\x00\\xffe0\\x16\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00R\\x1a\\xffebG\\x02\\x00\\x00\\xffc0\\xfff7\\x14\\xffebG\\x02\\x00\\x00\\xffc0\\xfff7\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0{\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xfff7\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0{\\x17\\xffebG\\x02\\x00\\x00\\xffe0\\x16\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe0g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfff7\\x14\\xffebG\\x02\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server"
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-03-05 10:25:59,196",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xe8g\\xc9\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x94\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xc9Ib\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00WdBc\\xf9\\x7f\\x00\\x00\\xe0\\x1cO\\xe6"
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffa4D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffddg\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00P`H\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00K\\xfffc\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00Q\\x1a\\xffebG\\x02\\x00\\x00h\\xffa4D\\xffe6G\\x02\\x00\\x00@\\xffa4D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P`H\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa4D\\xffe6G\\x02\\x00\\x00P`H\\xffe6G\\x02\\x00\\x00\\x00Q\\x1a\\xffebG\\x02\\x00\\x000\r\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00Q\\x1a\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P`H\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00P`H\\xffe6G\\x02\\x00\\x000\r\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffdeg\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xff88\\xffff\\xffe9G\\x02\\x00\\x00@\\xffa4D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5779
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000478"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5789
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalState"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000478"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ExpOverrides"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000478"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ExpOverrides"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5798
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5799
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-03-05 10:25:59,211",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-03-05 10:26:00,290",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-03-05 10:26:00,290",
            "thread_id": "1808",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1808"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-03-05 10:26:00,290",
            "thread_id": "1808",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-03-05 10:26:00,290",
            "thread_id": "5448",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-03-05 10:26:00,290",
            "thread_id": "5448",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-03-05 10:26:02,430",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5807
          },
          {
            "timestamp": "2026-03-05 10:26:02,430",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-03-05 10:26:02,430",
            "thread_id": "6864",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5809
          },
          {
            "timestamp": "2026-03-05 10:26:08,946",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5810
          },
          {
            "timestamp": "2026-03-05 10:26:08,946",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5811
          },
          {
            "timestamp": "2026-03-05 10:26:10,118",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5812
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000598"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5813
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffdfg\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0u\\x17\\xffebG\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff8b\\xfffb\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x1a\\xffebG\\x02\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xfff0u\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00\\xfff0u\\x17\\xffebG\\x02\\x00\\x00\\x00T\\x1a\\xffebG\\x02\\x00\\x000\r\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x1a\\xffebG\\x02\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0u\\x17\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff9\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xfff0u\\x17\\xffebG\\x02\\x00\\x000\r\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffe0g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5820
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "ExpRingOverrideSetting"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides\\ExpRingOverrideSetting"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904272000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-03-05 10:26:12,415",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff972420000"
              }
            ],
            "repeated": 0,
            "id": 5835
          },
          {
            "timestamp": "2026-03-05 10:26:12,430",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-03-05 10:26:12,430",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff972420000"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff972420000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904264000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5840
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb15f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90426c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904273000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5844
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90426d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904274000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90426e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90426f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904275000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904280000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c540"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904280000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904276000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904281000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-03-05 10:26:16,899",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904277000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-03-05 10:26:20,430",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90390e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThreadId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb75550"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904278000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904282000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904279000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90427a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90427b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90427c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904283000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90427d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000548"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000478"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00G\\x02\\x00\\x00\\x00\\x00\\x00\\x00p\\x00P\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00,\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffddg\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0'\\xfff4\\xffe9G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\x1b\\xfffd\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@d\\x1a\\xffebG\\x02\\x00\\x00xkH\\xffe6G\\x02\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffd0'\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00\\xffd0'\\xfff4\\xffe9G\\x02\\x00\\x00@d\\x1a\\xffebG\\x02\\x00\\x00\\xffb0\\x14\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00@d\\x1a\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0'\\xfff4\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xfff2\\x14\\xffebG\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffd0'\\xfff4\\xffe9G\\x02\\x00\\x00\\xffb0\\x14\\x15\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffdeg\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xfff8\\x14\\xffebG\\x02\\x00\\x00PkH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 5872
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000005e8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-03-05 10:26:20,446",
            "thread_id": "5300",
            "caller": "0x7ff90390e106",
            "parentcaller": "0x7ff90390b41f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390e349",
            "parentcaller": "0x7ff90390e261",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Version"
              }
            ],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000548"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000598"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390e349",
            "parentcaller": "0x7ff90390e261",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "ValueName",
                "value": "ImpressionId"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ImpressionId"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000548"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390e349",
            "parentcaller": "0x7ff90390e261",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ETag"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ETag"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Allocations"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Allocations"
              }
            ],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Allocations"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Allocations"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5890
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5891
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager"
              }
            ],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 5894
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005d4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90427e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904284000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90427f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Allocations\\"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904290000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967ca10"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5900
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904290000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904285000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-03-05 10:26:33,243",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904291000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5903
          },
          {
            "timestamp": "2026-03-05 10:26:33,993",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90390f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-03-05 10:26:34,290",
            "thread_id": "5300",
            "caller": "0x7ff9038ed151",
            "parentcaller": "0x7ff90390edbc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904292000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-03-05 10:26:34,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eda13",
            "parentcaller": "0x7ff9038ed74f",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967d8d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-03-05 10:26:34,290",
            "thread_id": "5300",
            "caller": "0x7ff9038eda13",
            "parentcaller": "0x7ff9038ed74f",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-03-05 10:26:34,290",
            "thread_id": "5300",
            "caller": "0x7ff90390fd7e",
            "parentcaller": "0x7ff90390fbce",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904293000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-03-05 10:26:34,290",
            "thread_id": "5300",
            "caller": "0x7ff90390faba",
            "parentcaller": "0x7ff90390f89a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904286000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-03-05 10:26:34,758",
            "thread_id": "5300",
            "caller": "0x7ff90390faba",
            "parentcaller": "0x7ff90390f89a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903910000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390faba",
            "parentcaller": "0x7ff90390f89a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967dbe0"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390faba",
            "parentcaller": "0x7ff90390f89a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Configurations"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Configurations"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Configurations"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Configurations"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Configurations\\"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904294000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904295000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904287000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904296000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90391032e",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904297000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b950"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-03-05 10:26:35,383",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-03-05 10:26:35,399",
            "thread_id": "6324",
            "caller": "0x7ff9038e24e0",
            "parentcaller": "0x7ff77c6310d0",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005ec"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-03-05 10:26:36,477",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5927
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967b9f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff9038eda13",
            "parentcaller": "0x7ff9038ed74f",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967da70"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff9038eda13",
            "parentcaller": "0x7ff9038ed74f",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff903902849",
            "parentcaller": "0x7ff9039020c5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904298000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff903902849",
            "parentcaller": "0x7ff9039020c5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904288000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff9038ed151",
            "parentcaller": "0x7ff90390edbc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904299000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5300",
            "caller": "0x7ff9038f8fb8",
            "parentcaller": "0x7ff9038f8f84",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-03-05 10:26:37,633",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-03-05 10:26:37,665",
            "thread_id": "5300",
            "caller": "0x7ff90390f87c",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903911000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5942
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Headers"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Headers"
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Headers"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Headers"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "1",
                "pretty_value": "REG_CREATED_NEW_KEY"
              }
            ],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90429a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005e8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005f8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390edbc",
            "parentcaller": "0x7ff90390ea0c",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Headers\\"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90429b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f4c92",
            "parentcaller": "0x7ff903911688",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90429c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-03-05 10:26:38,696",
            "thread_id": "5300",
            "caller": "0x7ff9038f4c92",
            "parentcaller": "0x7ff903911688",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904289000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "5300",
            "caller": "0x7ff9039117a5",
            "parentcaller": "0x7ff9038f4c92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90429d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "5300",
            "caller": "0x7ff903911851",
            "parentcaller": "0x7ff9038f4c92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90429e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5954
          },
          {
            "timestamp": "2026-03-05 10:26:39,805",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-03-05 10:26:39,836",
            "thread_id": "5300",
            "caller": "0x7ff903911ddf",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903912000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90428a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90429f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c96799c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90428b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fe85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887feb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-03-05 10:26:40,899",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887feb7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-03-05 10:26:40,915",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fec7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-03-05 10:26:40,915",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fed7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-03-05 10:26:40,915",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-03-05 10:26:40,915",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-03-05 10:26:40,915",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-03-05 10:26:40,915",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5981
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff84000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ff95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ffa5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-03-05 10:26:42,008",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-03-05 10:26:42,243",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903913000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x28886a44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903911e79",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90428c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903911fa8",
            "parentcaller": "0x7ff903911851",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903916ac5",
            "parentcaller": "0x7ff9039169e6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903916ac5",
            "parentcaller": "0x7ff9039169e6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903916ac5",
            "parentcaller": "0x7ff9039169e6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90428d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-03-05 10:26:43,071",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-03-05 10:26:43,727",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903917000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-03-05 10:26:44,243",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-03-05 10:26:44,243",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6005
          },
          {
            "timestamp": "2026-03-05 10:26:44,243",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90428e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-03-05 10:26:44,243",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-03-05 10:26:44,243",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978e50000"
              }
            ],
            "repeated": 0,
            "id": 6008
          },
          {
            "timestamp": "2026-03-05 10:26:44,243",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff978e50000"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff978e50000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bae0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6014
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903916b28",
            "parentcaller": "0x7ff903916ac5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff90391684d",
            "parentcaller": "0x7ff903911fa8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff90390cf8e",
            "parentcaller": "0x7ff9039037eb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9676420"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb157000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-03-05 10:26:45,493",
            "thread_id": "5300",
            "caller": "0x7ff903900da0",
            "parentcaller": "0x7ff903900b20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6033
          },
          {
            "timestamp": "2026-03-05 10:26:46,571",
            "thread_id": "5300",
            "caller": "0x7ff9038f4c92",
            "parentcaller": "0x7ff9039074fa",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-03-05 10:26:46,571",
            "thread_id": "5300",
            "caller": "0x7ff903917be5",
            "parentcaller": "0x7ff9038f4c92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-03-05 10:26:46,571",
            "thread_id": "5300",
            "caller": "0x7ff903917c00",
            "parentcaller": "0x7ff9038f4c92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-03-05 10:26:46,571",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-03-05 10:26:46,680",
            "thread_id": "5300",
            "caller": "0x7ff903917c91",
            "parentcaller": "0x7ff9038f4c92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903918000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-03-05 10:26:46,696",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6039
          },
          {
            "timestamp": "2026-03-05 10:26:46,711",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-03-05 10:26:46,711",
            "thread_id": "5300",
            "caller": "0x7ff9039180a8",
            "parentcaller": "0x7ff903917c91",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6041
          },
          {
            "timestamp": "2026-03-05 10:26:47,118",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-03-05 10:26:47,508",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6043
          },
          {
            "timestamp": "2026-03-05 10:26:47,633",
            "thread_id": "5300",
            "caller": "0x7ff903918393",
            "parentcaller": "0x7ff9039180a8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-03-05 10:26:47,633",
            "thread_id": "5300",
            "caller": "0x7ff90390cf8e",
            "parentcaller": "0x7ff9038f535e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-03-05 10:26:48,743",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-03-05 10:26:48,743",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-03-05 10:26:49,055",
            "thread_id": "5300",
            "caller": "0x7ff903907668",
            "parentcaller": "0x7ff903907520",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903919000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-03-05 10:26:49,790",
            "thread_id": "5300",
            "caller": "0x7ff9038fca23",
            "parentcaller": "0x7ff9038fc58b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-03-05 10:26:50,899",
            "thread_id": "5300",
            "caller": "0x7ff9039193c2",
            "parentcaller": "0x7ff9038fcd83",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-03-05 10:26:50,899",
            "thread_id": "5300",
            "caller": "0x7ff9039193c2",
            "parentcaller": "0x7ff9038fcd83",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-03-05 10:26:50,899",
            "thread_id": "5300",
            "caller": "0x7ff9039193c2",
            "parentcaller": "0x7ff9038fcd83",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-03-05 10:26:50,899",
            "thread_id": "5300",
            "caller": "0x7ff903919413",
            "parentcaller": "0x7ff9038fcd83",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-03-05 10:26:50,899",
            "thread_id": "5300",
            "caller": "0x7ff903919d8d",
            "parentcaller": "0x7ff9038f4c92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-03-05 10:26:50,899",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-03-05 10:26:51,321",
            "thread_id": "5300",
            "caller": "0x7ff903919e7e",
            "parentcaller": "0x7ff903919d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90391a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-03-05 10:26:51,758",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6057
          },
          {
            "timestamp": "2026-03-05 10:26:51,946",
            "thread_id": "5300",
            "caller": "0x7ff903919f18",
            "parentcaller": "0x7ff903919d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-03-05 10:26:51,946",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-03-05 10:26:51,946",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-03-05 10:26:51,946",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-03-05 10:26:52,524",
            "thread_id": "5300",
            "caller": "0x7ff903919f18",
            "parentcaller": "0x7ff903919d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90391b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-03-05 10:26:53,118",
            "thread_id": "5300",
            "caller": "0x7ff903919f18",
            "parentcaller": "0x7ff903919d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6063
          },
          {
            "timestamp": "2026-03-05 10:26:53,118",
            "thread_id": "5300",
            "caller": "0x7ff903919f18",
            "parentcaller": "0x7ff903919d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-03-05 10:26:53,118",
            "thread_id": "5300",
            "caller": "0x7ff90391ade4",
            "parentcaller": "0x7ff903919f18",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c9679370"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-03-05 10:26:53,118",
            "thread_id": "5300",
            "caller": "0x7ff90391ade4",
            "parentcaller": "0x7ff903919f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-03-05 10:26:53,118",
            "thread_id": "5300",
            "caller": "0x7ff90391ade4",
            "parentcaller": "0x7ff903919f18",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-03-05 10:26:53,165",
            "thread_id": "5300",
            "caller": "0x7ff90391b713",
            "parentcaller": "0x7ff90391ade4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90391c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90391b7ad",
            "parentcaller": "0x7ff90391ade4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6069
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90391b7e2",
            "parentcaller": "0x7ff90391ade4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6070
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90391c35e",
            "parentcaller": "0x7ff90391c28c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247edc91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90391be0e",
            "parentcaller": "0x7ff90391ade4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff9038f53b6",
            "parentcaller": "0x7ff9038f530a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90390cf8e",
            "parentcaller": "0x7ff9038f535e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff903907668",
            "parentcaller": "0x7ff903907520",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90391ca23",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-03-05 10:26:54,243",
            "thread_id": "5300",
            "caller": "0x7ff90391cd80",
            "parentcaller": "0x7ff90391cb7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-03-05 10:26:54,477",
            "thread_id": "5576",
            "caller": "0x7ff97d711998",
            "parentcaller": "0x7ff9633d6b8f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90391d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391cede",
            "parentcaller": "0x7ff90391cb7b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967a570"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391cede",
            "parentcaller": "0x7ff90391cb7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6084
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90390b41f",
            "parentcaller": "0x7ff90390b38c",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb19c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6086
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6089
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-03-05 10:26:55,352",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-03-05 10:26:55,383",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90391e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-03-05 10:26:56,477",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6095
          },
          {
            "timestamp": "2026-03-05 10:26:56,586",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6096
          },
          {
            "timestamp": "2026-03-05 10:26:56,680",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6097
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967df80"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6099
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ffc5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6101
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391d4ec",
            "parentcaller": "0x7ff90390b41f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904300000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967c560"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904300000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "CreateSemaphoreExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb849b0"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904301000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6107
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9ff0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6108
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Background.BackgroundTaskRegistration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "KeyInformation",
                "value": "\\x109U3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00T\\x00a\\x00s\\x00k\\x00R\\x00e\\x00g\\x00i\\x00s\\x00t\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe0g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffe0\\xffb0G\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xff9b\\xfff8\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00l\\x1a\\xffebG\\x02\\x00\\x00xeH\\xffe6G\\x02\\x00\\x00PeH\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffe0\\xffb0G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00PeH\\xffe6G\\x02\\x00\\x00\\xffe0\\xffb0G\\xffe6G\\x02\\x00\\x00\\x00l\\x1a\\xffebG\\x02\\x00\\x000\\xfff8\\x1a\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00l\\x1a\\xffebG\\x02\\x00\\x00`\n\\xffff\\xffe9G\\x02\\x00\\x00`\n\\xffff\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffb0G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\n\\xffff\\xffe9G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffe0\\xffb0G\\xffe6G\\x02\\x00\\x000\\xfff8\\x1a\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe1g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfffe\\x14\\xffebG\\x02\\x00\\x00PeH\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\biwinrt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 6113
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Threading"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-03-05 10:26:57,774",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-03-05 10:26:57,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000614"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-03-05 10:26:57,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-03-05 10:26:57,790",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-03-05 10:26:57,821",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6119
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff9038f7078",
            "parentcaller": "0x7ff9038f6cd7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000238"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Background.BackgroundWorkManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager"
              }
            ],
            "repeated": 0,
            "id": 6125
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "KeyInformation",
                "value": "\\x109U3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00W\\x00o\\x00r\\x00k\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00x\\x7f\\xfff9\\x7f\\x00\\x00h\\xffa4D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffe5g\\xffc9\\xff94\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00@\\xffb0G\\xffe6G\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00\\xffeb\\xffc5\\xffae\\xfff22*\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@k\\x1a\\xffebG\\x02\\x00\\x00h\\xffa4D\\xffe6G\\x02\\x00\\x00@\\xffa4D\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00@\\xffb0G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa4D\\xffe6G\\x02\\x00\\x00@\\xffb0G\\xffe6G\\x02\\x00\\x00@k\\x1a\\xffebG\\x02\\x00\\x00\\xffd0\\xfff8\\x1a\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00@k\\x1a\\xffebG\\x02\\x00\\x00 \\x0c\\xffff\\xffe9G\\x02\\x00\\x00 \\x0c\\xffff\\xffe9G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffb0G\\xffe6G\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x0c\\xffff\\xffe9G\\x02\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00G\\x02\\x00\\x00@\\xffb0G\\xffe6G\\x02\\x00\\x00\\xffd0\\xfff8\\x1a\\xffebG\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffe6g\\xffc9\\xff94\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x05\\xffff\\xffe9G\\x02\\x00\\x00@\\xffa4D\\xffe6G\\x02\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\biwinrt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 6129
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 6131
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000614"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 6137
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 6139
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904302000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6141
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904303000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904304000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-03-05 10:26:58,915",
            "thread_id": "5300",
            "caller": "0x7ff9038ed47a",
            "parentcaller": "0x7ff9038ed2f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904305000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-03-05 10:26:59,290",
            "thread_id": "1944",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-03-05 10:26:59,961",
            "thread_id": "5300",
            "caller": "0x7ff90391e93a",
            "parentcaller": "0x7ff90391de37",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904306000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-03-05 10:26:59,961",
            "thread_id": "5300",
            "caller": "0x7ff90391e93a",
            "parentcaller": "0x7ff90391de37",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-03-05 10:26:59,961",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 1,
            "id": 6149
          },
          {
            "timestamp": "2026-03-05 10:27:01,055",
            "thread_id": "5300",
            "caller": "0x7ff90391ec9c",
            "parentcaller": "0x7ff90391e93a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90391f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-03-05 10:27:01,055",
            "thread_id": "5300",
            "caller": "0x7ff90391f04c",
            "parentcaller": "0x7ff90391ec9c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904307000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-03-05 10:27:01,055",
            "thread_id": "5300",
            "caller": "0x7ff90391fafd",
            "parentcaller": "0x7ff90391fa88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9042f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-03-05 10:27:01,055",
            "thread_id": "5300",
            "caller": "0x7ff90391fb83",
            "parentcaller": "0x7ff90391fafd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904308000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-03-05 10:27:01,415",
            "thread_id": "5300",
            "caller": "0x7ff90391fa9a",
            "parentcaller": "0x7ff90391f87a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff903920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391fa9a",
            "parentcaller": "0x7ff90391f87a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967deb0"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391fa9a",
            "parentcaller": "0x7ff90391f87a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseSemaphore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb84a60"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904309000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90430a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90430b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000618"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-03-05 10:27:02,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95dcf0000"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95dcf0000"
              }
            ],
            "repeated": 0,
            "id": 6164
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95dcf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904310000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6166
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904310000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6167
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904325000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90430c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6169
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95cf40000"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-03-05 10:27:04,305",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-03-05 10:27:05,446",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fef7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6173
          },
          {
            "timestamp": "2026-03-05 10:27:05,446",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f67b",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-03-05 10:27:05,977",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95cf40000"
              }
            ],
            "repeated": 0,
            "id": 6175
          },
          {
            "timestamp": "2026-03-05 10:27:05,977",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95cf40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-03-05 10:27:06,040",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904330000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6177
          },
          {
            "timestamp": "2026-03-05 10:27:06,055",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904330000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6178
          },
          {
            "timestamp": "2026-03-05 10:27:06,055",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb160000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6179
          },
          {
            "timestamp": "2026-03-05 10:27:06,055",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904343000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-03-05 10:27:06,055",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6181
          },
          {
            "timestamp": "2026-03-05 10:27:06,055",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95bfa0000"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-03-05 10:27:06,055",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95bfa0000"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-03-05 10:27:06,086",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95bfa0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-03-05 10:27:06,086",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fef8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6185
          },
          {
            "timestamp": "2026-03-05 10:27:06,102",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb161000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6186
          },
          {
            "timestamp": "2026-03-05 10:27:06,118",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904350000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-03-05 10:27:06,118",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904350000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-03-05 10:27:06,118",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90436a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-03-05 10:27:06,118",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90430d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-03-05 10:27:06,133",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6191
          },
          {
            "timestamp": "2026-03-05 10:27:06,133",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96c500000"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-03-05 10:27:06,133",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96c500000"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-03-05 10:27:06,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96c500000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-03-05 10:27:06,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90436b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-03-05 10:27:06,149",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90430e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-03-05 10:27:06,165",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6197
          },
          {
            "timestamp": "2026-03-05 10:27:06,180",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95e940000"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-03-05 10:27:06,180",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95e940000"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-03-05 10:27:06,180",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95e940000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-03-05 10:27:06,196",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904370000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-03-05 10:27:06,196",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904370000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-03-05 10:27:06,196",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ffea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6203
          },
          {
            "timestamp": "2026-03-05 10:27:06,493",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ffec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-03-05 10:27:06,508",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e9fff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000062c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95edd0000"
              }
            ],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97d7147e6",
            "parentcaller": "0x7ff97d7146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fd00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c997f070"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97d718e13",
            "parentcaller": "0x7ff96341c2f6",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247e7fd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6209
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fef9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887fefa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x247eb1b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-03-05 10:27:06,555",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-03-05 10:27:06,633",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95edd0000"
              }
            ],
            "repeated": 0,
            "id": 6215
          },
          {
            "timestamp": "2026-03-05 10:27:06,633",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95edd0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-03-05 10:27:06,633",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904380000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-03-05 10:27:06,633",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904380000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-03-05 10:27:06,633",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff90430f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-03-05 10:27:06,633",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000628"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-03-05 10:27:06,649",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95be70000"
              }
            ],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-03-05 10:27:06,649",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95be70000"
              }
            ],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-03-05 10:27:06,665",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95be70000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-03-05 10:27:06,665",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904390000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-03-05 10:27:06,665",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff904390000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-03-05 10:27:06,680",
            "thread_id": "5576",
            "caller": "0x7ff97d6f96de",
            "parentcaller": "0x7ff96347f665",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-03-05 10:27:06,680",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000638"
              },
              {
                "name": "DesiredAccess",
                "value": "0xa0100080",
                "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-03-05 10:27:06,696",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell"
              },
              {
                "name": "DllBase",
                "value": "0x7ff95bcb0000"
              }
            ],
            "repeated": 0,
            "id": 6228
          },
          {
            "timestamp": "2026-03-05 10:27:06,696",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff95bcb0000"
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-03-05 10:27:06,696",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff95bcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 6230
          },
          {
            "timestamp": "2026-03-05 10:27:06,711",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2887ffee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-03-05 10:27:06,711",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9043a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x94c967bf00"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6232
          },
          {
            "timestamp": "2026-03-05 10:27:06,711",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9043a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-03-05 10:27:06,711",
            "thread_id": "5300",
            "caller": "0x7ff90391de37",
            "parentcaller": "0x7ff90391ddac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9043c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6234
          }
        ],
        "threads": [
          "6324",
          "2256",
          "6524",
          "7096",
          "6936",
          "3768",
          "6864",
          "5448",
          "5300",
          "1944",
          "844",
          "7056",
          "4588",
          "2608",
          "372",
          "5576",
          "1808"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff77c630000",
          "MainExeSize": "0x00007000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 1008,
        "process_name": "dllhost.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\dllhost.exe",
        "first_seen": "2026-03-05 10:25:03,634",
        "calls": [
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "3828",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "3828",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff7990014e0"
              },
              {
                "name": "Parameter",
                "value": "0xfc4223e000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "4552",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "4552",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "5980",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 2,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "4536",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "4536",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "5980",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "5980",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "5340",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "5340",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:25:03,978",
            "thread_id": "5340",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001349",
            "parentcaller": "0x7ff7990013dc",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff799001b60"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000202"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3828"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2ef000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:25:04,041",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:25:04,119",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e4"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000001e4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc1\\xd9\\xdd\\x11}\\xb0=\\xc4\\x89\\x1e\\xda\\x17\\xe7\\x06\\x07k\\x83\\xb3n\\xa7:\\xba\\xca.*\\xa1f\\x84oRTP\\xcd\\xd6J\\x9a\\xed\\x14\\x93HT\\xc5\\x0f\\xcc\\x806\\x8d'"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CLSIDFromOle1Class"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f52fa90"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xf7\\x12B\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ft\\xc4\\\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xf0\\xf7\\x12B\\xfc\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000200"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1008:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x29348160000"
              },
              {
                "name": "SectionOffset",
                "value": "0xfc4212f810"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x00000204"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              },
              {
                "name": "ValueName",
                "value": "Com+Enabled"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000204"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "clbcatq.dll"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000204"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000a9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f254000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:25:04,244",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:25:04,259",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:25:04,259",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\MaximumCommitCondition"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\clbcatq"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97f1cd990"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000020c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000020c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x29348170000"
              },
              {
                "name": "SectionOffset",
                "value": "0xfc4212f560"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000210"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000210"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000210"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x14\\\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000214"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000210"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000214"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x29348180000"
              },
              {
                "name": "SectionOffset",
                "value": "0xfc4212f030"
              },
              {
                "name": "ViewSize",
                "value": "0x00006000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000210"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x29348157000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x29348159000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "RunAs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "ActivateAtStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "ROTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "AppIDFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "MGOTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "ProcessMitigationPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "LegacyAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "LegacyImpersonationLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "RemoteServerName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "SRPTrustLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "PreferredServerBitness"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "LoadUserSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xf0\\x12B\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00@\\xfa\\x12B\\xfc\\x00\\x00\\x00pQx\\x7f\\xf9\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000021c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              },
              {
                "name": "ValueName",
                "value": "ProtectionLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021a"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:25:04,462",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xef\\x12B\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ft\\xc4\\\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xf0\\x12B\\xfc\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022a"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x00000226"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000226"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000226"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000226"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x1a{F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00002100"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xf4\\x12B\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\x01n}\\xf9\\x7f\\x00\\x00\\xd1\\xf4`\\xc90\\xc2\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:25:04,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.1008"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022a"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000023a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000023a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000023e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023e"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023a"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "NdrOleExtDLL"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "NdrOleInitializeExtension"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f554410"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf6yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00 \\x00F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xf3yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x16{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf6yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00!\\xf9`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xea\\x12B\\xfc\\x00\\x00\\x00\\xb8\\xea\\x12B\\xfc\\x00\\x00\\x00\\x88\\xea\\x12B\\xfc\\x00\\x00\\x00\\xa8\\xea\\x12B"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xf6yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xe8\\x12B\\xfc\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf7yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xf8yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x14{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xf8yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xc1\\xc5`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xe7\\x12B\\xfc\\x00\\x00\\x00\\x18\\xe7\\x12B\\xfc\\x00\\x00\\x00\\xe8\\xe6\\x12B\\xfc\\x00\\x00\\x00\\x08\\xe7\\x12B"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xf8yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xe5\\x12B\\xfc\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000240"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x293467a9d60"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "6408"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000240",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x293467a9d60"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "6408"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xedyF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xedyF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xf3yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x1a{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xeeyF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00q\\xfd`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xee\\x12B\\xfc\\x00\\x00\\x00\\x88\\xee\\x12B\\xfc\\x00\\x00\\x00X\\xee\\x12B\\xfc\\x00\\x00\\x00x\\xee\\x12B"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xeeyF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xec\\x12B\\xfc\\x00\\x00\\x00H\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf6yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00 \\x00F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xf6yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x18{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xefyF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x11\\xf9`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xea\\x12B\\xfc\\x00\\x00\\x00\\xe8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xb8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xd8\\xea\\x12B"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xefyF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xe8\\x12B\\xfc\\x00\\x00\\x00H\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf7yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xf3yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x18{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf6yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00q\\xfd`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xee\\x12B\\xfc\\x00\\x00\\x00\\x88\\xee\\x12B\\xfc\\x00\\x00\\x00X\\xee\\x12B\\xfc\\x00\\x00\\x00x\\xee\\x12B"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xf6yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xec\\x12B\\xfc\\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xedyF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xedyF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xf6yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x1a{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf8yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x11\\xf9`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xea\\x12B\\xfc\\x00\\x00\\x00\\xe8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xb8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xd8\\xea\\x12B"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xe8\\x12B\\xfc\\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf3yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xf6yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x1a{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf6yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00q\\xfd`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xee\\x12B\\xfc\\x00\\x00\\x00\\x88\\xee\\x12B\\xfc\\x00\\x00\\x00X\\xee\\x12B\\xfc\\x00\\x00\\x00x\\xee\\x12B"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xf6yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xec\\x12B\\xfc\\x00\\x00\\x00H\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf7yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xf8yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x15{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xedyF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x11\\xf9`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xea\\x12B\\xfc\\x00\\x00\\x00\\xe8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xb8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xd8\\xea\\x12B"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xedyF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xe8\\x12B\\xfc\\x00\\x00\\x00H\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf3yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xedyF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x16{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf6yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00q\\xfd`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xee\\x12B\\xfc\\x00\\x00\\x00\\x88\\xee\\x12B\\xfc\\x00\\x00\\x00X\\xee\\x12B\\xfc\\x00\\x00\\x00x\\xee\\x12B"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xf6yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xec\\x12B\\xfc\\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf6yF\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xf7yF\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x18{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf8yF\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x11\\xf9`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xea\\x12B\\xfc\\x00\\x00\\x00\\xe8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xb8\\xea\\x12B\\xfc\\x00\\x00\\x00\\xd8\\xea\\x12B"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8yF\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xe8\\x12B\\xfc\\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:25:04,572",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6408",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6408",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6408",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x293467a9d60"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6860",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6860",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x29346780b50"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6860",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6860",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000254"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:25:04,587",
            "thread_id": "6860",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:25:04,603",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:25:04,603",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000264"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x293467aa2e0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1996"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:25:04,603",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000264",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x293467aa2e0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "1996"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:25:04,603",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:25:04,603",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1032",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1032",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x29346780b50"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1996",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1996",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1996",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x293467aa2e0"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1996",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1996",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:25:04,650",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97adb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f802aeb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97adb0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97adb7ce0"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97adb7d20",
            "parentcaller": "0x7ff97f802cbc",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xe8\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000280"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000280"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000280"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97adb886c",
            "parentcaller": "0x7ff97adb80d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000288"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18N|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x18\\x0e\\xcf\\x00\\x00P\\x01xF\\x93\\x02\\x00\\x00\\xf0\\x90{F"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80N|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x13{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98U|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb1\\xfa\\xad\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xea\\xdfB\\xfc\\x00\\x00\\x00H\\xea\\xdfB\\xfc\\x00\\x00\\x00\\x18\\xea\\xdfB\\xfc\\x00\\x00\\x008\\xea\\xdfB"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:25:04,697",
            "thread_id": "1996",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90U|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xe8\\xdfB\\xfc\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18Z|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0N|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x13{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8O|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00Q\\xc5\\xad\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xe6\\xdfB\\xfc\\x00\\x00\\x00\\xa8\\xe6\\xdfB\\xfc\\x00\\x00\\x00x\\xe6\\xdfB\\xfc\\x00\\x00\\x00\\x98\\xe6\\xdfB"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000O|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xe4\\xdfB\\xfc\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000290"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8Y|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0N|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x14{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "XS|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x01\\xf8`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xeb\\x12B\\xfc\\x00\\x00\\x00\\xd8\\xeb\\x12B\\xfc\\x00\\x00\\x00\\xa8\\xeb\\x12B\\xfc\\x00\\x00\\x00\\xc8\\xeb\\x12B"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PS|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xe9\\x12B\\xfc\\x00\\x00\\x00\\x8c\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "xW|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00P|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x14{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98L|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xa1\\xc4`\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xe8\\x12B\\xfc\\x00\\x00\\x008\\xe8\\x12B\\xfc\\x00\\x00\\x00\\x08\\xe8\\x12B\\xfc\\x00\\x00\\x00(\\xe8\\x12B"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90L|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe6\\x12B\\xfc\\x00\\x00\\x00\\x8c\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000028c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x293467b0e90"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2988"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000028c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x293467b0e90"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2988"
              },
              {
                "name": "ProcessId",
                "value": "1008"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x293467b0e90"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f568109",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f568109",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2988"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "2988",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:25:04,712",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "1032",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000270"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467cb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3\\xf0/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97f52d757",
            "parentcaller": "0x7ff97f4a3d92",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x29346782338",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55448f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544b9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55450d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554537",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554561",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "6860",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55458b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "2652",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "2652",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:25:04,728",
            "thread_id": "2652",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x29346780b50"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f55439f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc8\\xbfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\x10\\xc9\\xbfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Class Factory for Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002aa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Apartment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc6\\xbfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xa0\\xc7\\xbfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc6\\xbfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xa0\\xc7\\xbfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f5297e2",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f52981a",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "ValueName",
                "value": "MaxSxSHashCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f529833",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f52e198",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f52e1d4",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "ValueName",
                "value": "GipActivityBypass"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f52e1ed",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "XM|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`V|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x16{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "xQ|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xe1\\xd7\\xad\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xd5\\xdfB\\xfc\\x00\\x00\\x00\\xf8\\xd4\\xdfB\\xfc\\x00\\x00\\x00\\xc8\\xd4\\xdfB\\xfc\\x00\\x00\\x00\\xe8\\xd4\\xdfB"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pQ|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd2\\xdfB\\xfc\\x00\\x00\\x00\\xb8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98R|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`P|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x17{F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8M|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x81\\xd3\\xad\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xd1\\xdfB\\xfc\\x00\\x00\\x00X\\xd1\\xdfB\\xfc\\x00\\x00\\x00(\\xd1\\xdfB\\xfc\\x00\\x00\\x00H\\xd1\\xdfB"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0M|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xcf\\xdfB\\xfc\\x00\\x00\\x00\\xb8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d724c7d",
            "parentcaller": "0x7ff97d6e4724",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293481b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97d728d05",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d724c7d",
            "parentcaller": "0x7ff97d6e4c6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293481c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "6860",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002be"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xcc\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\x10\\xcd\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002be"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002be"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002be"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Class Factory for Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002be"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Apartment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xca\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xa0\\xcb\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xca\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xa0\\xcb\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002be"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002be"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "Data",
                "value": "{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:25:04,744",
            "thread_id": "1996",
            "caller": "0x7ff97f5555b3",
            "parentcaller": "0x7ff97f4d503c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4d5067",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b9bef",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "RunAs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b9d0a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "ActivateAtStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b9e29",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b9e7d",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": "ROTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b9ed0",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": "AppIDFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b9f20",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": "MGOTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b9f74",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": "ProcessMitigationPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b9f97",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f549228",
            "parentcaller": "0x7ff97f4b9fbb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba000",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba042",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "LegacyAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba095",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "LegacyImpersonationLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba0ce",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba113",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "RemoteServerName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba1b8",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "SRPTrustLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba217",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "PreferredServerBitness"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba27a",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "LoadUserSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4ba308",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "ValueName",
                "value": "ProtectionLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4d528a",
            "parentcaller": "0x7ff97f4ba9aa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f5546dc",
            "parentcaller": "0x7ff97f4baa80",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002be"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f5546f9",
            "parentcaller": "0x7ff97f4baa80",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6e4d80",
            "parentcaller": "0x7ff97f554bf9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6e4da0",
            "parentcaller": "0x7ff97f554bf9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc9\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xbe\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xe0\\xca\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002be"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c2"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c2"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002be"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022a"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002be"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002be"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002be"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:25:04,759",
            "thread_id": "1996",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\thumbcache"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965ec0000"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ec0000"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff965ec0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965eda900"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965eec5c0"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965edbe50"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965f23000"
              },
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965f23000"
              },
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4c0e54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ec8a0"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e8f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0eac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022a"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{75121952-E0D0-43E5-9380-1D80483ACF72}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{75121952-E0D0-43E5-9380-1D80483ACF72}"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xbc\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00@\\xbd\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:25:04,791",
            "thread_id": "1996",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\propsys.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xba\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xd0\\xbb\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xba\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xd0\\xbb\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb9\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\x00\\xba\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\propsys.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xb7\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\x90\\xb8\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xb7\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\x90\\xb8\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xdfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xd0\\xb7\\xdfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022a"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:25:04,806",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\propsys"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff979d80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\propsys.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "propsys.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979d80000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979d8b810"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "propsys.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979d80000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "propsys.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979d80000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979db6430"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18N|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00o\\x00r\\x00e\\x00-\\x00w\\x00i\\x00n\\x003\\x002\\x00k\\x00-\\x00m\\x00i\\x00n\\x00u\\x00s\\x00e\\x00r\\x00-\\x00l\\x001\\x00-\\x001\\x00-\\x000\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80N|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x18}F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98[|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd1\\xda\\xad\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xca\\xdfB\\xfc\\x00\\x00\\x00(\\xca\\xdfB\\xfc\\x00\\x00\\x00\\xf8\\xc9\\xdfB\\xfc\\x00\\x00\\x00\\x18\\xca\\xdfB"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90[|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xc8\\xdfB\\xfc\\x00\\x00\\x00\\xe4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xb2/\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "XP|F\\x93\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80Q|F\\x93\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x16}F\\x93\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "XV|F\\x93\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00q\\xa5\\xad\\xc90\\xc2\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xc6\\xdfB\\xfc\\x00\\x00\\x00\\x88\\xc6\\xdfB\\xfc\\x00\\x00\\x00X\\xc6\\xdfB\\xfc\\x00\\x00\\x00x\\xc6\\xdfB"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00PV|F\\x93\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xc4\\xdfB\\xfc\\x00\\x00\\x00\\xe4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:25:04,822",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:25:04,837",
            "thread_id": "6860",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:25:04,837",
            "thread_id": "2652",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002d0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:25:04,853",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:25:04,853",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:25:04,853",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:25:04,884",
            "thread_id": "2652",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:25:04,884",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:25:04,884",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:25:04,884",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:25:04,884",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:25:04,900",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:25:04,900",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:25:04,900",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "2652",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:25:04,931",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "6860",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:25:04,947",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:25:08,384",
            "thread_id": "6860",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:25:08,400",
            "thread_id": "6860",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:25:08,400",
            "thread_id": "6860",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc8\\xbfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\x10\\xc9\\xbfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ee"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:25:08,416",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:25:08,431",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:25:08,447",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Class Factory for Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:25:08,447",
            "thread_id": "6860",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ee"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:25:08,447",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Apartment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc6\\xbfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xa0\\xc7\\xbfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ee"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc6\\xbfB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xa0\\xc7\\xbfB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ee"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:25:08,462",
            "thread_id": "6860",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:25:08,478",
            "thread_id": "6860",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:25:08,509",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:25:08,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:25:08,509",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc5\\xefB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00\\xe0\\xc6\\xefB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ee"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:25:08,525",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:25:08,541",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:25:08,541",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Class Factory for Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:25:08,541",
            "thread_id": "2652",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ee"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:25:08,541",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:25:08,541",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Apartment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f2"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc4\\xefB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00p\\xc5\\xefB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ee"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc4\\xefB\\xfc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xee\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\x00\\x00\\x00p\\xc5\\xefB\\xfc\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ee"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ee"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "2652",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ee"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:25:08,556",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:25:08,572",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:25:08,572",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:25:08,572",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "6860",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "2652",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:25:08,587",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:25:08,603",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:25:08,619",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:25:08,619",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:25:08,619",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:25:08,619",
            "thread_id": "2652",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "2652",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "1996",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "1996",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "2652",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "2652",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:25:08,634",
            "thread_id": "6860",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020166"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:25:08,650",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:25:08,650",
            "thread_id": "3828",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fd00484",
            "parentcaller": "0x7ff965eec60f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff965ed9248",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff965ed774b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff965ed774b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\thumbcache"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965ec0000"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fd00484",
            "parentcaller": "0x7ff97df44def",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97df2c408",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df2c3cb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df2c3cb",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fd20d20",
            "parentcaller": "0x7ff97fce0391",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fd20d20",
            "parentcaller": "0x7ff97fce0391",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "windows",
            "api": "PostThreadMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "1008"
              },
              {
                "name": "ThreadId",
                "value": "1996"
              },
              {
                "name": "Message",
                "value": "1033"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523445",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f523454",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f5248a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1996"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "1996",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x293467bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x29348160000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000202"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:25:13,666",
            "thread_id": "3828",
            "caller": "0x7ff799001193",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 894
          }
        ],
        "threads": [
          "3828",
          "4552",
          "5980",
          "4536",
          "5340",
          "6408",
          "6860",
          "1032",
          "1996",
          "2988",
          "2652"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff799000000",
          "MainExeSize": "0x00009000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 1048,
        "process_name": "RuntimeBroker.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\RuntimeBroker.exe",
        "first_seen": "2026-03-05 10:25:26,649",
        "calls": [
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd12015",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4804"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "UMPDC.dll"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\umpdc.dll"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\umpdc.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\umpdc.dll"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d220000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d230000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d8"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001dc"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d22a000"
              },
              {
                "name": "ModuleName",
                "value": "UMPDC.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:25:26,868",
            "thread_id": "4804",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\UMPDC"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d220000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\umpdc"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d220000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d223e30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d260000"
              },
              {
                "name": "ModuleName",
                "value": "powrprof.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d260000"
              },
              {
                "name": "ModuleName",
                "value": "powrprof.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\powrprof"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d240000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d243480"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97b1e88ad",
            "parentcaller": "0x7ff97b1ea9c4",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97b1e88ad",
            "parentcaller": "0x7ff97b1ea9c4",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\rmclient"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b1e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b1e9fe0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fd841e6",
            "parentcaller": "0x7ff97fd24d2b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4804",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff67c006740"
              },
              {
                "name": "Parameter",
                "value": "0x7d4932c000"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "6856",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06031000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "6856",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "6856",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "3528",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000040"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "816",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06105000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "816",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "816",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "3528",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "3528",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4316",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06029000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4316",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:25:26,899",
            "thread_id": "4316",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c006552",
            "parentcaller": "0x7ff67c00661b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06032000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0065a9",
            "parentcaller": "0x7ff67c00663c",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff67c006fb0"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c003a89",
            "parentcaller": "0x7ff67c0032af",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "52"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00\\x07\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c003aa6",
            "parentcaller": "0x7ff67c0032af",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "52"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000184"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000184"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000184"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06033000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06034000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000001ec"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xd6R\\xdb\\x9a\\x10n\\xbbC2\\xf7\\xb5y+\\x833\\xf9\\xdc\\x9fK \\x10\\x91\\xba9\\x9f\\xf2\\x12\\xf7\\x9f\\x9e\\xf6\\xe2\\xc9\\xb8Q\\xce\\x9be~\\xcaI\\xcd\\xcd[\\xbd\\xa7\\xefH"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c0032e1",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0602a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c003a0c",
            "parentcaller": "0x7ff67c0032f7",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "58"
              },
              {
                "name": "InputBuffer",
                "value": "\\x939#\\xe1\\xa4\\xea\\x0fG\\x9d\\xe7\\xa3Q\\xc1\\xb6\\xfbq\\xff\\xff\\xff\\xff"
              },
              {
                "name": "OutputBuffer",
                "value": "E\\xf9\\xbc\\xa3mN\\xc6A"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c003a0c",
            "parentcaller": "0x7ff67c0032f7",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "58"
              },
              {
                "name": "InputBuffer",
                "value": "Y\\x9a>]\\xd5\\xe9\\x00K\\xa6\\xbd\\xff4\\xffQeH\\xff\\xff\\xff\\xff"
              },
              {
                "name": "OutputBuffer",
                "value": "E\\x81\\xbc\\xa3mN\\xc6A"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "4804",
            "caller": "0x7ff67c003a0c",
            "parentcaller": "0x7ff67c0032f7",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "59"
              },
              {
                "name": "InputBuffer",
                "value": "Y\\x9a>]\\xd5\\xe9\\x00K\\xa6\\xbd\\xff4\\xffQeH"
              },
              {
                "name": "OutputBuffer",
                "value": "$\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "6076",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06035000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "6076",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:25:26,961",
            "thread_id": "6076",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x18b06002340"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:25:26,977",
            "thread_id": "6076",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06036000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:25:26,977",
            "thread_id": "3092",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:25:26,977",
            "thread_id": "3092",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x18b06002340"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:25:26,977",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06046000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:25:26,977",
            "thread_id": "4804",
            "caller": "0x7ff67c003353",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003353",
            "parentcaller": "0x7ff67c0066c6",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06039000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0603a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000250"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{15C20B67-12E7-4BB6-92BB-7AFF07997402}"
              },
              {
                "name": "Handle",
                "value": "0x00000252"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{15C20B67-12E7-4BB6-92BB-7AFF07997402}"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000252"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "Data",
                "value": "6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000252"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "Type",
                "value": "0x00000003",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000252"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xa1'`\\x8f\\x9a\\xbb\\x184c\\xb6w\\xff\\x9d\\xd5\\xb6l\\xe72\\x1ah\\x08RC\\x92\\x86\\xa6\\x1f\\xd8\\x98\\x17\\x1b;\t\\x00L\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000252"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003453",
            "parentcaller": "0x7ff67c0066c6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003590",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Ole\\Extensions\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c0035b1",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c0035b1",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "MaxSxSHashCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c0035b1",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c003c94",
            "parentcaller": "0x7ff67c003603",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c005150",
            "parentcaller": "0x7ff67c004efd",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c004f0e",
            "parentcaller": "0x7ff67c004f7a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00503d",
            "parentcaller": "0x7ff67c004f95",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c0050b5",
            "parentcaller": "0x7ff67c004f95",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c004eba",
            "parentcaller": "0x7ff67c00463c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c004d83",
            "parentcaller": "0x7ff67c004901",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c004e4b",
            "parentcaller": "0x7ff67c00472e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c0051ea",
            "parentcaller": "0x7ff67c003be2",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:1048:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c005c44",
            "parentcaller": "0x7ff67c00520f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008ea5",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008ea5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008f7a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00b509",
            "parentcaller": "0x7ff67c008f7a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00a697",
            "parentcaller": "0x7ff67c008fb1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00a697",
            "parentcaller": "0x7ff67c008fd2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00622b",
            "parentcaller": "0x7ff67c00526d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00a697",
            "parentcaller": "0x7ff67c008e19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
              },
              {
                "name": "Handle",
                "value": "0x0000025a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe8\nI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00Z\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x10\\xe9\nI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000025a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PerAppRuntimeBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000025a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xe6\nI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00Z\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xa0\\xe7\nI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000025a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xe6\nI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00Z\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xa0\\xe7\nI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000025a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025a"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:25:26,993",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7d490af400"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0603b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000418"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.1048"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0603c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0603d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x00000266"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000266"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000026a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026a"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000266"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000264"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x08\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x92\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xdaU\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xe9\nI}\\x00\\x00\\x00X\\xe9\nI}\\x00\\x00\\x00(\\xe9\nI}\\x00\\x00\\x00H\\xe9\nI"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xe7\nI}\\x00\\x00\\x00h\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x94\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00-\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbf\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x92\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00zh\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xe5\nI}\\x00\\x00\\x00\\xb8\\xe5\nI}\\x00\\x00\\x00\\x88\\xe5\nI}\\x00\\x00\\x00\\xa8\\xe5\nI"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x92\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xe3\nI}\\x00\\x00\\x00h\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000026c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x18b0604a110"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5960"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000026c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x18b0604a110"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5960"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0603e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000026c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x93\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x8aQ\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xed\nI}\\x00\\x00\\x00(\\xed\nI}\\x00\\x00\\x00\\xf8\\xec\nI}\\x00\\x00\\x00\\x18\\xed\nI"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xeb\nI}\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x93\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00-\\x003\\x00\\x90\\x9b\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x94\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00*T\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xe9\nI}\\x00\\x00\\x00\\x88\\xe9\nI}\\x00\\x00\\x00X\\xe9\nI}\\x00\\x00\\x00x\\xe9\nI"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x94\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xe7\nI}\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x95\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbf\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x8aQ\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xed\nI}\\x00\\x00\\x00(\\xed\nI}\\x00\\x00\\x00\\xf8\\xec\nI}\\x00\\x00\\x00\\x18\\xed\nI"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xeb\nI}\\x00\\x00\\x00l\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x96\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00R\\x00u\\x00n\\x00t\\x00i\\x00m\\x00e\\x00B\\x00r\\x00o\\x00k\\x00e\\x00r\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x92\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00*T\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xe9\nI}\\x00\\x00\\x00\\x88\\xe9\nI}\\x00\\x00\\x00X\\xe9\nI}\\x00\\x00\\x00x\\xe9\nI"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x92\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xe7\nI}\\x00\\x00\\x00l\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000026c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x08\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x93\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x93\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x8aQ\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xed\nI}\\x00\\x00\\x00(\\xed\nI}\\x00\\x00\\x00\\xf8\\xec\nI}\\x00\\x00\\x00\\x18\\xed\nI"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x93\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xeb\nI}\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x94\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x95\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00*T\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xe9\nI}\\x00\\x00\\x00\\x88\\xe9\nI}\\x00\\x00\\x00X\\xe9\nI}\\x00\\x00\\x00x\\xe9\nI"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x95\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xe7\nI}\\x00\\x00\\x00t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x08\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x93\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x93\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x8aQ\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xed\nI}\\x00\\x00\\x00(\\xed\nI}\\x00\\x00\\x00\\xf8\\xec\nI}\\x00\\x00\\x00\\x18\\xed\nI"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x93\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xeb\nI}\\x00\\x00\\x00l\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x96\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x94\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00*T\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x90\\xe9\nI}\\x00\\x00\\x00\\x88\\xe9\nI}\\x00\\x00\\x00X\\xe9\nI}\\x00\\x00\\x00x\\xe9\nI"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x94\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00x\\xe7\nI}\\x00\\x00\\x00l\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0603f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "3092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06040000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "6076",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000280"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "6076",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06042000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x08\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x93\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x94\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xfaW\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xeb\nI}\\x00\\x00\\x008\\xeb\nI}\\x00\\x00\\x00\\x08\\xeb\nI}\\x00\\x00\\x00(\\xeb\nI"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x94\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xe9\nI}\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x05\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x96\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xbd\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1aj\\x94Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xe7\nI}\\x00\\x00\\x00\\x98\\xe7\nI}\\x00\\x00\\x00h\\xe7\nI}\\x00\\x00\\x00\\x88\\xe7\nI"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x96\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe5\nI}\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c00364d",
            "parentcaller": "0x7ff67c003463",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06043000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              }
            ],
            "repeated": 1,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000228"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAsClassIndex"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PackagedCom\\TreatAsClassIndex"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{9D4AB6BB-7984-4295-A42D-90926920CF94}"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:25:27,008",
            "thread_id": "4804",
            "caller": "0x7ff67c0036ac",
            "parentcaller": "0x7ff67c003463",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "5960",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "5960",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x18b0604a110"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0604b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xddt1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00d\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xe8)\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55448f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544b9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55450d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554537",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554561",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55458b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f55439f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000338-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000338-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}"
              },
              {
                "name": "Handle",
                "value": "0x0000028e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000028e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000292"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000292"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000292"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028e"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "Handle",
                "value": "0x0000028e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000028e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000292"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000292"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000292"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028e"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x0c\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x00r\\x00e\\x00a\\x00t\\x00A\\x00s\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00d\\x00e\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\x96\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x9d\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xfau\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xc9oI}\\x00\\x00\\x008\\xc9oI}\\x00\\x00\\x00\\x08\\xc9oI}\\x00\\x00\\x00(\\xc9oI"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x9d\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xc7oI}\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\n\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x9f\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\x9e\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1a\\x08\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xc5oI}\\x00\\x00\\x00\\x98\\xc5oI}\\x00\\x00\\x00h\\xc5oI}\\x00\\x00\\x00\\x88\\xc5oI"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x9e\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xc3oI}\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000290"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\r\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x9d\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x9d\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xfau\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xc9oI}\\x00\\x00\\x008\\xc9oI}\\x00\\x00\\x00\\x08\\xc9oI}\\x00\\x00\\x00(\\xc9oI"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x9d\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xc7oI}\\x00\\x00\\x00\\x8c\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\r\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\x9e\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x9e\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1a\\x08\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xc5oI}\\x00\\x00\\x00\\x98\\xc5oI}\\x00\\x00\\x00h\\xc5oI}\\x00\\x00\\x00\\x88\\xc5oI"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x9e\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xc3oI}\\x00\\x00\\x00\\x8c\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4c0e54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ec8a0"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e8f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0eac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:25:27,024",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0604f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:25:27,040",
            "thread_id": "4264",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:25:27,040",
            "thread_id": "4264",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x18b06002340"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0605c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000294"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000290"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Management.Deployment.PackageManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "KeyInformation",
                "value": "u\\xff87c3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00D\\x00e\\x00p\\x00l\\x00o\\x00y\\x00m\\x00e\\x00n\\x00t\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00 \\xffa4\\x04\\x06\\xff8b\\x01\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00\\xff8b\\x01\\x00\\x00*l\\xfff1Z\\xffdd\\xffe5\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\xffb8\\xffdcoI}\\x00\\x00\\x00\\xffbac\\xfff1Z\\xffdd\\xffe5\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`O\\x04\\x06\\xff8b\\x01\\x00\\x00\\xff90\\xffe4oI}\\x00\\x00\\x00\\xffb0\\xffe5oI}\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffa6\\x04\\x06\\xff8b\\x01\\x00\\x00\\x00\\xffddoI}\\x00\\x00\\x00\\xffe4\\x05\\xffa2\\\\xfff9\\x7f\\x00\\x00\\xff90\\xffe4oI}\\x00\\x00\\x00\\xffb0\\xffe5oI}\\x00\\x00\\x00\\xff90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\x11@\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffb8\\xff83\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xffe0\\xffa6\\x04\\x06\\xff8b\\x01\\x00\\x00\\xffd85\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00\\xff8b\\x01\\x00\\x00h\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xff90\\x02\\x00\\x00\\x00\\x00\\x00\\x00P\\xff84\\xffc4\\\\xfff9\\x7f\\x00\\x00\\xfff0\\xffdcoI}\\x00\\x00\\x00x9\\xffc4\\\\xfff9\\x7f\\x00\\x00\\x00\\xffddoI}\\x00\\x00\\x00\\xff80\\x0c\\x03\\x06\\xff8b\\x01\\x00\\x00\\x10yM\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xff80\\xffdeoI}\\x00\\x00\\x00\\xffe0\\xffa6\\x04\\x06\\xff8b\\x01\\x00\\x00`O\\x04\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xff9c\\x0c\\x03\\x06\\xff8b\\x01\\x00\\x000\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xff90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffdcoI}\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffa6\\x04\\x06\\xff8b\\x01\\x00\\x00ylM\\x7f\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000298"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c006196",
            "parentcaller": "0x7ff67c002e41",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xddoI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00}\\x00\\x00\\x00\\x18\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x01|\\xf6\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xbb\\x04\\x06"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Management.Deployment.PackageManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "KeyInformation",
                "value": "u\\xff87c3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00X\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00m\\x00e\\x00n\\x00t\\x00.\\x00D\\x00e\\x00p\\x00l\\x00o\\x00y\\x00m\\x00e\\x00n\\x00t\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x08\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00h\\xffc6\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd7oI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffc0\\xffc3\\x05\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffe6KNy\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffa3\\x04\\x06\\xff8b\\x01\\x00\\x00h\\xffc6\\x05\\x06\\xff8b\\x01\\x00\\x00@\\xffc6\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xffc0\\xffc3\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffc6\\x05\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xffc3\\x05\\x06\\xff8b\\x01\\x00\\x00\\xff90\\xffa3\\x04\\x06\\xff8b\\x01\\x00\\x00\\x00\\x0f\\x03\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffa3\\x04\\x06\\xff8b\\x01\\x00\\x00\\xffe0\\xff9d\\x04\\x06\\xff8b\\x01\\x00\\x00\\xffe0\\xff9d\\x04\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc3\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff9d\\x04\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffc0\\xffc3\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x0f\\x03\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8oI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff94\\x04\\x06\\xff8b\\x01\\x00\\x00@\\xffc6\\x05\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000298"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:25:27,305",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xdaoI}\\x00\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xff\\xff\\xff\\xff\\xd85\\xc4\\\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\\\xf9\\x7f\\x00\\x00(\\xdboI}\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00K\\xb1n}\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:25:27,321",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient"
              },
              {
                "name": "DllBase",
                "value": "0x7ff975fe0000"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-crt-private-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d5b0000"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff975fe0000"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff975fe0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff975fe0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97604edf0"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff975fe0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff975ff0d80"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff975fe0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff975ff5980"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-string-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsGetStringRawBuffer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4d2330"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-security-base-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d6b0000"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97d6b0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-security-base-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d6dac70"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-1.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97b2e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-1.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetPackageFullNameFromToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97b2e35c0"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06050000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\xb0\\xe9\\x04\\x06\\x8b\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00(\\xea\\x04\\x06\\x8b\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xea\\x04\\x06\\x8b\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x88\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00x\\x00x\\x00\\x00\\x00\\x00\\x00x\\xea\\x04\\x06\\x8b\\x01\\x00\\x00H\\x00H\\x00\\x00\\x00\\x00\\x00\\xf0\\xea\\x04\\x06\\x8b\\x01\\x00\\x00P\\x00P\\x00\\x00\\x00\\x00\\x008\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00S\\x00t\\x00o\\x00r\\x00e\\x00P\\x00u\\x00r\\x00c\\x00h\\x00"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "GetLengthSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d714530"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "CopySid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d6e88d0"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "_o_free"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5c5f10"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-security-capability-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f990000"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f990000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-security-capability-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "sechost.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f990000"
              },
              {
                "name": "FunctionName",
                "value": "CapabilityCheck"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f99d6b0"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000029c"
              },
              {
                "name": "ValueName",
                "value": "packageQuery"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageQuery"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xd1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "packageManagement"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageManagement"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xd1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000214"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffa"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsIsStringEmpty"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4d3000"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsStringHasEmbeddedNull"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f49be60"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c005f89",
            "parentcaller": "0x7ff67c002935",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c005f89",
            "parentcaller": "0x7ff67c002935",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\xb0\\xe9\\x04\\x06\\x8b\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00(\\xea\\x04\\x06\\x8b\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xea\\x04\\x06\\x8b\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x88\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xa8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00x\\x00x\\x00\\x00\\x00\\x00\\x00x\\xea\\x04\\x06\\x8b\\x01\\x00\\x00H\\x00H\\x00\\x00\\x00\\x00\\x00\\xf0\\xea\\x04\\x06\\x8b\\x01\\x00\\x00P\\x00P\\x00\\x00\\x00\\x00\\x008\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00.\\x00S\\x00t\\x00o\\x00r\\x00e\\x00P\\x00u\\x00r\\x00c\\x00h\\x00"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06051000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xb0\\xe9\\x04\\x06\\x8b\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00x\\xea\\x04\\x06\\x8b\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xea\\x04\\x06\\x8b\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x96\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb0\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd0\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xf8\\xeb\\x04\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xec\\x04\\x06\\x8b\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00x\\x00x\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000214"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea9559b",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000214"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000035-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002aa"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\n\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\x9d\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x9f\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xdaw\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xcboI}\\x00\\x00\\x00X\\xcboI}\\x00\\x00\\x00(\\xcboI}\\x00\\x00\\x00H\\xcboI"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x9f\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xc9oI}\\x00\\x00\\x00\\xac\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x0f\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x9c\\x01\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x9c\\x01\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00z\n\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xc7oI}\\x00\\x00\\x00\\xb8\\xc7oI}\\x00\\x00\\x00\\x88\\xc7oI}\\x00\\x00\\x00\\xa8\\xc7oI"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x9c\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xc5oI}\\x00\\x00\\x00\\xac\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:25:27,352",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:25:27,899",
            "thread_id": "536",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b07a5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:25:27,899",
            "thread_id": "536",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b07b02000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:25:27,899",
            "thread_id": "536",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b07c02000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:25:27,899",
            "thread_id": "536",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b07d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea95fc9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:25:44,946",
            "thread_id": "3092",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xc7oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x00\\xc8oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Management.Deployment.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc5oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x90\\xc6oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc5oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x90\\xc6oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc4oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xc5oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Management.Deployment.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc3oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x10\\xc4oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc3oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x10\\xc4oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xc4oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Management.Deployment.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0605d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc2oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00P\\xc3oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:25:50,415",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc2oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00P\\xc3oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x90\\xc2oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002aa"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xbeoI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xf0\\xbfoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Windows.Management.Deployment.ProxyStubFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ae"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xbdoI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xbeoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xbdoI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xbeoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ae"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002ae"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "memcmp"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5f8a70"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x0b\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd8\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xdb\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00Jy\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xd4oI}\\x00\\x00\\x00\\xe8\\xd4oI}\\x00\\x00\\x00\\xb8\\xd4oI}\\x00\\x00\\x00\\xd8\\xd4oI"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xdb\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xd2oI}\\x00\\x00\\x00\\xa8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x0e\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00*\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd4\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xbd\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd1\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xea}\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xd1oI}\\x00\\x00\\x00H\\xd1oI}\\x00\\x00\\x00\\x18\\xd1oI}\\x00\\x00\\x008\\xd1oI"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd1\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xcfoI}\\x00\\x00\\x00\\xa8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0605e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:25:50,430",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "HSTRING_UserUnmarshal64"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f539890"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff975fe3a4c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff975fe3aa8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbf\\x01\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "memcpy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5f8b70"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d721cf0"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAceEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d725030"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeSecurityDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d7226e0"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d6b0000"
              },
              {
                "name": "FunctionName",
                "value": "SetSecurityDescriptorDacl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d7215c0"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea6f37e",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x0f\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x008\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xd1\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd6\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x1ag\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xdaoI}\\x00\\x00\\x00\\x98\\xdaoI}\\x00\\x00\\x00h\\xdaoI}\\x00\\x00\\x00\\x88\\xdaoI"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xd6\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd8oI}\\x00\\x00\\x00\\xac\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x0e\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00*\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xd0\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xbc\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xdb\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xba{\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xd7oI}\\x00\\x00\\x00\\xf8\\xd6oI}\\x00\\x00\\x00\\xc8\\xd6oI}\\x00\\x00\\x00\\xe8\\xd6oI"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xdb\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd4oI}\\x00\\x00\\x00\\xac\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06052000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea72950",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x0b\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd3\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xbe\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xd9\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xbae\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xd9oI}\\x00\\x00\\x00\\xf8\\xd8oI}\\x00\\x00\\x00\\xc8\\xd8oI}\\x00\\x00\\x00\\xe8\\xd8oI"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xd9\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd6oI}\\x00\\x00\\x00\\xa8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x0c\\x03\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xda\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xbf\\x01\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xda\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xday\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xd5oI}\\x00\\x00\\x00X\\xd5oI}\\x00\\x00\\x00(\\xd5oI}\\x00\\x00\\x00H\\xd5oI"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xda\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xd3oI}\\x00\\x00\\x00\\xa8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:25:52,571",
            "thread_id": "3092",
            "caller": "0x7ff97fd2d38f",
            "parentcaller": "0x7ff97fce99ff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd6oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xdboI}\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00Q\\xf2\\xd5y"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97fd2d3fd",
            "parentcaller": "0x7ff97fce99ff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "2"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97fd2d44a",
            "parentcaller": "0x7ff97fce99ff",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "2"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18 \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x014 \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x01\\x01\\x00\\x00@ \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x01\\x00\\x1f\\x00L \\x05\\x06\\x8b\\x01\\x00\\x00\\x0f\\x00\\x00\\x00 \\x02\\x00\\x00\\ \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x05l \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00x \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x84 \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90 \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9c \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8 \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xbc \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8 \\x05\\x06\\x8b\\x01\\x00\\x00\\x07\\x00\\x00\\x00:\\xb7\\x87c\\xd8 \\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0605f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06053000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:25:52,586",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06060000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06061000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06062000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06064000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06065000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06066000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06063000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06068000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06067000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06069000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af11cea",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af11f5a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af1111a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af1118a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af1111a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06070000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12b8a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06071000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12b8a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06072000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12b8a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06073000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12b8a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06074000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12a7a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06075000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12b8a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06076000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0xe5dd5af12b8a",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06077000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsCreateStringReference"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4c7ab0"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a0"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffe73I}\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xffb7\\xff87c\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd3oI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\x10z\\x07\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffc6NNy\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x108\\x07\\x06\\xff8b\\x01\\x00\\x00\\xffe8\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x10z\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\x10z\\x07\\x06\\xff8b\\x01\\x00\\x00\\x108\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00*\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x108\\x07\\x06\\xff8b\\x01\\x00\\x00\\xfff0i\\x07\\x06\\xff8b\\x01\\x00\\x00\\xfff0i\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10z\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0i\\x07\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\x10z\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00*\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd4oI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80i\\x07\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002a0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:25:52,602",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\twinapi.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff978400000"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:25:52,633",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:25:52,633",
            "thread_id": "3092",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:25:52,633",
            "thread_id": "3092",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel"
              },
              {
                "name": "DllBase",
                "value": "0x7ff969920000"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969920000"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff969920000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969920000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96992f4e0"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969920000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96992e310"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969920000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96992eed0"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f561a64",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88,\\x07\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " q\\x07\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x18\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8y\\x07\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xeaQ\\xe1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xed\\x7fI}\\x00\\x00\\x00H\\xed\\x7fI}\\x00\\x00\\x00\\x18\\xed\\x7fI}\\x00\\x00\\x008\\xed\\x7fI"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0y\\x07\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xeb\\x7fI}\\x00\\x00\\x00\\xcc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(-\\x07\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@u\\x07\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x18\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8{\\x07\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\nT\\xe1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xe9\\x7fI}\\x00\\x00\\x00\\xa8\\xe9\\x7fI}\\x00\\x00\\x00x\\xe9\\x7fI}\\x00\\x00\\x00\\x98\\xe9\\x7fI"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0{\\x07\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xe7\\x7fI}\\x00\\x00\\x00\\xcc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "4264",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06054000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f561aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52e198",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52e1d4",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "GipActivityBypass"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52e1ed",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06055000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}"
              },
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c6"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ce"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9699fc000"
              },
              {
                "name": "ModuleName",
                "value": "Windows.ApplicationModel.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97b2e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "FunctionName",
                "value": "PackageFamilyNameFromFullName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97b2e39e0"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Package"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "KeyInformation",
                "value": "f\\xff9cW3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffe73I}\\x00\\x00\\x00\\x12\\x00\\x00\\x004\\xffb7\\xff87c\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00\\xffe8\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd3oI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\x10w\\x07\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffc6NNy\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd02\\x07\\x06\\xff8b\\x01\\x00\\x00\\xffe8\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\x10w\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00\\x10w\\x07\\x06\\xff8b\\x01\\x00\\x00\\xffd02\\x07\\x06\\xff8b\\x01\\x00\\x00P/\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd02\\x07\\x06\\xff8b\\x01\\x00\\x00Pg\\x07\\x06\\xff8b\\x01\\x00\\x00Pg\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00Pg\\x07\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\x10w\\x07\\x06\\xff8b\\x01\\x00\\x00P/\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffd4oI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 l\\x07\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xffcd\\x05\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ucrtbase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d5b0000"
              },
              {
                "name": "FunctionName",
                "value": "_o_realloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97d5c5680"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06079000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06056000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0607b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0607c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0607d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0607e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0607f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0607a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f4ac77f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Status",
                "value": "Log limit reached"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06080000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06081000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06082000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06083000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06084000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06086000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06085000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06088000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06087000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06089000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0608a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0608c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0608d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0608e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06090000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0608b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06091000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06092000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06093000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:25:52,649",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0608f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06094000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06095000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0606c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fcd0880",
            "parentcaller": "0x7ff97fcd3008",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06069000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea9559b",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000002c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{69AD6AA7-0C49-5F27-A5EB-EF4D59467B6D}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{69AD6AA7-0C49-5F27-A5EB-EF4D59467B6D}"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{69ad6aa7-0c49-5f27-a5eb-ef4d59467b6d}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{69ad6aa7-0c49-5f27-a5eb-ef4d59467b6d}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbboI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x000\\xbcoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb9oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xbaoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb9oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xbaoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb8oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xb0\\xb9oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb7oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00@\\xb8oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xb7oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00@\\xb8oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb7oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xf0\\xb8oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xb6oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xb7oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xb6oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xb7oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb5oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xb6oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-03-05 10:25:52,665",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xb3oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00 \\xb4oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002da"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002da"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xb0\\xb2oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xb0\\xb2oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x04\t\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc09\t\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x14\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd87\t\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9au\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xc9oI}\\x00\\x00\\x00\\x18\\xc9oI}\\x00\\x00\\x00\\xe8\\xc8oI}\\x00\\x00\\x00\\x08\\xc9oI"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd07\t\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xc7oI}\\x00\\x00\\x00\\xd8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\n\t\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80:\t\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x11\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x187\t\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00:\\x08\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xc5oI}\\x00\\x00\\x00x\\xc5oI}\\x00\\x00\\x00H\\xc5oI}\\x00\\x00\\x00h\\xc5oI"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x107\t\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xc3oI}\\x00\\x00\\x00\\xd8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "HSTRING_UserFree64"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f541ac0"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-03-05 10:25:52,680",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-03-05 10:25:57,008",
            "thread_id": "3092",
            "caller": "0x7ff97ea5fbd2",
            "parentcaller": "0x7ff97ea5fb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-03-05 10:26:04,586",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1d0b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-03-05 10:26:04,586",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff975ff1e1c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "WindowsCreateString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4c8190"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-03-05 10:26:04,586",
            "thread_id": "3092",
            "caller": "0x7ff97d714dd6",
            "parentcaller": "0x7ff975ff1f1c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9760cc000"
              },
              {
                "name": "ModuleName",
                "value": "AppXDeploymentClient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-03-05 10:26:25,821",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea95fc9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-03-05 10:26:25,821",
            "thread_id": "3092",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-03-05 10:26:26,618",
            "thread_id": "7164",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7164"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-03-05 10:26:26,618",
            "thread_id": "7164",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-03-05 10:26:26,618",
            "thread_id": "536",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "536"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-03-05 10:26:26,618",
            "thread_id": "536",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97fd03738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-03-05 10:26:30,399",
            "thread_id": "5960",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523601",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000288"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.AppExtensions.AppExtensionCatalog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002c32",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000288"
              },
              {
                "name": "KeyInformation",
                "value": "\\x109U3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00t\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00A\\x00p\\x00p\\x00E\\x00x\\x00t\\x00e\\x00n\\x00s\\x00i\\x00o\\x00n\\x00s\\x00.\\x00A\\x00p\\x00p\\x00E\\x00x\\x00t\\x00e\\x00n\\x00s\\x00i\\x00o\\x00n\\x00C\\x00a\\x00t\\x00a\\x00l\\x00o\\x00g\\x00\\xfff9\\x7f\\x00\\x00x\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffddoI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffa6ENy\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8d\\x08\\x06\\xff8b\\x01\\x00\\x00x\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00P\\xff8d\\x08\\x06\\xff8b\\x01\\x00\\x00\\xff80\\x02\t\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8d\\x08\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xff90\\x08\\x06\\xff8b\\x01\\x00\\x00\\xffc0\\xff90\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xff90\\x08\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\xff80\\x02\t\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdeoI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff99\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Server"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppExtension.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000288"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7d00000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002ccb",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c005d4f",
            "parentcaller": "0x7ff67c002efa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c002fb8",
            "parentcaller": "0x7ff67c002849",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000288"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.AppExtensions.AppExtensionCatalog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000288"
              },
              {
                "name": "KeyInformation",
                "value": "\\x109U3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00t\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00A\\x00p\\x00p\\x00E\\x00x\\x00t\\x00e\\x00n\\x00s\\x00i\\x00o\\x00n\\x00s\\x00.\\x00A\\x00p\\x00p\\x00E\\x00x\\x00t\\x00e\\x00n\\x00s\\x00i\\x00o\\x00n\\x00C\\x00a\\x00t\\x00a\\x00l\\x00o\\x00g\\x00\\xfff9\\x7f\\x00\\x00x\\xfffe\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd7oI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffe6KNy\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8c\\x08\\x06\\xff8b\\x01\\x00\\x00x\\xfffe\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffe\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfffe\\x08\\x06\\xff8b\\x01\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00P\\xff8c\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x05\t\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff8c\\x08\\x06\\xff8b\\x01\\x00\\x00\\xffd0\\xff93\\x08\\x06\\xff8b\\x01\\x00\\x00\\xffd0\\xff93\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93\\x08\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xff90\\xffb6\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x05\t\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd8oI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xff97\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffe\\x08\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Server"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\AppExtension.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000288"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7d00000003"
              },
              {
                "name": "DataLength",
                "value": "316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-03-05 10:26:37,649",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\AppExtension"
              },
              {
                "name": "DllBase",
                "value": "0x7ff969730000"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\AppExtension.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969730000"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff969730000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\AppExtension.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969730000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff969740110"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969730000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff969738850"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff969730000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff969738c50"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969764000"
              },
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c00286c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969764000"
              },
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06057000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c0029ac",
            "parentcaller": "0x7ff67c00288b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00h\\x05\\x06\\x8b\\x01\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc8h\\x05\\x06\\x8b\\x01\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8h\\x05\\x06\\x8b\\x01\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xe6i\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8i\\x05\\x06\\x8b\\x01\\x00\\x00\\x14\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00j\\x05\\x06\\x8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18j\\x05\\x06\\x8b\\x01\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00 j\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@j\\x05\\x06\\x8b\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00Hj\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00hj\\x05\\x06\\x8b\\x01\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00x\\x00x\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff67c002af5",
            "parentcaller": "0x7ff67c00288b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea9559b",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000002c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xbboI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00`\\xbcoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-03-05 10:26:37,680",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb9oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xf0\\xbaoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb9oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xf0\\xbaoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb8oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xe0\\xb9oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb7oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00p\\xb8oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb7oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00p\\xb8oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xb8oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00 \\xb9oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb6oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xb0\\xb7oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb6oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xb0\\xb7oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb5oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xf0\\xb6oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb3oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00P\\xb4oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-03-05 10:26:37,696",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xe0\\xb2oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb1oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xe0\\xb2oI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff977880000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9778964c0"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-03-05 10:26:37,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff977896570"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\n\t\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@8\t\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x12\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb89\t\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xeau\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xc9oI}\\x00\\x00\\x00H\\xc9oI}\\x00\\x00\\x00\\x18\\xc9oI}\\x00\\x00\\x008\\xc9oI"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb09\t\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xc7oI}\\x00\\x00\\x00\\xe0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x05\t\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0;\t\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x14\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8:\t\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\n\\x08\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xc5oI}\\x00\\x00\\x00\\xa8\\xc5oI}\\x00\\x00\\x00x\\xc5oI}\\x00\\x00\\x00\\x98\\xc5oI"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0:\t\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xc3oI}\\x00\\x00\\x00\\xe0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-03-05 10:26:37,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-03-05 10:26:38,665",
            "thread_id": "2748",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x18b06005bd0"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977f8b000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977f8b000"
              },
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fcefdde",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fcefe08",
            "parentcaller": "0x7ff97f99d773",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e0"
              },
              {
                "name": "ValueName",
                "value": "packageQuery"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageQuery"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fcec6d8",
            "parentcaller": "0x7ff97fceff14",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xdcoI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fceff50",
            "parentcaller": "0x7ff97f99d773",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9697335ce",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff969734325",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff969734373",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x9f\\x10\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0610a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff969734259",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff969734259",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97fcb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff969734275",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlIsStateSeparationEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd284d0"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-03-05 10:26:38,711",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}"
              },
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f5330e5",
            "parentcaller": "0x7ff97f533077",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xbboI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x000\\xbcoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb9oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xbaoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xb9oI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xbaoI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e2"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\t\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@;\t\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x14\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98;\t\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x9au\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xc9oI}\\x00\\x00\\x00\\x18\\xc9oI}\\x00\\x00\\x00\\xe8\\xc8oI}\\x00\\x00\\x00\\x08\\xc9oI"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90;\t\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xc7oI}\\x00\\x00\\x00\\xdc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x06\t\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc06\t\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x14\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf82\t\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00:\\x08\\xf1Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xc5oI}\\x00\\x00\\x00x\\xc5oI}\\x00\\x00\\x00H\\xc5oI}\\x00\\x00\\x00h\\xc5oI"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf02\t\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xc3oI}\\x00\\x00\\x00\\xdc\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffa5`\\3\\xfff7\\xffab\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00D\\x00i\\x00a\\x00g\\x00n\\x00o\\x00s\\x00t\\x00i\\x00c\\x00s\\x00.\\x00A\\x00s\\x00y\\x00n\\x00c\\x00C\\x00a\\x00u\\x00s\\x00a\\x00l\\x00i\\x00t\\x00y\\x00T\\x00r\\x00a\\x00c\\x00e\\x00r\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe4oI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00pJ\\x06\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffd6~Ny\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffa8\\x04\\x06\\xff8b\\x01\\x00\\x00x\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00pJ\\x06\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00pJ\\x06\\x06\\xff8b\\x01\\x00\\x00\\xffd0\\xffa8\\x04\\x06\\xff8b\\x01\\x00\\x00@\\x06\t\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffa8\\x04\\x06\\xff8b\\x01\\x00\\x00`\\xff9a\\x04\\x06\\xff8b\\x01\\x00\\x00`\\xff9a\\x04\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pJ\\x06\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff9a\\x04\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00pJ\\x06\\x06\\xff8b\\x01\\x00\\x00@\\x06\t\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe5oI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9c\\x04\\x06\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002dc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97f480000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f535bd0"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f55f150"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff969738356",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dc13e",
            "parentcaller": "0x7ff969738396",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000002e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff9697383b7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000002e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff9697383e9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9697383fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff969738409",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df25b05",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd03I}\\x00\\x00\\x00\\x18\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3092"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x18b06109fc0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5400"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000002ec",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x18b06109fc0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "5400"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d727bc0",
            "parentcaller": "0x7ff97df25379",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002ec"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "5400"
              },
              {
                "name": "ProcessId",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df25394",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ec"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df25f99",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df253d0"
              },
              {
                "name": "Parameter",
                "value": "0x18b06109fc0"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df584de",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P4I}\\x00\\x00\\x00\\x18\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5400"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df3da8f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969764000"
              },
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff969764000"
              },
              {
                "name": "ModuleName",
                "value": "AppExtension.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.AppExtension"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f53e127",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f4"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00A\\x00p\\x00p\\x00E\\x00x\\x00t\\x00e\\x00n\\x00s\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0Ex\\x7f\\xfff9\\x7f\\x00\\x00x\\xfffb\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff1\\x1aI}\\x00\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00\\xffe6q;y\\xffe1\\xff84\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffab\\x04\\x06\\xff8b\\x01\\x00\\x00x\\xfffb\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffb\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\xff9dL\\x7f\\xfff9\\x7f\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfffb\\x08\\x06\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\xffd0\\xffab\\x04\\x06\\xff8b\\x01\\x00\\x00`$\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe6sL\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffab\\x04\\x06\\xff8b\\x01\\x00\\x00\\xfff0\\xff92\\x04\\x06\\xff8b\\x01\\x00\\x00\\xfff0\\xff92\\x04\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff92\\x04\\x06\\xff8b\\x01\\x00\\x00\\xff8c\\xffc2\\xffcd\\x7f\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\xff8b\\x01\\x00\\x00P\\xfffd\\x08\\x06\\xff8b\\x01\\x00\\x00`$\\x07\\x06\\xff8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xfff2\\x1aI}\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff96\\x04\\x06\\xff8b\\x01\\x00\\x00P\\xfffb\\x08\\x06\\xff8b\\x01\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Server"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f55028b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f53e0cd",
            "parentcaller": "0x7ff97f4d7888",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f542432",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7ff900000003"
              },
              {
                "name": "DataLength",
                "value": "184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "3092",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{83295BB9-10DF-530F-A0D7-BE05BA80CB18}"
              },
              {
                "name": "Handle",
                "value": "0x000002ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{83295BB9-10DF-530F-A0D7-BE05BA80CB18}"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-03-05 10:26:38,727",
            "thread_id": "5400",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Data",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f497deb",
            "parentcaller": "0x7ff97f5491c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f539fe2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f49c0fc",
            "parentcaller": "0x7ff97f5344a0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f537556",
            "parentcaller": "0x7ff97f53cd53",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b0605a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06096000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fcd2caa",
            "parentcaller": "0x7ff97fcd2fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemoryEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b06097000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97f4a6d3f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000300"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d724c7d",
            "parentcaller": "0x7ff97d6e4724",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b079e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97d728d05",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1507
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d724c7d",
            "parentcaller": "0x7ff97d6e4c6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x18b079f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f548cb1",
            "parentcaller": "0x7ff97f537de3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000308"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000339-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000339-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4d1e1e",
            "parentcaller": "0x7ff97f537d79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{21374459-F51F-462A-A7C1-53B8C35DD20B}"
              },
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{21374459-F51F-462A-A7C1-53B8C35DD20B}"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21374459-f51f-462a-a7c1-53b8c35dd20b}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21374459-f51f-462a-a7c1-53b8c35dd20b}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc9\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x000\\xca\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc7\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xc8\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc7\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xc8\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc5\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xf0\\xc6\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-03-05 10:26:38,743",
            "thread_id": "5400",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030a"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc4\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xc5\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc4\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\x80\\xc5\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030a"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc3\\x1aI}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\n\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00}\\x00\\x00\\x00\\xc0\\xc4\\x1aI}\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000030a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x0000030a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030a"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030a"
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-03-05 10:26:38,758",
            "thread_id": "5400",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff96b9e0000"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96b9e0000"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff96b9e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96b9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96b9e7340"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96b9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff96b9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96b9e7380"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97ea356e3",
            "parentcaller": "0x7ff97ea729cb",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5400",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-03-05 10:26:38,790",
            "thread_id": "5960",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523445",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{6EE39249-1E54-55B9-9171-97E8C6778A96}"
              },
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6EE39249-1E54-55B9-9171-97E8C6778A96}"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000312"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6ee39249-1e54-55b9-9171-97e8c6778a96}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000312"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6ee39249-1e54-55b9-9171-97e8c6778a96}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000312"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-03-05 10:26:38,805",
            "thread_id": "5400",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}"
              },
              {
                "name": "Handle",
                "value": "0x0000030e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000312"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000312"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000312"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030e"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000030c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\"\\x07\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00.\\x00C\\x00l\\x00i\\x00e\\x00n\\x00t\\x00.\\x00C\\x00B\\x00S\\x00\\x00\\x00LMEM8\\x00\\x00\\x00P\\xf4\\x06\\x06\\x8b\\x01\\x00\\x00\\xd8\\xf4\\x06\\x06"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xd3\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00F\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xba\\xbe7I\\x83\\x19\\xb5\\xdb\\xef\\x9c\\xcc6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x13\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd4\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00:`\\x84Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xdd\\x1aI}\\x00\\x00\\x00x\\xdd\\x1aI}\\x00\\x00\\x00H\\xdd\\x1aI}\\x00\\x00\\x00h\\xdd\\x1aI"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xd4\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xdb\\x1aI}\\x00\\x00\\x00\\x10\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcbf1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x89f1\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08%\\x07\\x06\\x8b\\x01\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00L\\x00o\\x00g\\x00o\\x00.\\x00p\\x00n\\x00g\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEM0\\x00\\x00\\x00\\xc8\\xf4\\x06\\x06\\x8b\\x01\\x00\\x00 d\\x07\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd2\\x05\\x06\\x8b\\x01\\x00\\x00`\\x00\\x00\\x00\\x8b\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\xd2\\x05\\x06\\x8b\\x01\\x00\\x000\\xd2\\x05\\x06\\x8b\\x01\\x00\\x00X\\xd2\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEMH\\x00\\x00\\x00(\\xe7\\x1aI"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x15\\x06\\x06\\x8b\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd4\\x05\\x06\\x8b\\x01\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00Zd\\x84Z\\xdd\\xe5\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xe0\\xd9\\x1aI}\\x00\\x00\\x00\\xd8\\xd9\\x1aI}\\x00\\x00\\x00\\xa8\\xd9\\x1aI}\\x00\\x00\\x00\\xc8\\xd9\\x1aI"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xd4\\x05\\x06\\x8b\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xd7\\x1aI}\\x00\\x00\\x00\\x10\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fcbc23a",
            "parentcaller": "0x7ff97fcbc30d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f519fa1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97d718e6e",
            "parentcaller": "0x7ff97df2712f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00P4I}\\x00\\x00\\x00\\x18\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5400"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-03-05 10:26:38,821",
            "thread_id": "5400",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-03-05 10:26:39,805",
            "thread_id": "3092",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff969732d08",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 1651
          }
        ],
        "threads": [
          "4804",
          "6856",
          "3528",
          "816",
          "4316",
          "6076",
          "3092",
          "5960",
          "4264",
          "536",
          "7164",
          "2748",
          "5400"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff67c000000",
          "MainExeSize": "0x0001c000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 4260,
        "process_name": "mobsync.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\mobsync.exe",
        "first_seen": "2026-03-05 10:25:32,290",
        "calls": [
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "6952",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "6952",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff6c0c147b0"
              },
              {
                "name": "Parameter",
                "value": "0xc3a6e86000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "5324",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 3,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "4392",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "4392",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "5324",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "5324",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "7076",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "7076",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "6652",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:25:32,524",
            "thread_id": "6652",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14861",
            "parentcaller": "0x7ff6c0c14608",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff6c0c14810"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c1452e",
            "parentcaller": "0x7ff6c0c1464d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2116115b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c1452e",
            "parentcaller": "0x7ff6c0c1464d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162be7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11611",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x211611322f8",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\mobsync.exe -Embedding"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6952"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000ad000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df93000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df92000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df92000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x13a\\x11\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xc3\\xe1\\x7f\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xc5\\xd3\\x7f\\xf9\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:25:32,540",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\SHCore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97df4b150"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e715000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11638",
            "parentcaller": "0x7ff6c0c11bd8",
            "category": "misc",
            "api": "CommandLineToArgvW",
            "status": true,
            "return": "0x2116113cf70",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\System32\\mobsync.exe -Embedding"
              },
              {
                "name": "NumArgs",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000001"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000228"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2ef000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000228"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:25:32,555",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000234"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "H\\xdd\\xbb\\x8f\\x07R\\x9e\\xeam\\xaa\\xb9\\x01\\x82\\xe1\\x14\\xafB\\xa1uI\\x06h\\xf0\\xf5[\\xf2\\x94\\x18uIMI=\\xb1\\x90\\xfb\\x92\\x16\\xf6\\x9a9L\\xc0+\\xb6fH\\xa7"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2116115c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11bf0",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161162000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:25:32,571",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000284"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x211611625b0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5200"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "5200",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "5200",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x211611625b0"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "1300",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161171000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "1300",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "1300",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x21161130b50"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "1300",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000294"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "1300",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161172000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "5204",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161174000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "5204",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:25:32,602",
            "thread_id": "5204",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x21161130b50"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:25:32,618",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:25:32,618",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:25:32,618",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SyncCenter"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9732d0000"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:25:32,649",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\\comctl32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff966910000"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:25:32,649",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966910000"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:25:32,649",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\SyncCenter.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9732d0000"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:25:32,665",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ActXPrxy"
              },
              {
                "name": "DllBase",
                "value": "0x7ff976c70000"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\actxprxy.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976c70000"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c45",
            "parentcaller": "0x7ff6c0c14709",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3734FF83-6764-44B7-A1B9-55F56183CDB0"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "07B3B2BA-90EE-4464-9F6F-A824B13B91C1"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              },
              {
                "name": "MutexName",
                "value": "Local\\SyncServiceThread"
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}"
              },
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:25:32,727",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd3\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00 \\xd4\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Sync Center (Private)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002de"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xde\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002de"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x98\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x94\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xd8\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x95\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00q\\x8c\\xc7\\xbe\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xd6\\xcb\\xa6\\xc3\\x00\\x00\\x00H\\xd6\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x18\\xd6\\xcb\\xa6\\xc3\\x00\\x00\\x008\\xd6\\xcb\\xa6"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x95\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xd4\\xcb\\xa6\\xc3\\x00\\x00\\x00\\xe4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x92\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00S\\x00y\\x00n\\x00c\\x00C\\x00e\\x00n\\x00t\\x00e\\x00r\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x97\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd9\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x98\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x91\\x8b\\xc7\\xbe\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00\\xa8\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00x\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x98\\xd2\\xcb\\xa6"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x98\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xd0\\xcb\\xa6\\xc3\\x00\\x00\\x00\\xe4\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}"
              },
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd3\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00 \\xd4\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Sync Center Client"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}"
              },
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd3\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00 \\xd4\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Sync Center Control"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}"
              },
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd3\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00 \\xd4\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Sync Center (Private)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}"
              },
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd3\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00 \\xd4\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Sync Center Schedule Wizard"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:25:32,743",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002e6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd1\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xe6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xd2\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e6"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:25:32,758",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002e4"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002e8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x0c2\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ec"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d5692",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "328"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96699e370"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d6b0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "468"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000002fc",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d6b0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "468"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df36d41",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97adb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97adb0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97adb7ce0"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d6b0"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97adb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "468",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f802aeb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97adb0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97adb7ce0"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df36d64",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df36d74",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d6f0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "6460"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000002fc",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d6f0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "6460"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df36d41",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:25:32,774",
            "thread_id": "6460",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161184000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6460",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6460",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d6f0"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df36d74",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161185000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000026e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}"
              },
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fa"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xb57\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00 \\xb67\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb37\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xb47\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb37\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xb47\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xb17\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xe0\\xb27\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb07\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00p\\xb17\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xb07\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00p\\xb17\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fa"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xaf7\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xfa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xb0\\xb07\\xa7\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x00000316"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000316"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000316"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000026e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000002fa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fa"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fa"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "5204",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6460",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6460",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfb7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd9\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000318"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:25:32,790",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000318"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000318"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xe7?\\xa7\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x065\\xd1\\x7f\\xf9\\x7f\\x00\\x00@5\\x89\\x7f\\xf9\\x7f\\x00\\x00\"\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000320"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000031c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97adb886c",
            "parentcaller": "0x7ff97adb80d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff9732d6c73",
            "parentcaller": "0x7ff97f7ee858",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020120"
              },
              {
                "name": "Message",
                "value": "0x00008001"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161189000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d2b48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "320"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966997f90"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff9732d2bc7",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerCollections"
              },
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerCollections"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97334f000"
              },
              {
                "name": "ModuleName",
                "value": "SyncCenter.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97334f000"
              },
              {
                "name": "ModuleName",
                "value": "SyncCenter.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff9732d2bfb",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "registry",
            "api": "RegEnumKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{00000000-0000-0000-0000-000000000000}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\HandlerCollections\\{00000000-0000-0000-0000-000000000000}"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d2c4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "324"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96698a1d0"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff9732d2c8c",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "registry",
            "api": "RegEnumKeyW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\HandlerCollections\\"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff9732d2ca5",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d325b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "322"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96698b810"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d340a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "334"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966993980"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a747ef60"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4212"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000032c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a747ef60"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4212"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df36d41",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:25:32,805",
            "thread_id": "468",
            "caller": "0x7ff97ea72a50",
            "parentcaller": "0x7ff97ea726ed",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "4212",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "5488",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161190000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000026e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033e"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000322"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000322"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000322"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161193000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x8a\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00-\\x005\\x005\\x00F\\x005\\x006\\x001\\x008\\x003\\x00C\\x00D\\x00B\\x000\\x00}\\x00\\\\x00I\\x00n\\x00P\\x00r\\x00o\\x00c\\x00S\\x00e\\x00r\\x00v\\x00e\\x00"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x90\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xd6\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x8a\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xe1\\xfd#\\xbf\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xc0\\xc4/\\xa7\\xc3\\x00\\x00\\x00\\xb8\\xc4/\\xa7\\xc3\\x00\\x00\\x00\\x88\\xc4/\\xa7\\xc3\\x00\\x00\\x00\\xa8\\xc4/\\xa7"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x8a\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xc2/\\xa7\\xc3\\x00\\x00\\x00 \\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x91\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00S\\x00y\\x00n\\x00c\\x00C\\x00e\\x00n\\x00t\\x00e\\x00r\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x91\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00m\\x00o\\x00b\\x00s\\x00y\\x00n\\x00c\\x00.\\x00e\\x00x\\x00e\\x00.\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd3\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x91\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x01\\xf9#\\xbf\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xc1/\\xa7\\xc3\\x00\\x00\\x00\\x18\\xc1/\\xa7\\xc3\\x00\\x00\\x00\\xe8\\xc0/\\xa7\\xc3\\x00\\x00\\x00\\x08\\xc1/\\xa7"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x91\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xbf/\\xa7\\xc3\\x00\\x00\\x00 \\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "1300",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "5488",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "468",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "468",
            "caller": "0x7ff9732d6dcb",
            "parentcaller": "0x7ff9732d6cce",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B8558612-DF5E-4F95-BB81-8E910B327FB2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "F566E43E-7497-4102-94EF-5F16500B2EF5"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:25:32,821",
            "thread_id": "468",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000026e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}"
              },
              {
                "name": "Handle",
                "value": "0x00000342"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000342"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033e"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000342"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x91\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x000\\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00m\\x00o\\x00b\\x00s\\x00y\\x00n\\x00c\\x00.\\x00e\\x00x\\x00e\\x00.\\x00L\\x00o\\x00"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x93\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00}\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x00C\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x004\\x006\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd3\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x8a\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00a\\x8b3\\xbf\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00@\\xd3?\\xa7\\xc3\\x00\\x00\\x008\\xd3?\\xa7\\xc3\\x00\\x00\\x00\\x08\\xd3?\\xa7\\xc3\\x00\\x00\\x00(\\xd3?\\xa7"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x8a\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xd1?\\xa7\\xc3\\x00\\x00\\x00<\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x8e\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x8b\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd6\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x93\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x81\\x863\\xbf\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xcf?\\xa7\\xc3\\x00\\x00\\x00\\x98\\xcf?\\xa7\\xc3\\x00\\x00\\x00h\\xcf?\\xa7\\xc3\\x00\\x00\\x00\\x88\\xcf?\\xa7"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x93\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xcd?\\xa7\\xc3\\x00\\x00\\x00<\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "468",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff977880000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9778964c0"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff977880000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff977896570"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x8b\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x90\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xd6\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x8b\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x001\\xfb;\\xbf\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x10\\xc37\\xa7\\xc3\\x00\\x00\\x00\\x08\\xc37\\xa7\\xc3\\x00\\x00\\x00\\xd8\\xc27\\xa7\\xc3\\x00\\x00\\x00\\xf8\\xc27\\xa7"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x8b\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xf8\\xc07\\xa7\\xc3\\x00\\x00\\x00D\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "q\\xff1\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x8c\\x17a\\x11\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x93\\x17a\\x11\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd3\\x17a\\x11\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x8d\\x17a\\x11\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00Q\\xf7;\\xbf\\xde\\xd0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00p\\xbf7\\xa7\\xc3\\x00\\x00\\x00h\\xbf7\\xa7\\xc3\\x00\\x00\\x008\\xbf7\\xa7\\xc3\\x00\\x00\\x00X\\xbf7\\xa7"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x8d\\x17a\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xbd7\\xa7\\xc3\\x00\\x00\\x00D\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000340"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ec20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00115000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ed31000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ecfc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ecfc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ecfd000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ecfd000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ecfc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ecfc000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\n\\x00\\x00\\x00\\x02\\x00\\x00\\x00E\\x00D\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00C\\x00:\\x00\\x00\\x00\\x02\\x00\\x00\\x00M\\x00E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00\\\\x00U\\x00s\\x00\\x02\\x00\\x00\\x00s\\x00\\\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0n\\x18a\\x11\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x11\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x14\\x00\\x02\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x18\\x00\\xf8\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x18\\x00\\x01\\x00\\x1f\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\x00.\\x00`\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\nl\\x7f\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\nl\\x7f\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:25:32,836",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97ec20000"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "5204",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d780"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3688"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "5204",
            "caller": "0x7ff97d6e55ef",
            "parentcaller": "0x7ff97eb7b5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000002f8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d780"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3688"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "5204",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97df36d41",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:25:32,883",
            "thread_id": "3688",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:25:32,993",
            "thread_id": "468",
            "caller": "0x7ff9732d68d5",
            "parentcaller": "0x7ff97eaa96e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:25:32,993",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\msctf"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97ec20000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97ec609c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:25:32,993",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fa59000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:25:32,993",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fa59000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:25:32,993",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:25:32,993",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fa59000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fa59000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfe6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dfe6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000350"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000350"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc3a6cbcf50"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Windows\\Theme1252737088"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\Theme396365851"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000034c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x211642e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc3a6cbd670"
              },
              {
                "name": "ViewSize",
                "value": "0x000e2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000354"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c00000"
              },
              {
                "name": "SectionOffset",
                "value": "0xc3a6cbd670"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd2f9a0"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4260:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11c66",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7e0000"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a747ef60"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161199000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x7ff9732d27c9",
            "parentcaller": "0x7ff9732d210d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers"
              },
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x7ff9732d27fb",
            "parentcaller": "0x7ff9732d210d",
            "category": "registry",
            "api": "RegEnumKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{750fdf10-2a26-11d1-a3ea-080036587f03}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\{750fdf10-2a26-11d1-a3ea-080036587f03}"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x7ff9732d28aa",
            "parentcaller": "0x7ff9732d210d",
            "category": "registry",
            "api": "RegEnumKeyW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "4212",
            "caller": "0x7ff9732d28c3",
            "parentcaller": "0x7ff9732d210d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "5488",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "5488",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x21161130b50"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "5488",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2116119c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df36d74",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "468",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97332b59a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "332"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966989850"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "468",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "468",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97e792000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "468",
            "caller": "0x7ff97df41ba3",
            "parentcaller": "0x7ff9732d1ed1",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000007"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "468",
            "caller": "0x7ff97df41b41",
            "parentcaller": "0x7ff9732d1ed1",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              },
              {
                "name": "ValueName",
                "value": "StartAtLogin"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "0"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\StartAtLogin"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "468",
            "caller": "0x7ff97df41bbb",
            "parentcaller": "0x7ff9732d1ed1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "6460",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000328"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "3688",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "3688",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97df3be80"
              },
              {
                "name": "Parameter",
                "value": "0xc3a737d780"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "3688",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d61a6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "3688",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d61a6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:25:33,008",
            "thread_id": "3688",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000035c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11cb4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "4212",
            "caller": "0x7ff9732d3ed0",
            "parentcaller": "0x7ff9732d4d49",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "4212",
            "caller": "0x7ff9732d3ef1",
            "parentcaller": "0x7ff9732d4d49",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "4212",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff9732d3f7d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "4212",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff9732d3f7d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "ValueName",
                "value": "Isolate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\{750fdf10-2a26-11d1-a3ea-080036587f03}\\Isolate"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "4212",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff9732d3f7d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df36d64",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:25:33,024",
            "thread_id": "5204",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97df36d74",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:25:33,071",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11cb4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WTSAPI32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a420000"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:25:33,071",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11cb4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:25:33,086",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11cb4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\SyncInfrastructure"
              },
              {
                "name": "DllBase",
                "value": "0x7ff973f20000"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:25:33,086",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11cb4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\SyncInfrastructure.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973f20000"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:25:33,086",
            "thread_id": "4212",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\cscui"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965160000"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:25:33,102",
            "thread_id": "4212",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff9651628f7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff966910000"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:25:33,102",
            "thread_id": "4212",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cscui.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965160000"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff9732d3fc5",
            "parentcaller": "0x7ff9732d4d49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "750FDF10-2A26-11D1-A3EA-080036587F03"
              },
              {
                "name": "ClsContext",
                "value": "0x00000015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "04EC2E43-AC77-49F9-9B98-0307EF7A72A2"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff96516310b",
            "parentcaller": "0x7ff965162f52",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x21162c70a58",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff965160000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff965163122",
            "parentcaller": "0x7ff965162f52",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x21162c72008",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff965160000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x21162c70a58"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97d6e3b98",
            "parentcaller": "0x7ff97d6f0922",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000080"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11cb4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "896C2B1D-3586-4FA5-B419-41F4A6D38CF1"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "F9EBBF2D-0C5D-4BF1-AE24-A30F7796D178"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6f06f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb60000"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97d6f06f8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97eb60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97d6f0713",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb6a190"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97d6f072a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97eb60000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97eb7fe60"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97a431000"
              },
              {
                "name": "ModuleName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97a431000"
              },
              {
                "name": "ModuleName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "WINSTA.dll"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\winsta.dll"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97eb6a6ca",
            "parentcaller": "0x7ff97eb6a30d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000394"
              },
              {
                "name": "ValueName",
                "value": "ru"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff96516310b",
            "parentcaller": "0x7ff965162f52",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x21162c70b28",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff965160000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#272"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff965163122",
            "parentcaller": "0x7ff965162f52",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x21162c750f4",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff965160000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x21162c70b28"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff96516310b",
            "parentcaller": "0x7ff965162f52",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x21162c70b28",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff965160000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#272"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff965163122",
            "parentcaller": "0x7ff965162f52",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x21162c750f4",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff965160000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x21162c70b28"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\winsta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\winsta.dll"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d0b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97df41ba3",
            "parentcaller": "0x7ff9732d4436",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000007"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97df41b41",
            "parentcaller": "0x7ff9732d4436",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "SyncTime"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "BufferLength",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\SyncTime"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97df41bbb",
            "parentcaller": "0x7ff9732d4436",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d0e9000"
              },
              {
                "name": "ModuleName",
                "value": "WINSTA.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fccfad7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d0e9000"
              },
              {
                "name": "ModuleName",
                "value": "WINSTA.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d0e9000"
              },
              {
                "name": "ModuleName",
                "value": "WINSTA.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WINSTA"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97d0b0000"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\winsta"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97d0b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97d0bb770"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fd6e5a7",
            "parentcaller": "0x7ff97fccfaf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97a431000"
              },
              {
                "name": "ModuleName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fcc5157",
            "parentcaller": "0x7ff97fcc43ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CSCAPI.dll"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97a431000"
              },
              {
                "name": "ModuleName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fd0f2eb",
            "parentcaller": "0x7ff97fd0f177",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cscapi.dll"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fd0fc0c",
            "parentcaller": "0x7ff97fd0f720",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cscapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fd0fc6e",
            "parentcaller": "0x7ff97fd0f720",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000398"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cscapi.dll"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:25:33,118",
            "thread_id": "4212",
            "caller": "0x7ff97fcc4d42",
            "parentcaller": "0x7ff97fcc4aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000398"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965230000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcbfee4",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523f000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcbffb5",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523a000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcbffed",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523a000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcc0068",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523a000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcc009c",
            "parentcaller": "0x7ff97fcbfad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523a000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcc5082",
            "parentcaller": "0x7ff97fcc79d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523a000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fd0fcd8",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000398"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fd0fce1",
            "parentcaller": "0x7ff97fd0f720",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523a000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:25:33,133",
            "thread_id": "4212",
            "caller": "0x7ff97fcf7bec",
            "parentcaller": "0x7ff97fce288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CSCAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965230000"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003bc"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c0"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Winsta.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97d0b0000"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000242"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}"
              },
              {
                "name": "Handle",
                "value": "0x000003c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe9\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\x10\\xea\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003c2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "SyncInfrastructure Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003c2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xe7\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xa0\\xe8\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003c2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xe7\\xcb\\xa6\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc2\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xc3\\x00\\x00\\x00\\xa0\\xe8\\xcb\\xa6\\xc3\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003c2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003c2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c2"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:25:33,165",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11ccf",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fd1c237",
            "parentcaller": "0x7ff97fd1bfca",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\cscapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965230000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff965233330"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9651d2000"
              },
              {
                "name": "ModuleName",
                "value": "cscui.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9651d2000"
              },
              {
                "name": "ModuleName",
                "value": "cscui.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523f000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523f000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231dcd",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenSCManagerW",
            "status": true,
            "return": "0x21161163050",
            "arguments": [
              {
                "name": "MachineName",
                "value": ""
              },
              {
                "name": "DatabaseName",
                "value": ""
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231df5",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenServiceW",
            "status": true,
            "return": "0x211611a1510",
            "arguments": [
              {
                "name": "ServiceControlManager",
                "value": "0x21161163050"
              },
              {
                "name": "ServiceName",
                "value": "Csc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523f000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff96523f000"
              },
              {
                "name": "ModuleName",
                "value": "CSCAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231e80",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenSCManagerW",
            "status": true,
            "return": "0x21161163050",
            "arguments": [
              {
                "name": "MachineName",
                "value": ""
              },
              {
                "name": "DatabaseName",
                "value": ""
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231ea8",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenServiceW",
            "status": true,
            "return": "0x211611a1900",
            "arguments": [
              {
                "name": "ServiceControlManager",
                "value": "0x21161163050"
              },
              {
                "name": "ServiceName",
                "value": "CscService"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231dcd",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenSCManagerW",
            "status": true,
            "return": "0x21161163050",
            "arguments": [
              {
                "name": "MachineName",
                "value": ""
              },
              {
                "name": "DatabaseName",
                "value": ""
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231df5",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenServiceW",
            "status": true,
            "return": "0x211611a1870",
            "arguments": [
              {
                "name": "ServiceControlManager",
                "value": "0x21161163050"
              },
              {
                "name": "ServiceName",
                "value": "Csc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231e80",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenSCManagerW",
            "status": true,
            "return": "0x21161163050",
            "arguments": [
              {
                "name": "MachineName",
                "value": ""
              },
              {
                "name": "DatabaseName",
                "value": ""
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff965231ea8",
            "parentcaller": "0x7ff965231d03",
            "category": "services",
            "api": "OpenServiceW",
            "status": true,
            "return": "0x211611a1360",
            "arguments": [
              {
                "name": "ServiceControlManager",
                "value": "0x21161163050"
              },
              {
                "name": "ServiceName",
                "value": "CscService"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df2af28",
            "parentcaller": "0x7ff9732d394d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000007"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Handle",
                "value": "0x000003dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df2af81",
            "parentcaller": "0x7ff9732d394d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              },
              {
                "name": "ValueName",
                "value": "Connected"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df2afd1",
            "parentcaller": "0x7ff9732d394d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df41ba3",
            "parentcaller": "0x7ff9732d3ac9",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000007"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df41b41",
            "parentcaller": "0x7ff9732d3ac9",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "0"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df41bbb",
            "parentcaller": "0x7ff9732d3ac9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df41ba3",
            "parentcaller": "0x7ff9732d3bee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000007"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00000002",
                "pretty_value": "KEY_SET_VALUE"
              },
              {
                "name": "Handle",
                "value": "0x000003dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df41b41",
            "parentcaller": "0x7ff9732d3bee",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              },
              {
                "name": "ValueName",
                "value": "Connected"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97df41bbb",
            "parentcaller": "0x7ff9732d3bee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:25:33,227",
            "thread_id": "4212",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff965163d25",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "320"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966997f90"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f4fb2f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000352-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff965163e2b",
            "parentcaller": "0x7ff9732d4dea",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": false,
            "return": "0xffffffff80070005",
            "arguments": [
              {
                "name": "rclsid",
                "value": "69486DD6-C19F-42E8-B508-A53F9F8E67B8"
              },
              {
                "name": "ClsContext",
                "value": "0x00004015",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_FAILURE_LOG"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff965163fa0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "388"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff966997390"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d2564",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d2583",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d25c4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "386"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff96699e480"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff9732d531a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff966910000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "321"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9669973c0"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4212"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "4212",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d3552",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d61a6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d61a6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d6349",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d6349",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3688"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "3688",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff9732d454d",
            "parentcaller": "0x7ff9732d2f7a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerCollections"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerCollections"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff9732d45b0",
            "parentcaller": "0x7ff9732d2f7a",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\HandlerCollections\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff9732d454d",
            "parentcaller": "0x7ff9732d2f97",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers"
              },
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:25:33,258",
            "thread_id": "6460",
            "caller": "0x7ff9732d45b0",
            "parentcaller": "0x7ff9732d2f97",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x00000001"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:25:36,633",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:25:36,633",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:25:36,633",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:25:36,633",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:25:39,977",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:25:39,977",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:25:39,977",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:25:39,977",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d456f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d42",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d42",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff9732d30cc",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "windows",
            "api": "PostThreadMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "ThreadId",
                "value": "6952"
              },
              {
                "name": "Message",
                "value": "18"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d30e0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d30f6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d310c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6e1fae",
            "parentcaller": "0x7ff9732d3183",
            "category": "threading",
            "api": "NtOpenThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "0x00100000"
              },
              {
                "name": "ProcessId",
                "value": "4260"
              },
              {
                "name": "ThreadId",
                "value": "18446744072221093896"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff9732d31a1",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00020120"
              },
              {
                "name": "Message",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d31ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff9732d31ba",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "468",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "468",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "468"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "468",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "468",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "468",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "468",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff9732d31d4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff9732d31e9",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff9732d31fe",
            "parentcaller": "0x7ff9732d1ef9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6460"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000360"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6460",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d54",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49246"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49247"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x211642e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d6b",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2116115c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x211611a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2116116b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161175000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162ba0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000242"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21161175000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\cscui"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965160000"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c0"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003bc"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c4"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c8"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CSCAPI"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965230000"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 10:25:43,336",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965230000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965160000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ActXPrxy"
              },
              {
                "name": "DllBase",
                "value": "0x7ff976c70000"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff976c70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SyncCenter"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9732d0000"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9732d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000380"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\SyncInfrastructure"
              },
              {
                "name": "DllBase",
                "value": "0x7ff973f20000"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WTSAPI32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97a420000"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97a420000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff973f20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff977880000"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff977880000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11d9a",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11dc4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d8"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11dc4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d4"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11dc4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11dc4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11dc4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c8"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c11dc4",
            "parentcaller": "0x7ff6c0c14709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000214"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 10:25:43,352",
            "thread_id": "5204",
            "caller": "0x7ff97ea7d257",
            "parentcaller": "0x7ff97ea7d1b6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162c10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x21162bb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x2116115c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 10:25:43,368",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f4"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000200"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000018c"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000190"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000188"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000017c"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000015c"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000160"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000158"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000140"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000144"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000148"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000150"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000154"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97def0000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97def0000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000138"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000013c"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000134"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000118"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000011c"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000120"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000124"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000128"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000130"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000012c"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f8"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000fc"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f0"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e8"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000ec"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e4"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e0"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d4"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000c0"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000c4"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000098"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000009c"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000a0"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000a0"
              },
              {
                "name": "ValueName",
                "value": "DisableMetaFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000a0"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000a0"
              },
              {
                "name": "ValueName",
                "value": "DisableUmpdBufferSizeCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000a0"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x211611a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000094"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000090"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000008c"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000019c"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000084"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000064"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000044"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000005c"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000060"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 10:25:43,383",
            "thread_id": "6952",
            "caller": "0x7ff6c0c14720",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 978
          }
        ],
        "threads": [
          "6952",
          "5324",
          "4392",
          "7076",
          "6652",
          "5200",
          "1300",
          "5204",
          "468",
          "6460",
          "4212",
          "5488",
          "3688"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\System32\\mobsync.exe -Embedding",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff6c0c10000",
          "MainExeSize": "0x0001e000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 6708,
        "process_name": "dllhost.exe",
        "parent_id": 772,
        "module_path": "C:\\Windows\\System32\\dllhost.exe",
        "first_seen": "2026-03-05 10:26:38,868",
        "calls": [
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "4944",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "4944",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff7990014e0"
              },
              {
                "name": "Parameter",
                "value": "0x2f339e7000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "1064",
            "caller": "0x7ff97fd0eaa2",
            "parentcaller": "0x7ff97fcc77c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 3,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "3376",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "3376",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "1064",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "1064",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "3864",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "3864",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "6992",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbeb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "6992",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 10:26:39,055",
            "thread_id": "6992",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff95ca5d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001349",
            "parentcaller": "0x7ff7990013dc",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff799001b60"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000206"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4944"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2ef000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e5000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 10:26:39,071",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97b2e0000"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97b2e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97b2e3f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dce7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97dc80000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e4"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000001e4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xf27\\xc4\\x7f\\xe5\\xd6\\xc8\\x8a\\x03-`M\\xe2\\x12\\xb1\\xb4\\x1d\\xa5\\x83\\xbcl\\xffJ4\\x15\\xc8\\xbd\\xdf\\xfa)\\xd3\\x85\\xbfj\\xf8\\x93\\xe5i\\x93\\x83\\xcbh\\xfa\\x9c6zT\\xac"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97dc80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97dcb8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97eb4d000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff799001153",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CLSIDFromOle1Class"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f52fa90"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xf3\\xaf3/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ft\\xc4\\\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xf4\\xaf3/\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000200"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 10:26:39,086",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6708:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdb90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x2f33aff420"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x00000204"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              },
              {
                "name": "ValueName",
                "value": "Com+Enabled"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000204"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "clbcatq.dll"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000204"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000a9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f254000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f229000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f228000"
              },
              {
                "name": "ModuleName",
                "value": "clbcatq.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97f1b0000"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\MaximumCommitCondition"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\clbcatq"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f1b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff97f1cd990"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\__ComCatalogCache__"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdba0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x2f33aff170"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbf2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x14\\\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000218"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x2f33afec40"
              },
              {
                "name": "ViewSize",
                "value": "0x00006000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Registration\\R000000000006.clb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cf597000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cf599000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000021e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "RunAs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "ActivateAtStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x00000222"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000222"
              },
              {
                "name": "ValueName",
                "value": "ROTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000222"
              },
              {
                "name": "ValueName",
                "value": "AppIDFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000222"
              },
              {
                "name": "ValueName",
                "value": "MGOTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000222"
              },
              {
                "name": "ValueName",
                "value": "ProcessMitigationPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000222"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "LegacyAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "ValueName",
                "value": "LegacyImpersonationLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "RemoteServerName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "SRPTrustLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "PreferredServerBitness"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "LoadUserSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xec\\xaf3/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00P\\xf6\\xaf3/\\x00\\x00\\x00pQx\\x7f\\xf9\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000220"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000220"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegNotifyChangeKeyValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\"
              },
              {
                "name": "NotifyFilter",
                "value": "0x10000005"
              },
              {
                "name": "WatchSubtree",
                "value": "1"
              },
              {
                "name": "Asynchronous",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              },
              {
                "name": "ValueName",
                "value": "ProtectionLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021e"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 10:26:39,102",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbf3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbf5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcb93b0"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd4fc40"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fcf24a0"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd0cbc0"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000228"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000228"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbf7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000228"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xeb\\xaf3/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ft\\xc4\\\\xf9\\x7f\\x00\\x00\\x98q\\xc4\\\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x10\\xec\\xaf3/\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022e"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x0000022a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022a"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022a"
              },
              {
                "name": "ValueName",
                "value": "AccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AccessPermission"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022a"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x00000228"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x1c\\xbf\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00002100"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xf0\\xaf3/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\x01n}\\xf9\\x7f\\x00\\x00\\x96*\\xfd\\x1bg\\xa0\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001a34"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.6708"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbf9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbfa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbfb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x0000023a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000023a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000023e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023e"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023a"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "NdrOleExtDLL"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "NdrOleInitializeExtension"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f554410"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xfd\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x80\\xf1\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x15\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x06\\x1f\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xe6\\xaf3/\\x00\\x00\\x00\\xc8\\xe6\\xaf3/\\x00\\x00\\x00\\x98\\xe6\\xaf3/\\x00\\x00\\x00\\xb8\\xe6\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xe4\\xaf3/\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xf2\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x18\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xe6\\x1b\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xe3\\xaf3/\\x00\\x00\\x00(\\xe3\\xaf3/\\x00\\x00\\x00\\xf8\\xe2\\xaf3/\\x00\\x00\\x00\\x18\\xe3\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xe1\\xaf3/\\x00\\x00\\x00<\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000240"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbeaa90"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2876"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000240",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbeaa90"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2876"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xfd\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x1b\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00v#\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xea\\xaf3/\\x00\\x00\\x00\\x98\\xea\\xaf3/\\x00\\x00\\x00h\\xea\\xaf3/\\x00\\x00\\x00\\x88\\xea\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8\\xaf3/\\x00\\x00\\x00H\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x80\\xf1\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x16\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd6\\x1f\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7\\xaf3/\\x00\\x00\\x00\\xf8\\xe6\\xaf3/\\x00\\x00\\x00\\xc8\\xe6\\xaf3/\\x00\\x00\\x00\\xe8\\xe6\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4\\xaf3/\\x00\\x00\\x00H\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xfd\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x17\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00v#\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xea\\xaf3/\\x00\\x00\\x00\\x98\\xea\\xaf3/\\x00\\x00\\x00h\\xea\\xaf3/\\x00\\x00\\x00\\x88\\xea\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8\\xaf3/\\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x80\\xf1\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x19\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd6\\x1f\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7\\xaf3/\\x00\\x00\\x00\\xf8\\xe6\\xaf3/\\x00\\x00\\x00\\xc8\\xe6\\xaf3/\\x00\\x00\\x00\\xe8\\xe6\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4\\xaf3/\\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 10:26:39,118",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000024c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xf5\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00t\\x00y\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00s\\x00o\\x00n\\x00a\\x00t\\x00i\\x00o\\x00n\\x00 \\x00D\\x00y\\x00n\\x00a\\x00m\\x00i\\x00c\\x00 \\x00F\\x00a\\x00l\\x00s\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "x\\x1a\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00v#\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xea\\xaf3/\\x00\\x00\\x00\\x98\\xea\\xaf3/\\x00\\x00\\x00h\\xea\\xaf3/\\x00\\x00\\x00\\x88\\xea\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8\\xaf3/\\x00\\x00\\x00P\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xfd\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x18\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd6\\x1f\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7\\xaf3/\\x00\\x00\\x00\\xf8\\xe6\\xaf3/\\x00\\x00\\x00\\xc8\\xe6\\xaf3/\\x00\\x00\\x00\\xe8\\xe6\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4\\xaf3/\\x00\\x00\\x00P\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xfd\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x18\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00v#\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xa0\\xea\\xaf3/\\x00\\x00\\x00\\x98\\xea\\xaf3/\\x00\\x00\\x00h\\xea\\xaf3/\\x00\\x00\\x00\\x88\\xea\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xf0\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xe8\\xaf3/\\x00\\x00\\x00L\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbfd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xf3\\xbd\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x1a\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd6\\x1f\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xe7\\xaf3/\\x00\\x00\\x00\\xf8\\xe6\\xaf3/\\x00\\x00\\x00\\xc8\\xe6\\xaf3/\\x00\\x00\\x00\\xe8\\xe6\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xf4\\xbd\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xe4\\xaf3/\\x00\\x00\\x00L\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdc00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "2876",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "2876",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbeaa90"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "5816",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "5816",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbc0b50"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "5816",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000248"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "5816",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdc02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000264"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbea8d0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4820"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000264",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbea8d0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4820"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4872",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4872",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbc0b50"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 10:26:39,133",
            "thread_id": "4820",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdc04000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5232b0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbea8d0"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97adb0000"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f802a87",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff97adb0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f802aeb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97adb0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97adb7ce0"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 10:26:39,149",
            "thread_id": "4820",
            "caller": "0x7ff97adb7d20",
            "parentcaller": "0x7ff97f802cbc",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97fcc67b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xeaO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fcc67ec",
            "parentcaller": "0x7ff97d731590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000270"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6df9c4",
            "parentcaller": "0x7ff97d6debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000270"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6de614",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6de648",
            "parentcaller": "0x7ff97adedb79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97adb886c",
            "parentcaller": "0x7ff97adb80d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000280"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000284"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p7\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x1b\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xf6\"\\x1d\\x1cg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00 \\xecO4/\\x00\\x00\\x00\\x18\\xecO4/\\x00\\x00\\x00\\xe8\\xebO4/\\x00\\x00\\x00\\x08\\xecO4"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xeaO4/\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08@\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0D\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x18\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88;\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00V!\\x1d\\x1cg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x80\\xe8O4/\\x00\\x00\\x00x\\xe8O4/\\x00\\x00\\x00H\\xe8O4/\\x00\\x00\\x00h\\xe8O4"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80;\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00h\\xe6O4/\\x00\\x00\\x00\\x88\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdc09000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8@\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "PE\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x1b\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "h=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00&\\x1e\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xf0\\xe7\\xaf3/\\x00\\x00\\x00\\xe8\\xe7\\xaf3/\\x00\\x00\\x00\\xb8\\xe7\\xaf3/\\x00\\x00\\x00\\xd8\\xe7\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xe5\\xaf3/\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88>\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0?\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00g\\xfe\\x00\\x00\\xf0\\x00\\xbc\\xcd\\x01\\x02\\x00\\x00\\xf0\\x00\\xbc\\xcd\\x01\\x02\\x00\\x00`\\x00\\xbc\\xcd\\x01\\x02\\x00\\x00`\\x00\\xbc\\xcd\\x01\\x02\\x00\\x00\\x00@\\xc0\\xcd"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\x15\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88D\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x86\\x1a\\xfd\\x1bg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00P\\xe4\\xaf3/\\x00\\x00\\x00H\\xe4\\xaf3/\\x00\\x00\\x00\\x18\\xe4\\xaf3/\\x00\\x00\\x008\\xe4\\xaf3"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80D\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xe2\\xaf3/\\x00\\x00\\x00\\x90\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000288"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbf1210"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5376"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000288",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbf1210"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5376"
              },
              {
                "name": "ProcessId",
                "value": "6708"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              },
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "5376",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "5376",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97f5680f0"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbf1210"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "5376",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f568109",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "5376",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f568109",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "Milliseconds",
                "value": "30000"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "5376",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5376"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "5376",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97eb7703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 10:26:39,165",
            "thread_id": "4872",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000028c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4a8cf0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1aR4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f4a8c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f52d757",
            "parentcaller": "0x7ff97f4a3d92",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x201cdbc23e8",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdc0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55448f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544b9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f5544e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f529ab0"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55450d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f5331b0"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554537",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f531ea0"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f554561",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4aa430"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f55458b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f55439f",
            "parentcaller": "0x7ff97fcf3900",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc3/4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\x10\\xc4/4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Class Factory for Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002aa"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Apartment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ae"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc1/4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xa0\\xc2/4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc1/4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xaa\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xa0\\xc2/4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002aa"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002aa"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002aa"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f5297e2",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f52981a",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "ValueName",
                "value": "MaxSxSHashCount"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f529833",
            "parentcaller": "0x7ff97f515a74",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f52e198",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\COM3"
              },
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f52e1d4",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "ValueName",
                "value": "GipActivityBypass"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f52e1ed",
            "parentcaller": "0x7ff97f4e765f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88D\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "pC\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x1d\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "(;\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\x06\\x0f\\x1d\\x1cg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\xd0\\xd6O4/\\x00\\x00\\x00\\xc8\\xd6O4/\\x00\\x00\\x00\\x98\\xd6O4/\\x00\\x00\\x00\\xb8\\xd6O4"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 ;\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd4O4/\\x00\\x00\\x00\\xb8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8E\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x908\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x1b\\xbf\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe88\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xe6\\x0b\\x1d\\x1cg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x000\\xd3O4/\\x00\\x00\\x00(\\xd3O4/\\x00\\x00\\x00\\xf8\\xd2O4/\\x00\\x00\\x00\\x18\\xd3O4"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe08\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd1O4/\\x00\\x00\\x00\\xb8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d724c7d",
            "parentcaller": "0x7ff97d6e4724",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cf580000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6e2378",
            "parentcaller": "0x7ff97d728d05",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6e4b41",
            "parentcaller": "0x7ff97d6e4311",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97d6e4d36",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d724c7d",
            "parentcaller": "0x7ff97d6e4c6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cf6a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97d6e4ced",
            "parentcaller": "0x7ff97d6e4c9d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97fcbe715",
            "parentcaller": "0x7ff97fcbe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdc0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "5816",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 10:26:39,180",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xcdO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xe0\\xceO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Class Factory for Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Apartment"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xccO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00p\\xcdO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xccO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00p\\xcdO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c6"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "Data",
                "value": "{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f5555b3",
            "parentcaller": "0x7ff97f4d503c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4d5067",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002ca"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Thumbnail Cache Out of Proc Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "DllSurrogate"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b9bef",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "RunAs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b9d0a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "ActivateAtStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b9e29",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b9e7d",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ba"
              },
              {
                "name": "ValueName",
                "value": "ROTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b9ed0",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ba"
              },
              {
                "name": "ValueName",
                "value": "AppIDFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b9f20",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ba"
              },
              {
                "name": "ValueName",
                "value": "MGOTFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b9f74",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ba"
              },
              {
                "name": "ValueName",
                "value": "ProcessMitigationPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b9f97",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ba"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f549228",
            "parentcaller": "0x7ff97f4b9fbb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "LaunchPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba000",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000002b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba042",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "LegacyAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba095",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "LegacyImpersonationLevel"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba0ce",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba113",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "AuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "RemoteServerName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba1b8",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "SRPTrustLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba217",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "PreferredServerBitness"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba27a",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "LoadUserSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4ba308",
            "parentcaller": "0x7ff97f4d5235",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "ValueName",
                "value": "ProtectionLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4d528a",
            "parentcaller": "0x7ff97f4ba9aa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f5546dc",
            "parentcaller": "0x7ff97f4baa80",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c6"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f5546f9",
            "parentcaller": "0x7ff97f4baa80",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6e4d80",
            "parentcaller": "0x7ff97f554bf9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6e4da0",
            "parentcaller": "0x7ff97f554bf9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xcbO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xc6\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xb0\\xccO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002ca"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002ca"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ca"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              },
              {
                "name": "Handle",
                "value": "0x000002c6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002c6"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c6"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 10:26:39,196",
            "thread_id": "4820",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97fd17c36",
            "parentcaller": "0x7ff97fcede37",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\thumbcache"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965ec0000"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ec0000"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff965ec0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\thumbcache.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965eda900"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965eec5c0"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff965edbe50"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965f23000"
              },
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965f23000"
              },
              {
                "name": "ModuleName",
                "value": "thumbcache.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4c0e54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ec8a0"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0e8f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4fb3b0"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0eac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4f8e50"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4c0ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97f480000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97f4ae7a0"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f52ff14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{75121952-E0D0-43E5-9380-1D80483ACF72}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{75121952-E0D0-43E5-9380-1D80483ACF72}"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f52fd81",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f52fdbc",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f52fe03",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f52fe14",
            "parentcaller": "0x7ff97f4f45ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xbeO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\x10\\xbfO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 10:26:39,211",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\propsys.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xbcO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xa0\\xbdO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xbcO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xa0\\xbdO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b7b64",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xbaO4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xd0\\xbbO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f5424f1",
            "parentcaller": "0x7ff97f4b7c0d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b81e5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b87ac",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b8475",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b86fd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d711ff9",
            "parentcaller": "0x7ff97d6de7f6",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\propsys.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4b8d22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b854f",
            "parentcaller": "0x7ff97f4b828e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9O4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00`\\xbaO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb9O4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00`\\xbaO4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4baaf8",
            "parentcaller": "0x7ff97f4ba7c9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6de4c2",
            "parentcaller": "0x7ff97f4ba815",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6e0867",
            "parentcaller": "0x7ff97d6dfb62",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd794",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97fce6c8b",
            "parentcaller": "0x7ff97d6dd820",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xb8O4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xb8\\x83\\xc4\\\\xf9\\x7f\\x00\\x00\\xd2\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x86\\xc4\\\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00/\\x00\\x00\\x00\\xa0\\xb9O4/\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dd928",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dfd74",
            "parentcaller": "0x7ff97d6dda44",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dda62",
            "parentcaller": "0x7ff97d6dfb99",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4bad06",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000202"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4bad3d",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d6"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4bada1",
            "parentcaller": "0x7ff97f4b83a8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d6"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b8000",
            "parentcaller": "0x7ff97f4b53c4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b22b7",
            "parentcaller": "0x7ff97f4b25e1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000022e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              },
              {
                "name": "Handle",
                "value": "0x000002d2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f52fc28",
            "parentcaller": "0x7ff97f4b2133",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97f4b2158",
            "parentcaller": "0x7ff97f4a9287",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d2"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 10:26:39,227",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\propsys"
              },
              {
                "name": "DllBase",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff979d80000"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6dae52",
            "parentcaller": "0x7ff97f4d6fcd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff979d80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\propsys.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "propsys.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979d80000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979d8b810"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "propsys.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979d80000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97f4d6f68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "propsys.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff979d80000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff979db6430"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fcf3fba",
            "parentcaller": "0x7ff97ea3f4a7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97ea3f2a1",
            "parentcaller": "0x7ff97ea3d85f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6eb14b",
            "parentcaller": "0x7ff97ea3f37f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fd29bbe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8@\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf08\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00-\\x00w\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00e\\x00-\\x00w\\x00i\\x00n\\x003\\x002\\x00k\\x00-\\x00f\\x00u\\x00l\\x00l\\x00u\\x00s\\x00e\\x00r\\x00-\\x00l\\x001\\x00-\\x001\\x00-\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xf0\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "h=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xd6\\x02\\x1d\\x1cg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00\\x00\\xccO4/\\x00\\x00\\x00\\xf8\\xcbO4/\\x00\\x00\\x00\\xc8\\xcbO4/\\x00\\x00\\x00\\xe8\\xcbO4"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`=\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xc9O4/\\x00\\x00\\x00\\xe0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fce8cde",
            "parentcaller": "0x7ff97fce953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "_D4\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x95k\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16db6",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "HB\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00o\\x00r\\x00e\\x00-\\x00w\\x00i\\x00n\\x003\\x002\\x00k\\x00-\\x00m\\x00i\\x00n\\x00u\\x00s\\x00e\\x00r\\x00-\\x00l\\x001\\x00-\\x001\\x00-\\x000\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e0b",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10=\\xc0\\xcd\\x01\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e30",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16e7e",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xe9\\xc0\\xcd\\x01\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16ea7",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16eff",
            "parentcaller": "0x7ff97fce8d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08:\\xc0\\xcd\\x01\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"j\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16fb8",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xf0\\xc7\\\\xf9\\x7f\\x00\\x00\\xdb\\x0e\\xa0\\\\xf9\\x7f\\x00\\x00\\xb6~\\x1d\\x1cg\\xa0\\x00\\x00X\\x02\\xc4\\\\xf9\\x7f\\x00\\x00`\\xc8O4/\\x00\\x00\\x00X\\xc8O4/\\x00\\x00\\x00(\\xc8O4/\\x00\\x00\\x00H\\xc8O4"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97fd16feb",
            "parentcaller": "0x7ff97fd16f18",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00:\\xc0\\xcd\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x94\\xa1\\\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xc6O4/\\x00\\x00\\x00\\xe0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xed?\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~V\\xc4\\"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f3f7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea3f419",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4872",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 10:26:39,243",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5816",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5816",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "4820",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "4820",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5680",
            "caller": "0x7ff97fd24fed",
            "parentcaller": "0x7ff97fd24bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5680",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff97fd02b20"
              },
              {
                "name": "Parameter",
                "value": "0x201cdbc0b50"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5680",
            "caller": "0x7ff97d70028c",
            "parentcaller": "0x7ff97ea64b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002e4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 10:26:39,258",
            "thread_id": "5680",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "5816",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "5816",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "4820",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "4820",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 10:26:39,274",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97d6dac8b",
            "parentcaller": "0x7ff97f4db52a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53257d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97d6d1ace",
            "parentcaller": "0x7ff97f533001",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000220"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f502fd6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "4820",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "4820",
            "caller": "0x7ff965ed5294",
            "parentcaller": "0x7ff97f515704",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 10:26:39,290",
            "thread_id": "5816",
            "caller": "0x7ff97f4f95b9",
            "parentcaller": "0x7ff97f53212a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000344-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 10:26:39,305",
            "thread_id": "5680",
            "caller": "0x7ff97f501198",
            "parentcaller": "0x7ff97f57bac5",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000d01c2"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 10:26:39,305",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 10:26:39,305",
            "thread_id": "4944",
            "caller": "0x7ff79900116a",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Milliseconds",
                "value": "5000"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "windows",
            "api": "PostThreadMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "6708"
              },
              {
                "name": "ThreadId",
                "value": "4820"
              },
              {
                "name": "Message",
                "value": "1033"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fd00484",
            "parentcaller": "0x7ff965eec60f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff965ed9248",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff965ed774b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff965ed774b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\thumbcache"
              },
              {
                "name": "DllBase",
                "value": "0x7ff965ec0000"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fd00484",
            "parentcaller": "0x7ff97df44def",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97df2c408",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df2c3cb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fcb0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff97fd13380"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6f0821",
            "parentcaller": "0x7ff97df2c3cb",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97df10000"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fd20d20",
            "parentcaller": "0x7ff97fce0391",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fd20d20",
            "parentcaller": "0x7ff97fce0391",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff965ec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6e2dca",
            "parentcaller": "0x7ff97f4aea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fcf7870",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fcf78c1",
            "parentcaller": "0x7ff97fce20f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97f7b1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f523445",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97f4acd7e",
            "parentcaller": "0x7ff97f523454",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97f5248a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fd0466e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4820"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fa315b8",
            "parentcaller": "0x7ff97fcc9a1d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97d6da405",
            "parentcaller": "0x7ff97ea8f3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4820",
            "caller": "0x7ff97fd0468e",
            "parentcaller": "0x7ff97d727eaa",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdbec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x201cdb90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000202"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001176",
            "parentcaller": "0x7ff799001466",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff97fb40000"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 10:26:44,321",
            "thread_id": "4944",
            "caller": "0x7ff799001193",
            "parentcaller": "0x7ff799001466",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 800
          }
        ],
        "threads": [
          "4944",
          "1064",
          "3376",
          "3864",
          "6992",
          "2876",
          "5816",
          "4872",
          "4820",
          "5376",
          "5680"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff799000000",
          "MainExeSize": "0x00009000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "parent_id": 5552,
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "children": [],
        "threads": [
          "5380",
          "3380",
          "5316",
          "628",
          "2600",
          "5908",
          "216",
          "5168",
          "3212",
          "6528",
          "6764",
          "4768",
          "1560",
          "5856",
          "996",
          "3936",
          "7152",
          "1460",
          "3188",
          "3292",
          "2908",
          "3344",
          "3780",
          "6364",
          "5360",
          "2704",
          "5516",
          "5444",
          "5212",
          "5560",
          "616",
          "4744",
          "5192",
          "4884",
          "3980",
          "972",
          "3124"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00990000",
          "MainExeSize": "0x0009a000",
          "Bitness": "32-bit"
        }
      },
      {
        "name": "svchost.exe",
        "pid": 772,
        "parent_id": 640,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "children": [
          {
            "name": "dllhost.exe",
            "pid": 3316,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\dllhost.exe",
            "children": [],
            "threads": [
              "3376",
              "7136",
              "1008",
              "4416",
              "4264",
              "6492",
              "6480",
              "2428",
              "2404",
              "3148"
            ],
            "environ": {
              "UserName": "DESKTOP-PC01$",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Windows\\SERVIC~1\\NETWOR~1\\AppData\\Local\\Temp\\",
              "CommandLine": "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff799000000",
              "MainExeSize": "0x00009000",
              "Bitness": "64-bit"
            }
          },
          {
            "name": "RuntimeBroker.exe",
            "pid": 6224,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\RuntimeBroker.exe",
            "children": [],
            "threads": [
              "7156",
              "3032",
              "1744",
              "432",
              "1676",
              "5092",
              "3424",
              "5712",
              "3764",
              "6592",
              "5056",
              "2876",
              "5264",
              "2452",
              "1352",
              "528",
              "5860",
              "7100",
              "2392",
              "7136",
              "3376",
              "1064",
              "3864",
              "6992",
              "1996"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff67c000000",
              "MainExeSize": "0x0001c000",
              "Bitness": "64-bit"
            }
          },
          {
            "name": "backgroundTaskHost.exe",
            "pid": 1872,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
            "children": [],
            "threads": [
              "6324",
              "2256",
              "6524",
              "7096",
              "6936",
              "3768",
              "6864",
              "5448",
              "5300",
              "1944",
              "844",
              "7056",
              "4588",
              "2608",
              "372",
              "5576",
              "1808"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff77c630000",
              "MainExeSize": "0x00007000",
              "Bitness": "64-bit"
            }
          },
          {
            "name": "dllhost.exe",
            "pid": 1008,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\dllhost.exe",
            "children": [],
            "threads": [
              "3828",
              "4552",
              "5980",
              "4536",
              "5340",
              "6408",
              "6860",
              "1032",
              "1996",
              "2988",
              "2652"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff799000000",
              "MainExeSize": "0x00009000",
              "Bitness": "64-bit"
            }
          },
          {
            "name": "RuntimeBroker.exe",
            "pid": 1048,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\RuntimeBroker.exe",
            "children": [],
            "threads": [
              "4804",
              "6856",
              "3528",
              "816",
              "4316",
              "6076",
              "3092",
              "5960",
              "4264",
              "536",
              "7164",
              "2748",
              "5400"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff67c000000",
              "MainExeSize": "0x0001c000",
              "Bitness": "64-bit"
            }
          },
          {
            "name": "mobsync.exe",
            "pid": 4260,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\mobsync.exe",
            "children": [],
            "threads": [
              "6952",
              "5324",
              "4392",
              "7076",
              "6652",
              "5200",
              "1300",
              "5204",
              "468",
              "6460",
              "4212",
              "5488",
              "3688"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "C:\\Windows\\System32\\mobsync.exe -Embedding",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff6c0c10000",
              "MainExeSize": "0x0001e000",
              "Bitness": "64-bit"
            }
          },
          {
            "name": "dllhost.exe",
            "pid": 6708,
            "parent_id": 772,
            "module_path": "C:\\Windows\\System32\\dllhost.exe",
            "children": [],
            "threads": [
              "4944",
              "1064",
              "3376",
              "3864",
              "6992",
              "2876",
              "5816",
              "4872",
              "4820",
              "5376",
              "5680"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff799000000",
              "MainExeSize": "0x00009000",
              "Bitness": "64-bit"
            }
          }
        ],
        "threads": [
          "4016",
          "5752",
          "4340",
          "1044",
          "6572",
          "4244",
          "6120",
          "5848",
          "1252",
          "4108",
          "2620",
          "6560",
          "1040",
          "3772",
          "6368",
          "4428",
          "4180",
          "5060",
          "176"
        ],
        "environ": {
          "UserName": "￑￈￑ￒￅￌ￀",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff63d200000",
          "MainExeSize": "0x00010000",
          "Bitness": "64-bit"
        }
      },
      {
        "name": "svchost.exe",
        "pid": 3820,
        "parent_id": 640,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "children": [],
        "threads": [
          "3792",
          "5684",
          "4048",
          "6192",
          "5748",
          "3608",
          "5376",
          "3220",
          "4024",
          "1160",
          "5600",
          "280",
          "5260",
          "7128",
          "5480",
          "5944",
          "6032",
          "3336"
        ],
        "environ": {
          "UserName": "￑￈￑ￒￅￌ￀",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Winmgmt",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff63d200000",
          "MainExeSize": "0x00010000",
          "Bitness": "64-bit"
        }
      },
      {
        "name": "explorer.exe",
        "pid": 4524,
        "parent_id": 4448,
        "module_path": "C:\\Windows\\explorer.exe",
        "children": [],
        "threads": [
          "4624",
          "7028",
          "6676",
          "3644",
          "892",
          "4260",
          "3244",
          "4048",
          "6708",
          "4296",
          "4424",
          "3980",
          "4944",
          "4528",
          "4604",
          "3612",
          "972",
          "5700"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "C:\\Windows\\Explorer.EXE",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff7ce580000",
          "MainExeSize": "0x004e2000",
          "Bitness": "64-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Windows\\System32\\MSCOREE.DLL.local",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\*",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe.config",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\fusion.localgac",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\87053d0ad81ac3367ef5.exe.log",
        "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\*",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll.aux",
        "C:\\Users",
        "C:\\Users\\cape",
        "C:\\Users\\cape\\AppData",
        "C:\\Users\\cape\\AppData\\Local",
        "C:\\Users\\cape\\AppData\\Local\\Temp",
        "C:\\Windows\\System32\\bcryptPrimitives.dll",
        "\\Device\\CNG",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Htdzey\\*",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.INI",
        "C:\\Windows\\assembly\\pubpol5.dat",
        "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources\\Htdzey.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\Htdzey.resources\\Htdzey.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources\\Htdzey.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\Htdzey.resources\\Htdzey.resources.exe",
        "C:\\Windows\\System32\\windows.storage.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Wldp.dll",
        "C:\\Windows\\System32\\wldp.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\CRYPTSP.dll",
        "C:\\Windows\\System32\\cryptsp.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo\\Gnrtupo.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Gnrtupo\\Gnrtupo.exe",
        "C:\\Windows\\assembly\\GAC_64",
        "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources",
        "C:\\Windows\\assembly\\GAC_32",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources",
        "C:\\Windows\\assembly\\GAC_MSIL",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\*",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
        "C:\\Windows\\assembly\\GAC",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib.resources",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib.resources",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\*",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib.resources\\*",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\mscorlib.resources\\v4.0_4.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.INI",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\*",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll.aux",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Security\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Security.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\*",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll.aux",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Numerics\\v4.0_4.0.0.0__b77a5c561934e089\\System.Numerics.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ncrypt.dll",
        "C:\\Windows\\System32\\ncrypt.dll",
        "C:\\Windows\\System32\\tzres.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui",
        "C:\\Windows\\sysnative\\ru-RU\\tzres.dll.mui",
        "C:\\Windows\\System32\\ru\\tzres.dll.mui",
        "C:\\Windows\\System32\\en-US\\tzres.dll.mui",
        "C:\\Windows\\System32\\en\\tzres.dll.mui",
        "C:\\Windows\\System32\\gpapi.dll",
        "C:\\Windows\\System32\\dnsapi.dll",
        "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\CRYPT32.dll.mui",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Windows\\sysnative\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Users\\cape\\AppData\\Local\\Chromium\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Google\\Chrome\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\BrowserMetrics\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\*",
        "C:\\Users\\cape\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Iridium\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\7Star\\7Star\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\CentBrowser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Chedot\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Vivaldi\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Kometa\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Elements Browser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Epic Privacy Browser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*",
        "C:\\Users\\cape\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Coowon\\Coowon\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\liebao\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\QIP Surf\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Orbitum\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Comodo\\Dragon\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Amigo\\User\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Torch\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Comodo\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\360Browser\\Browser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Maxthon3\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\K-Melon\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Nichrome\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\CocCoc\\Browser\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Uran\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Chromodo\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\wasm\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\GrShaderCache\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\GrShaderCache\\GPUCache\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\Safe Browsing\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\ShaderCache\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\ShaderCache\\GPUCache\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\SmartScreen\\*",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Edge\\User Data\\SmartScreen\\local\\*",
        "C:\\Users\\cape\\AppData\\Roaming\\atomic\\Local Storage\\leveldb",
        "C:\\Users\\cape\\AppData\\Roaming\\Electrum\\wallets",
        "C:\\Users\\cape\\AppData\\Roaming\\Ethereum\\keystore",
        "C:\\Users\\cape\\AppData\\Roaming\\Exodus\\exodus.wallet",
        "C:\\Users\\cape\\AppData\\Roaming\\com.liberty.jaxx\\IndexedDB",
        "C:\\Users\\cape\\AppData\\Roaming\\Zcash",
        "C:\\*",
        "C:\\Users\\cape\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe",
        "C:\\Program Files\\Ledger Live\\Ledger Live.exe",
        "C:\\Windows\\System32\\msctf.dll",
        "C:\\Windows\\WinSxS\\SystemResources\\gdiplus.dll.mun",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrcompression.dll",
        "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep",
        "C:\\Windows\\apppatch\\sysmain.sdb",
        "C:\\Windows\\System32\\RuntimeBroker.exe",
        "C:\\Windows\\",
        "C:\\Windows\\ServiceProfiles\\",
        "\\??\\PhysicalDrive0",
        "\\Device\\VRegDriver",
        "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep",
        "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep",
        "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep",
        "C:\\Windows\\System32\\dpapi.dll",
        "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3749840076-4109591986-3192690632-1000.pckgdep",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\combase.dll.mui",
        "C:\\Windows\\System32\\mobsync.exe",
        "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
        "C:\\Windows\\System32\\kernel.appcore.dll",
        "C:\\Windows\\Registration\\R000000000006.clb",
        "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt*.etl",
        "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260304_200131_060.etl",
        "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20260305_102357_087.etl",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\domgmt.dll.mui",
        "C:\\Windows\\System32\\policymanager.dll",
        "C:\\Windows\\System32\\msvcp110_win.dll",
        "C:\\Windows\\System32\\umpdc.dll",
        "C:\\Windows\\System32\\familysafetyext.dll",
        "C:\\Windows\\System32\\Windows.Networking.HostName.dll",
        "C:\\Windows\\System32\\IPHLPAPI.DLL",
        "\\??\\Nsi",
        "C:\\Windows\\System32\\sxs.dll",
        "C:\\Windows\\System32\\dusmapi.dll",
        "C:\\Windows\\SysWOW64\\propsys.dll",
        "C:\\Windows\\System32\\propsys.dll",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\",
        "C:\\Users\\cape\\AppData\\Local\\",
        "C:\\Users\\cape\\AppData\\",
        "C:\\Users\\cape\\",
        "C:\\Users\\",
        "C:",
        "\\??\\MountPointManager",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\",
        "C:\\Windows\\System32\\edputil.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\windows.storage.dll.mui",
        "C:\\Windows\\System32\\apphelp.dll",
        "C:\\Windows\\System32\\profapi.dll",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\PROPSYS.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\PROPSYS.dll.mui",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\",
        "C:\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338388\\1772665622",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\353694\\1772665622",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\338387\\1772665622",
        "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000",
        "C:\\Windows\\System32\\ntmarta.dll",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db",
        "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms",
        "C:\\Users\\desktop.ini",
        "C:\\Users\\cape\\Desktop\\desktop.ini",
        "C:\\Users\\cape\\Documents\\desktop.ini",
        "C:\\Users\\cape\\Music\\desktop.ini",
        "C:\\Users\\cape\\Pictures\\desktop.ini",
        "C:\\Users\\cape\\Videos\\desktop.ini",
        "C:\\Users\\cape\\Downloads\\desktop.ini",
        "C:\\Users\\cape\\OneDrive\\desktop.ini",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\",
        "C:\\Users\\cape\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\310091\\1772665622",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
        "C:\\Users\\cape\\AppData\\Roaming",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\desktop.ini",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk",
        "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ActivationStore.dat",
        "C:\\Windows\\System32\\MrmCoreR.dll",
        "C:\\Windows\\System32\\windows.staterepositoryclient.dll",
        "C:\\Windows\\System32\\windows.staterepositorycore.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\profapi.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\profapi.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\profapi.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\microsoft.system.package.metadata\\S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\resources.pri",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\resources.pri",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\resources.pri",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\bcp47mrm.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\bcp47mrm.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\bcp47mrm.dll",
        "C:\\Windows\\System32\\BCP47mrm.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe\\resources.pri",
        "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\resources.pri",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr.dll",
        "C:\\Windows\\System32\\backgroundTaskHost.exe",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.runtimeconfig.dev.json",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.runtimeconfig.json",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.deps.json",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll",
        "C:\\Program Files (x86)",
        "C:\\Program Files (x86)\\coreservicing",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\*",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib.dll",
        "C:\\Windows\\globalization\\ICU\\icudtl.dat",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell.dll",
        "C:\\Windows\\System32\\winsta.dll",
        "C:\\Windows\\System32\\cscapi.dll"
      ],
      "read_files": [],
      "write_files": [
        "\\Device\\VRegDriver",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
      ],
      "delete_files": [],
      "keys": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards\\v4.0.30319",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\87053d0ad81ac3367ef5.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|87053d0ad81ac3367ef5.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\AppContext",
        "HKEY_LOCAL_MACHINE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\AMSI\\Providers",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_CURRENT_USER\\Software\\Classes",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\87053d0ad81ac3367ef5.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\WMIDisableCOMSecurity",
        "HKEY_CLASSES_ROOT\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32",
        "HKEY_CLASSES_ROOT\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WBEM\\CIMOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\WBEM\\CIMOM\\EnableObjectValidation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\TreatAs",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\AB49D7E283B8FCD856D964B5261D63E7",
        "HKEY_CURRENT_USER\\SOFTWARE\\AB49D7E283B8FCD856D964B5261D63E7\\AB49D7E283B8FCD856D964B5261D63E7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.mscorlib.resources_ru_b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.mscorlib.resources_ru_b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Configuration__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Security__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Core__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Core__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Numerics__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Numerics__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\HWRPortReuseOnSocketBind",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseHttpPipeliningAndBufferPooling",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseSafeSynchronousClose",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictRfcInterimResponseHandling",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowDangerousUnicodeDecompositions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictIPv6AddressParsing",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowAllUriEncodingExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchUseStrongCrypto",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchSendAuxRecord",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SystemDefaultTlsVersions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\RequireCertificateEKUs",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SspiCache",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Capabilities",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\RpcId",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Version",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Type",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\TokenSize",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SaslProfiles",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextLockCount",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextListCount",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\TZI",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\FirstEntry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\LastEntry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2010",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2011",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2012",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2013",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2014",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2015",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Display",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Std",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Dlt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Display",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Std",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dlt",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagLevel",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagMatchAnyMask",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertSyncDeltaTime",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxVerifySignatureCountPerChain",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxIssuerDepth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxPathCountPerChain",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MinRsaPubKeyBitLength",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRsaPubKeyTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableStrictChecksFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\CI\\Config",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyAfterTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyAfterTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllOpenStoreProv",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllOpenStoreProv\\#16",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllOpenStoreProv\\Ldap",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CertDllOpenStoreProv",
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CTLs",
        "HKEY_CURRENT_USER\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\CA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\CA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\CA\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\CA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Disallowed\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Disallowed",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\CTLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Root",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\AuthRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Root",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\Root\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Root\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\Root",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\TrustedPeople",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CTLs",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\trust",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\trust\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\trust",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\trust\\PhysicalStores",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\EnterpriseCertificates\\trust",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\CRLs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Trust\\CTLs",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel",
        "HKEY_LOCAL_MACHINE\\System\\Setup",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertLastSyncTime",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7\\Name",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Cryptography\\ECCParameters",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableAutoFlushProcessNameList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushFirstDeltaSeconds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushNextDeltaSeconds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllVerifyEncodedSignature",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllVerifyEncodedSignature",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllImportPublicKeyInfoEx2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllImportPublicKeyInfoEx2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\SyncDeltaTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\Flags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\RootDirUrl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\LastSyncTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllImportPublicKeyInfoEx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllImportPublicKeyInfoEx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllConvertPublicKeyInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CryptDllConvertPublicKeyInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllVerifyCertificateChainPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 1\\CertDllVerifyCertificateChainPolicy",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis",
        "HKEY_CURRENT_USER\\Software\\Bitcoin\\Bitcoin-Qt",
        "HKEY_CURRENT_USER\\Software\\Dash\\Dash-Qt",
        "HKEY_CURRENT_USER\\Software\\Litecoin\\Litecoin-Qt",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
        "HKEY_LOCAL_MACHINE\\Software\\Classes",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalService",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RunAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateAtStorage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ROTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppIDFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\MGOTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProcessMitigationPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RemoteServerName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\SRPTrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\PreferredServerBitness",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LoadUserSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProtectionLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\Elevation",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\MajorVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization",
        "HKEY_USERS\\S-1-5-20\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UsagePolicy",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\DeliveryOptimization",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadMode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DODownloadMode",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundBps",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundPct",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundBps",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundPct",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UpRatePctBandwidth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UpRatePctBandwidth",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UploadLimitGBMonth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UploadLimitGBMonth",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{15C20B67-12E7-4BB6-92BB-7AFF07997402}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\AppCompat",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9D4AB6BB-7984-4295-A42D-90926920CF94}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PackagedCom\\TreatAsClassIndex",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{9D4AB6BB-7984-4295-A42D-90926920CF94}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000338-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\TreatAs",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\LocalServer",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0F2495E9-EDD6-46EF-A1F3-36713F4B5114}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\Trace",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ServiceEnvironment",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\UserId",
        "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\IdentityCRL\\StoredIdentities",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6D4B31C4-8ADB-4F45-88C9-58E7B38CBDCF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d4b31c4-8adb-4f45-88c9-58e7b38cbdcf}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d4b31c4-8adb-4f45-88c9-58e7b38cbdcf}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{41FD88F7-F295-4D39-91AC-A85F3149A05B}",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6A2AF23E-B6D9-4A72-938D-9BFFC96BE71E}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Immersive\\production\\Property",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
        "HKEY_CLASSES_ROOT\\Directory",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
        "HKEY_CLASSES_ROOT\\Folder",
        "HKEY_CLASSES_ROOT\\AllFilesystemObjects",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\CD Burning",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\FriendlyTypeName",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@C:\\Windows\\system32\\windows.storage.dll,-10152",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Parent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\CanonicalName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\PerceivedType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Theme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\LayoutType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViewPersistence",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\ViewSettingsPersistence",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Mode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Class",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\MostRelevant",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Modifiers",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\DefaultView",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\OverrideParentTopViews",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34CBC45C-EB17-448D-AC3A-838EB3ECDCD0}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34CBC45C-EB17-448D-AC3A-838EB3ECDCD0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3FA62BD1-B86D-4B21-9931-02086472C3E6}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3FA62BD1-B86D-4B21-9931-02086472C3E6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5A07AE71-B138-4E2B-A3D8-815B2EE774E6}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5A07AE71-B138-4E2B-A3D8-815B2EE774E6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ED-BBC6-AF00FF098FAB}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ED-BBC6-AF00FF098FAB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4B02-B443-0674C7453F1E}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4B02-B443-0674C7453F1E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{BDBE736F-34F5-4829-ABE8-B550E65146C4}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{BDBE736F-34F5-4829-ABE8-B550E65146C4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4C29-A092-EFF8AAB749B7}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4C29-A092-EFF8AAB749B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D34ADE43-45BD-44AE-84B7-3BCC998826E2}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D34ADE43-45BD-44AE-84B7-3BCC998826E2}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436D-B9F3-59225953AEF3}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436D-B9F3-59225953AEF3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E5E2E7F6-7A4B-45CE-8B40-9A8E3DD8B9A7}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E5E2E7F6-7A4B-45CE-8B40-9A8E3DD8B9A7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Order",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Order",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}\\ProxyStubClsid32\\(Default)",
        "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
        "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\LogFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731b67-d933-450a-90e6-4acd2e9408fe}\\InProcServer32",
        "HKEY_CLASSES_ROOT\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{04731B67-D933-450A-90E6-4ACD2E9408FE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
        "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_CLASSES_ROOT\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1685d4ab-a51b-4af1-a4e5-cee87002431d}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D} {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} 0x401",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WholeFileSystem",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\SystemFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSearchFullText",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\PrimaryProperties\\UnindexedLocations",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0000000C-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0000000c-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0000000c-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.",
        "HKEY_CLASSES_ROOT\\.",
        "HKEY_CLASSES_ROOT\\.\\OpenWithProgids",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.",
        "HKEY_CLASSES_ROOT\\Unknown",
        "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\CurVer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\",
        "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_CLASSES_ROOT\\SystemFileAssociations\\.",
        "HKEY_CURRENT_USER\\Software\\Classes\\.",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\.",
        "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.",
        "HKEY_CLASSES_ROOT\\*",
        "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\LibraryDescriptionHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.",
        "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\PropertyHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\PropertyHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\FriendlyTypeName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Unknown",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5A648006-843A-4DA9-865B-9D26E5DFAD7B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5a648006-843a-4da9-865b-9d26e5dfad7b}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5a648006-843a-4da9-865b-9d26e5dfad7b}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\Elevation",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\RuntimeBroker.exe",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TelemetrySalt",
        "HKEY_CLASSES_ROOT\\CLSID\\{4A04656D-52AA-49DE-8A09-CB178760E748}\\Instance",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ApplicationDestinations",
        "HKEY_CURRENT_USER\\Software\\Classes\\Unknown\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\*\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\*\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\Tracing",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PropertyBag",
        "HKEY_CLASSES_ROOT\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4BD9-94B0-29233477B6C3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\fdeploy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4AF4-A7EB-4E7A138D8174}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4C59-B6A2-414586476AEA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4E48-96A1-3F6217F21990}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464B-ABE8-61C8648D939B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCB5256F-79F6-4CEE-B725-DC34E402FD46}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7BEDE81-DF94-4682-A7D8-57A52620B86F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1E87508D-89C2-42F0-8A7E-645A0F50CA58}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A305CE99-F527-492B-8B1A-7E76FA98D6E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4E80-94BC-9912D7504104}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DF7266AC-9274-4867-8D55-3BD661DE872D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337D1-B8CA-4121-A639-6D472D16972A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PropertyBag",
        "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\UsersFiles\\NameSpace",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
        "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
        "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\Favorites",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesVersion",
        "HKEY_CLASSES_ROOT\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{00021401-0000-0000-C000-000000000046}",
        "HKEY_CLASSES_ROOT\\CLSID\\{00021401-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
        "HKEY_CLASSES_ROOT\\CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{4234D49B-0245-4DF3-B780-3893943456E1}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{4234D49B-0245-4DF3-B780-3893943456E1}",
        "HKEY_CLASSES_ROOT\\Outlook.Application",
        "HKEY_CLASSES_ROOT\\Outlook.Application.12",
        "HKEY_CLASSES_ROOT\\Outlook.Application.11",
        "HKEY_CLASSES_ROOT\\Outlook.Application.10",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\AppCompat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisableThresholdAppLaunchPerfFeature",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\XAML",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM\\InProcBgTaskResumeOverride",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisablePerAppHive",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\ActivatableClasses\\Package\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses",
        "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package",
        "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ShadowServer",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\CommandLine",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\AppUserModelId",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExecutionPackageFamily",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Instancing",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IdentityType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Permissions",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ActivatableClasses",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExplicitPsmActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RunFullTrust",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Proxied",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RuntimeBehavior",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\TrustLevel",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\HostRuntimeId",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\backgroundTaskHost.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Metadata",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\User\\Index\\UserSid\\S-1-5-21-3749840076-4109591986-3192690632-1000",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^11e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^11e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^f0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^f0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFullName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFamily",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageOrigin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Volume",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\OSMaxVersionTested",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\TargetDeviceFamilyName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^14f",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^14f",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Index\\PackageFullName\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\2^150",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\PackageExternalLocation\\Index\\UserAndPackage\\0^150",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.YourPhone_8wekyb3d8bbwe\\ResourcesConfig",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Mrt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\UseSystemMetadataPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\InstalledLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\MutableLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.WindowsAppRuntime.1.7_8wekyb3d8bbwe\\ResourcesConfig",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.windowsappruntime.1.7_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\InstalledLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\MutableLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\\ResourcesConfig",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.vclibs.140.00.uwpdesktop_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\Language",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Flags",
        "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile",
        "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Private",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags",
        "HKEY_USERS",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR\\WnfStateName",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\TrustRidDll",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateChange\\PackageList\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\PackageStatus",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Private",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Private",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Private",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Version",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\DefaultRemoteDevice",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\IdMap",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\DefaultRemoteDevice",
        "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Winevt\\Publishers\\{b890aaa3-4228-5767-2a99-3d9293a5c3f0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\CustomAttributes",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Private",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides\\ExpRingOverrideSetting",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Version",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ImpressionId",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ETag",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Allocations",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Configurations",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Headers",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AccessPermission",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{75121952-E0D0-43E5-9380-1D80483ACF72}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageQuery",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageManagement",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{69AD6AA7-0C49-5F27-A5EB-EF4D59467B6D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{69ad6aa7-0c49-5f27-a5eb-ef4d59467b6d}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{69ad6aa7-0c49-5f27-a5eb-ef4d59467b6d}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0BFEE0AB-71C3-4FFE-89EF-BD28BEF201E7}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\ActivateInBrokerForMediumILContainer",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{83295BB9-10DF-530F-A0D7-BE05BA80CB18}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Unmarshalers\\System\\{00000339-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{21374459-F51F-462A-A7C1-53B8C35DD20B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21374459-f51f-462a-a7c1-53b8c35dd20b}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21374459-f51f-462a-a7c1-53b8c35dd20b}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6EE39249-1E54-55B9-9171-97E8C6778A96}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6ee39249-1e54-55b9-9171-97e8c6778a96}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6ee39249-1e54-55b9-9171-97e8c6778a96}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerCollections",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers",
        "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\StartAtLogin",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\Handlers\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\{750fdf10-2a26-11d1-a3ea-080036587f03}\\Isolate",
        "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\SyncTime",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Enabled",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\WMIDisableCOMSecurity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\WBEM\\CIMOM\\EnableObjectValidation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\AB49D7E283B8FCD856D964B5261D63E7\\AB49D7E283B8FCD856D964B5261D63E7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\HWRPortReuseOnSocketBind",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseHttpPipeliningAndBufferPooling",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseSafeSynchronousClose",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictRfcInterimResponseHandling",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowDangerousUnicodeDecompositions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictIPv6AddressParsing",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowAllUriEncodingExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchUseStrongCrypto",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchSendAuxRecord",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SystemDefaultTlsVersions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\RequireCertificateEKUs",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Capabilities",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\RpcId",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Version",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Type",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\TokenSize",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextLockCount",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextListCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\TZI",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\FirstEntry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\LastEntry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2010",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2011",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2012",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2013",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2014",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2015",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Display",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Std",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Dlt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Display",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Std",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dlt",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagLevel",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagMatchAnyMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertSyncDeltaTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxVerifySignatureCountPerChain",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxIssuerDepth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxPathCountPerChain",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MinRsaPubKeyBitLength",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRsaPubKeyTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableStrictChecksFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyAfterTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyAfterTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1ThirdPartySha256Allow",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllSha256Allow",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAThirdPartyFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAAllFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertLastSyncTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7\\Name",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableAutoFlushProcessNameList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushFirstDeltaSeconds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushNextDeltaSeconds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\SyncDeltaTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\Flags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\RootDirUrl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\LastSyncTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalService",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RunAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateAtStorage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ROTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppIDFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\MGOTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProcessMitigationPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RemoteServerName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\SRPTrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\PreferredServerBitness",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LoadUserSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProtectionLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\AppID",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\MajorVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UsagePolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadMode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundBps",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundPct",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundBps",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundPct",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UpRatePctBandwidth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UpRatePctBandwidth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\PolicyType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Behavior",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\MergeAlgorithm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirectMapped",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyname",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicypath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyismultisz",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicymultiszSeparatorChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataDevice",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataBoth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\30Value",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Value",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UploadLimitGBMonth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UploadLimitGBMonth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ServiceEnvironment",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\UserId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d4b31c4-8adb-4f45-88c9-58e7b38cbdcf}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\CD Burning",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\FriendlyTypeName",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@C:\\Windows\\system32\\windows.storage.dll,-10152",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Parent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\CanonicalName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\PerceivedType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Theme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\LayoutType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViewPersistence",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\ViewSettingsPersistence",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Mode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Class",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\MostRelevant",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\DefaultView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\OverrideParentTopViews",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\LogicalViewMode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\IconSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\QueryType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\HideFileNames",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\DateCategorizerInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ChildViewID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupAscending",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\StackBy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimaryProperty",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimarySettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ColumnList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\SortByList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Order",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\LogFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D} {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} 0x401",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WholeFileSystem",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\SystemFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSearchFullText",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0000000c-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\FriendlyTypeName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5a648006-843a-4da9-865b-9d26e5dfad7b}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TelemetrySalt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\Favorites",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisableThresholdAppLaunchPerfFeature",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM\\InProcBgTaskResumeOverride",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\CommandLine",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\AppUserModelId",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExecutionPackageFamily",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Instancing",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IdentityType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Permissions",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ActivatableClasses",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExplicitPsmActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RunFullTrust",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Proxied",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RuntimeBehavior",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\TrustLevel",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\HostRuntimeId",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFullName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFamily",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageOrigin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Volume",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\OSMaxVersionTested",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\TargetDeviceFamilyName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\UseSystemMetadataPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\InstalledLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\MutableLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.windowsappruntime.1.7_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\InstalledLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\MutableLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.vclibs.140.00.uwpdesktop_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\Language",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\Flags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Flags",
        "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Private",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR\\WnfStateName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\TrustRidDll",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\PackageStatus",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Private",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Private",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\DefaultRemoteDevice",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\DefaultRemoteDevice",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\ActivationType",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Server",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\DllPath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\IsPackageRelativePath",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Threading",
        "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Private",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides\\ExpRingOverrideSetting",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Version",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ImpressionId",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ETag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageQuery",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageManagement",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{69ad6aa7-0c49-5f27-a5eb-ef4d59467b6d}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21374459-f51f-462a-a7c1-53b8c35dd20b}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6ee39249-1e54-55b9-9171-97e8c6778a96}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\{750fdf10-2a26-11d1-a3ea-080036587f03}\\Isolate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
      ],
      "write_keys": [
        "HKEY_CURRENT_USER\\Software\\AB49D7E283B8FCD856D964B5261D63E7",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DODownloadMode",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Version",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\IdMap",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Deleted",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Allocations",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Configurations",
        "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Headers",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\StartAtLogin",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\SyncTime",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Enabled",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected"
      ],
      "delete_keys": [],
      "executed_commands": [
        "\"C:\\Windows\\system32\\BackgroundTaskHost.exe\" -ServerName:BackgroundTaskHost.WebAccountProvider",
        "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
        "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}",
        "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca",
        "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca",
        "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
        "\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca",
        "\"C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe\" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca",
        "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca",
        "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca",
        "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
        "C:\\Windows\\System32\\mobsync.exe -Embedding",
        "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
      ],
      "resolved_apis": [],
      "mutexes": [
        "Local\\SM0:4920:168:WilStaging_02",
        "Elmbdfhjwu",
        "Local\\SM0:3316:304:WilStaging_02",
        "Local\\SM0:6224:304:WilStaging_02",
        "Local\\SM0:6224:120:WilError_03",
        "Local\\Mutexf01b4d95cf55d32a.automaticDestinations-ms",
        "Local\\Mutex5f7b5f1e01b83767.automaticDestinations-ms",
        "Local\\SM0:4524:120:WilError_03",
        "Local\\SM0:1872:304:WilStaging_02",
        "Local\\SM0:1872:120:WilError_03",
        "Local\\SM0:1008:304:WilStaging_02",
        "Local\\SM0:1048:304:WilStaging_02",
        "Local\\SyncServiceThread",
        "Local\\SM0:4260:304:WilStaging_02",
        "Local\\SM0:6708:304:WilStaging_02"
      ],
      "created_services": [],
      "started_services": [
        "WaaSMedicSvc"
      ]
    },
    "enhanced": [
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,666",
        "eid": 1,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75ab0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,681",
        "eid": 2,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,681",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,681",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,681",
        "eid": 5,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,681",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,681",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 8,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 9,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 10,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 11,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 12,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 13,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75ab0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 14,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll",
          "pathtofile": null,
          "moduleaddress": "0x738b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 15,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 16,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,712",
        "eid": 17,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,744",
        "eid": 18,
        "data": {
          "file": "SHLWAPI.dll",
          "pathtofile": null,
          "moduleaddress": "0x774e0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,744",
        "eid": 19,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,744",
        "eid": 20,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,759",
        "eid": 21,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2.dll",
          "pathtofile": null,
          "moduleaddress": "0x74d40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,759",
        "eid": 22,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,759",
        "eid": 23,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:41,775",
        "eid": 24,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x74f50000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:41,791",
        "eid": 25,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
          "content": "528372"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,103",
        "eid": 26,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 27,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 28,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 29,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 30,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 31,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 32,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 33,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll",
          "pathtofile": null,
          "moduleaddress": "0x73060000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 34,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,119",
        "eid": 35,
        "data": {
          "file": "USER32.dll",
          "pathtofile": null,
          "moduleaddress": "0x769c0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,166",
        "eid": 36,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,166",
        "eid": 37,
        "data": {
          "file": "api-ms-win-core-quirks-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,166",
        "eid": 38,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,166",
        "eid": 39,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2.dll",
          "pathtofile": null,
          "moduleaddress": "0x74d40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,166",
        "eid": 40,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 41,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 42,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 43,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 44,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 45,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x73c90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 46,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:42,181",
        "eid": 47,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 48,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 49,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 50,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 51,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 52,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 53,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 54,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 55,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 57,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 58,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 59,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 60,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 61,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 62,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 63,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 64,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 65,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 66,
        "data": {
          "file": "C:\\Windows\\System32\\combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 67,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 68,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 69,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,197",
        "eid": 70,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,212",
        "eid": 71,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,275",
        "eid": 72,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,275",
        "eid": 73,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,322",
        "eid": 74,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,322",
        "eid": 75,
        "data": {
          "file": "api-ms-win-core-memory-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,322",
        "eid": 76,
        "data": {
          "file": "api-ms-win-core-libraryloader-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,322",
        "eid": 77,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,322",
        "eid": 78,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,509",
        "eid": 79,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,509",
        "eid": 80,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,509",
        "eid": 81,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,509",
        "eid": 82,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76070000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,509",
        "eid": 83,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,509",
        "eid": 84,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
          "content": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,556",
        "eid": 85,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:42,556",
        "eid": 86,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:42,572",
        "eid": 87,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll.aux"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,603",
        "eid": 88,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x71ba0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,603",
        "eid": 89,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,697",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
          "content": "528372"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 91,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 92,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 93,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75e30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 94,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 95,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 96,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 97,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:42,931",
        "eid": 98,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,978",
        "eid": 99,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,994",
        "eid": 100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,994",
        "eid": 101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:42,994",
        "eid": 102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,041",
        "eid": 103,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,041",
        "eid": 104,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,041",
        "eid": 105,
        "data": {
          "file": "api-ms-win-core-winrt-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,041",
        "eid": 106,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,072",
        "eid": 107,
        "data": {
          "file": "api-ms-win-core-xstate-l2-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,072",
        "eid": 108,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:43,072",
        "eid": 109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,134",
        "eid": 110,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll",
          "pathtofile": null,
          "moduleaddress": "0x71b10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:43,134",
        "eid": 111,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,634",
        "eid": 112,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75ab0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,634",
        "eid": 113,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,900",
        "eid": 114,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,900",
        "eid": 115,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76070000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,900",
        "eid": 116,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:44,900",
        "eid": 117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
          "content": "5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:44,900",
        "eid": 118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
          "content": "\\x1f"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:44,900",
        "eid": 119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
          "content": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:44,916",
        "eid": 120,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,994",
        "eid": 121,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,994",
        "eid": 122,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:44,994",
        "eid": 123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:44,994",
        "eid": 124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:44,994",
        "eid": 125,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,056",
        "eid": 126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,056",
        "eid": 127,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75ab0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,056",
        "eid": 128,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 129,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76c60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 130,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 131,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 132,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 133,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 134,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 135,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,072",
        "eid": 136,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,087",
        "eid": 137,
        "data": {
          "file": "api-ms-win-eventing-provider-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,087",
        "eid": 138,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,087",
        "eid": 139,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:45,259",
        "eid": 140,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:45,447",
        "eid": 141,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:23:45,447",
        "eid": 142,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 143,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 144,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 145,
        "data": {
          "file": "bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x77900000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 146,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,462",
        "eid": 149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,494",
        "eid": 150,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,494",
        "eid": 151,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,494",
        "eid": 152,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,525",
        "eid": 153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:45,541",
        "eid": 164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,556",
        "eid": 165,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74700000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,572",
        "eid": 166,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74700000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,572",
        "eid": 167,
        "data": {
          "file": "C:\\Windows\\System32\\bcryptprimitives.dll",
          "pathtofile": null,
          "moduleaddress": "0x76c00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:45,712",
        "eid": 168,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\920e3d1d70447c3c10e69e6df0766568\\System.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x70f70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,087",
        "eid": 169,
        "data": {
          "file": "wldp.dll",
          "pathtofile": null,
          "moduleaddress": "0x751c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,087",
        "eid": 170,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,103",
        "eid": 171,
        "data": {
          "file": "amsi.dll",
          "pathtofile": null,
          "moduleaddress": "0x70ad0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,103",
        "eid": 172,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,306",
        "eid": 173,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x769c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,306",
        "eid": 174,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,447",
        "eid": 175,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\2062ed810929ec0e33254c02b0c61bb4\\System.Xml.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x702d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:46,728",
        "eid": 176,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 177,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 178,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 179,
        "data": {
          "file": "crypt32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75f70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 180,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 181,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\CRYPT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 182,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 183,
        "data": {
          "file": "CRYPT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75f70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:47,666",
        "eid": 184,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 185,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75e30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 186,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,150",
        "eid": 192,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,166",
        "eid": 193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,166",
        "eid": 194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
          "content": "combase.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,166",
        "eid": 195,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,166",
        "eid": 196,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,306",
        "eid": 197,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\wminet_utils.dll",
          "pathtofile": null,
          "moduleaddress": "0x73c40000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,416",
        "eid": 198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\WMIDisableCOMSecurity",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:53,619",
        "eid": 199,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,650",
        "eid": 200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,650",
        "eid": 201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:53,650",
        "eid": 202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,587",
        "eid": 203,
        "data": {
          "file": "API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,587",
        "eid": 204,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wmiutils.dll",
          "pathtofile": null,
          "moduleaddress": "0x71af0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,650",
        "eid": 211,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemprox.dll",
          "pathtofile": null,
          "moduleaddress": "0x71a70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,869",
        "eid": 212,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemsvc.dll",
          "pathtofile": null,
          "moduleaddress": "0x71a60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,931",
        "eid": 213,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\fastprox.dll",
          "pathtofile": null,
          "moduleaddress": "0x70ea0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,931",
        "eid": 214,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,931",
        "eid": 215,
        "data": {
          "file": "api-ms-win-core-localization-obsolete-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,962",
        "eid": 216,
        "data": {
          "file": "amsi.dll",
          "pathtofile": null,
          "moduleaddress": "0x70ad0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,025",
        "eid": 217,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,025",
        "eid": 218,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,025",
        "eid": 219,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76b60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,025",
        "eid": 220,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,244",
        "eid": 221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\WBEM\\CIMOM\\EnableObjectValidation",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,244",
        "eid": 222,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,244",
        "eid": 223,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,244",
        "eid": 224,
        "data": {
          "file": "OLEAUT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76b60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,244",
        "eid": 225,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,259",
        "eid": 226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,259",
        "eid": 227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
          "content": "{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,416",
        "eid": 243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,416",
        "eid": 244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,416",
        "eid": 245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,447",
        "eid": 246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\wbemsvc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\wbemsvc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7C857801-7381-11CF-884D-00AA004B2E24}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,462",
        "eid": 255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,306",
        "eid": 256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,306",
        "eid": 257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,400",
        "eid": 258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,400",
        "eid": 259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,478",
        "eid": 260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,478",
        "eid": 261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,572",
        "eid": 262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,572",
        "eid": 263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,916",
        "eid": 264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:03,916",
        "eid": 265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,041",
        "eid": 272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,056",
        "eid": 273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,291",
        "eid": 274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,291",
        "eid": 275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,322",
        "eid": 276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,322",
        "eid": 277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,337",
        "eid": 278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,337",
        "eid": 279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,337",
        "eid": 280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,337",
        "eid": 281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,369",
        "eid": 282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,369",
        "eid": 283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,400",
        "eid": 284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,400",
        "eid": 285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,400",
        "eid": 286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,400",
        "eid": 287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,400",
        "eid": 288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,416",
        "eid": 289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,416",
        "eid": 290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,416",
        "eid": 291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,947",
        "eid": 292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,947",
        "eid": 293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:04,947",
        "eid": 294,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:04,947",
        "eid": 295,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,041",
        "eid": 296,
        "data": {
          "file": "secur32.dll",
          "pathtofile": null,
          "moduleaddress": "0x71a50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,041",
        "eid": 297,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,103",
        "eid": 298,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\AB49D7E283B8FCD856D964B5261D63E7"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,103",
        "eid": 299,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\AB49D7E283B8FCD856D964B5261D63E7\\AB49D7E283B8FCD856D964B5261D63E7",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,134",
        "eid": 300,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,150",
        "eid": 301,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,228",
        "eid": 302,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:05,275",
        "eid": 303,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll.aux"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,275",
        "eid": 304,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,275",
        "eid": 305,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:05,322",
        "eid": 306,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll.aux"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,322",
        "eid": 307,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,337",
        "eid": 308,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x6fa10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,337",
        "eid": 309,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,337",
        "eid": 310,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x70d90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,337",
        "eid": 311,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,369",
        "eid": 312,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77930000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,369",
        "eid": 313,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:05,728",
        "eid": 314,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:05,744",
        "eid": 315,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:05,744",
        "eid": 316,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,759",
        "eid": 317,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,759",
        "eid": 318,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,759",
        "eid": 319,
        "data": {
          "file": "ws2_32.dll",
          "pathtofile": null,
          "moduleaddress": "0x758e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,759",
        "eid": 320,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,884",
        "eid": 321,
        "data": {
          "file": "C:\\Windows\\System32\\mswsock.dll",
          "pathtofile": null,
          "moduleaddress": "0x742b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:05,884",
        "eid": 322,
        "data": {
          "file": "C:\\Windows\\System32\\mswsock.dll",
          "pathtofile": null,
          "moduleaddress": "0x742b0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,244",
        "eid": 323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,244",
        "eid": 324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
          "content": "Client"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,244",
        "eid": 325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\HWRPortReuseOnSocketBind",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,275",
        "eid": 326,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,275",
        "eid": 327,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,291",
        "eid": 328,
        "data": {
          "file": "psapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x75f20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,291",
        "eid": 329,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,291",
        "eid": 330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseHttpPipeliningAndBufferPooling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,291",
        "eid": 331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseSafeSynchronousClose",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,291",
        "eid": 332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictRfcInterimResponseHandling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowDangerousUnicodeDecompositions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictIPv6AddressParsing",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\AllowAllUriEncodingExpansion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchUseStrongCrypto",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SchSendAuxRecord",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SystemDefaultTlsVersions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\RequireCertificateEKUs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
          "content": "credssp.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name",
          "content": "CREDSSP"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment",
          "content": "Microsoft CredSSP Security Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Capabilities",
          "content": "8455987"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\RpcId",
          "content": "65535"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Version",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Type",
          "content": "33"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,306",
        "eid": 350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\TokenSize",
          "content": "73032"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,369",
        "eid": 351,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\schannel.dll",
          "pathtofile": null,
          "moduleaddress": "0x719d0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,369",
        "eid": 352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextLockCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,369",
        "eid": 353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SCHANNEL\\UserContextListCount",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,478",
        "eid": 354,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,744",
        "eid": 355,
        "data": {
          "file": "sspicli.dll",
          "pathtofile": null,
          "moduleaddress": "0x74c40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,884",
        "eid": 356,
        "data": {
          "file": "mskeyprotect.dll",
          "pathtofile": null,
          "moduleaddress": "0x70d80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,884",
        "eid": 357,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,884",
        "eid": 358,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,884",
        "eid": 359,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,900",
        "eid": 360,
        "data": {
          "file": "C:\\Windows\\System32\\ncryptsslp.dll",
          "pathtofile": null,
          "moduleaddress": "0x70d00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:06,994",
        "eid": 361,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:06,994",
        "eid": 362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,009",
        "eid": 363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\TZI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\TZI",
          "content": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\FirstEntry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\FirstEntry",
          "content": "2010"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\LastEntry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\LastEntry",
          "content": "2015"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2010",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2010",
          "content": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\n\\x00\\x00\\x00\\x05\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2011",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2011",
          "content": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x01\\x00\\x06\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2012",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2012",
          "content": "\\x10\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2013",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2013",
          "content": "\\x10\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2014",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2014",
          "content": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\n\\x00\\x00\\x00\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x03\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2015",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dynamic DST\\2015",
          "content": "L\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xc4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Display",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Display",
          "content": "@tzres.dll,-2980"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Std",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Std",
          "content": "@tzres.dll,-1832"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Dlt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\MUI_Dlt",
          "content": "@tzres.dll,-1831"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 388,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 389,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 390,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76c60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,197",
        "eid": 391,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Display",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Display",
          "content": "(UTC+03:00) \\x41c\\x43e\\x441\\x43a\\x432\\x430, \\x421\\x430\\x43d\\x43a\\x442-\\x41f\\x435\\x442\\x435\\x440\\x431\\x443\\x440\\x433"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Std",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Std",
          "content": "RTZ 2 (\\x437\\x438\\x43c\\x430)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dlt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Russian Standard Time\\Dlt",
          "content": "RTZ 2 (\\x43b\\x435\\x442\\x43e)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32\\DiagMatchAnyMask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertSyncDeltaTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxVerifySignatureCountPerChain",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxIssuerDepth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxPathCountPerChain",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MinRsaPubKeyBitLength",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRsaPubKeyTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableStrictChecksFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyFlags",
          "content": "18446744071705722880"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyAfterTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartyAfterTime",
          "content": "\\x00\\xc0)\\xb8C\\x9a\\xc9\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakMD5AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
          "content": "\\x00\\x00\\x001P\\xe4a2\\x7f3\\x5410\\x400\\x15\\x1000t\\x65af"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakMD5AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakMD5AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakMD5AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyFlags",
          "content": "18446744071562330112"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartyAfterTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakSHA1AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakSHA1AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\WeakSHA1AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1ThirdPartySha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CI\\Config\\Default\\WeakSHA1AllSha256Allow",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakRSAAllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakRSAAllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakDSAAllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakDSAAllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAThirdPartyFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\WeakECDSAAllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,337",
        "eid": 461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\Default\\WeakECDSAAllFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x83\\xb6S\\x18fNo\\xa2E\\xe0\\xd7`\\x9f\\xb9X \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x10\\x9f\\x1c\\xae\\xd6E\\xbbx\\xb3\\xea+\\x94\\xc0i|t\\x073\\x03\\x1c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00&]\\x05\\x07\\xd8/\\xa2`\\x84\\xbd\\x83}\\xf5!\\x80\\xa7\\x05oZ\\x85 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x04\\x00\\x000\\x82\\x04\\x0f0\\x82\\x02\\xf7\\xa0\\x03\\x02\\x01\\x02\\x02\n\\x19\\x8b\\x11\\xd1?\\x9a\\x8f\\xfei\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r971001070000Z\\x17\r021231070000Z0\\x81\\xc31+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1A0?\\x06\\x03U\\x04\\x0b\\x138Microsoft Windows Hardware Compatibility Intermediate CA1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation110/\\x06\\x03U\\x04\\x03\\x13(Microsoft Windows Hardware Compatibility0\\x81\\x9f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x81\\x8d\\x000\\x81"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
          "content": "\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xac\\xd8\\x0e\\xa2{\\xb7,\\xe7\\x00\\xdc\"rJ_\\x1e\\x92\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00Is\\xe0\\x92\\xcf\\x8a\\x9e,\\xa5\\xf9\\x88I:[\\xac\\xfe8\\x95\\x94.\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\n\\xcf\\xebK\\x07\\xe7\\x03\\xa0\\x1fL\\xef(\\xeerV\\xf7Qu\\x91U\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xd6\\xed}\\xf5/\\xc1\\x9b\\xdc\\x9e_\\xe9\\xe2\\xbe!\\xfb\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5Y\\xa5\\x86f\\x9b\\x08\\xf4j0\\xa13\\xf8\\xa9\\xed=\\x03\\x8e.\\xa8 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x87\\x03\\x00\\x000\\x82\\x03\\x830\\x82\\x02\\xec\\xa0\\x03\\x02\\x01\\x02\\x02\\x10F\\xfc\\xeb\\xba\\xb4\\xd0/\\x0f\\x92`\\x98#?\\x93\\x07\\x8f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certification Authority0\\x1e\\x17\r970417000000Z\\x17\r161024235959Z0\\x81\\xba1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign International Server CA - Class 31I0G\\x06\\x03U\\x04\\x0b\\x13@www.verisign.com/CPS"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xed\\xbc\\xcd\\xd5\\x10j\\x07\\x1c]\\x8bF\\x90\\x91\\x8eH\\xaa\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xfe\\xe4I\\xee\\x0e9e\\xa5$o\\x00\\x0e\\x87\\xfd\\xe2\\xa0e\\xfd\\x89\\xd4\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x9a\\xa6X\\x7f\\x94\\xdd\\x91\\xd9\\x1ec\\xdf\\xd3\\xf0\\xce_\\xae\\x18\\x93\\xaa\\xb7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xce\\x01\\x00\\x000\\x82\\x01\\xca0\\x82\\x01t\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0\\x1e\\x17\r960528220259Z\\x17\r391231235959Z0\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0[0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03J\\x000G\\x02@\\x81U\"\\xb9\\x8a\\xa4o\\xed\\xd6\\xe7\\xd9f\\x0fU\\xbc\\xd7\\xcd\\xd5\\xbcN@\\x02!\\xa2\\xb1\\xf7\\x870\\x85^\\xd2\\xf2D\\xb9\\xdc\\x9bu\\xb6\\xfbF_B\\xb6\\x9d#6\\x0b\\xdeT\\x0f\\xcd\\xbd\\x1f\\x99*\\x10X\\x11\\xcb@\\xcb\\xb5\\xa7A\\x02\\x03\\x01\\x00\\x01\\xa3\\x81\\x9e0\\x81\\x9b0P\\x06\\x03U\\x04\\x03\\x04I\\x13GFor Testing Purposes Only Sample Software Publishing Credentials Agency0G\\x06\\x03U\\x1d\\x01\\x04@0>\\x80\\x10\\x12\\xe4\t-\\x06\\x1d\\x1dO\\x00\\x8da!\\xdc\\x16dc\\xa1\\x180\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency\\x82\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x00\\x03A\\x00-.>{\\x89B\\x89?\\xa8!"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,353",
        "eid": 469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
          "content": "\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa3w\\xd1\\xb1\\xc0S\\x883\\x03R\\x11\\xf4\\x08=\\x00\\xfe\\xccAM\\xab!\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb5\\x01\\x00\\x000\\x82\\x01\\xb10\\x82\\x01\\x1a\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x000a1\\x110\\x0f\\x06\\x03U\\x04\\x07\\x13\\x08Internet1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign Commercial Software Publishers CA\\x17\r010324000000Z\\x17\r040107235959Z0i0!\\x02\\x10\\x1bQ\\x90\\xf77$9\\x9c\\x92T\\xcdBF7\\x99j\\x17\r010130000124Z0!\\x02\\x10u\\x0e@\\xff\\x97\\xf0G\\xed\\xf5V\\xc7\\x08N\\xb1\\xab\\xfd\\x17\r010131000049Z0!\\x02\\x10w\\xe6ZCY\\x93]_zu\\x80\\x1a\\xcd\\xad\\xc2\"\\x17\r000831000056Z\\xa0\\x1a0\\x180\t\\x06\\x03U\\x1d\\x13\\x04\\x020\\x000\\x0b\\x06\\x03U\\x1d\\x0f\\x04\\x04\\x03\\x02\\x05\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x00\\x03\\x81\\x81\\x00\\x18,\\xe8\\xfc\\x16m\\x91J=\\x88TH]\\xb8\\x11\\xbfd\\xbb\\xf9\\xdaY\\x19\\xdd\\x0ee\\xab\\xc0\\x0c\\xfag~!\\x1e\\x83\\x0e\\xcf\\x9b\\x89\\x8a\\xcf\\x0cK\\xc19\\x9d\\xe7j\\xacFtj\\x91b\"\r\\xc4\\x08\\xbd\\xf5\n\\x90\\x7f\\x06!=~\\xa7\\xaa^\\xcd\"\\x15\\xe6\\x0cu\\x8en\\xad\\xf1\\x84\\xe4\"\\xb40o\\xfbd\\x8f\\xd7\\x80C\\xf5\\x19\\x18f\\x1dr\\xa3\\xe3\\x94\\x82(R\\xa0\\x06N\\xb1\\xc8\\x92\\x0c\\x97\\xbe\\x15\\x07\\xabz\\xc9\\xea\\x08gCMQc;\\x9c\\x9c\\xcd"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob",
          "content": "\\x03\\x00\\x00\\x00\\x01\\x00\\x01\\x00\\x14\\x00\\x00\\x00't\\x81H\\xbb\\xe6zC\\xcd\\xbf\\xecl7\\x84\\x86,\\xe14\\xe6\\xea\"\\x00\\x00\\x00\\x01\\x00\\x01\\x00*\\x02\\x00\\x000\\x82\\x02&\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x82\\x02\\x170\\x82\\x02\\x13\\x02\\x01\\x011\\x000\\x82\\x02\\x08\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x82\\x01\\xf90\\x82\\x01\\xf50\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x04(D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00O\\x00S\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xcd??\\xac\\xc3\\xee\\x89\\x17\r120531151137Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x000\\x82\\x01\\x900\\x12\\x04\\x10%\\xfbz]\\x86\\xf7/^g(\\x8fys\\x05\\xfe\\x940\\x12\\x04\\x10o-Ce\\xc1\\x02\\x1f[\\x8bc\\xef\\x13+\\xc3\\xb3`0\\x12\\x04\\x10\\xad\\x11\\xdb\\xb7l\\x9c\\xf1\\xab\\x99\\x98\\xcd\\x84.\\xc1vs0\\x12\\x04\\x10\\xdf\\xbd\\xd7/\\x99\\xc3\\xb6Jy~Z\\xc9mY\\xbeV0\\x12\\x04\\x10\\xc6h\\x15K\\xe9^\\x16\\xad\\xbc2\\x1a\\xbc1n8J0\\x12\\x04\\x1079.\\x83=\\xc6\\x05\\xdd{8$G9\\x93\\x9e\\xe30\\x12\\x04\\x101y\\xfeKW&\\xd8\\xdb*\\xaf=\\xf9X\\xc9k\\x970\\x12\\x04\\x10\\xc3Z\\x97\\xc8\\x0fh}\\xc3\\xc1\\x08\\xc6\\xa33\\x9bhF0\\x12\\x04\\x10!\\x18\\xa4\\xc6\\xf7\\x18\\xcf\\xc7\\xd6\\xd8x\\x8cSt\\xd3)0\\x12\\x04\\x10Rj9\\xc0M\\x15\\x86-B\\x7f\\xd9%\\xaf\\x036\\x900\\x12\\x04\\x10<6\\xe1h\\xab\\xcc\\x85\\x96c\\xedG\\xa0\\xc0Z\\xeey0\\x12\\x04\\x10\\x01\\x9e}V\\xd6\r\\xb9\\xad\\xec@\\xb9g\\xb1\\xbc\\xba\\x9f0\\x12\\x04\\x106\\xcd\\xe9\\x9a\\xb8s\\x7f\\x86(|X7\\x04\\xc9^\\x160\\x12\\x04\\x10&\\x99\nwX~\\xd8d\\x01\\x84\\xc4\\x93f\\xac\\xb0u0\\x12\\x04\\x10\\xf6\\x9d\"\\xae\\x1e\\xd6\\x15\\xb1\\xb9\\xe3\\x90\\xe3\\x10\\xbb\\xbb10\\x12\\x04\\x10\\xeb\\xe9\n\\xd1\\x01\\xd3\\x80+\\x8aL\\x91<"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 472,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74700000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 473,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 474,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
          "content": "\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x80k\\xbe\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xfc\\x02\\xa4\\x9e.\\x1e\\x8eH\\x8c\\xa2\\x91!5W,\\xc2\\xf8\\xe7\\x1b\\xb0\\xe2\\xf2\\x85\\x96\\xb3r\"\\x99\\xf5\\xcb\\x9cb\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x84's\\x95\\x00\\x86\\xd0k\\x04\\xd7\\x02-b\\xa2\\x84\\xbek\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00e\\xaf\\x95\\xf4\\xbe\\x86\\x84sDcB\\x82\\xf9A\\xb2\\xe6\\x05\\x06>\\xf0\\xc8T/\\x01L\\xa0\\x88\\xd1\\x82\\x10\\x9eO\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00j\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x004\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x19\\xe8\\x1b\\xe9\\xa1L\\xd8\\xe2/@\\xac\\x11\\x8ch~\\xcb\\xa3\\xf4\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xf7&\\x98\\xd7\\x0e#\\x1f\\x8d\\xc4[W\\xf1\\x18\\xa4K\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe4\\xa2\\xf6\\xfe\\x9c\\xa7\\xf1\\x8a+\\xeb\\xa9aa0\\x8b\\xaa\\x88\\x80\\xb0\\x13\\x16\\x1d\\xdd\\x852\\xd4%\\x9e'\\xe5\\x05p\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcb\\xd1\\xf2\\xceH\\xfd\\x01\\x9f\\xeaV\\xaaW\\xd1~\\x99X\\xf8?\\xff\\xe0Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x07\\x06\\x00\\x000\\x82\\x06\\x030\\x82\\x03\\xeb\\xa0\\x03\\x02\\x01\\x02\\x02\\x10/\\xd6zC\"\\x932\\x90E\\xe9S4>\\xe2tf0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x931\\x0b0\t\\x06"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,384",
        "eid": 478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob",
          "content": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\x9e}\\x1e\\x8d]\\xa1\\x1d\\xc0\\xc8K\\x07W\\xec\\xed\\xcb\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x002\\x99\\x19\\x81\\xbf\\x15u\\xa1\\xa50;\\xb9:8\\x17#\\xea4k\\x9e\\xc10\\xfd\\xb5\\x96\\xa7[\\xa1\\xd7\\xce\\x0b\n\\x06W\\x0b\\xb9\\x85\\xd2XA\\xe2;\\xe9D\\xe8\\xff\\x11\\x8f\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00l\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00P\\x00r\\x00o\\x00d\\x00u\\x00c\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x06\\xf1\\xaa3\\x0b\\x92{u:@\\xe6\\x8c\\xdf\"\\xe3K\\xcb\\xef3R\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f\\x12N\\xde\\x13\\xe0j\\x02<\\xd7\\xc0\\x9aOH\\xc3\\xd6\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00C\\xefp\\x87\\xb8\\x9d\\xbf\\xec\\x88\\x19\\xdc\\xc6\\xc4ku\ru43\\x08\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00'\\x03\\x00\\x000\\x82\\x03#0\\x82\\x02\\xa8\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x14\\x98&f\\xdc|\\xcd\\x8f@Sg{\\xb9\\x99\\xec\\x850\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x941\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft C"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,400",
        "eid": 479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,400",
        "eid": 480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe5=4\\xce\\xcb\\x05\\xc1~\\xe32\\xc7I\\xd7\\x8c\\x02V\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00e\\xfcGR\\x0ff89b\\xec\\x0b{\\x88\\xa0\\x82\\x1d\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x18\\xf7\\xc1\\xfc\\xc3\t\\x02\\x03\\xfd[\\xaa/\\x86\\x1auIv\\xc8\\xdd%\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00>\\xdf)\\x0c\\xc1\\xf5\\xccs,\\xeb=$\\xe1~R\\xda\\xbd'\\xe2\\xf0 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\x02\\x00\\x000\\x82\\x02\\xbc0\\x82\\x02%\\x02\\x10J\\x19\\xd28\\x8c\\x82Y\\x1c\\xa5]s_\\x15]\\xdc\\xa30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1,0*\\x06\\x03U\\x04\\x0b\\x13#VeriSign Time Stamping Service Root1402\\x06\\x03U\\x04\\x0b\\x13+NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.0\\x1e\\x17\r970512000000Z\\x17\r040107235959Z0\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, I"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7f\\xdf\\xf5\\x07)Dg\\x10$JD|\\xa2\\xa1\\x97\\xea\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x9d\\xf0\\xd11\\x00\\x12:\\xec\\xa7p\\x13\\x0fJ\\xd8\\xd2\t\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00$\\\\x97\\xdfu\\x14\\xe7\\xcf-\\xf8\\xber\\xae\\x95{\\x9e\\x04t\\x1e\\x85\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x004O0-%i1\\x91\\xea\\xf7s\\\\xab\\xf5\\x86\\x8d7\\x82@\\xec \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb1\\x02\\x00\\x000\\x82\\x02\\xad0\\x82\\x02\\x16\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03U\\x04\\x0b\\x13$Microsoft Time Stamping Service Root1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.0\\x1e\\x17\r970513161259Z\\x17\r991230235959Z0\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob",
          "content": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe8G\\xc8B\\x9a\\xb0\\x9d\\xaeo\\x0b(;\\x98\\x15\\x8f\\xe3\\xb1\\xe8\\x80\\xb2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x03\\xd1\\xc7ge\\xed\\xa8\\x8b\\xc8\\xe0\\x87^`\\x91\\xd0`C%C\\xd1\\x80\\xbc\\xb8l\\x06I6\\xad\\xb9A\\xc4!cx\\x0b\\x82\\x89\\x92\\x1a\\x94\\xfe\\xbb\\x7f\\x9eG\\xed\\xac\\x12\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x007\\x94)X\\x86*\\x06\\xe6\\xbb\\xcf\\xd7\\xabY\\xc7\\xf2<i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00b\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00T\\x00S\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x001\\xf9\\xfc\\x8b\\xa3\\x80Y\\x86\\xb7!\\xear\\x95\\xc6[:DSBtk\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00?\\xd4\\xbe\\x8b\\xaa\\xd2\\xf2n\\x1b\\xde\\x06\\xc7XK\\xb7 \\xdd\\x1a\\x97-\\x11\\x1fZI\\x99\\xbcD\\xb0\\x8f\\xb4\\x96\r\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa4\\x0f<\\xb7\\xf5\\xff\\xa3\\xe8\\x12\\xbe\\xc7\\xf8U\\x07\\xcb\\xf4|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc5u\\x0b\\xf8_E\\x9f\\xb7\\x0e+l\\xd1\\x89\\x8d7^\\x92\\xd7\\x93\\x8eG\\xa6\\xe04\\xcc\\xe0\\xc1-07,\\xcd \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1b\\x03\\x00\\x000\\x82\\x03\\x170\\x82\\x02\\x9e\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x158u\\xe1d~\\xd1\\xb0G\\xb4\\xef\\xafA\\x12\\x82E0\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x8f1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02U"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa2f\\xbb}\\xcc8\\xa5bc\\x13a\\xbb\\xf6\\x1d\\xd1\\x1b\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x08\\xfb\\xa81\\xc0\\x85D \\x8fR\\x08hk\\x99\\x1c\\xa1\\xb2\\xcf\\xc5\\x10\\xe70\\x17\\x84\\xdd\\xf1\\xeb[\\xf0929i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x000\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00;\\x1e\\xfd:f\\xea(\\xb1f\\x979G\\x03\\xa7,\\xa3@\\xa0[\\xd5\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5\\xf6V\\xcb\\x8f\\xe8\\xa2\\bh\\xd1=\\x94\\x90[\\xd7\\xce\\x9a\\x18\\xc4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00<p\\xfa\\xea%`\\x0c\\xe3\\xb2\\xcc_\\x0b\".\\xd6) \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10(\\xcc:%\\xbf\\xbaD\\xacD\\x9a\\x9bXkC9\\xaa0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20100\\x1e\\x17\r100623215"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,416",
        "eid": 488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x07\\xd3M\\xedI\\x8dEw\\xf2a\\xbd8\\xb6\\xb8sn\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd6uv\\xf5R\\x1d\\x1c\\xca\\xb5.\\x92\\x15\\xe0\\xf9\\xf7C\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x7f\\x88\\xcdr#\\xf3\\xc8\\x13\\x81\\x8c\\x99F\\x14\\xa8\\x9c\\x99\\xfa;RG\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00o\\x00d\\x00e\\x00(\\x00t\\x00m\\x00)\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\xf03L\\x1a\\xa1\\xd9\\xee[{\\xa9\\xdeC\\xbc\\x02}W\t3\\xfb \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xda\\x03\\x00\\x000\\x82\\x03\\xd60\\x82\\x02\\xbe\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x1e\\x17\r950101080001Z\\x17\r991231235959Z0P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x82\\x01\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01\n\\x02\\x82\\x01\\x01\\x00\\xdf\\x08\\xba\\xe3?nd\\x9b\\xf5\\x89"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbb\\x04\\x8f\\x1889_o\\xc3\\xa1\\xf3\\xd2\\xb7\\xe9vT\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00'\\x9c\\xd6R\\xc4\\xe2R\\xbf\\xbeR\\x17\\xacr\"\\x05\\xd7r\\x9b\\xa4\t\\x14\\x8c\\xfa\\x9em\\x9e[\\x1c\\xb9N\\xaf\\xf1\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x001\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8fC(\\x8a\\xd2r\\xf3\\x10;o\\xb1B\\x84\\x85\\xea0\\x14\\xc0\\xbc\\xfe\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00r-:\\x021\\x90C\\xb9\\x14\\x05N\\xe1\\xea\\xa7\\xc71\\xd1#\\x894\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xce\\x04\\x90\\xd5\\xe5l4\\xa5\\xae\\x0b\\xe9\\x8b\\xe5\\x81\\x18] \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10?\\x8b\\xc8\\xb5\\xfc\\x9f\\xb2\\x96C\\xb5i\\xd6lB\\xe1D0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20110\\x1e\\x17\r110322220"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob",
          "content": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00M\\xec\\xdf&\\x06\\xdc$\\x10\\xc0\\xb6\\x99\\xf4\\xd79\\xc7o\\x19\\xf8&(\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00WS\\xd5}h\\xf32&,L\\xc2\\xe5\\xefv\\x84\\x8e\\x03\\xdd\\xc8!,4\\xc7W\\x08|*\\xa7\\xe3 \\xa9F\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00q\\xd0\\xa5\\xff-Yt\\x16\\x94\\xbe\\xe3}\\x1e\\\\x86\\x0b\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x92\\xb4lv\\xe10T\\xe1\\x04\\xf20Q~nPMC\\xab\\x10\\xb5k\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x8a^H\\x81\\xd4/tu\\xe8\\xec7&\\xfc\\xd5\\xe5\\x18\\x84\\xaa\\x04\\xda\\xa9\\xfaz\\xda\\xc8\\xcd&E,\\xf8\\x85\\xd4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc8\\xb53\\x18\\xbf\\xf7\\xf6\\x89\\xdf\\xeak\\xfc?\\xd7\\x93rY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc1\\x03\\x00\\x000\\x82\\x03\\xbd0\\x82\\x02\\xa5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0fkU/\\x9e\\xbf\\x90{\\x0ff)\\xa9\\xbd\\xf4\\xd8\\xce0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Corporation1604\\x06\\x03U\\x04\\x03\\x13-Symantec Enterprise Mobile Root for Microsoft0\\x1e\\x17\r120315000000Z\\x17\r320314235959Z0d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Cor"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00?\\xc8\\xcb\\x0b\\xc0RA\\xe5\\x8de\\xe9D\\x8b-\\x07\\xc2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8b<0\\x87\\xb7\\x05o^\\xc5\\xdd\\xba\\x91\\xa1\\xb9\\x01\\xf0i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa44\\x89\\x15\\x9aR\\x0f\r\\x93\\xd02\\xcc\\xaf7\\xe7\\xfe \\xa8\\xb4\\x19\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00J\\u\"\\xaaF\\xbf\\xa4\\x08\\x9d9\\x97N\\xbd\\xb4\\xa3`\\xf7\\xa0\\x1d \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x04\\x00\\x000\\x82\\x04\\x120\\x82\\x02\\xfa\\xa0\\x03\\x02\\x01\\x02\\x02\\x0f\\x00\\xc1\\x00\\x8b<<\\x88\\x11\\xd1>\\xf6c\\xec\\xdf@0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r970110070000Z\\x17\r201231070000Z0p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft R"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
          "content": "\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe8\\xa5\\x98\\xbe\\x84\\x82\\x8e\\xfe\\xaep\\x11\\x15\\x015v\\xb2\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7ffzq\\xd3\\xebix \\x9aQ\\x14\\x9d\\x83\\xda \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xbe6\\xa4V/\\xb2\\xee\\x05\\xdb\\xb3\\xd3##\\xad\\xf4E\\x08N\\xd6V\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00.\\x00\\x00\\x00T\\x00h\\x00a\\x00w\\x00t\\x00e\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x18\\x1c+\\xe0XQ\\xf9i\\x93\\xe1\\x96\\xf2y\\x95K#\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xbc\\xbd\\x86\\x9c?\\x07\\xed@\\xe3\\x1b\\x08\\xef\\xce\\xc4\\xd1\\x88\\xcd;\\x15 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa5\\x02\\x00\\x000\\x82\\x02\\xa10\\x82\\x02\n\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x000\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r\\x06\\x03U\\x04\n\\x13\\x06Thawte1\\x1d0\\x1b\\x06\\x03U\\x04\\x0b\\x13\\x14Thawte Certification1\\x1f0\\x1d\\x06\\x03U\\x04\\x03\\x13\\x16Thawte Timestamping CA0\\x1e\\x17\r970101000000Z\\x17\r201231235959Z0\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x98;\\x13&5\\xb7\\xe9\\x1d\\xee\\xf5Jg\\x80\\xc0\\x92i\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x009\\x1b\\xe9(\\x83\\xd5%\t\\x15[\\xfe\\xae'\\xb9\\xbd4\\x01p\\xb7k\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcd\\xd4\\xee\\xae`\\x00\\xac\\x7f@\\xc3\\x80,\\x17\\x1e0\\x14\\x800\\xc0r\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00J\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x0e\\xac\\x82`@V'\\x97\\xe5%\\x13\\xfc*\\xe1\nS\\x95Y\\xe4\\xa4\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe1\\xc0~\\xa0\\xaa\\xbb\\xd4\\xb7{\\x84\\xc2(\\x11x\\x08\\xa7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x9d\\x05\\x00\\x000\\x82\\x05\\x990\\x82\\x03\\x81\\xa0\\x03\\x02\\x01\\x02\\x02\\x10y\\xad\\x16\\xa1J\\xa0\\xa5\\xadLsX\\xf4\\x07\\x13.e0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicrosoft1-0+\\x06\\x03U\\x04\\x03\\x13$Microsoft Root Certificate Authority0\\x1e\\x17\r010509231922Z\\x17\r210509232813Z0_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicr"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00t\\x99f\\xce\\xcc\\x95\\xc1\\x87A\\x94\\xcar\\x03\\xf9\\xb6 \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x05c\\xb8c\rb\\xd7Z\\xbb\\xc8\\xab\\x1eK\\xdf\\xb5\\xa8\\x99\\xb2MC\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O_\\x10i09\\x8d\t\\x10{@\\xc3\\xc7\\xca\\x8f\\x1c\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00E\\xeb\\xa2\\xaf\\xf4\\x92\\xcb\\x821-Q\\x8b\\xa7\\xa7!\\x9d\\xf3m\\xc8\\x0fb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00>\\x90\\x99\\xb5\\x01^\\x8fHl\\x00\\xbc\\xea\\x9d\\x11\\x1e\\xe7!\\xfa\\xba5Z\\x89\\xbc\\xf1\\xdfiV\\x1e=\\xc62\\\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00m\\xca[\\xd0\r\\xcf\\x1c\\x0f2pY\\xd3t\\xb2\\x9c\\xa6\\xe3\\xc5\n\\xa6\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x87\\xce\\x0b{*\\x0eI\\x00\\xe1Xq\\x9b7\\xa8\\x93r \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xbb\\x03\\x00\\x000\\x82\\x03\\xb70\\x82\\x02\\x9f\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xe7\\xe0\\xe5\\x17\\xd8F\\xfe\\x8f\\xe5`\\xfc\\x1b\\xf0090\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f~u\\x0bVk\\x12\\x8a\\xc0\\xb8\\xd6Wm*p\\xa5\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x07\\xe02\\xe0 \\xb7,?\\x19/\\x06(\\xa2Y:\\x19\\xa7\\x0f\\x06\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe3\\xf9\\xaf\\x95,m\\xf2\\xaa\\xa4\\x17\\x06\\xa7zD\\xc2\\x03\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x08v\\xcd\\xcb\\x07\\xff$\\xf6\\xc5\\xcd\\xed\\xbb\\x90\\xbc\\xe2\\x847Fu\\xf7b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\XF\\x8dU\\xf5\\x8eI~t9\\x82\\xd2\\xb5\\x00\\x10\\xb6\\xd1e7J\\xcf\\x83\\xa7\\xd4\\xa3-\\xb7h\\xc4@\\x8e\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00C\\x00e\\x00r\\x00t\\x00u\\x00m\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00 \\x00C\\x00A\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00e\\x00\\x00\\x000c0!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x070\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8V\\x9c\\xcd!\\xef\\x9c\\xc5s|z\\x12\\xdf`\\x8c,\\xbcT]\\xf1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd5\\xe9\\x81@\\xc5\\x18i\\xfcF,\\x89ub\\x0f\\xaa"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
          "content": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x000\\x1e\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xeb\\x15w\\xb4\\x0b<\\x8b\\xab\\xae4m\\xd9\\x8e\\xad\\x07\\x80\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00QP\\x1f\\xbf\\xcei\\x18\\x9d`\\x9c\\xfa\\xf1@\\xc5vu]\\xcc\\x1f\\xdf\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00[\\xcb\\x93\\xea\\xdb}mO\\xb7\\xa0\n/:\\xe5\\x03\\x0c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00g\\x0eI,a\\x17\\x9e\\xeb\\xed\\xe0T\\xe7\\x84\\xd9\\x9b\\xadd`seb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xa3\\xcchY]\\xfe~\\x86\\xd8\\xad\\x17r\\xa8\\xb5(J\\xddT\\xac\\xe3\\xb8\\xa7\\x98\\xdfG\\xbc\\xca\\xfb\\x1f\\xdb\\x84\\xdf\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00>\\x00\\x00\\x00H\\x00o\\x00t\\x00s\\x00p\\x00o\\x00t\\x00 \\x002\\x00.\\x000\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x000\\x003\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xbeR\\xe4a\\xb1}\\xd6%'q%\\x1bE\\xe9\\x8f\\x122\\xca\\xa1%\\x12\\xdcy\\x11\\x8d\\x0c_\\xces\\xa5M\\x95\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O\\xcb\\x14\\xf7\\xc4\\xa3\\x8f/&\\\\x1f\\x12\\xc9\\xafVwY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\x05\\x00\\x000\\x82\\x05l0\\x82\\x03T\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xb3\\x0fp\\xf2\\x86\\xa43\\xe0\\xb9\t\\x89\\xde\\x01\\xed\\xb70\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x180\\x16\\x06\\x03U\\x04\n\\x13\\x0fWFA Hotspot 2.01'0%\\x06\\x03U\\x04\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbaO9r\\xe7\\xae\\xd9\\xdc\\xcd\\xc2\\x10\\xdbY\\xda\\x13\\xc9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00_\\xb7\\xee\\x063\\xe2Y\\xdb\\xad\\x0cL\\x9a\\xe6\\xd3\\x8f\\x1aa\\xc7\\xdc%\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8fv\\xb9\\x81\\xd5(\\xadGp\\x08\\x82E\\xe2\\x03\\x1bc\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1>\\xc3i\\x03\\xf8\\xbfG\\x01\\xd4\\x98&\\x1a\\x08\\x02\\xefcd+\\xc3b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00t1\\xe5\\xf4\\xc3\\xc1\\xceF\\x90wO\\x0ba\\xe0T@\\x88;\\xa9\\xa0\\x1e\\xd0\\x0b\\xa6\\xab\\xd7\\x80n\\xd3\\xb1\\x18\\xcf\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe3^\\xf0\\x8d\\x88O\n\n\\xde/u\\xe9c\\x01\\xceb0\\xf2\\x13\\xa8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd4t\\xdeW\\9\\xb2\\xd3\\x9c\\x85\\x83\\xc5\\xc0eI\\x8a \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc9\\x03\\x00\\x000\\x82\\x03\\xc50\\x82\\x02\\xad\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x02\\xac\\&j\\x0b@\\x9b\\x8f\\x0by\\xf2\\xaeF%w0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000l1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x9ds\\x93y;\\xca2@1u\\xdc\\x12~\\x0e\\xc1\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00s\\xa5\\xe6J;\\xff\\x83\\x16\\xff\\x0e\\xdc\\xcca\\x8a\\x90nN\\xaeMti\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x01\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00r\\xa4\\x91\\x950\\x9f\\xb94\\xd6\n\\x98\\xe4\\xecE\\x1al\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\t\\xcbY\\x7f\\x86\\xb2p\\x8f\\x1a\\xc39\\xe3\\xc0\\xd9\\xe9\\xbf\\xbbM\\xb2#\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc7A\\xf7\\x0fK*\\x8d\\x88\\xbf.q\\xc1A\"\\xefS\\xef\\x10\\xeb\\xa0\\xcf\\xa5\\xe6L\\xfa \\xf4\\x18\\x850s\\xe0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00S\\x00A\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x007\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00A3\\xc4\\xe6\\x0f\\xa1\\x83\\xee^zD\\x16\\xc5\\xd5L3\\x92\\xc5l/W()\\xbfY4tg\\xba\\xb0{\\xcd\\xcf\\x84\\x01b\\x98\\x83A\\xd2\\xd2\\x84\\xfb\\xd8V\\xdfS\\xb1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xff\\x00\\xff\\xcf\\xc9\\xf8\\xc7z\\xc0\\xee5\\x8e\\xc9\\x0fG \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xac\\x05\\x00\\x000\\x82\\x05\\xa80\\x82\\x03\\x90\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x1e\\xd3\\x97\t_\\xd8\\xb4\\xb3Gp\\x1e\\xaa\\xbe\\x7fE\\xb30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0c\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1e0\\x1c\\x06\\x03U"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
          "content": "h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00=\\xb6[\\xd9\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x02S\\x00\\x00\\x00\\x01\\x00\\x00\\x00$\\x00\\x00\\x000\"0 \\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd7\\xc6;\\xe0\\x83}\\xba\\xbf\\x88\\x1dO\\xbf_\\x98j\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xfcc]\\xf6&>\r\\xf3%\\xbe_y\\xcdgg\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00F\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x003\\x00 \\x00P\\x00u\\x00b\\x00l\\x00i\\x00c\\x00 \\x00P\\x00r\\x00i\\x00m\\x00a\\x00r\\x00y\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe2\\x7f{\\xd8w\\xd5\\xdf\\x9e\n?\\x9e\\xb4\\xcb\\x0e.\\xa9\\xef\\xdbiw\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00'\\xb3Qvg3\\x1c\\xe2\\xc1\\xe7@\\x02\\xb5\\xff\"\\x98\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00t,1\\x92\\xe6\\x07\\xe4$\\xebEIT+\\xe1\\xbb\\xc5>at\\xe2\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00*\\x00\\x00\\x000(\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe7hV4\\xef\\xac\\xf6\\x9a\\xce\\x93\\x9ak%[{O\\xab\\xefB\\x93[P\\xa2e\\xac\\xb5\\xcb`'\\xe4Np~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x10\\xc5\\x1e\\x92\\xd2\\x01 \\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x02\\x00\\x000\\x82\\x02<0\\x82\\x01\\xa5\\x02\\x10p\\xba\\xe4\\x1d\\x10\\xd9)4\\xb68\\xca{\\x03\\xcc\\xba\\xbf0\r\\x06\t"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xb0\t\\xe9\\x9a\\\\xfc\\x92\\x8a\\x171\\x90\\x10m\\xbb2\\xa9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00~\\x04\\xde\\x89j>fm\\x00\\xe6\\x87\\xd3?\\xfa\\xd9;\\xe8=4\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xab9\\xed\\xd1\\xa4\\xd8\\x9aU\\x12\\x88-\\xeb\t\\xcb\\x13\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3\\xdbH\\xa4\\xf9\\xa1\\xc5\\xd8\\xae6A\\xcc\\x11cib)\\xbcK\\xc6b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x001\\xadfH\\xf8\\x10A8\\xc78\\xf3\\x9e\\xa42\\x0139>:\\x18\\xcc\\x02)n\\xf9|*\\xc9\\xefg1\\xd0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x003\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x82\\xc8\\x01\\x999w\"\\xb5z\\xd4s\\xea&k\\x93\\xd4\\x7f\\xfcw\\xfe\\x07\\xf0\\x93\\x884_ \\xda\\xb6\\xad\\xdd\\x08vr\\xf9\\x88\\xb4\\xbb\\xfd\\x15LK\\x13<p\\xc9\\xec\\xff\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xf5]\\xa4P\\xa5\\xfb(~\\x1e\\x0f\r\\xcc\\x96WV\\xca \\x00\\x00\\x00\\x01\\x00\\x00\\x00C\\x02\\x00\\x000\\x82\\x02?0\\x82\\x01\\xc5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05UV\\xbc\\xf2^\\xa455\\xc3\\xa4\\x0f\\xd5\\xabEr0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0f:\\x05'\\xd2B\\xde-\\xc9\\x8e\\\\xfc\\xb1\\xe9\\x91\\xee\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8\\x98]:e\\xe5\\xe5\\xc4\\xb2\\xd7\\xd6m@\\xc6\\xdd/\\xb1\\x9cT6~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00Yw\\x9e9\\xe2\\x1a.=\\xfc\\xedhW\\xed\\_\\xd9\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x03\\xdeP5V\\xd1L\\xbbf\\xf0\\xa3\\xe2\\x1b\\x1b\\xc3\\x97\\xb2=\\xd1Ub\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00CH\\xa0\\xe9DLx\\xcb&^\\x05\\x8d^\\x89D\\xb4\\xd8O\\x96b\\xbd&\\xdb%\\x7f\\x894\\xa4C\\xc7\\x01a\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3M\\xdd7.\\xd9.\\x8f*\\xbf\\xbb\\x9e \\xa9\\xd3\\x1f O\\x19K\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00y\\xe4\\xa9\\x84\r}:\\x96\\xd7\\xc0O\\xe2CL\\x89. \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb3\\x03\\x00\\x000\\x82\\x03\\xaf0\\x82\\x02\\x97\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x08;\\xe0V\\x90BF\\xb1\\xa1uj\\xc9Y\\x91\\xc7J0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00>ER\\x15\tQ\\x92\\xe1\\xb7]7\\x9f\\xb1\\x87)\\x8a\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1\\xbc\\x96\\x8b\\xd4\\xf4\\x9db*\\xa8\\x9a\\x81\\xf2\\x15\\x01R\\xa4\\x1d\\x82\\x9c~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x04+\\xebw\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xe7\\xf3\\xb0`\\xd1\\x0e\\x90\\xa3\\x1b\\xa3G\\x1b\\x99\\x926\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00`{f\\x1aE\r\\x97\\xca\\x89P/}\\x04\\xcd4\\xa8\\xff\\xfc\\xfdKb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xeb\\xd4\\x10@\\xe4\\xbb>\\xc7B\\xc9\\xe3\\x81\\xd3\\x1e\\xf2\\xa4\\x1aH\\xb6h\\\\x96\\xe7\\xce\\xf3\\xc1\\xdfl\\xd43\\x1c\\x99\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x001\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00h\\x00\\x00\\x000f\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x08\\x02\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xfd<\\x9c8\r{e\\xe2k\\x9a?\\xed\\xd3\\x9b\\x8f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd6\\x9bV\\x11H\\xf0\\x1cw\\xc5Ex\\xc1\t&\\xdf[\\x85iv\\xad\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01r\\x8e\\x1e\\xcfz\\x9d\\x86\\xfb<\\xec\\x89H\\xab\\xa9S\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8f\\xf0K\\x7f\\xa8.E$\\xaeMP\\xfac\\x9a\\x8b\\xde\\xe2\\xdd\\x1b\\xbcb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb\\xb5\"\\xd7\\xb7\\xf1'\\xadj\\x01\\x13\\x86[\\xdf\\x1c\\xd4\\x10.}\\x07Y\\xafcZ|\\xf4r\r\\xc9c\\xc5;\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x003\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00R)\\xba\\x15\\xb3\\x1b\\x0coL\\xca\\x89\\xc2\\x98Qw\\x97C'\\xd1\\xb6\\x89\\xa3\\xb95\\xa0\\xbd\\x97U2\\xaf\"\\xab \\x00\\x00\\x00\\x01\\x00\\x00\\x00c\\x03\\x00\\x000\\x82\\x03_0\\x82\\x02G\\xa0\\x03\\x02\\x01\\x02\\x02\\x0b\\x04\\x00\\x00\\x00\\x00\\x01!XS\\x08\\xa20\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000L1 0\\x1e\\x06\\x03U\\x04\\x0b\\x13\\x17Global"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xff\\xac y\\x97\\xbb,\\xfe\\x86Up\\x17\\x9e\\xe07\\xb9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xfb\\x16\\xcdI1\\xc9s\\xa2\\x03}?\\xc8:M}w]\\x05\\xe4\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa8m\\xc6\\xa23\\xeb3\\x96\\x10\\xf3\\xedAI'\\xc5Y\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xec\\xd7\\xe3\\x82\\xd2q]dL\\xdf.g?\\xe7\\xba\\x98\\xae\\x1c\\x0fOb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00U/{\\xdc\\xf1\\xa7\\xaf\\x9el\\xe6r\\x01\\x7fO\\x12\\xab\\xf7r@\\xc7\\x8ev\\x1a\\xc2\\x03\\xd1\\xd9\\xd2\n\\xc8\\x99\\x88\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x004\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00N\\xa1\\xb3K\\x10\\xb9\\x82\\xa9j8\\x91XCPx \\xadc,j\\xad\\x83C\\xe37\\xb3Mf\\x0c\\xd86o\\xa1TTJ\\xe8\\x06h\\xae\\x1f\\xdf91\\xd5~\\x19\\x96\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00x\\xf2\\xfc\\xaa`\\x1f/\\xb4\\xeb\\xc97\\xbaS.uI \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x94\\x05\\x00\\x000\\x82\\x05\\x900\\x82\\x03x\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05\\x9b\\x1bW\\x9e\\x8e!2\\xe29\\x07\\xbd\\xa7wu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,431",
        "eid": 524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\xc3\\xbd5I\\xee\"Z\\xec\\xe174\\xad\\x8c\\xa0\\xb8\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdf<$\\xf9\\xbf\\xd6fv\\x1b&\\x80s\\xfe\\x06\\xd1\\xcc\\x8dO\\x82\\xa4~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\xc3\\x0b\\xc9tiU`\\xa2\\xf0\t\neEUl\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00N\"T \\x18\\x95\\xe6\\xe3n\\xe6\\x0f\\xfa\\xfa\\xb9\\x12\\xed\\x06\\x17\\x8f9b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb<\\xcb\\xb7`1\\xe5\\xe0\\x13\\x8f\\x8d\\xd3\\x9a#\\xf9\\xdeG\\xff\\xc3^C\\xc1\\x14L\\xea'\\xd4jZ\\xb1\\xcb_\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x002\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00KN\\xb4\\xb0t)\\x8b\\x82\\x8b\\\\x000\\x95\\xa1\\x0bE#\\xfb\\x95\\x1c\\x0c\\x884\\x8b\t\\xc5>[\\xab\\xa4\\x08\\xa3\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe4\\xa6\\x8a\\xc8T\\xacRBF\n\\xfdrH\\x1b*D \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x92\\x03\\x00\\x000\\x82\\x03\\x8e"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 525,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 526,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
          "content": "\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\x80k\\xbe\\x11\\xac\\xdc\\x01\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xfc\\x02\\xa4\\x9e.\\x1e\\x8eH\\x8c\\xa2\\x91!5W,\\xc2\\xf8\\xe7\\x1b\\xb0\\xe2\\xf2\\x85\\x96\\xb3r\"\\x99\\xf5\\xcb\\x9cb\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x84's\\x95\\x00\\x86\\xd0k\\x04\\xd7\\x02-b\\xa2\\x84\\xbek\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00e\\xaf\\x95\\xf4\\xbe\\x86\\x84sDcB\\x82\\xf9A\\xb2\\xe6\\x05\\x06>\\xf0\\xc8T/\\x01L\\xa0\\x88\\xd1\\x82\\x10\\x9eO\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00j\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x004\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x19\\xe8\\x1b\\xe9\\xa1L\\xd8\\xe2/@\\xac\\x11\\x8ch~\\xcb\\xa3\\xf4\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xf7&\\x98\\xd7\\x0e#\\x1f\\x8d\\xc4[W\\xf1\\x18\\xa4K\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe4\\xa2\\xf6\\xfe\\x9c\\xa7\\xf1\\x8a+\\xeb\\xa9aa0\\x8b\\xaa\\x88\\x80\\xb0\\x13\\x16\\x1d\\xdd\\x852\\xd4%\\x9e'\\xe5\\x05p\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcb\\xd1\\xf2\\xceH\\xfd\\x01\\x9f\\xeaV\\xaaW\\xd1~\\x99X\\xf8?\\xff\\xe0Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x07\\x06\\x00\\x000\\x82\\x06\\x030\\x82\\x03\\xeb\\xa0\\x03\\x02\\x01\\x02\\x02\\x10/\\xd6zC\"\\x932\\x90E\\xe9S4>\\xe2tf0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x931\\x0b0\t\\x06"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\06F1AA330B927B753A40E68CDF22E34BCBEF3352\\Blob",
          "content": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\x9e}\\x1e\\x8d]\\xa1\\x1d\\xc0\\xc8K\\x07W\\xec\\xed\\xcb\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x002\\x99\\x19\\x81\\xbf\\x15u\\xa1\\xa50;\\xb9:8\\x17#\\xea4k\\x9e\\xc10\\xfd\\xb5\\x96\\xa7[\\xa1\\xd7\\xce\\x0b\n\\x06W\\x0b\\xb9\\x85\\xd2XA\\xe2;\\xe9D\\xe8\\xff\\x11\\x8f\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00l\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00P\\x00r\\x00o\\x00d\\x00u\\x00c\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x06\\xf1\\xaa3\\x0b\\x92{u:@\\xe6\\x8c\\xdf\"\\xe3K\\xcb\\xef3R\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f\\x12N\\xde\\x13\\xe0j\\x02<\\xd7\\xc0\\x9aOH\\xc3\\xd6\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00C\\xefp\\x87\\xb8\\x9d\\xbf\\xec\\x88\\x19\\xdc\\xc6\\xc4ku\ru43\\x08\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00'\\x03\\x00\\x000\\x82\\x03#0\\x82\\x02\\xa8\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x14\\x98&f\\xdc|\\xcd\\x8f@Sg{\\xb9\\x99\\xec\\x850\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x941\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft C"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe5=4\\xce\\xcb\\x05\\xc1~\\xe32\\xc7I\\xd7\\x8c\\x02V\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00e\\xfcGR\\x0ff89b\\xec\\x0b{\\x88\\xa0\\x82\\x1d\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x18\\xf7\\xc1\\xfc\\xc3\t\\x02\\x03\\xfd[\\xaa/\\x86\\x1auIv\\xc8\\xdd%\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00T\\x00i\\x00m\\x00e\\x00 \\x00S\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00>\\xdf)\\x0c\\xc1\\xf5\\xccs,\\xeb=$\\xe1~R\\xda\\xbd'\\xe2\\xf0 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\x02\\x00\\x000\\x82\\x02\\xbc0\\x82\\x02%\\x02\\x10J\\x19\\xd28\\x8c\\x82Y\\x1c\\xa5]s_\\x15]\\xdc\\xa30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1,0*\\x06\\x03U\\x04\\x0b\\x13#VeriSign Time Stamping Service Root1402\\x06\\x03U\\x04\\x0b\\x13+NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.0\\x1e\\x17\r970512000000Z\\x17\r040107235959Z0\\x81\\x9e1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, I"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7f\\xdf\\xf5\\x07)Dg\\x10$JD|\\xa2\\xa1\\x97\\xea\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x9d\\xf0\\xd11\\x00\\x12:\\xec\\xa7p\\x13\\x0fJ\\xd8\\xd2\t\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00$\\\\x97\\xdfu\\x14\\xe7\\xcf-\\xf8\\xber\\xae\\x95{\\x9e\\x04t\\x1e\\x85\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x004O0-%i1\\x91\\xea\\xf7s\\\\xab\\xf5\\x86\\x8d7\\x82@\\xec \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb1\\x02\\x00\\x000\\x82\\x02\\xad0\\x82\\x02\\x16\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03U\\x04\\x0b\\x13$Microsoft Time Stamping Service Root1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.0\\x1e\\x17\r970513161259Z\\x17\r991230235959Z0\\x81\\x9e1 0\\x1e\\x06\\x03U\\x04\n\\x13\\x17Microsoft Trust Network1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1-0+\\x06\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\31F9FC8BA3805986B721EA7295C65B3A44534274\\Blob",
          "content": "Y\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1a\\x00\\x00\\x00E\\x00C\\x00D\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x003\\x008\\x004\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe8G\\xc8B\\x9a\\xb0\\x9d\\xaeo\\x0b(;\\x98\\x15\\x8f\\xe3\\xb1\\xe8\\x80\\xb2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x03\\xd1\\xc7ge\\xed\\xa8\\x8b\\xc8\\xe0\\x87^`\\x91\\xd0`C%C\\xd1\\x80\\xbc\\xb8l\\x06I6\\xad\\xb9A\\xc4!cx\\x0b\\x82\\x89\\x92\\x1a\\x94\\xfe\\xbb\\x7f\\x9eG\\xed\\xac\\x12\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x007\\x94)X\\x86*\\x06\\xe6\\xbb\\xcf\\xd7\\xabY\\xc7\\xf2<i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00b\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00C\\x00C\\x00 \\x00T\\x00S\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x001\\xf9\\xfc\\x8b\\xa3\\x80Y\\x86\\xb7!\\xear\\x95\\xc6[:DSBtk\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00?\\xd4\\xbe\\x8b\\xaa\\xd2\\xf2n\\x1b\\xde\\x06\\xc7XK\\xb7 \\xdd\\x1a\\x97-\\x11\\x1fZI\\x99\\xbcD\\xb0\\x8f\\xb4\\x96\r\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa4\\x0f<\\xb7\\xf5\\xff\\xa3\\xe8\\x12\\xbe\\xc7\\xf8U\\x07\\xcb\\xf4|\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc5u\\x0b\\xf8_E\\x9f\\xb7\\x0e+l\\xd1\\x89\\x8d7^\\x92\\xd7\\x93\\x8eG\\xa6\\xe04\\xcc\\xe0\\xc1-07,\\xcd \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x1b\\x03\\x00\\x000\\x82\\x03\\x170\\x82\\x02\\x9e\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x158u\\xe1d~\\xd1\\xb0G\\xb4\\xef\\xafA\\x12\\x82E0\n\\x06\\x08*\\x86H\\xce=\\x04\\x03\\x030\\x81\\x8f1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02U"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa2f\\xbb}\\xcc8\\xa5bc\\x13a\\xbb\\xf6\\x1d\\xd1\\x1b\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x08\\xfb\\xa81\\xc0\\x85D \\x8fR\\x08hk\\x99\\x1c\\xa1\\xb2\\xcf\\xc5\\x10\\xe70\\x17\\x84\\xdd\\xf1\\xeb[\\xf0929i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x000\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00;\\x1e\\xfd:f\\xea(\\xb1f\\x979G\\x03\\xa7,\\xa3@\\xa0[\\xd5\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5\\xf6V\\xcb\\x8f\\xe8\\xa2\\bh\\xd1=\\x94\\x90[\\xd7\\xce\\x9a\\x18\\xc4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00<p\\xfa\\xea%`\\x0c\\xe3\\xb2\\xcc_\\x0b\".\\xd6) \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10(\\xcc:%\\xbf\\xbaD\\xacD\\x9a\\x9bXkC9\\xaa0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20100\\x1e\\x17\r100623215"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x07\\xd3M\\xedI\\x8dEw\\xf2a\\xbd8\\xb6\\xb8sn\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd6uv\\xf5R\\x1d\\x1c\\xca\\xb5.\\x92\\x15\\xe0\\xf9\\xf7C\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x7f\\x88\\xcdr#\\xf3\\xc8\\x13\\x81\\x8c\\x99F\\x14\\xa8\\x9c\\x99\\xfa;RG\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00o\\x00d\\x00e\\x00(\\x00t\\x00m\\x00)\\x00 \\x00R\\x00o\\x00o\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\xf03L\\x1a\\xa1\\xd9\\xee[{\\xa9\\xdeC\\xbc\\x02}W\t3\\xfb \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xda\\x03\\x00\\x000\\x82\\x03\\xd60\\x82\\x02\\xbe\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x1e\\x17\r950101080001Z\\x17\r991231235959Z0P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\r0\\x0b\\x06\\x03U\\x04\n\\x13\\x04MSFT1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Authenticode(tm) Root Authority0\\x82\\x01\"0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01\n\\x02\\x82\\x01\\x01\\x00\\xdf\\x08\\xba\\xe3?nd\\x9b\\xf5\\x89"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbb\\x04\\x8f\\x1889_o\\xc3\\xa1\\xf3\\xd2\\xb7\\xe9vT\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00'\\x9c\\xd6R\\xc4\\xe2R\\xbf\\xbeR\\x17\\xacr\"\\x05\\xd7r\\x9b\\xa4\t\\x14\\x8c\\xfa\\x9em\\x9e[\\x1c\\xb9N\\xaf\\xf1\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x001\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8fC(\\x8a\\xd2r\\xf3\\x10;o\\xb1B\\x84\\x85\\xea0\\x14\\xc0\\xbc\\xfe\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00r-:\\x021\\x90C\\xb9\\x14\\x05N\\xe1\\xea\\xa7\\xc71\\xd1#\\x894\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xce\\x04\\x90\\xd5\\xe5l4\\xa5\\xae\\x0b\\xe9\\x8b\\xe5\\x81\\x18] \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf1\\x05\\x00\\x000\\x82\\x05\\xed0\\x82\\x03\\xd5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10?\\x8b\\xc8\\xb5\\xfc\\x9f\\xb2\\x96C\\xb5i\\xd6lB\\xe1D0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000\\x81\\x881\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1200\\x06\\x03U\\x04\\x03\\x13)Microsoft Root Certificate Authority 20110\\x1e\\x17\r110322220"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\92B46C76E13054E104F230517E6E504D43AB10B5\\Blob",
          "content": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00M\\xec\\xdf&\\x06\\xdc$\\x10\\xc0\\xb6\\x99\\xf4\\xd79\\xc7o\\x19\\xf8&(\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00WS\\xd5}h\\xf32&,L\\xc2\\xe5\\xefv\\x84\\x8e\\x03\\xdd\\xc8!,4\\xc7W\\x08|*\\xa7\\xe3 \\xa9F\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00q\\xd0\\xa5\\xff-Yt\\x16\\x94\\xbe\\xe3}\\x1e\\\\x86\\x0b\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x92\\xb4lv\\xe10T\\xe1\\x04\\xf20Q~nPMC\\xab\\x10\\xb5k\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x8a^H\\x81\\xd4/tu\\xe8\\xec7&\\xfc\\xd5\\xe5\\x18\\x84\\xaa\\x04\\xda\\xa9\\xfaz\\xda\\xc8\\xcd&E,\\xf8\\x85\\xd4\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc8\\xb53\\x18\\xbf\\xf7\\xf6\\x89\\xdf\\xeak\\xfc?\\xd7\\x93rY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc1\\x03\\x00\\x000\\x82\\x03\\xbd0\\x82\\x02\\xa5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0fkU/\\x9e\\xbf\\x90{\\x0ff)\\xa9\\xbd\\xf4\\xd8\\xce0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Corporation1604\\x06\\x03U\\x04\\x03\\x13-Symantec Enterprise Mobile Root for Microsoft0\\x1e\\x17\r120315000000Z\\x17\r320314235959Z0d1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1d0\\x1b\\x06\\x03U\\x04\n\\x13\\x14Symantec Cor"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00?\\xc8\\xcb\\x0b\\xc0RA\\xe5\\x8de\\xe9D\\x8b-\\x07\\xc2\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8b<0\\x87\\xb7\\x05o^\\xc5\\xdd\\xba\\x91\\xa1\\xb9\\x01\\xf0i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa44\\x89\\x15\\x9aR\\x0f\r\\x93\\xd02\\xcc\\xaf7\\xe7\\xfe \\xa8\\xb4\\x19\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00J\\u\"\\xaaF\\xbf\\xa4\\x08\\x9d9\\x97N\\xbd\\xb4\\xa3`\\xf7\\xa0\\x1d \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x04\\x00\\x000\\x82\\x04\\x120\\x82\\x02\\xfa\\xa0\\x03\\x02\\x01\\x02\\x02\\x0f\\x00\\xc1\\x00\\x8b<<\\x88\\x11\\xd1>\\xf6c\\xec\\xdf@0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r970110070000Z\\x17\r201231070000Z0p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft R"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
          "content": "\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe8\\xa5\\x98\\xbe\\x84\\x82\\x8e\\xfe\\xaep\\x11\\x15\\x015v\\xb2\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x7ffzq\\xd3\\xebix \\x9aQ\\x14\\x9d\\x83\\xda \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xbe6\\xa4V/\\xb2\\xee\\x05\\xdb\\xb3\\xd3##\\xad\\xf4E\\x08N\\xd6V\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00.\\x00\\x00\\x00T\\x00h\\x00a\\x00w\\x00t\\x00e\\x00 \\x00T\\x00i\\x00m\\x00e\\x00s\\x00t\\x00a\\x00m\\x00p\\x00i\\x00n\\x00g\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x18\\x1c+\\xe0XQ\\xf9i\\x93\\xe1\\x96\\xf2y\\x95K#\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xbc\\xbd\\x86\\x9c?\\x07\\xed@\\xe3\\x1b\\x08\\xef\\xce\\xc4\\xd1\\x88\\xcd;\\x15 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa5\\x02\\x00\\x000\\x82\\x02\\xa10\\x82\\x02\n\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x000\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r\\x06\\x03U\\x04\n\\x13\\x06Thawte1\\x1d0\\x1b\\x06\\x03U\\x04\\x0b\\x13\\x14Thawte Certification1\\x1f0\\x1d\\x06\\x03U\\x04\\x03\\x13\\x16Thawte Timestamping CA0\\x1e\\x17\r970101000000Z\\x17\r201231235959Z0\\x81\\x8b1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02ZA1\\x150\\x13\\x06\\x03U\\x04\\x08\\x13\\x0cWestern Cape1\\x140\\x12\\x06\\x03U\\x04\\x07\\x13\\x0bDurbanville1\\x0f0\r"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x98;\\x13&5\\xb7\\xe9\\x1d\\xee\\xf5Jg\\x80\\xc0\\x92i\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x009\\x1b\\xe9(\\x83\\xd5%\t\\x15[\\xfe\\xae'\\xb9\\xbd4\\x01p\\xb7k\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xcd\\xd4\\xee\\xae`\\x00\\xac\\x7f@\\xc3\\x80,\\x17\\x1e0\\x14\\x800\\xc0r\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00J\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x00i\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x02\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x0e\\xac\\x82`@V'\\x97\\xe5%\\x13\\xfc*\\xe1\nS\\x95Y\\xe4\\xa4\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe1\\xc0~\\xa0\\xaa\\xbb\\xd4\\xb7{\\x84\\xc2(\\x11x\\x08\\xa7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x9d\\x05\\x00\\x000\\x82\\x05\\x990\\x82\\x03\\x81\\xa0\\x03\\x02\\x01\\x02\\x02\\x10y\\xad\\x16\\xa1J\\xa0\\xa5\\xadLsX\\xf4\\x07\\x13.e0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicrosoft1-0+\\x06\\x03U\\x04\\x03\\x13$Microsoft Root Certificate Authority0\\x1e\\x17\r010509231922Z\\x17\r210509232813Z0_1\\x130\\x11\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\\x03com1\\x190\\x17\\x06\n\t\\x92&\\x89\\x93\\xf2,d\\x01\\x19\\x16\tmicr"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00t\\x99f\\xce\\xcc\\x95\\xc1\\x87A\\x94\\xcar\\x03\\xf9\\xb6 \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x05c\\xb8c\rb\\xd7Z\\xbb\\xc8\\xab\\x1eK\\xdf\\xb5\\xa8\\x99\\xb2MC\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O_\\x10i09\\x8d\t\\x10{@\\xc3\\xc7\\xca\\x8f\\x1c\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00E\\xeb\\xa2\\xaf\\xf4\\x92\\xcb\\x821-Q\\x8b\\xa7\\xa7!\\x9d\\xf3m\\xc8\\x0fb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00>\\x90\\x99\\xb5\\x01^\\x8fHl\\x00\\xbc\\xea\\x9d\\x11\\x1e\\xe7!\\xfa\\xba5Z\\x89\\xbc\\xf1\\xdfiV\\x1e=\\xc62\\\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00m\\xca[\\xd0\r\\xcf\\x1c\\x0f2pY\\xd3t\\xb2\\x9c\\xa6\\xe3\\xc5\n\\xa6\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x87\\xce\\x0b{*\\x0eI\\x00\\xe1Xq\\x9b7\\xa8\\x93r \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xbb\\x03\\x00\\x000\\x82\\x03\\xb70\\x82\\x02\\x9f\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xe7\\xe0\\xe5\\x17\\xd8F\\xfe\\x8f\\xe5`\\xfc\\x1b\\xf0090\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,462",
        "eid": 554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\07E032E020B72C3F192F0628A2593A19A70F069E\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1f~u\\x0bVk\\x12\\x8a\\xc0\\xb8\\xd6Wm*p\\xa5\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x07\\xe02\\xe0 \\xb7,?\\x19/\\x06(\\xa2Y:\\x19\\xa7\\x0f\\x06\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe3\\xf9\\xaf\\x95,m\\xf2\\xaa\\xa4\\x17\\x06\\xa7zD\\xc2\\x03\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x08v\\xcd\\xcb\\x07\\xff$\\xf6\\xc5\\xcd\\xed\\xbb\\x90\\xbc\\xe2\\x847Fu\\xf7b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\XF\\x8dU\\xf5\\x8eI~t9\\x82\\xd2\\xb5\\x00\\x10\\xb6\\xd1e7J\\xcf\\x83\\xa7\\xd4\\xa3-\\xb7h\\xc4@\\x8e\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00C\\x00e\\x00r\\x00t\\x00u\\x00m\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00 \\x00C\\x00A\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00e\\x00\\x00\\x000c0!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00!\\x06\\x0b*\\x84h\\x01\\x86\\xf6w\\x02\\x05\\x01\\x070\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8V\\x9c\\xcd!\\xef\\x9c\\xc5s|z\\x12\\xdf`\\x8c,\\xbcT]\\xf1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd5\\xe9\\x81@\\xc5\\x18i\\xfcF,\\x89ub\\x0f\\xaa"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\51501FBFCE69189D609CFAF140C576755DCC1FDF\\Blob",
          "content": "\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x000\\x1e\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xeb\\x15w\\xb4\\x0b<\\x8b\\xab\\xae4m\\xd9\\x8e\\xad\\x07\\x80\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00QP\\x1f\\xbf\\xcei\\x18\\x9d`\\x9c\\xfa\\xf1@\\xc5vu]\\xcc\\x1f\\xdf\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00[\\xcb\\x93\\xea\\xdb}mO\\xb7\\xa0\n/:\\xe5\\x03\\x0c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00g\\x0eI,a\\x17\\x9e\\xeb\\xed\\xe0T\\xe7\\x84\\xd9\\x9b\\xadd`seb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xa3\\xcchY]\\xfe~\\x86\\xd8\\xad\\x17r\\xa8\\xb5(J\\xddT\\xac\\xe3\\xb8\\xa7\\x98\\xdfG\\xbc\\xca\\xfb\\x1f\\xdb\\x84\\xdf\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00>\\x00\\x00\\x00H\\x00o\\x00t\\x00s\\x00p\\x00o\\x00t\\x00 \\x002\\x00.\\x000\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x000\\x003\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xbeR\\xe4a\\xb1}\\xd6%'q%\\x1bE\\xe9\\x8f\\x122\\xca\\xa1%\\x12\\xdcy\\x11\\x8d\\x0c_\\xces\\xa5M\\x95\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00O\\xcb\\x14\\xf7\\xc4\\xa3\\x8f/&\\\\x1f\\x12\\xc9\\xafVwY\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\x00S\\x00A\\x00/\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\x05\\x00\\x000\\x82\\x05l0\\x82\\x03T\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x0c\\xb3\\x0fp\\xf2\\x86\\xa43\\xe0\\xb9\t\\x89\\xde\\x01\\xed\\xb70\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000P1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x180\\x16\\x06\\x03U\\x04\n\\x13\\x0fWFA Hotspot 2.01'0%\\x06\\x03U\\x04\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xbaO9r\\xe7\\xae\\xd9\\xdc\\xcd\\xc2\\x10\\xdbY\\xda\\x13\\xc9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00_\\xb7\\xee\\x063\\xe2Y\\xdb\\xad\\x0cL\\x9a\\xe6\\xd3\\x8f\\x1aa\\xc7\\xdc%\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x8fv\\xb9\\x81\\xd5(\\xadGp\\x08\\x82E\\xe2\\x03\\x1bc\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1>\\xc3i\\x03\\xf8\\xbfG\\x01\\xd4\\x98&\\x1a\\x08\\x02\\xefcd+\\xc3b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00t1\\xe5\\xf4\\xc3\\xc1\\xceF\\x90wO\\x0ba\\xe0T@\\x88;\\xa9\\xa0\\x1e\\xd0\\x0b\\xa6\\xab\\xd7\\x80n\\xd3\\xb1\\x18\\xcf\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe3^\\xf0\\x8d\\x88O\n\n\\xde/u\\xe9c\\x01\\xceb0\\xf2\\x13\\xa8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd4t\\xdeW\\9\\xb2\\xd3\\x9c\\x85\\x83\\xc5\\xc0eI\\x8a \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc9\\x03\\x00\\x000\\x82\\x03\\xc50\\x82\\x02\\xad\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x02\\xac\\&j\\x0b@\\x9b\\x8f\\x0by\\xf2\\xaeF%w0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000l1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x150\\x13\\x06\\x03U\\x04\n\\x13\\x0cDigiCert Inc1\\x190\\x17\\x06\\x03"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x9ds\\x93y;\\xca2@1u\\xdc\\x12~\\x0e\\xc1\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00s\\xa5\\xe6J;\\xff\\x83\\x16\\xff\\x0e\\xdc\\xcca\\x8a\\x90nN\\xaeMti\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x01\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00r\\xa4\\x91\\x950\\x9f\\xb94\\xd6\n\\x98\\xe4\\xecE\\x1al\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\t\\xcbY\\x7f\\x86\\xb2p\\x8f\\x1a\\xc39\\xe3\\xc0\\xd9\\xe9\\xbf\\xbbM\\xb2#\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x16\\x00\\x00\\x000\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xc7A\\xf7\\x0fK*\\x8d\\x88\\xbf.q\\xc1A\"\\xefS\\xef\\x10\\xeb\\xa0\\xcf\\xa5\\xe6L\\xfa \\xf4\\x18\\x850s\\xe0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00S\\x00A\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00 \\x002\\x000\\x001\\x007\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00A3\\xc4\\xe6\\x0f\\xa1\\x83\\xee^zD\\x16\\xc5\\xd5L3\\x92\\xc5l/W()\\xbfY4tg\\xba\\xb0{\\xcd\\xcf\\x84\\x01b\\x98\\x83A\\xd2\\xd2\\x84\\xfb\\xd8V\\xdfS\\xb1\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xff\\x00\\xff\\xcf\\xc9\\xf8\\xc7z\\xc0\\xee5\\x8e\\xc9\\x0fG \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xac\\x05\\x00\\x000\\x82\\x05\\xa80\\x82\\x03\\x90\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x1e\\xd3\\x97\t_\\xd8\\xb4\\xb3Gp\\x1e\\xaa\\xbe\\x7fE\\xb30\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0c\\x05\\x000e1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x1e0\\x1c\\x06\\x03U"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
          "content": "h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00=\\xb6[\\xd9\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x000\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x02S\\x00\\x00\\x00\\x01\\x00\\x00\\x00$\\x00\\x00\\x000\"0 \\x06\n+\\x06\\x01\\x04\\x01\\x827^\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd7\\xc6;\\xe0\\x83}\\xba\\xbf\\x88\\x1dO\\xbf_\\x98j\\xd8\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\xfcc]\\xf6&>\r\\xf3%\\xbe_y\\xcdgg\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00F\\x00\\x00\\x00V\\x00e\\x00r\\x00i\\x00S\\x00i\\x00g\\x00n\\x00 \\x00C\\x00l\\x00a\\x00s\\x00s\\x00 \\x003\\x00 \\x00P\\x00u\\x00b\\x00l\\x00i\\x00c\\x00 \\x00P\\x00r\\x00i\\x00m\\x00a\\x00r\\x00y\\x00 \\x00C\\x00A\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xe2\\x7f{\\xd8w\\xd5\\xdf\\x9e\n?\\x9e\\xb4\\xcb\\x0e.\\xa9\\xef\\xdbiw\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00'\\xb3Qvg3\\x1c\\xe2\\xc1\\xe7@\\x02\\xb5\\xff\"\\x98\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00t,1\\x92\\xe6\\x07\\xe4$\\xebEIT+\\xe1\\xbb\\xc5>at\\xe2\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00*\\x00\\x00\\x000(\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xe7hV4\\xef\\xac\\xf6\\x9a\\xce\\x93\\x9ak%[{O\\xab\\xefB\\x93[P\\xa2e\\xac\\xb5\\xcb`'\\xe4Np~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x10\\xc5\\x1e\\x92\\xd2\\x01 \\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x02\\x00\\x000\\x82\\x02<0\\x82\\x01\\xa5\\x02\\x10p\\xba\\xe4\\x1d\\x10\\xd9)4\\xb68\\xca{\\x03\\xcc\\xba\\xbf0\r\\x06\t"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\7E04DE896A3E666D00E687D33FFAD93BE83D349E\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x80\\x01\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xb0\t\\xe9\\x9a\\\\xfc\\x92\\x8a\\x171\\x90\\x10m\\xbb2\\xa9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00~\\x04\\xde\\x89j>fm\\x00\\xe6\\x87\\xd3?\\xfa\\xd9;\\xe8=4\\x9e\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xab9\\xed\\xd1\\xa4\\xd8\\x9aU\\x12\\x88-\\xeb\t\\xcb\\x13\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3\\xdbH\\xa4\\xf9\\xa1\\xc5\\xd8\\xae6A\\xcc\\x11cib)\\xbcK\\xc6b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x001\\xadfH\\xf8\\x10A8\\xc78\\xf3\\x9e\\xa42\\x0139>:\\x18\\xcc\\x02)n\\xf9|*\\xc9\\xefg1\\xd0\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x003\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00\\x82\\xc8\\x01\\x999w\"\\xb5z\\xd4s\\xea&k\\x93\\xd4\\x7f\\xfcw\\xfe\\x07\\xf0\\x93\\x884_ \\xda\\xb6\\xad\\xdd\\x08vr\\xf9\\x88\\xb4\\xbb\\xfd\\x15LK\\x13<p\\xc9\\xec\\xff\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xf5]\\xa4P\\xa5\\xfb(~\\x1e\\x0f\r\\xcc\\x96WV\\xca \\x00\\x00\\x00\\x01\\x00\\x00\\x00C\\x02\\x00\\x000\\x82\\x02?0\\x82\\x01\\xc5\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05UV\\xbc\\xf2^\\xa455\\xc3\\xa4\\x0f\\xd5\\xabEr0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0f:\\x05'\\xd2B\\xde-\\xc9\\x8e\\\\xfc\\xb1\\xe9\\x91\\xee\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa8\\x98]:e\\xe5\\xe5\\xc4\\xb2\\xd7\\xd6m@\\xc6\\xdd/\\xb1\\x9cT6~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00Yw\\x9e9\\xe2\\x1a.=\\xfc\\xedhW\\xed\\_\\xd9\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x12\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x03\\xdeP5V\\xd1L\\xbbf\\xf0\\xa3\\xe2\\x1b\\x1b\\xc3\\x97\\xb2=\\xd1Ub\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00CH\\xa0\\xe9DLx\\xcb&^\\x05\\x8d^\\x89D\\xb4\\xd8O\\x96b\\xbd&\\xdb%\\x7f\\x894\\xa4C\\xc7\\x01a\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb3M\\xdd7.\\xd9.\\x8f*\\xbf\\xbb\\x9e \\xa9\\xd3\\x1f O\\x19K\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00y\\xe4\\xa9\\x84\r}:\\x96\\xd7\\xc0O\\xe2CL\\x89. \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb3\\x03\\x00\\x000\\x82\\x03\\xaf0\\x82\\x02\\x97\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x08;\\xe0V\\x90BF\\xb1\\xa1uj\\xc9Y\\x91\\xc7J0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00>ER\\x15\tQ\\x92\\xe1\\xb7]7\\x9f\\xb1\\x87)\\x8a\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xb1\\xbc\\x96\\x8b\\xd4\\xf4\\x9db*\\xa8\\x9a\\x81\\xf2\\x15\\x01R\\xa4\\x1d\\x82\\x9c~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x04+\\xebw\\xd5\\x01z\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xe7\\xf3\\xb0`\\xd1\\x0e\\x90\\xa3\\x1b\\xa3G\\x1b\\x99\\x926\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00`{f\\x1aE\r\\x97\\xca\\x89P/}\\x04\\xcd4\\xa8\\xff\\xfc\\xfdKb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xeb\\xd4\\x10@\\xe4\\xbb>\\xc7B\\xc9\\xe3\\x81\\xd3\\x1e\\xf2\\xa4\\x1aH\\xb6h\\\\x96\\xe7\\xce\\xf3\\xc1\\xdfl\\xd43\\x1c\\x99\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x001\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00h\\x00\\x00\\x000f\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x08\\x02\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\t\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd0\\xfd<\\x9c8\r{e\\xe2k\\x9a?\\xed\\xd3\\x9b\\x8f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd6\\x9bV\\x11H\\xf0\\x1cw\\xc5Ex\\xc1\t&\\xdf[\\x85iv\\xad\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01r\\x8e\\x1e\\xcfz\\x9d\\x86\\xfb<\\xec\\x89H\\xab\\xa9S\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x8f\\xf0K\\x7f\\xa8.E$\\xaeMP\\xfac\\x9a\\x8b\\xde\\xe2\\xdd\\x1b\\xbcb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb\\xb5\"\\xd7\\xb7\\xf1'\\xadj\\x01\\x13\\x86[\\xdf\\x1c\\xd4\\x10.}\\x07Y\\xafcZ|\\xf4r\r\\xc9c\\xc5;\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00S\\x00i\\x00g\\x00n\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00A\\x00 \\x00-\\x00 \\x00R\\x003\\x00\\x00\\x00S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t+\\x06\\x01\\x04\\x01\\xa02\\x01\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00T\\x00\\x00\\x000R\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x06\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x07\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00R)\\xba\\x15\\xb3\\x1b\\x0coL\\xca\\x89\\xc2\\x98Qw\\x97C'\\xd1\\xb6\\x89\\xa3\\xb95\\xa0\\xbd\\x97U2\\xaf\"\\xab \\x00\\x00\\x00\\x01\\x00\\x00\\x00c\\x03\\x00\\x000\\x82\\x03_0\\x82\\x02G\\xa0\\x03\\x02\\x01\\x02\\x02\\x0b\\x04\\x00\\x00\\x00\\x00\\x01!XS\\x08\\xa20\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x0b\\x05\\x000L1 0\\x1e\\x06\\x03U\\x04\\x0b\\x13\\x17Global"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xff\\xac y\\x97\\xbb,\\xfe\\x86Up\\x17\\x9e\\xe07\\xb9\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdd\\xfb\\x16\\xcdI1\\xc9s\\xa2\\x03}?\\xc8:M}w]\\x05\\xe4\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xa8m\\xc6\\xa23\\xeb3\\x96\\x10\\xf3\\xedAI'\\xc5Y\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xec\\xd7\\xe3\\x82\\xd2q]dL\\xdf.g?\\xe7\\xba\\x98\\xae\\x1c\\x0fOb\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00U/{\\xdc\\xf1\\xa7\\xaf\\x9el\\xe6r\\x01\\x7fO\\x12\\xab\\xf7r@\\xc7\\x8ev\\x1a\\xc2\\x03\\xd1\\xd9\\xd2\n\\xc8\\x99\\x88\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x002\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00T\\x00r\\x00u\\x00s\\x00t\\x00e\\x00d\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x004\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00N\\xa1\\xb3K\\x10\\xb9\\x82\\xa9j8\\x91XCPx \\xadc,j\\xad\\x83C\\xe37\\xb3Mf\\x0c\\xd86o\\xa1TTJ\\xe8\\x06h\\xae\\x1f\\xdf91\\xd5~\\x19\\x96\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00x\\xf2\\xfc\\xaa`\\x1f/\\xb4\\xeb\\xc97\\xbaS.uI \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x94\\x05\\x00\\x000\\x82\\x05\\x900\\x82\\x03x\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x05\\x9b\\x1bW\\x9e\\x8e!2\\xe29\\x07\\xbd\\xa7wu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\\Blob",
          "content": "\\\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x14\\xc3\\xbd5I\\xee\"Z\\xec\\xe174\\xad\\x8c\\xa0\\xb8\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xdf<$\\xf9\\xbf\\xd6fv\\x1b&\\x80s\\xfe\\x06\\xd1\\xcc\\x8dO\\x82\\xa4~\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x80\\xc8+h\\x86\\xd7\\x01\\x7f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x000\n\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x1d\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00}\\xc3\\x0b\\xc9tiU`\\xa2\\xf0\t\neEUl\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00N\"T \\x18\\x95\\xe6\\xe3n\\xe6\\x0f\\xfa\\xfa\\xb9\\x12\\xed\\x06\\x17\\x8f9b\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\xcb<\\xcb\\xb7`1\\xe5\\xe0\\x13\\x8f\\x8d\\xd3\\x9a#\\xf9\\xdeG\\xff\\xc3^C\\xc1\\x14L\\xea'\\xd4jZ\\xb1\\xcb_\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\x00\\x00\\x00D\\x00i\\x00g\\x00i\\x00C\\x00e\\x00r\\x00t\\x00 \\x00G\\x00l\\x00o\\x00b\\x00a\\x00l\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00G\\x002\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x0002\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x03\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x04\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x08S\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00\\x000>0\\x1f\\x06\t`\\x86H\\x01\\x86\\xfdl\\x02\\x010\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc00\\x1b\\x06\\x05g\\x81\\x0c\\x01\\x030\\x120\\x10\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x01\\x01\\x03\\x02\\x00\\xc0\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00KN\\xb4\\xb0t)\\x8b\\x82\\x8b\\\\x000\\x95\\xa1\\x0bE#\\xfb\\x95\\x1c\\x0c\\x884\\x8b\t\\xc5>[\\xab\\xa4\\x08\\xa3\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xe4\\xa6\\x8a\\xc8T\\xacRBF\n\\xfdrH\\x1b*D \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x92\\x03\\x00\\x000\\x82\\x03\\x8e"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 575,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 576,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,478",
        "eid": 577,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,494",
        "eid": 578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,494",
        "eid": 579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,494",
        "eid": 580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,494",
        "eid": 581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x83\\xb6S\\x18fNo\\xa2E\\xe0\\xd7`\\x9f\\xb9X \\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x10\\x9f\\x1c\\xae\\xd6E\\xbbx\\xb3\\xea+\\x94\\xc0i|t\\x073\\x03\\x1c\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00&]\\x05\\x07\\xd8/\\xa2`\\x84\\xbd\\x83}\\xf5!\\x80\\xa7\\x05oZ\\x85 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x04\\x00\\x000\\x82\\x04\\x0f0\\x82\\x02\\xf7\\xa0\\x03\\x02\\x01\\x02\\x02\n\\x19\\x8b\\x11\\xd1?\\x9a\\x8f\\xfei\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000p1+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation1!0\\x1f\\x06\\x03U\\x04\\x03\\x13\\x18Microsoft Root Authority0\\x1e\\x17\r971001070000Z\\x17\r021231070000Z0\\x81\\xc31+0)\\x06\\x03U\\x04\\x0b\\x13\"Copyright (c) 1997 Microsoft Corp.1A0?\\x06\\x03U\\x04\\x0b\\x138Microsoft Windows Hardware Compatibility Intermediate CA1\\x1e0\\x1c\\x06\\x03U\\x04\\x0b\\x13\\x15Microsoft Corporation110/\\x06\\x03U\\x04\\x03\\x13(Microsoft Windows Hardware Compatibility0\\x81\\x9f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03\\x81\\x8d\\x000\\x81"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
          "content": "\\x04\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xac\\xd8\\x0e\\xa2{\\xb7,\\xe7\\x00\\xdc\"rJ_\\x1e\\x92\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00Is\\xe0\\x92\\xcf\\x8a\\x9e,\\xa5\\xf9\\x88I:[\\xac\\xfe8\\x95\\x94.\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\n\\xcf\\xebK\\x07\\xe7\\x03\\xa0\\x1fL\\xef(\\xeerV\\xf7Qu\\x91U\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00n\\xd6\\xed}\\xf5/\\xc1\\x9b\\xdc\\x9e_\\xe9\\xe2\\xbe!\\xfb\\x18\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x91\\x16\\x1b\\x89K\\x11~\\xcd\\xc2Wb\\x8d\\xb4`\\xcc\\x04\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xd5Y\\xa5\\x86f\\x9b\\x08\\xf4j0\\xa13\\xf8\\xa9\\xed=\\x03\\x8e.\\xa8 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x87\\x03\\x00\\x000\\x82\\x03\\x830\\x82\\x02\\xec\\xa0\\x03\\x02\\x01\\x02\\x02\\x10F\\xfc\\xeb\\xba\\xb4\\xd0/\\x0f\\x92`\\x98#?\\x93\\x07\\x8f0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x05\\x05\\x000_1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1705\\x06\\x03U\\x04\\x0b\\x13.Class 3 Public Primary Certification Authority0\\x1e\\x17\r970417000000Z\\x17\r161024235959Z0\\x81\\xba1\\x1f0\\x1d\\x06\\x03U\\x04\n\\x13\\x16VeriSign Trust Network1\\x170\\x15\\x06\\x03U\\x04\\x0b\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign International Server CA - Class 31I0G\\x06\\x03U\\x04\\x0b\\x13@www.verisign.com/CPS"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
          "content": "\\x19\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xed\\xbc\\xcd\\xd5\\x10j\\x07\\x1c]\\x8bF\\x90\\x91\\x8eH\\xaa\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xfe\\xe4I\\xee\\x0e9e\\xa5$o\\x00\\x0e\\x87\\xfd\\xe2\\xa0e\\xfd\\x89\\xd4\\x14\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x9a\\xa6X\\x7f\\x94\\xdd\\x91\\xd9\\x1ec\\xdf\\xd3\\xf0\\xce_\\xae\\x18\\x93\\xaa\\xb7 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xce\\x01\\x00\\x000\\x82\\x01\\xca0\\x82\\x01t\\xa0\\x03\\x02\\x01\\x02\\x02\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x000\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0\\x1e\\x17\r960528220259Z\\x17\r391231235959Z0\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency0[0\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x01\\x05\\x00\\x03J\\x000G\\x02@\\x81U\"\\xb9\\x8a\\xa4o\\xed\\xd6\\xe7\\xd9f\\x0fU\\xbc\\xd7\\xcd\\xd5\\xbcN@\\x02!\\xa2\\xb1\\xf7\\x870\\x85^\\xd2\\xf2D\\xb9\\xdc\\x9bu\\xb6\\xfbF_B\\xb6\\x9d#6\\x0b\\xdeT\\x0f\\xcd\\xbd\\x1f\\x99*\\x10X\\x11\\xcb@\\xcb\\xb5\\xa7A\\x02\\x03\\x01\\x00\\x01\\xa3\\x81\\x9e0\\x81\\x9b0P\\x06\\x03U\\x04\\x03\\x04I\\x13GFor Testing Purposes Only Sample Software Publishing Credentials Agency0G\\x06\\x03U\\x1d\\x01\\x04@0>\\x80\\x10\\x12\\xe4\t-\\x06\\x1d\\x1dO\\x00\\x8da!\\xdc\\x16dc\\xa1\\x180\\x161\\x140\\x12\\x06\\x03U\\x04\\x03\\x13\\x0bRoot Agency\\x82\\x10\\x067l\\x00\\xaa\\x00d\\x8a\\x11\\xcf\\xb8\\xd4\\xaa\\5\\xf40\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x04\\x05\\x00\\x03A\\x00-.>{\\x89B\\x89?\\xa8!"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
          "content": "\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\xa3w\\xd1\\xb1\\xc0S\\x883\\x03R\\x11\\xf4\\x08=\\x00\\xfe\\xccAM\\xab!\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb5\\x01\\x00\\x000\\x82\\x01\\xb10\\x82\\x01\\x1a\\x02\\x01\\x010\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x000a1\\x110\\x0f\\x06\\x03U\\x04\\x07\\x13\\x08Internet1\\x170\\x15\\x06\\x03U\\x04\n\\x13\\x0eVeriSign, Inc.1301\\x06\\x03U\\x04\\x0b\\x13*VeriSign Commercial Software Publishers CA\\x17\r010324000000Z\\x17\r040107235959Z0i0!\\x02\\x10\\x1bQ\\x90\\xf77$9\\x9c\\x92T\\xcdBF7\\x99j\\x17\r010130000124Z0!\\x02\\x10u\\x0e@\\xff\\x97\\xf0G\\xed\\xf5V\\xc7\\x08N\\xb1\\xab\\xfd\\x17\r010131000049Z0!\\x02\\x10w\\xe6ZCY\\x93]_zu\\x80\\x1a\\xcd\\xad\\xc2\"\\x17\r000831000056Z\\xa0\\x1a0\\x180\t\\x06\\x03U\\x1d\\x13\\x04\\x020\\x000\\x0b\\x06\\x03U\\x1d\\x0f\\x04\\x04\\x03\\x02\\x05\\xa00\r\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x01\\x02\\x05\\x00\\x03\\x81\\x81\\x00\\x18,\\xe8\\xfc\\x16m\\x91J=\\x88TH]\\xb8\\x11\\xbfd\\xbb\\xf9\\xdaY\\x19\\xdd\\x0ee\\xab\\xc0\\x0c\\xfag~!\\x1e\\x83\\x0e\\xcf\\x9b\\x89\\x8a\\xcf\\x0cK\\xc19\\x9d\\xe7j\\xacFtj\\x91b\"\r\\xc4\\x08\\xbd\\xf5\n\\x90\\x7f\\x06!=~\\xa7\\xaa^\\xcd\"\\x15\\xe6\\x0cu\\x8en\\xad\\xf1\\x84\\xe4\"\\xb40o\\xfbd\\x8f\\xd7\\x80C\\xf5\\x19\\x18f\\x1dr\\xa3\\xe3\\x94\\x82(R\\xa0\\x06N\\xb1\\xc8\\x92\\x0c\\x97\\xbe\\x15\\x07\\xabz\\xc9\\xea\\x08gCMQc;\\x9c\\x9c\\xcd"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,509",
        "eid": 594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\CTLs\\27748148BBE67A43CDBFEC6C3784862CE134E6EA\\Blob",
          "content": "\\x03\\x00\\x00\\x00\\x01\\x00\\x01\\x00\\x14\\x00\\x00\\x00't\\x81H\\xbb\\xe6zC\\xcd\\xbf\\xecl7\\x84\\x86,\\xe14\\xe6\\xea\"\\x00\\x00\\x00\\x01\\x00\\x01\\x00*\\x02\\x00\\x000\\x82\\x02&\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x82\\x02\\x170\\x82\\x02\\x13\\x02\\x01\\x011\\x000\\x82\\x02\\x08\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x82\\x01\\xf90\\x82\\x01\\xf50\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x04(D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00O\\x00S\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xcd??\\xac\\xc3\\xee\\x89\\x17\r120531151137Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x000\\x82\\x01\\x900\\x12\\x04\\x10%\\xfbz]\\x86\\xf7/^g(\\x8fys\\x05\\xfe\\x940\\x12\\x04\\x10o-Ce\\xc1\\x02\\x1f[\\x8bc\\xef\\x13+\\xc3\\xb3`0\\x12\\x04\\x10\\xad\\x11\\xdb\\xb7l\\x9c\\xf1\\xab\\x99\\x98\\xcd\\x84.\\xc1vs0\\x12\\x04\\x10\\xdf\\xbd\\xd7/\\x99\\xc3\\xb6Jy~Z\\xc9mY\\xbeV0\\x12\\x04\\x10\\xc6h\\x15K\\xe9^\\x16\\xad\\xbc2\\x1a\\xbc1n8J0\\x12\\x04\\x1079.\\x83=\\xc6\\x05\\xdd{8$G9\\x93\\x9e\\xe30\\x12\\x04\\x101y\\xfeKW&\\xd8\\xdb*\\xaf=\\xf9X\\xc9k\\x970\\x12\\x04\\x10\\xc3Z\\x97\\xc8\\x0fh}\\xc3\\xc1\\x08\\xc6\\xa33\\x9bhF0\\x12\\x04\\x10!\\x18\\xa4\\xc6\\xf7\\x18\\xcf\\xc7\\xd6\\xd8x\\x8cSt\\xd3)0\\x12\\x04\\x10Rj9\\xc0M\\x15\\x86-B\\x7f\\xd9%\\xaf\\x036\\x900\\x12\\x04\\x10<6\\xe1h\\xab\\xcc\\x85\\x96c\\xedG\\xa0\\xc0Z\\xeey0\\x12\\x04\\x10\\x01\\x9e}V\\xd6\r\\xb9\\xad\\xec@\\xb9g\\xb1\\xbc\\xba\\x9f0\\x12\\x04\\x106\\xcd\\xe9\\x9a\\xb8s\\x7f\\x86(|X7\\x04\\xc9^\\x160\\x12\\x04\\x10&\\x99\nwX~\\xd8d\\x01\\x84\\xc4\\x93f\\xac\\xb0u0\\x12\\x04\\x10\\xf6\\x9d\"\\xae\\x1e\\xd6\\x15\\xb1\\xb9\\xe3\\x90\\xe3\\x10\\xbb\\xbb10\\x12\\x04\\x10\\xeb\\xe9\n\\xd1\\x01\\xd3\\x80+\\x8aL\\x91<"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertLastSyncTime",
          "content": "\\x13=\\x1c\\xda*\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\DisallowedCertEncodedCtl",
          "content": "0\\x82\\x17\\xcc\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x82\\x17\\xbd0\\x82\\x17\\xb9\\x02\\x01\\x011\\x0f0\r\\x06\t`\\x86H\\x01e\\x03\\x04\\x02\\x01\\x05\\x000\\x82\\x08(\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x82\\x08\\x190\\x82\\x08\\x150\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\\x1e\\x048D\\x00i\\x00s\\x00a\\x00l\\x00l\\x00o\\x00w\\x00e\\x00d\\x00C\\x00e\\x00r\\x00t\\x00_\\x00A\\x00u\\x00t\\x00o\\x00U\\x00p\\x00d\\x00a\\x00t\\x00e\\x00_\\x001\\x00\\x00\\x00\\x02\\x08\\x01\\xdc\\x1e\\x14\\x131$\\xbf\\x17\r250905032048Z0\\x0e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0f\\x05\\x000\\x82\\x07\\xa00\\x12\\x04\\x10%\\xfbz]\\x86\\xf7/^g(\\x8fys\\x05\\xfe\\x940\\x12\\x04\\x10o-Ce\\xc1\\x02\\x1f[\\x8bc\\xef\\x13+\\xc3\\xb3`0\\x12\\x04\\x10\\xad\\x11\\xdb\\xb7l\\x9c\\xf1\\xab\\x99\\x98\\xcd\\x84.\\xc1vs0\\x12\\x04\\x10\\xdf\\xbd\\xd7/\\x99\\xc3\\xb6Jy~Z\\xc9mY\\xbeV0\\x12\\x04\\x10\\xc6h\\x15K\\xe9^\\x16\\xad\\xbc2\\x1a\\xbc1n8J0\\x12\\x04\\x1079.\\x83=\\xc6\\x05\\xdd{8$G9\\x93\\x9e\\xe30\\x12\\x04\\x101y\\xfeKW&\\xd8\\xdb*\\xaf=\\xf9X\\xc9k\\x970\\x12\\x04\\x10\\xc3Z\\x97\\xc8\\x0fh}\\xc3\\xc1\\x08\\xc6\\xa33\\x9bhF0\\x12\\x04\\x10!\\x18\\xa4\\xc6\\xf7\\x18\\xcf\\xc7\\xd6\\xd8x\\x8cSt\\xd3)0\\x12\\x04\\x10Rj9\\xc0M\\x15\\x86-B\\x7f\\xd9%\\xaf\\x036\\x900\\x12\\x04\\x10<6\\xe1h\\xab\\xcc\\x85\\x96c\\xedG\\xa0\\xc0Z\\xeey0\\x12\\x04\\x10\\x01\\x9e}V\\xd6\r\\xb9\\xad\\xec@\\xb9g\\xb1\\xbc\\xba\\x9f0\\x12\\x04\\x106\\xcd\\xe9\\x9a\\xb8s\\x7f\\x86(|X7\\x04\\xc9^\\x160\\x12\\x04\\x10&\\x99\nwX~\\xd8d\\x01\\x84\\xc4\\x93f\\xac\\xb0u0\\x12\\x04\\x10\\xf6\\x9d\"\\xae\\x1e\\xd6\\x15\\xb1\\xb9\\xe3\\x90\\xe3\\x10\\xbb\\xbb10\\x12\\x04\\x10\\xeb\\xe9\n\\xd1\\x01\\xd3\\x80+\\x8aL\\x91<\\xac\\xeejW0\\x12\\x04\\x10\\x1e%\\xf2N\\xdf"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
          "content": "@%SystemRoot%\\system32\\dnsapi.dll,-103"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
          "content": "48"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 601,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
          "content": "\\x414\\x43e\\x432\\x435\\x440\\x435\\x43d\\x43d\\x44b\\x439 DNS-\\x441\\x435\\x440\\x432\\x435\\x440"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
          "content": "@%SystemRoot%\\system32\\dnsapi.dll,-103"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
          "content": "48"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 604,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
          "content": "\\x414\\x43e\\x432\\x435\\x440\\x435\\x43d\\x43d\\x44b\\x439 DNS-\\x441\\x435\\x440\\x432\\x435\\x440"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7\\Name",
          "content": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
          "content": "48"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 607,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124",
          "content": "\\x428\\x438\\x444\\x440\\x43e\\x432\\x430\\x43d\\x438\\x435 \\x434\\x43e\\x43a\\x443\\x43c\\x435\\x43d\\x442\\x43e\\x432"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7\\Name",
          "content": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
          "content": "48"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 610,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124",
          "content": "\\x428\\x438\\x444\\x440\\x43e\\x432\\x430\\x43d\\x438\\x435 \\x434\\x43e\\x43a\\x443\\x43c\\x435\\x43d\\x442\\x43e\\x432"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableAutoFlushProcessNameList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushFirstDeltaSeconds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,525",
        "eid": 615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\AutoFlushNextDeltaSeconds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\SyncDeltaTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\Flags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\RootDirUrl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\LastSyncTime",
          "content": "t>`\\xfe*\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,541",
        "eid": 622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl",
          "content": "0\\x83\\x02\\xe4\\xcf\\x06\t*\\x86H\\x86\\xf7\r\\x01\\x07\\x02\\xa0\\x83\\x02\\xe4\\xbf0\\x83\\x02\\xe4\\xba\\x02\\x01\\x011\\x0f0\r\\x06\t`\\x86H\\x01e\\x03\\x04\\x02\\x01\\x05\\x000\\x83\\x02\\xd5(\\x06\t+\\x06\\x01\\x04\\x01\\x827\n\\x01\\xa0\\x83\\x02\\xd5\\x180\\x83\\x02\\xd5\\x130\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x03\t\\x02\t\\x14\\x01\\xdc\\x16\\xc3\\x8d\\xc3\\xb8\\x9e\\x17\r250826195646Z0\t\\x06\\x05+\\x0e\\x03\\x02\\x1a\\x05\\x000\\x83\\x02\\xc3\\xfb0\\x82\\x01D\\x04\\x14\\xcd\\xd4\\xee\\xae`\\x00\\xac\\x7f@\\xc3\\x80,\\x17\\x1e0\\x14\\x800\\xc0r1\\x82\\x01*0\\x18\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bh1\n\\x04\\x08\\x00\\x80\\xc8+h\\x86\\xd7\\x010\\x18\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b~1\n\\x04\\x08\\x00\\x00\\xd9\\xb5D\\xc1\\xd2\\x010\\x1e\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bi1\\x10\\x04\\x0e0\\x0c\\x06\n+\\x06\\x01\\x04\\x01\\x827<\\x03\\x020 \\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x1d1\\x12\\x04\\x10\\xf0\\xc4\\x02\\xf0@N\\xa9\\xad\\xbf%\\xa0=\\xdf,\\xa6\\xfa0$\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x141\\x16\\x04\\x14\\x0e\\xac\\x82`@V'\\x97\\xe5%\\x13\\xfc*\\xe1\nS\\x95Y\\xe4\\xa400\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bb1\"\\x04 \\x88]\\xe6L4\\x0e>\\xa7\\x06X\\xf0\\x1e\\x11E\\xf9W\\xfc\\xda'\\xaa\\xbe\\xea\\x1a\\xb9\\xfa\\xa9\\xfd\\xb0\\x10-@w0Z\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0b\\x0b1L\\x04JM\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00R\\x00o\\x00o\\x00t\\x00 \\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00o\\x00r\\x00i\\x00t\\x00y\\x00\\x00\\x000\\x82\\x01,\\x04\\x14\\x18\\xf7\\xc1\\xfc\\xc3\t\\x02\\x03\\xfd[\\xaa/\\x86\\x1auIv\\xc8\\xdd%1\\x82\\x01\\x120\\x18\\x06\n+\\x06\\x01\\x04\\x01\\x827\n\\x0bh1\n\\x04\\x08\\x00\\x006\\x04M\\xdf\\xd3\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,775",
        "eid": 623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,931",
        "eid": 624,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77930000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,931",
        "eid": 625,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,931",
        "eid": 626,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76070000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,931",
        "eid": 627,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,994",
        "eid": 628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,994",
        "eid": 629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,994",
        "eid": 630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:07,994",
        "eid": 631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,228",
        "eid": 639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,306",
        "eid": 640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,306",
        "eid": 641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,462",
        "eid": 642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,462",
        "eid": 643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,509",
        "eid": 651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,259",
        "eid": 652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,259",
        "eid": 653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,322",
        "eid": 660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,337",
        "eid": 661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,884",
        "eid": 662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:10,884",
        "eid": 663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:10,900",
        "eid": 664,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,541",
        "eid": 665,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,556",
        "eid": 666,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,556",
        "eid": 667,
        "data": {
          "file": "api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,556",
        "eid": 668,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 669,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 670,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 671,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 672,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 673,
        "data": {
          "file": "api-ms-win-core-winrt-string-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 674,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
          "content": "C:\\Windows\\System32\\combase.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,697",
        "eid": 686,
        "data": {
          "file": "C:\\Windows\\System32\\combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,775",
        "eid": 687,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-string-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,775",
        "eid": 688,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,775",
        "eid": 689,
        "data": {
          "file": "api-ms-win-core-winrt-string-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x76660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:11,775",
        "eid": 690,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:13,306",
        "eid": 691,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:13,306",
        "eid": 692,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x74f50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,275",
        "eid": 693,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x740c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,634",
        "eid": 694,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,634",
        "eid": 695,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,791",
        "eid": 696,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,791",
        "eid": 697,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,791",
        "eid": 698,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,900",
        "eid": 699,
        "data": {
          "file": "gdiplus.dll",
          "pathtofile": null,
          "moduleaddress": "0x70b70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,900",
        "eid": 700,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,900",
        "eid": 701,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,900",
        "eid": 702,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,900",
        "eid": 703,
        "data": {
          "file": "C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\\GdiPlus.dll",
          "pathtofile": null,
          "moduleaddress": "0x70b70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,150",
        "eid": 704,
        "data": {
          "file": "WindowsCodecs.dll",
          "pathtofile": null,
          "moduleaddress": "0x6f890000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,384",
        "eid": 705,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,384",
        "eid": 706,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,384",
        "eid": 707,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,384",
        "eid": 708,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,384",
        "eid": 709,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x75b30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,384",
        "eid": 710,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrcompression.dll",
          "pathtofile": null,
          "moduleaddress": "0x70b50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:32,337",
        "eid": 711,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:32,337",
        "eid": 712,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:36,916",
        "eid": 713,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:03,431",
        "eid": 714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:03,541",
        "eid": 715,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,947",
        "eid": 716,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:23,619",
        "eid": 717,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:23,837",
        "eid": 718,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:36,978",
        "eid": 719,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:58,791",
        "eid": 720,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:06,978",
        "eid": 721,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:18,853",
        "eid": 722,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:18,853",
        "eid": 723,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:18,853",
        "eid": 724,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:36,978",
        "eid": 725,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:54,087",
        "eid": 726,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:23:55,072",
        "eid": 727,
        "data": {
          "file": "\"C:\\Windows\\system32\\BackgroundTaskHost.exe\" -ServerName:BackgroundTaskHost.WebAccountProvider"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:23:56,009",
        "eid": 728,
        "data": {
          "file": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:23:56,181",
        "eid": 729,
        "data": {
          "file": "C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:24:45,119",
        "eid": 730,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:24:55,181",
        "eid": 731,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:01,197",
        "eid": 732,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "start",
        "object": "service",
        "timestamp": "2026-03-05 10:25:02,869",
        "eid": 733,
        "data": {
          "service": "WaaSMedicSvc"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:03,462",
        "eid": 734,
        "data": {
          "file": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,119",
        "eid": 735,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:08,853",
        "eid": 736,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:09,556",
        "eid": 737,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:09,587",
        "eid": 738,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe\" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:21,681",
        "eid": 739,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:22,087",
        "eid": 740,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:22,431",
        "eid": 741,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:22,634",
        "eid": 742,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:22,822",
        "eid": 743,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:22,869",
        "eid": 744,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:23,119",
        "eid": 745,
        "data": {
          "file": "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:26,447",
        "eid": 746,
        "data": {
          "file": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:26,884",
        "eid": 747,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:26,916",
        "eid": 748,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:31,353",
        "eid": 749,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:32,212",
        "eid": 750,
        "data": {
          "file": "C:\\Windows\\System32\\mobsync.exe -Embedding"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:34,119",
        "eid": 751,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:35,119",
        "eid": 752,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:37,134",
        "eid": 753,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:37,181",
        "eid": 754,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:38,134",
        "eid": 755,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:39,150",
        "eid": 756,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:41,275",
        "eid": 757,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:42,134",
        "eid": 758,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,134",
        "eid": 759,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:45,416",
        "eid": 760,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:46,134",
        "eid": 761,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:47,150",
        "eid": 762,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:48,150",
        "eid": 763,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:50,244",
        "eid": 764,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:51,166",
        "eid": 765,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:52,181",
        "eid": 766,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:55,150",
        "eid": 767,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:55,228",
        "eid": 768,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:57,244",
        "eid": 769,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:25:59,728",
        "eid": 770,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:00,259",
        "eid": 771,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:03,291",
        "eid": 772,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:03,369",
        "eid": 773,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:04,306",
        "eid": 774,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:07,337",
        "eid": 775,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:26:07,978",
        "eid": 776,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:08,353",
        "eid": 777,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:10,384",
        "eid": 778,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:26:12,541",
        "eid": 779,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:13,384",
        "eid": 780,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:14,384",
        "eid": 781,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:26:16,978",
        "eid": 782,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:17,384",
        "eid": 783,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:19,416",
        "eid": 784,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:26:22,541",
        "eid": 785,
        "data": {
          "file": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:23,431",
        "eid": 786,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:27,494",
        "eid": 787,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:36,556",
        "eid": 788,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,587",
        "eid": 789,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 10:26:38,822",
        "eid": 790,
        "data": {
          "file": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,603",
        "eid": 791,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:46,666",
        "eid": 792,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:56,775",
        "eid": 793,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,727",
        "eid": 794,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,774",
        "eid": 795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,774",
        "eid": 796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,774",
        "eid": 797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,774",
        "eid": 798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,790",
        "eid": 799,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,790",
        "eid": 800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": "Delivery Optimization Managment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalService",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RunAs",
          "content": "NT Authority\\NetworkService"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateAtStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ROTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppIDFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\MGOTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProcessMitigationPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission",
          "content": "\\x01\\x00\\x14\\x80\\x94\\x00\\x00\\x00\\xa4\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00d\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,805",
        "eid": 815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,821",
        "eid": 816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,821",
        "eid": 817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RemoteServerName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,821",
        "eid": 818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\SRPTrustLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,821",
        "eid": 819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\PreferredServerBitness",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,821",
        "eid": 820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LoadUserSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,821",
        "eid": 821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProtectionLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,852",
        "eid": 822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,852",
        "eid": 823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AccessPermission",
          "content": "\\x01\\x00\\x14\\x80\\x90\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00`\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 828,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
          "content": "combase.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 831,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,868",
        "eid": 832,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,883",
        "eid": 833,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": "Delivery Optimization Management Class"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\domgmt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": "Delivery Optimization Management Class"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\domgmt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppID",
          "content": "{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\(Default)",
          "content": "Delivery Optimization Managment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LocalService",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\DllSurrogate",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RunAs",
          "content": "NT Authority\\NetworkService"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ActivateAtStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ROTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AppIDFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\MGOTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProcessMitigationPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LaunchPermission",
          "content": "\\x01\\x00\\x14\\x80\\x94\\x00\\x00\\x00\\xa4\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00d\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\RemoteServerName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\SRPTrustLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\PreferredServerBitness",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\LoadUserSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,915",
        "eid": 870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\\ProtectionLevel",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 871,
        "data": {
          "file": "C:\\Windows\\System32\\domgmt.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96a7d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 872,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 873,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\\ProxyStubClsid32\\(Default)",
          "content": "{A6FF50C0-56C0-71CA-5732-BED303A59628}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,243",
        "eid": 886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,258",
        "eid": 897,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bca0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,274",
        "eid": 898,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,321",
        "eid": 899,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\MajorVersion",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,321",
        "eid": 900,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,336",
        "eid": 901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 902,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 903,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 904,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
          "content": "%systemroot%\\ServiceProfiles\\NetworkService"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 907,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UsagePolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 908,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\MajorVersion",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 909,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 910,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 911,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
          "content": "%systemroot%\\ServiceProfiles\\NetworkService"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,368",
        "eid": 914,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UsagePolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\PolicyType",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Behavior",
          "content": "139296"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirectMapped",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\RegKeyPathRedirect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyname",
          "content": "DODownloadMode"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DODownloadMode\\Value",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,540",
        "eid": 931,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,555",
        "eid": 932,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,555",
        "eid": 933,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,586",
        "eid": 934,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DownloadMode_BackCompat",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,586",
        "eid": 935,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\DODownloadMode",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,586",
        "eid": 936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\PolicyType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,586",
        "eid": 937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Behavior",
          "content": "262176"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\RegKeyPathRedirectMapped",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyname",
          "content": "DOSetHoursToLimitForegroundDownloadBandwidth"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataDevice",
          "content": "07NE.\\x00\\x00\\x00SetHoursToLimitForegroundDownloadBandwidthFrom@1\\x00\\x00\\x00DOSetHoursToLimitForegroundDownloadBandwidth_FromL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x0056=\t\\x00\\x00\\x00\\x00\\x0056=\n\\x00\\x00\\x00\\x00\\x0056=\\x0b\\x00\\x00\\x00\\x00\\x0056=\\x0c\\x00\\x00\\x00\\x00\\x0056=\r\\x00\\x00\\x00\\x00\\x0056=\\x0e\\x00\\x00\\x00\\x00\\x0056=\\x0f\\x00\\x00\\x00\\x00\\x0056=\\x10\\x00\\x00\\x00\\x00\\x0056=\\x11\\x00\\x00\\x00\\x00\\x0056=\\x12\\x00\\x00\\x00\\x00\\x0056=\\x13\\x00\\x00\\x00\\x00\\x0056=\\x14\\x00\\x00\\x00\\x00\\x0056=\\x15\\x00\\x00\\x00\\x00\\x0056=\\x16\\x00\\x00\\x00\\x00\\x0056=\\x17\\x00\\x00\\x00\\x00\\x00\\x00NE,\\x00\\x00\\x00SetHoursToLimitForegroundDownloadBandwidthTo@/\\x00\\x00\\x00DOSetHoursToLimitForegroundDownloadBandwidth_ToL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitForegroundDownloadBandwidth\\Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\PolicyType",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Behavior",
          "content": "139296"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirectMapped",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\RegKeyPathRedirect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyname",
          "content": "DOPercentageMaxForegroundBandwidth"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,602",
        "eid": 962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxForegroundBandwidth\\Value",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\PolicyType",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Behavior",
          "content": "139296"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirectMapped",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\RegKeyPathRedirect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyname",
          "content": "DOMaxForegroundDownloadBandwidth"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxForegroundDownloadBandwidth\\Value",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 984,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundBps",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 985,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateForegroundPct",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,618",
        "eid": 986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\PolicyType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Behavior",
          "content": "262176"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyname",
          "content": "DOSetHoursToLimitBackgroundDownloadBandwidth"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataDevice",
          "content": "07NE.\\x00\\x00\\x00SetHoursToLimitBackgroundDownloadBandwidthFrom@1\\x00\\x00\\x00DOSetHoursToLimitBackgroundDownloadBandwidth_FromL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x0056=\t\\x00\\x00\\x00\\x00\\x0056=\n\\x00\\x00\\x00\\x00\\x0056=\\x0b\\x00\\x00\\x00\\x00\\x0056=\\x0c\\x00\\x00\\x00\\x00\\x0056=\r\\x00\\x00\\x00\\x00\\x0056=\\x0e\\x00\\x00\\x00\\x00\\x0056=\\x0f\\x00\\x00\\x00\\x00\\x0056=\\x10\\x00\\x00\\x00\\x00\\x0056=\\x11\\x00\\x00\\x00\\x00\\x0056=\\x12\\x00\\x00\\x00\\x00\\x0056=\\x13\\x00\\x00\\x00\\x00\\x0056=\\x14\\x00\\x00\\x00\\x00\\x0056=\\x15\\x00\\x00\\x00\\x00\\x0056=\\x16\\x00\\x00\\x00\\x00\\x0056=\\x17\\x00\\x00\\x00\\x00\\x00\\x00NE,\\x00\\x00\\x00SetHoursToLimitBackgroundDownloadBandwidthTo@/\\x00\\x00\\x00DOSetHoursToLimitBackgroundDownloadBandwidth_ToL\\x0156=\\x00\\x00\\x00\\x00\\x00\\x0056=\\x01\\x00\\x00\\x00\\x00\\x0056=\\x02\\x00\\x00\\x00\\x00\\x0056=\\x03\\x00\\x00\\x00\\x00\\x0056=\\x04\\x00\\x00\\x00\\x00\\x0056=\\x05\\x00\\x00\\x00\\x00\\x0056=\\x06\\x00\\x00\\x00\\x00\\x0056=\\x07\\x00\\x00\\x00\\x00\\x0056=\\x08\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOSetHoursToLimitBackgroundDownloadBandwidth\\Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\PolicyType",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Behavior",
          "content": "139296"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirectMapped",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\RegKeyPathRedirect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyname",
          "content": "DOPercentageMaxBackgroundBandwidth"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,633",
        "eid": 1015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOPercentageMaxBackgroundBandwidth\\Value",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\PolicyType",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Behavior",
          "content": "139296"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirectMapped",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\RegKeyPathRedirect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyname",
          "content": "DOMaxBackgroundDownloadBandwidth"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMaxBackgroundDownloadBandwidth\\Value",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1034,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundBps",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1035,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\DownloadRateBackgroundPct",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1036,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UpRatePctBandwidth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1037,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UpRatePctBandwidth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\PolicyType",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Behavior",
          "content": "139296"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\MergeAlgorithm",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirectMapped",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\RegKeyPathRedirect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyname",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyname",
          "content": "DOMonthlyUploadDataCap"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicypath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicypath",
          "content": "SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicyismultisz",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\grouppolicymultiszSeparatorChar",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\ADMXMetadataBoth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\30Value",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\DeliveryOptimization\\DOMonthlyUploadDataCap\\Value",
          "content": "20"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1054,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Settings\\UploadLimitGBMonth",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,649",
        "eid": 1055,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeliveryOptimization\\Config\\UploadLimitGBMonth",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,680",
        "eid": 1056,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,696",
        "eid": 1057,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,696",
        "eid": 1058,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,696",
        "eid": 1059,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,696",
        "eid": 1060,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,696",
        "eid": 1061,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,836",
        "eid": 1062,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:00,149",
        "eid": 1063,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:00,368",
        "eid": 1064,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:00,540",
        "eid": 1065,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:00,571",
        "eid": 1066,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:03,571",
        "eid": 1067,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:04,352",
        "eid": 1068,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,227",
        "eid": 1069,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,274",
        "eid": 1070,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,446",
        "eid": 1071,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,555",
        "eid": 1072,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,602",
        "eid": 1073,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,649",
        "eid": 1074,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,711",
        "eid": 1075,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,758",
        "eid": 1076,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,790",
        "eid": 1077,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:07,868",
        "eid": 1078,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:08,008",
        "eid": 1079,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:08,165",
        "eid": 1080,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:08,493",
        "eid": 1081,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:10,274",
        "eid": 1082,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,274",
        "eid": 1083,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,321",
        "eid": 1084,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,415",
        "eid": 1085,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:14,446",
        "eid": 1086,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,274",
        "eid": 1087,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,305",
        "eid": 1088,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,368",
        "eid": 1089,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,415",
        "eid": 1090,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,446",
        "eid": 1091,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,477",
        "eid": 1092,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,633",
        "eid": 1093,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:15,696",
        "eid": 1094,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,024",
        "eid": 1095,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,165",
        "eid": 1096,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,196",
        "eid": 1097,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,243",
        "eid": 1098,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,305",
        "eid": 1099,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,571",
        "eid": 1100,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,774",
        "eid": 1101,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,821",
        "eid": 1102,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,852",
        "eid": 1103,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,915",
        "eid": 1104,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,946",
        "eid": 1105,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:16,977",
        "eid": 1106,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:17,008",
        "eid": 1107,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:17,024",
        "eid": 1108,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:17,071",
        "eid": 1109,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:17,086",
        "eid": 1110,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:17,118",
        "eid": 1111,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,008",
        "eid": 1112,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,055",
        "eid": 1113,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,071",
        "eid": 1114,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,102",
        "eid": 1115,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,133",
        "eid": 1116,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,149",
        "eid": 1117,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,211",
        "eid": 1118,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,227",
        "eid": 1119,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,258",
        "eid": 1120,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,290",
        "eid": 1121,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,399",
        "eid": 1122,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,461",
        "eid": 1123,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:18,493",
        "eid": 1124,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:19,071",
        "eid": 1125,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:19,102",
        "eid": 1126,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:19,227",
        "eid": 1127,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:19,274",
        "eid": 1128,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:19,930",
        "eid": 1129,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,008",
        "eid": 1130,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,040",
        "eid": 1131,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,071",
        "eid": 1132,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,102",
        "eid": 1133,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,118",
        "eid": 1134,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,165",
        "eid": 1135,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,196",
        "eid": 1136,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,321",
        "eid": 1137,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,415",
        "eid": 1138,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:20,446",
        "eid": 1139,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:21,321",
        "eid": 1140,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:22,540",
        "eid": 1141,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:22,586",
        "eid": 1142,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:22,633",
        "eid": 1143,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,118",
        "eid": 1144,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,165",
        "eid": 1145,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,196",
        "eid": 1146,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,258",
        "eid": 1147,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,305",
        "eid": 1148,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,336",
        "eid": 1149,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,696",
        "eid": 1150,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:37,758",
        "eid": 1151,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:39,165",
        "eid": 1152,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,290",
        "eid": 1153,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,321",
        "eid": 1154,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,415",
        "eid": 1155,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,821",
        "eid": 1156,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:48,180",
        "eid": 1157,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:03,415",
        "eid": 1158,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:03,430",
        "eid": 1159,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:03,758",
        "eid": 1160,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:05,071",
        "eid": 1161,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:05,430",
        "eid": 1162,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:07,711",
        "eid": 1163,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:08,352",
        "eid": 1164,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:08,633",
        "eid": 1165,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:08,930",
        "eid": 1166,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:08,993",
        "eid": 1167,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:09,274",
        "eid": 1168,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:09,540",
        "eid": 1169,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:09,868",
        "eid": 1170,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:10,086",
        "eid": 1171,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:10,493",
        "eid": 1172,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:10,790",
        "eid": 1173,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:10,915",
        "eid": 1174,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:11,243",
        "eid": 1175,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:11,555",
        "eid": 1176,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:11,852",
        "eid": 1177,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:12,008",
        "eid": 1178,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,744",
        "eid": 1179,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,744",
        "eid": 1180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,744",
        "eid": 1181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,744",
        "eid": 1182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,744",
        "eid": 1183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,806",
        "eid": 1184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,806",
        "eid": 1185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,806",
        "eid": 1186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,806",
        "eid": 1187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AuthenticationLevel",
          "content": "6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,806",
        "eid": 1188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,806",
        "eid": 1189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xa1'`\\x8f\\x9a\\xbb\\x184c\\xb6w\\xff\\x9d\\xd5\\xb6l\\xe72\\x1ah\\x08RC\\x92\\x86\\xa6\\x1f\\xd8\\x98\\x17\\x1b;\t\\x00L\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1191,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
          "content": "PerAppRuntimeBroker"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1195,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,822",
        "eid": 1197,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,853",
        "eid": 1198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,853",
        "eid": 1199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,853",
        "eid": 1200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
          "content": "PerAppRuntimeBroker"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,869",
        "eid": 1201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:56,869",
        "eid": 1202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:56,869",
        "eid": 1203,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,212",
        "eid": 1204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,212",
        "eid": 1205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,212",
        "eid": 1206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,212",
        "eid": 1207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,212",
        "eid": 1208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,228",
        "eid": 1234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1257,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff966cf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1258,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1259,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff966cf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1260,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1261,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff966cf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1262,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,244",
        "eid": 1264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,259",
        "eid": 1265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,275",
        "eid": 1276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,337",
        "eid": 1287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A003F58A-29AB-4817-B884-D7516DAD18B9}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,353",
        "eid": 1288,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff977880000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,353",
        "eid": 1289,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,353",
        "eid": 1290,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff977880000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:57,353",
        "eid": 1291,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,619",
        "eid": 1302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:57,634",
        "eid": 1313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,087",
        "eid": 1339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,103",
        "eid": 1377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1387,
        "data": {
          "file": "C:\\Windows\\System32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff978400000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1388,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1389,
        "data": {
          "file": "C:\\Windows\\System32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff978400000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1390,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,119",
        "eid": 1409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.UserProfile.AdvertisingManagerHelper\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89FD71CB-1240-4957-A55E-8E1891378120}\\ProxyStubClsid32\\(Default)",
          "content": "{A6FF50C0-56C0-71CA-5732-BED303A59628}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,134",
        "eid": 1419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,150",
        "eid": 1430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,166",
        "eid": 1437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A6FF50C0-56C0-71CA-5732-BED303A59628}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1438,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bca0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1439,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1440,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bca0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1441,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1442,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bca0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1443,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1444,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bca0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1445,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,181",
        "eid": 1446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{984C5DB4-0719-431B-80A8-2B4B11BBDBF1}\\ProxyStubClsid32\\(Default)",
          "content": "{A6FF50C0-56C0-71CA-5732-BED303A59628}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\DllPath",
          "content": "C:\\Windows\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\DllPath",
          "content": "C:\\Windows\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\TrustLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,337",
        "eid": 1457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\TrustLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,353",
        "eid": 1469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.FamilySafety.Internal.FamilySettings\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,400",
        "eid": 1470,
        "data": {
          "file": "C:\\Windows\\System32\\Wpc.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff950ed0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,400",
        "eid": 1471,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1472,
        "data": {
          "file": "C:\\Windows\\System32\\Wpc.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff950ed0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1473,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32\\(Default)",
          "content": "{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,416",
        "eid": 1478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\wpc.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,431",
        "eid": 1488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,447",
        "eid": 1489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}\\ProxyStubClsid32\\(Default)",
          "content": "{D2ED260C-38F1-4ABE-8B2B-D4A088C54416}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,447",
        "eid": 1490,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:58,462",
        "eid": 1491,
        "data": {
          "file": "C:\\Windows\\System32\\wlidprov.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff968760000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,509",
        "eid": 1492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ServiceEnvironment",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,509",
        "eid": 1493,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,509",
        "eid": 1494,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,509",
        "eid": 1495,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\UserId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,509",
        "eid": 1496,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\UserId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,541",
        "eid": 1530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,556",
        "eid": 1531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,556",
        "eid": 1532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,619",
        "eid": 1554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,634",
        "eid": 1565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,666",
        "eid": 1590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,681",
        "eid": 1622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,697",
        "eid": 1658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:58,712",
        "eid": 1691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,041",
        "eid": 1715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,056",
        "eid": 1716,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9678d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,056",
        "eid": 1717,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,103",
        "eid": 1718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d4b31c4-8adb-4f45-88c9-58e7b38cbdcf}\\ProxyStubClsid32\\(Default)",
          "content": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,103",
        "eid": 1719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,103",
        "eid": 1720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,103",
        "eid": 1721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": "Windows.Networking.Connectivity.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,103",
        "eid": 1722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": "Windows.Networking.Connectivity.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,119",
        "eid": 1730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": "Windows.Networking.Connectivity.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,134",
        "eid": 1740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,244",
        "eid": 1741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,337",
        "eid": 1742,
        "data": {
          "file": "C:\\Windows\\System32\\npmproxy.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff974eb0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,337",
        "eid": 1743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5DF486F8-50EB-427E-8DA3-7122CCAF9415}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,337",
        "eid": 1744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,337",
        "eid": 1745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\npmproxy.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9844E0CA-F034-40A2-AADA-84671C0E21AB}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DE2F3CF5-D9CD-4284-ADA8-1EDB8A23FFA9}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,353",
        "eid": 1753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84D31176-4A5A-4419-B07F-809FBA936A0A}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1766,
        "data": {
          "file": "C:\\Windows\\System32\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff979c20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,369",
        "eid": 1767,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{71BA143C-598E-49D0-84EB-8FEBAEDCC195}\\ProxyStubClsid32\\(Default)",
          "content": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": "Windows.Networking.Connectivity.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,400",
        "eid": 1775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,416",
        "eid": 1776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E2045145-4C9F-400C-9150-7EC7D6E2888A}\\ProxyStubClsid32\\(Default)",
          "content": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,494",
        "eid": 1788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,509",
        "eid": 1789,
        "data": {
          "file": "C:\\Windows\\System32\\netprofm.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff978d20000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,509",
        "eid": 1790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,603",
        "eid": 1791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32\\(Default)",
          "content": "{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\System32\\npmproxy.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,619",
        "eid": 1799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32\\(Default)",
          "content": "{00020424-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
          "content": "PSOAInterface"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\oleaut32.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
          "content": "PSOAInterface"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\oleaut32.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
          "content": "PSOAInterface"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\oleaut32.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,634",
        "eid": 1821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,666",
        "eid": 1822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00020424-0000-0000-C000-000000000046}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,666",
        "eid": 1823,
        "data": {
          "file": "C:\\Windows\\System32\\oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fb40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,666",
        "eid": 1824,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCB00002-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32\\(Default)",
          "content": "{00020424-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3B542E03-5388-496C-A8A3-AFFD39AEC2E6}\\ProxyStubClsid32\\(Default)",
          "content": "{6a2af23e-b6d9-4a72-938d-9bffc96be71e}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
          "content": "Windows.Networking.HostName.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,712",
        "eid": 1833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
          "content": "Windows.Networking.HostName.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\(Default)",
          "content": "Windows.Networking.HostName.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.HostName.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6a2af23e-b6d9-4a72-938d-9bffc96be71e}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,728",
        "eid": 1849,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Networking.HostName.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bf20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,744",
        "eid": 1850,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,900",
        "eid": 1851,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,900",
        "eid": 1852,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,900",
        "eid": 1853,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,900",
        "eid": 1854,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:23:59,900",
        "eid": 1855,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,025",
        "eid": 1856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BAD7D829-3416-4B10-A202-BAC0B075BDAE}\\ProxyStubClsid32\\(Default)",
          "content": "{34E72398-AB74-43DA-8355-7F60D1BE3F73}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\(Default)",
          "content": "Windows.Networking.Connectivity.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,041",
        "eid": 1863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{34E72398-AB74-43DA-8355-7F60D1BE3F73}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Networking.Connectivity.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\Permissions",
          "content": "\\x01\\x00\\x14\\x804\\x01\\x00\\x00@\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\x04\\x01\t\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,416",
        "eid": 1887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.Connectivity.NetworkInformationPrivate\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:00,462",
        "eid": 1898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,541",
        "eid": 1920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,556",
        "eid": 1953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,572",
        "eid": 1986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,587",
        "eid": 1987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,587",
        "eid": 1988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,587",
        "eid": 1989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,587",
        "eid": 1990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,587",
        "eid": 1991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,587",
        "eid": 1992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 1999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:01,603",
        "eid": 2019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:01,962",
        "eid": 2020,
        "data": {
          "file": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff967670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:01,962",
        "eid": 2021,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:01,962",
        "eid": 2022,
        "data": {
          "file": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff967670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:01,962",
        "eid": 2023,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44431C59-C5EC-4253-94F7-27563A8A242F}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,009",
        "eid": 2031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,087",
        "eid": 2032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,087",
        "eid": 2033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E434C78E-F267-4648-AE38-22A00D425E2A}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
          "content": "C:\\Windows\\System32\\combase.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2045,
        "data": {
          "file": "C:\\Windows\\System32\\combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,150",
        "eid": 2046,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,166",
        "eid": 2047,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,166",
        "eid": 2048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3D0C1DB9-616A-5E3F-972C-2CE3FF50BED0}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,181",
        "eid": 2049,
        "data": {
          "file": "C:\\Windows\\System32\\usoapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9507b0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,181",
        "eid": 2050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C57692F8-8F5F-47CB-9381-34329B40285A}\\ProxyStubClsid32\\(Default)",
          "content": "{11F11442-3359-410C-875E-D21984507B62}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,197",
        "eid": 2051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A37467DB-1DE5-4A3E-B9E1-D010EBA71143}\\ProxyStubClsid32\\(Default)",
          "content": "{11F11442-3359-410C-875E-D21984507B62}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,212",
        "eid": 2052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0ADA57BA-5E42-4BE3-87BB-BB1CF169B391}\\ProxyStubClsid32\\(Default)",
          "content": "{11F11442-3359-410C-875E-D21984507B62}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,212",
        "eid": 2053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,212",
        "eid": 2054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,212",
        "eid": 2055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Web.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,212",
        "eid": 2056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,212",
        "eid": 2057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,228",
        "eid": 2058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,228",
        "eid": 2059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,228",
        "eid": 2060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,228",
        "eid": 2061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,228",
        "eid": 2062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,228",
        "eid": 2063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2064,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Web.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964e00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2065,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C879DD73-4BD2-4B76-9DD8-3B96113A2130}\\ProxyStubClsid32\\(Default)",
          "content": "{11F11442-3359-410C-875E-D21984507B62}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\(Default)",
          "content": "Orchestrator Core Service Proxy Stub"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\usoapi.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:02,509",
        "eid": 2073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11F11442-3359-410C-875E-D21984507B62}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Web.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,978",
        "eid": 2084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:04,994",
        "eid": 2111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:05,009",
        "eid": 2139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,869",
        "eid": 2161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,884",
        "eid": 2183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,900",
        "eid": 2194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,916",
        "eid": 2216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,931",
        "eid": 2231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,947",
        "eid": 2249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,962",
        "eid": 2271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,978",
        "eid": 2295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BEBB0A08-9E73-4077-9614-08614C0BC245}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:08,994",
        "eid": 2312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
          "content": "C:\\Windows\\System32\\combase.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ServiceEnvironment",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2325,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2326,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2327,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": "0018C0152326D152"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount",
          "content": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds",
          "content": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2331,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,025",
        "eid": 2332,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,400",
        "eid": 2366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2388,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2389,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2390,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": "0018C0152326D152"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount",
          "content": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds",
          "content": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2394,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,416",
        "eid": 2395,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,447",
        "eid": 2406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime",
          "content": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew",
          "content": "18446744073709540795"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2409,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime",
          "content": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew",
          "content": "18446744073709540795"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2412,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2413,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00?/iM0|^\\xd2bZ\\x18%O\\xc3\tSNz\\x9a\\xd7o\\xc4\\xc3\\xc9\\x10\\xfa\\xd9|\\xc3\\x94\\xf11\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00n\\xae\\x98\\xc7\\xd9K\\x8cd\\xf3\\xf4x-\\xb0i\\x1b\\x18\\xea\\x9a\\xe2\\x87d&\\xe8S\\xd5\\xe9&\\x963\\xb5\\xf9\\xcb\\x80\\x00\\x00\\x00L\\x9c\\xa4-\\x07\\x8d@\\xbc\\x9f\\xf1\\xc2-\\x82\\xe4\\xdb\\xe6F\\x88['\\G\\xffV\\xa2m\\xbc\r\\x0fi\\xa3l\\xe5\t+|\\xa6):\\xcd\\x8b\\x91H\\x86\\xcb\\x95XV-\\xae\\x12\\xb507\\xc0\\xa5u:Q\\xcb\\xca\\x01\\xa8\\xd5\r\\x03\\x1f&\\x8f;U,\\xb4\\xa2a\\xda\\x0f\\x98\\xd7\\xf3\\xe5L\\x89tz\\xdc\\xdeQ\\x1e?N\\xd1\\xbd\\\\xb9\\xf0\\xc3\\xef\\x8cO\\xdciM\\xdd\\xc2\\x85\\x1e\\xabh\\xe2\\x8cG4\\x90\\x0f:\\x86Z\\xd5\\xab\\xdc\\x81\\xc3-m\\x7fB{@\\x00\\x00\\x00\\x1eLm3\\x8c\\x81\\xe9\\x81\\xa4\\x08:\\x8d\\xd9\\x8a@\n\\xf1\\x06\\xee\\x9f\\xdd\\xee\\xdb\\xd1\\xbc\\xf1!S\\x05\\x90\\x84J@\\xe0\\x95\\xd4\\xfb\\xa2S\\xa9\\xc2&\\x96+\\x81 !\\xe1D\\x8b\\x95\\xc9\\xe8\\xf7[\\x19\\xc0\\xd0o\\xf9\\xed\\xce\\xe6+"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:09,478",
        "eid": 2414,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\DllPath",
          "content": "C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,541",
        "eid": 2452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\ContentManagement.ContentManagementBroker\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,556",
        "eid": 2460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\TrustLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Security.WebAuthentication.AuthenticationManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdServiceTicketRequest\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2481,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2482,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2483,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": "0018C0152326D152"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount",
          "content": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds",
          "content": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2487,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2488,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime",
          "content": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew",
          "content": "18446744073709540795"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2491,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2492,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00?/iM0|^\\xd2bZ\\x18%O\\xc3\tSNz\\x9a\\xd7o\\xc4\\xc3\\xc9\\x10\\xfa\\xd9|\\xc3\\x94\\xf11\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00n\\xae\\x98\\xc7\\xd9K\\x8cd\\xf3\\xf4x-\\xb0i\\x1b\\x18\\xea\\x9a\\xe2\\x87d&\\xe8S\\xd5\\xe9&\\x963\\xb5\\xf9\\xcb\\x80\\x00\\x00\\x00L\\x9c\\xa4-\\x07\\x8d@\\xbc\\x9f\\xf1\\xc2-\\x82\\xe4\\xdb\\xe6F\\x88['\\G\\xffV\\xa2m\\xbc\r\\x0fi\\xa3l\\xe5\t+|\\xa6):\\xcd\\x8b\\x91H\\x86\\xcb\\x95XV-\\xae\\x12\\xb507\\xc0\\xa5u:Q\\xcb\\xca\\x01\\xa8\\xd5\r\\x03\\x1f&\\x8f;U,\\xb4\\xa2a\\xda\\x0f\\x98\\xd7\\xf3\\xe5L\\x89tz\\xdc\\xdeQ\\x1e?N\\xd1\\xbd\\\\xb9\\xf0\\xc3\\xef\\x8cO\\xdciM\\xdd\\xc2\\x85\\x1e\\xabh\\xe2\\x8cG4\\x90\\x0f:\\x86Z\\xd5\\xab\\xdc\\x81\\xc3-m\\x7fB{@\\x00\\x00\\x00\\x1eLm3\\x8c\\x81\\xe9\\x81\\xa4\\x08:\\x8d\\xd9\\x8a@\n\\xf1\\x06\\xee\\x9f\\xdd\\xee\\xdb\\xd1\\xbc\\xf1!S\\x05\\x90\\x84J@\\xe0\\x95\\xd4\\xfb\\xa2S\\xa9\\xc2&\\x96+\\x81 !\\xe1D\\x8b\\x95\\xc9\\xe8\\xf7[\\x19\\xc0\\xd0o\\xf9\\xed\\xce\\xe6+"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:09,572",
        "eid": 2493,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2494,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\ApplicationFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2495,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2496,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceId",
          "content": "0018C0152326D152"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\IdentityCRL\\ClockData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\TickCount",
          "content": "\\x0eW#\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockData\\ClockTimeSeconds",
          "content": "\\xaaY\\xa9i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2500,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,681",
        "eid": 2501,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Token\\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\\DeviceTicket",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00@\\x8a\\xda\\xa1\\xb0O\\\\xf2\\x11N\\xcawfk\\xed\\x04\\x94*\\x14\\x05V\\xe8f_\\xb5\\xa6K\\x0f\\x0f\\x1b.\\xb8\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00\\xbb\\xb1<\\x1c8\\xfeA\\xbe\\xccs\\xc4\\xfc\\x83B\\x1d%\\x01@R\\x0fJ\\xbb\r\\xd3\\xfc*\\x0b!\\x91\\xdcI\\xcb\\xa0\n\\x00\\x00bb6qbu\\x0eQ\\xc5b\\xd1\\xa4\\xb3fh\\xed\\x8d1\\x1cagi@P)!\\x152\\xac\\xe2\\x1dF\\xe4d-\\xa1(\\x98\\x07\\xa3S\\x12b\\xff\\xb9\\xd0j\\xf2\\xd7\\x9bE\\xaa\\xea\\xea\\xaa\\xa40\\x9c\\x9b?\\x0c\\xfdX\\xe1\\x07\\xc9\\xdeqd\\x10\r\\xc7\\xd6F{\\xcd\\x1b\"\\x00\\xa49`\\xe7\\x8d\\x9c\\xc8\\xc1E\\xd2\\x1074\\x9ajA\\xee>\\xc1\\xe6\\x96\\xba2\\x1e\\x94\\xc7\\x1aX5\\xc3\\xac\\x82P\\xd28\\xe1\n\\xf4b\\x80_M$\\xf8\\xaaW\\xc9Uh\\x8eJ1z:`>;\\x94u\\x14m\\x95\\xa3\\x82\\xd6\\xd7S\\xab\\xd0\\x08k\\xe6\\x08\\xfd\\xdd\\x94i\\xb0\\\\xfe\\x82\\xa3\\xbc0\ti\\xf8\\x9a*%\\xb1\\x1e9\\xe2\\x85\\xadV\\x19\\xe9_&y\\xc8No=[m\\x16\\xc2AL\\xa7\\xceR\\xc0\\xcd\\x8a\\x82\\xe1\\x08\\xde\\xb6\\x9b\\xb8\\x8a\r\\x1f\\xd1\\x90wW\\xaa\\xdc\\x94r\\xf4C\\xd2\\x0f\\x1a\\x19\\xac\\xef\\d\\xb1?\\x15\\xa6\\x93\\xef:v\\xc8\\x15\\x95H&\\xc5^\\xe4\\xd0\\x0f\\xd9<l\r\\x1b\\x17\\x10\\xf3'\\xf3\\x11\\x04qb\\xc2|\\x8d\\x12B\\xc7\\xbe\\xff\\x04\\xacw\\xb2\\xb0(G\\\\x81|!\\xee/\\x87\\xda\\xa0\\x7f\\xda\\x83e8\\xd9\\xc4\\x83\\x99\\xa0\\xccu[}\\x9d\\x1fN&\\x99G\\xce\\xe6\\xdc\\xe6\\xc4@\\xa1\\xab\\x9a\\x8c\\x06\\xf66\\xd4Cq\\x88a;\\xb8r\\xb4Y\\xealA\\g.\\xdb\\xcd\\xea\\x13\\xcbj\\x84a^\\xe1^`\\xf7\\x8d\\x87\\xfaC\\xd6\\x85\\x83\\x06M\\xac\\xcd\\xd8\\xeb\\x9d+iT\\x10\\xae"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,697",
        "eid": 2502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\GlobalDeviceUpdateTime",
          "content": "\\x02\\x8f\\xa8i\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,697",
        "eid": 2503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IdentityCRL\\ClockSkew",
          "content": "18446744073709540795"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,697",
        "eid": 2504,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:09,697",
        "eid": 2505,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IdentityCRL\\Immersive\\production\\Property\\0018C0152326D152",
          "content": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00k\\xe9\\xfb\\xd7\\x04\\xe1\\xb7C\\xbe{)\\x1b\\x16\\x96Kj\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10f\\x00\\x00\\x00\\x01\\x00\\x00 \\x00\\x00\\x00?/iM0|^\\xd2bZ\\x18%O\\xc3\tSNz\\x9a\\xd7o\\xc4\\xc3\\xc9\\x10\\xfa\\xd9|\\xc3\\x94\\xf11\\x00\\x00\\x00\\x00\\x0e\\x80\\x00\\x00\\x00\\x02\\x00\\x00 \\x00\\x00\\x00n\\xae\\x98\\xc7\\xd9K\\x8cd\\xf3\\xf4x-\\xb0i\\x1b\\x18\\xea\\x9a\\xe2\\x87d&\\xe8S\\xd5\\xe9&\\x963\\xb5\\xf9\\xcb\\x80\\x00\\x00\\x00L\\x9c\\xa4-\\x07\\x8d@\\xbc\\x9f\\xf1\\xc2-\\x82\\xe4\\xdb\\xe6F\\x88['\\G\\xffV\\xa2m\\xbc\r\\x0fi\\xa3l\\xe5\t+|\\xa6):\\xcd\\x8b\\x91H\\x86\\xcb\\x95XV-\\xae\\x12\\xb507\\xc0\\xa5u:Q\\xcb\\xca\\x01\\xa8\\xd5\r\\x03\\x1f&\\x8f;U,\\xb4\\xa2a\\xda\\x0f\\x98\\xd7\\xf3\\xe5L\\x89tz\\xdc\\xdeQ\\x1e?N\\xd1\\xbd\\\\xb9\\xf0\\xc3\\xef\\x8cO\\xdciM\\xdd\\xc2\\x85\\x1e\\xabh\\xe2\\x8cG4\\x90\\x0f:\\x86Z\\xd5\\xab\\xdc\\x81\\xc3-m\\x7fB{@\\x00\\x00\\x00\\x1eLm3\\x8c\\x81\\xe9\\x81\\xa4\\x08:\\x8d\\xd9\\x8a@\n\\xf1\\x06\\xee\\x9f\\xdd\\xee\\xdb\\xd1\\xbc\\xf1!S\\x05\\x90\\x84J@\\xe0\\x95\\xd4\\xfb\\xa2S\\xa9\\xc2&\\x96+\\x81 !\\xe1D\\x8b\\x95\\xc9\\xe8\\xf7[\\x19\\xc0\\xd0o\\xf9\\xed\\xce\\xe6+"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:09,697",
        "eid": 2506,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,681",
        "eid": 2528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,697",
        "eid": 2552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:19,712",
        "eid": 2572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:34,978",
        "eid": 2573,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,150",
        "eid": 2591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2598,
        "data": {
          "file": "C:\\Windows\\System32\\windows.storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97b4e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,166",
        "eid": 2599,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,291",
        "eid": 2600,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97adb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,291",
        "eid": 2601,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,291",
        "eid": 2602,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{08F327FF-85D5-48B9-AEE9-28511E339F9F}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,306",
        "eid": 2610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,353",
        "eid": 2646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,369",
        "eid": 2658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,416",
        "eid": 2659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6CA9BD66-F046-48A3-9A11-992AFEB34E2D}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,416",
        "eid": 2660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,416",
        "eid": 2661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,416",
        "eid": 2662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,416",
        "eid": 2663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,462",
        "eid": 2664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,462",
        "eid": 2665,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,462",
        "eid": 2666,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,462",
        "eid": 2667,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,462",
        "eid": 2668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2669,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2673,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2675,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2680,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,478",
        "eid": 2682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
          "content": "32"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2689,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
          "content": "32"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2691,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
          "content": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2693,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2695,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2697,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2699,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2700,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2701,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2702,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2703,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2704,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2705,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2706,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2707,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2708,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2709,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2710,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2711,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2712,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,494",
        "eid": 2713,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2714,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2715,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2716,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2718,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2720,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2723,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2726,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2728,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2729,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2733,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2734,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,509",
        "eid": 2735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2736,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2739,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2742,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2745,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2746,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,541",
        "eid": 2748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,728",
        "eid": 2749,
        "data": {
          "file": "C:\\Windows\\System32\\mssprxy.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95ed30000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,728",
        "eid": 2750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)",
          "content": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,728",
        "eid": 2751,
        "data": {
          "file": "C:\\Windows\\System32\\mssprxy.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95ed30000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,728",
        "eid": 2752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)",
          "content": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,744",
        "eid": 2753,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff979d80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,744",
        "eid": 2754,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2755,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2756,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2757,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2758,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2763,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2764,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,759",
        "eid": 2770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2771,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00H\\x8dm|\\x1f\\x00\\x00\\x00\\x04@\\x00\\x10\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2772,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2773,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name",
          "content": "Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,806",
        "eid": 2797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,822",
        "eid": 2798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,822",
        "eid": 2799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,822",
        "eid": 2800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,822",
        "eid": 2801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,822",
        "eid": 2802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
          "content": "%ProgramData%\\Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2803,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00H\\x8dm|\\x1f\\x00\\x00\\x00\\x04@\\x00\\x10\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2804,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2805,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2806,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,837",
        "eid": 2812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath",
          "content": "Microsoft\\Windows\\Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip",
          "content": "@shell32,dll,-12692"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21797"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-117"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2830,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
          "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
          "content": "Windows"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,884",
        "eid": 2844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
          "content": "System"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
          "content": "Personal"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21770"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-112"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2894,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
          "content": "%USERPROFILE%\\Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name",
          "content": "Fonts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder",
          "content": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,900",
        "eid": 2912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,916",
        "eid": 2913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,916",
        "eid": 2914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,916",
        "eid": 2915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,916",
        "eid": 2916,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
          "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,916",
        "eid": 2917,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
          "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
          "content": "Cache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
          "content": "Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2939,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
          "content": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
          "content": "CD Burning"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
          "content": "Microsoft\\Windows\\Burn\\Burn"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21815"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,978",
        "eid": 2960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2961,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\CD Burning",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
          "content": "Local AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
          "content": "AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2983,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2984,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\FriendlyTypeName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-10152"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
          "content": "48"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:38,994",
        "eid": 2986,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\30\\B1A07F78\\@C:\\Windows\\system32\\windows.storage.dll,-10152",
          "content": "\\x41f\\x430\\x43f\\x43a\\x430 \\x441 \\x444\\x430\\x439\\x43b\\x430\\x43c\\x438"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,056",
        "eid": 2987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,056",
        "eid": 2988,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,056",
        "eid": 2989,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,056",
        "eid": 2990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,056",
        "eid": 2991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2992,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2993,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,072",
        "eid": 2999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CB43CCC9-446B-4A4F-BE97-757771BE5203}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,181",
        "eid": 3009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,197",
        "eid": 3049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFolderStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Parent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\CanonicalName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\CanonicalName",
          "content": "FileItemAPIs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\PerceivedType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\PerceivedType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Theme",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Theme",
          "content": "default"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\LayoutType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\LayoutType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViewPersistence",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\ViewSettingsPersistence",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Mode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\Class",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\MostRelevant",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\MostRelevant",
          "content": "prop:System.ItemNameDisplay"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\DefaultView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\OverrideParentTopViews",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\DateCategorizerInfo",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\StackBy",
          "content": "System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimaryProperty",
          "content": "System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\SortByList",
          "content": "prop:-System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{34cbc45c-eb17-448d-ac3a-838eb3ecdcd0}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\StackBy",
          "content": "System.Music.AlbumTitle"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimaryProperty",
          "content": "System.Music.AlbumTitle"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.Music.Artist;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\SortByList",
          "content": "prop:System.Music.AlbumTitle;System.Music.DisplayArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,212",
        "eid": 3112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{3fa62bd1-b86d-4b21-9931-02086472c3e6}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\StackBy",
          "content": "System.ItemTypeText"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimaryProperty",
          "content": "System.ItemTypeText"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\ColumnList",
          "content": "prop:0System.ItemTypeText;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\SortByList",
          "content": "prop:System.ItemTypeText"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{401404A3-12A0-402F-BBA4-B62D127B8A79}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\StackBy",
          "content": "System.Music.DisplayArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimaryProperty",
          "content": "System.Music.DisplayArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\SortByList",
          "content": "prop:System.Music.DisplayArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5a07ae71-b138-4e2b-a3d8-815b2ee774e6}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\StackBy",
          "content": "System.Author"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimaryProperty",
          "content": "System.Author"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\ColumnList",
          "content": "prop:0System.Author;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\SortByList",
          "content": "prop:System.Author"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{5B11944C-125B-40FD-B2BC-025736B0F714}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,228",
        "eid": 3186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\StackBy",
          "content": "System.Music.Composer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimaryProperty",
          "content": "System.Music.Composer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\SortByList",
          "content": "prop:System.Music.Composer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{73218899-7B6E-4168-A140-D7167A04F8F0}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\QueryType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\ColumnList",
          "content": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\SortByList",
          "content": "prop:System.ItemNameDisplay"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\ColumnList",
          "content": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\SortByList",
          "content": "prop:System.Title"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{895F88CC-B59F-47ed-BBC6-AF00FF098FAB}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\StackBy",
          "content": "System.Music.AlbumArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimaryProperty",
          "content": "System.Music.AlbumArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,244",
        "eid": 3261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\SortByList",
          "content": "prop:System.Music.AlbumArtist"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{94019DD4-8911-4b02-B443-0674C7453F1E}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\ColumnList",
          "content": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\SortByList",
          "content": "prop:System.ItemNameDisplay"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{AEA17D99-B292-4C4B-A20C-23E38895AD9B}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\ColumnList",
          "content": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\SortByList",
          "content": "prop:-System.Search.Rank;-System.DateModified;System.ItemNameDisplay"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{bdbe736f-34f5-4829-abe8-b550e65146c4}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\StackBy",
          "content": "System.Media.Year"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimaryProperty",
          "content": "System.Media.Year"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\SortByList",
          "content": "prop:-System.Media.Year"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{C0457B47-32A5-4c29-A092-EFF8AAB749B7}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\ColumnList",
          "content": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,259",
        "eid": 3342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\SortByList",
          "content": "prop:-System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{D16923D7-7E6E-460B-96F0-E321211AA496}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\ColumnList",
          "content": "prop:0System.Audio.EncodingBitrate;0System.Author;0System.Comment;0System.DateModified;0System.ItemDate;0System.GPS.LatitudeDecimal;0System.GPS.LongitudeDecimal;0System.Image.HorizontalSize;0System.Image.VerticalSize;0System.Keywords;0System.Media.Duration"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\SortByList",
          "content": "prop:System.Music.DisplayArtist;System.Music.AlbumTitle;System.Music.TrackNumber;System.Title"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{d34ade43-45bd-44ae-84b7-3bcc998826e2}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\StackBy",
          "content": "System.Keywords"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimaryProperty",
          "content": "System.Keywords"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\SortByList",
          "content": "prop:System.Keywords"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E21A4A59-E483-436d-B9F3-59225953AEF3}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\StackBy",
          "content": "System.Music.Genre"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimaryProperty",
          "content": "System.Music.Genre"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\SortByList",
          "content": "prop:System.Music.Genre"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E3C50079-D524-4572-83CE-4C810C534095}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\DateCategorizerInfo",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,275",
        "eid": 3420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\StackBy",
          "content": "System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimaryProperty",
          "content": "System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\SortByList",
          "content": "prop:-System.ItemDate"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{e5e2e7f6-7a4b-45ce-8b40-9a8e3dd8b9a7}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Name",
          "content": "NoName"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\LogicalViewMode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\IconSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\QueryType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\QueryType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\HideFileNames",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\DateCategorizerInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ChildViewID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\GroupAscending",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\StackBy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\StackBy",
          "content": "System.Rating"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimaryProperty",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimaryProperty",
          "content": "System.Rating"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\PrimarySettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ColumnList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\ColumnList",
          "content": "prop:0System.Rating;0System.Keywords;0System.Photo.DateTaken;0System.Music.DisplayArtist;0System.Music.Genre;0System.Media.Duration;0System.ThumbnailCacheId;0System.StorageProviderId"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\SortByList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\SortByList",
          "content": "prop:-System.Rating"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:39,291",
        "eid": 3453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderTypes\\{B372207C-0011-438F-9151-098B2E36B887}\\TopViews\\{E6EF56B7-96A4-4857-B7BC-F15C5DDF0DE4}\\Order",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{44F2C7E9-A2CA-4CBD-AA65-61AC09315E2C}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7BF2957B-68E4-4528-915A-7AB28983DD46}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,556",
        "eid": 3463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D79DF790-8B00-4420-8F46-30C61E5FF610}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,572",
        "eid": 3477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,666",
        "eid": 3478,
        "data": {
          "file": "C:\\Windows\\System32\\StructuredQuery.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96c930000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,728",
        "eid": 3479,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.Search.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95e760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,728",
        "eid": 3480,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.Search.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95e760000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,759",
        "eid": 3481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,759",
        "eid": 3482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3483,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3484,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3487,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3488,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3489,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3490,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3493,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,837",
        "eid": 3494,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\LogFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3496,
        "data": {
          "file": "api-ms-win-eventing-provider-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3498,
        "data": {
          "file": "Windows.Storage.Search.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3499,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF",
          "content": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\xe0+\\xe0\\x11\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3500,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3502,
        "data": {
          "file": "Windows.Storage.Search.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3503,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{04731B67-D933-450A-90E6-4ACD2E9408FE} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF",
          "content": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\xe0+\\xe0\\x11\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3504,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3505,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,853",
        "eid": 3506,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,869",
        "eid": 3507,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,869",
        "eid": 3508,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,869",
        "eid": 3509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,869",
        "eid": 3510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,884",
        "eid": 3511,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,884",
        "eid": 3512,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3515,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3516,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3519,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3520,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3523,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3524,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3527,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3528,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3531,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3532,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,900",
        "eid": 3534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3535,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3536,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3537,
        "data": {
          "file": "User32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3540,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3541,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,916",
        "eid": 3543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3544,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3545,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3548,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3549,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3552,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3553,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,931",
        "eid": 3555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3556,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3557,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3560,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3561,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,947",
        "eid": 3563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3564,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3565,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3568,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3569,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,962",
        "eid": 3571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3572,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3573,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3576,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3577,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3580,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3581,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,978",
        "eid": 3583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3584,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3587,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3588,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3591,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3592,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3597,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3598,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:41,994",
        "eid": 3600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3601,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3602,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3606,
        "data": {
          "file": "Windows.Storage.Search.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D} {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} 0x401",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3608,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\HasFlushedShellExtCache",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,009",
        "eid": 3610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3611,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3612,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3617,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3618,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,025",
        "eid": 3620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3621,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3622,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3625,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3626,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3631,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,041",
        "eid": 3632,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WholeFileSystem",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\SystemFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3636,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSearchFullText",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3638,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3639,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,056",
        "eid": 3641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3642,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3643,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3646,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3647,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,072",
        "eid": 3649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3655,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewOnDrive",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
          "content": "Profile"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,087",
        "eid": 3676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,103",
        "eid": 3689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,119",
        "eid": 3699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AC736759-22C6-4DBA-B09E-04FD1889348F}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,134",
        "eid": 3707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0000000c-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{FA9812C4-0B34-47D0-9B0B-157FB5B5FDF2}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BFB02FED-4C71-40E1-B4F3-CE99C2FF0542}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,275",
        "eid": 3723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,291",
        "eid": 3724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F3CC02FB-7C40-443A-966E-D85196B36F21}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3725,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3726,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3729,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3730,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,306",
        "eid": 3732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3733,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3734,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3737,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3738,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3741,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3742,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3745,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3746,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3749,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3750,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3753,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3754,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,322",
        "eid": 3756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3757,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3758,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3761,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3762,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3765,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3766,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3769,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3770,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.Search.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,337",
        "eid": 3772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4af1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,353",
        "eid": 3773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,353",
        "eid": 3774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,353",
        "eid": 3775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,353",
        "eid": 3776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,916",
        "eid": 3798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,931",
        "eid": 3820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,947",
        "eid": 3843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5984C710-DAF2-43C8-8BB4-A4D3EACFD03F}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,962",
        "eid": 3875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{90C5260F-DF18-4049-BF47-35D736AF4A3E}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3884,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3885,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3889,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:42,978",
        "eid": 3890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3891,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3892,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,009",
        "eid": 3904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,056",
        "eid": 3932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3943,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96b9e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:43,072",
        "eid": 3944,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,087",
        "eid": 3945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,087",
        "eid": 3946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,087",
        "eid": 3947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,103",
        "eid": 3948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\FriendlyTypeName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,103",
        "eid": 3949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,494",
        "eid": 3950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,494",
        "eid": 3951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,494",
        "eid": 3952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,509",
        "eid": 3973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{4207A996-CA2F-42F7-BDE8-8B10457A7F30}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,759",
        "eid": 3981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,837",
        "eid": 3982,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,837",
        "eid": 3983,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,837",
        "eid": 3984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,837",
        "eid": 3985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3986,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3987,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:43,869",
        "eid": 3993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 3994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 3995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 3996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
          "content": "C:\\Windows\\System32\\combase.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 3997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 3998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 3999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5a648006-843a-4da9-865b-9d26e5dfad7b}\\ProxyStubClsid32\\(Default)",
          "content": "{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": "Ptype_PSFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,666",
        "eid": 4012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": "Ptype_PSFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": "Ptype_PSFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": "Ptype_PSFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,681",
        "eid": 4034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,697",
        "eid": 4035,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97b4e0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,744",
        "eid": 4036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,744",
        "eid": 4037,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,744",
        "eid": 4038,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,744",
        "eid": 4039,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,759",
        "eid": 4040,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,900",
        "eid": 4041,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.FileExplorer.Common.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95e840000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,900",
        "eid": 4042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:44,916",
        "eid": 4043,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TelemetrySalt",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:44,916",
        "eid": 4044,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f7e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:45,775",
        "eid": 4045,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:45,775",
        "eid": 4046,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4047,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4048,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4049,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity",
          "content": "7167"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4050,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4051,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4052,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum",
          "content": "\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4053,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,791",
        "eid": 4054,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:45,853",
        "eid": 4055,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\Caches"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:45,869",
        "eid": 4056,
        "data": {
          "file": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:45,884",
        "eid": 4057,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:45,994",
        "eid": 4058,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,009",
        "eid": 4059,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,009",
        "eid": 4060,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,009",
        "eid": 4061,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,009",
        "eid": 4062,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,009",
        "eid": 4063,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,009",
        "eid": 4064,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4065,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4066,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4067,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
          "content": "My Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21779"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-113"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,025",
        "eid": 4088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4089,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
          "content": "%USERPROFILE%\\Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
          "content": "My Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{1CF1260C-4DD0-4EBB-811F-33C572699FDE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21790"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-108"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4111,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
          "content": "%USERPROFILE%\\Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
          "content": "My Video"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A0953C92-50DC-43BF-BE83-3742FED03C9C}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21791"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-189"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4133,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
          "content": "%USERPROFILE%\\Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21798"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-184"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,041",
        "eid": 4143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
          "content": "S:AI(RA;IOOICI;;;;WD;(\"IMAGELOAD\",TU,0x0,0x01))"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
          "content": "{885A186E-A440-4ADA-812B-DB871B942259}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4155,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
          "content": "%USERPROFILE%\\Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
          "content": "Local Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{d3162b92-9365-467a-956b-92703aca08af}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21770"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-112"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4177,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
          "content": "Local Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21779"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-113"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,056",
        "eid": 4201,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
          "content": "Local Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21790"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-108"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4225,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
          "content": "Local Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21791"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-189"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 4249,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
          "content": "Local Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{088e3905-0323-4b02-9826-5d99428e115f}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21798"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-184"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4273,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name",
          "content": "ThisPCDesktopFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21769"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-183"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4297,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,087",
        "eid": 4299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:46,197",
        "eid": 4300,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,212",
        "eid": 4301,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,212",
        "eid": 4302,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,212",
        "eid": 4303,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,212",
        "eid": 4304,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,291",
        "eid": 4305,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,291",
        "eid": 4306,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4307,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4308,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4309,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity",
          "content": "7167"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4310,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4311,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4312,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum",
          "content": "\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4313,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 4314,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:46,322",
        "eid": 4315,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,322",
        "eid": 4316,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,337",
        "eid": 4317,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,337",
        "eid": 4318,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,337",
        "eid": 4319,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,337",
        "eid": 4320,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,337",
        "eid": 4321,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,337",
        "eid": 4322,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,353",
        "eid": 4323,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,353",
        "eid": 4324,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4325,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4326,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4328,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4330,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,400",
        "eid": 4332,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,416",
        "eid": 4333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,416",
        "eid": 4334,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,416",
        "eid": 4335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:46,431",
        "eid": 4336,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,431",
        "eid": 4337,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,447",
        "eid": 4338,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,447",
        "eid": 4339,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,447",
        "eid": 4340,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,462",
        "eid": 4341,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,462",
        "eid": 4342,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4343,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4344,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4345,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\MaxCapacity",
          "content": "7167"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4346,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\NukeOnDelete",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4347,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4348,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\LastEnum",
          "content": "\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,478",
        "eid": 4349,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,494",
        "eid": 4350,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:46,494",
        "eid": 4351,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,509",
        "eid": 4352,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,509",
        "eid": 4353,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,509",
        "eid": 4354,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,509",
        "eid": 4355,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,525",
        "eid": 4356,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,525",
        "eid": 4357,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,525",
        "eid": 4358,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,525",
        "eid": 4359,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,525",
        "eid": 4360,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4361,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4363,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4365,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4367,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4369,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,556",
        "eid": 4370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,587",
        "eid": 4371,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,587",
        "eid": 4372,
        "data": {
          "file": "C:\\Users\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21769"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-183"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4394,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
          "content": "%USERPROFILE%\\Desktop"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,619",
        "eid": 4395,
        "data": {
          "file": "C:\\Users\\cape\\Desktop\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
          "content": "Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
          "content": "Microsoft\\Windows\\Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4417,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
          "content": "AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
          "content": "AppData\\Roaming"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4439,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
          "content": "%USERPROFILE%\\AppData\\Roaming"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,634",
        "eid": 4440,
        "data": {
          "file": "C:\\Users\\cape\\Documents\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,650",
        "eid": 4441,
        "data": {
          "file": "C:\\Users\\cape\\Music\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,650",
        "eid": 4442,
        "data": {
          "file": "C:\\Users\\cape\\Pictures\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,650",
        "eid": 4443,
        "data": {
          "file": "C:\\Users\\cape\\Videos\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,650",
        "eid": 4444,
        "data": {
          "file": "C:\\Users\\cape\\Downloads\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,650",
        "eid": 4445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,650",
        "eid": 4446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Name",
          "content": "OneDrive"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\RelativePath",
          "content": "OneDrive"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\ParsingName",
          "content": "shell:::{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalizedName",
          "content": "@%SystemRoot%\\System32\\SettingSyncCore.dll,-1024"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1040"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\DefinitionFlags",
          "content": "64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4466,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4469,
        "data": {
          "file": "C:\\Users\\cape\\OneDrive\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
          "content": "UsersFilesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
          "content": "18446744073449767213"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,666",
        "eid": 4494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
          "content": "5243433"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
          "content": "{92803FB4-7706-4035-ACD7-F63E069D3697}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4500,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
          "content": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
          "content": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": "17"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,681",
        "eid": 4512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,728",
        "eid": 4513,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
          "content": "Searches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
          "content": "Searches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-9031"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-18"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
          "content": "{0b0ba2e3-405f-415e-a6ee-cad625207853}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4535,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
          "content": "ProgramFilesCommon"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
          "content": "MusicLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
          "content": "Music.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34584"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1004"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,744",
        "eid": 4579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
          "content": "PublicLibraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
          "content": "Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
          "content": "Common Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21799"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
          "content": "D:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,759",
        "eid": 4622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
          "content": "AppDataDocuments"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Name",
          "content": "OneDriveCameraRoll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParentFolder",
          "content": "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\RelativePath",
          "content": "Camera Roll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\DefinitionFlags",
          "content": "64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\FolderTypeID",
          "content": "{b3690e58-e961-423b-b687-386ebfd83239}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{767E6811-49CB-4273-87C2-20F355E1085B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
          "content": "SavedPicturesLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
          "content": "SavedPictures.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
          "content": "MAPIFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
          "content": "shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}\\*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,775",
        "eid": 4693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4708,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
          "content": "Quick Launch"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
          "content": "Microsoft\\Internet Explorer\\Quick Launch"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
          "content": "ProgramFilesCommonX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,791",
        "eid": 4743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Name",
          "content": "OneDriveDocuments"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParentFolder",
          "content": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\DefinitionFlags",
          "content": "64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\FolderTypeID",
          "content": "{DD61BD66-70E8-48dd-9655-65C5E1AAC2D1}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
          "content": "3D Objects"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
          "content": "3D Objects"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21825"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-198"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
          "content": "{b3690e58-e961-423b-b687-386ebfd83239}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4795,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
          "content": "ConnectionsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,806",
        "eid": 4814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
          "content": "PrintersFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
          "content": "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{2227A280-3AEA-1069-A2DE-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
          "content": "4"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4841,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4843,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4852,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
          "content": "ResourceDir"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,822",
        "eid": 4859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,837",
        "eid": 4875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
          "content": "Common Startup"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
          "content": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
          "content": "StartUp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21787"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
          "content": "PublicGameTasks"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
          "content": "Microsoft\\Windows\\GameExplorer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
          "content": "SyncSetupFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
          "content": "CommonVideo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21804"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,853",
        "eid": 4956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
          "content": "History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
          "content": "Microsoft\\Windows\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
          "content": "SyncResultsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 4999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
          "content": "ConflictFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{E413D040-6788-4C22-957E-175D1C513A34},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,869",
        "eid": 5023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
          "content": "RecycleBinFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
          "content": "::{645FF040-5081-101B-9F08-00AA002F954E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
          "content": "CSCFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
          "content": "shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
          "content": "Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
          "content": "Microsoft\\Windows\\Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 5087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
          "content": "Common Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
          "content": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21782"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
          "content": "NetHood"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
          "content": "Microsoft\\Windows\\Network Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
          "content": "Contacts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
          "content": "Contacts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{56784854-C6CB-462B-8169-88E350ACB882}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
          "content": "@%CommonProgramFiles%\\system\\wab32res.dll,-10200"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
          "content": "@%CommonProgramFiles%\\system\\wab32res.dll,-10100"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-181"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
          "content": "{de2b70ec-9bf7-4a93-bd3d-243f7881d492}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 5149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5151,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name",
          "content": "UserProgramFilesCommon"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder",
          "content": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath",
          "content": "Common"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name",
          "content": "Roaming Tiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath",
          "content": "Microsoft\\Windows\\RoamingTiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5200,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 5202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name",
          "content": "UsersLibrariesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
          "content": "Cookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
          "content": "Microsoft\\Windows\\INetCookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name",
          "content": "LocalizedResourcesDir"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name",
          "content": "CommonRingtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath",
          "content": "Microsoft\\Windows\\Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,931",
        "eid": 5282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name",
          "content": "GameTasks"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath",
          "content": "Microsoft\\Windows\\GameExplorer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
          "content": "Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
          "content": "Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21796"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-115"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5329,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
          "content": "%USERPROFILE%\\Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5334,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name",
          "content": "HomeGroupFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,947",
        "eid": 5341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName",
          "content": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1013"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name",
          "content": "SendTo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath",
          "content": "Microsoft\\Windows\\SendTo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name",
          "content": "PublicAccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath",
          "content": "AccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName",
          "content": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38304"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name",
          "content": "ImplicitAppShortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder",
          "content": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath",
          "content": "ImplicitAppShortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,962",
        "eid": 5421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name",
          "content": "Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder",
          "content": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath",
          "content": "Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21762"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5444,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name",
          "content": "AddNewProgramsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName",
          "content": "shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name",
          "content": "Captures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath",
          "content": "Captures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21826"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 5489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
          "content": "UserProfiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21813"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
          "content": "D:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;WD)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name",
          "content": "InternetFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName",
          "content": "::{871C5380-42A0-1069-A2EA-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name",
          "content": "CameraRollLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath",
          "content": "CameraRoll.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34582"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
          "content": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21782"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,994",
        "eid": 5572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name",
          "content": "ProgramFilesX64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name",
          "content": "AppDataDesktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name",
          "content": "Camera Roll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath",
          "content": "Camera Roll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21824"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler",
          "content": "{B26388EA-AD62-430f-AF5C-CFA63BFE94A6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name",
          "content": "MyComputerFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName",
          "content": "::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,009",
        "eid": 5654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name",
          "content": "Common Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder",
          "content": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath",
          "content": "Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath",
          "content": "Documents.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath",
          "content": "Microsoft\\Windows\\Application Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-50704"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,025",
        "eid": 5686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21823"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name",
          "content": "SavedPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath",
          "content": "Saved Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,041",
        "eid": 5732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
          "content": "CommonPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21802"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name",
          "content": "AppsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName",
          "content": "shell:::{4234d49b-0245-4df3-b780-3893943456e1}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name",
          "content": "PrintHood"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath",
          "content": "Microsoft\\Windows\\Printer Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name",
          "content": "Development Files"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath",
          "content": "DevelopmentFiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 5807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name",
          "content": "PhotoAlbums"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath",
          "content": "Slide Shows"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21819"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5840,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name",
          "content": "AppMods"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath",
          "content": "AppMods"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21829"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID",
          "content": "{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5864,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,072",
        "eid": 5870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5871,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name",
          "content": "AppUpdatesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name",
          "content": "CommonDownloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21808"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5920,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Name",
          "content": "OneDriveMusic"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParentFolder",
          "content": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,087",
        "eid": 5933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\DefinitionFlags",
          "content": "64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\FolderTypeID",
          "content": "{672ECD7E-AF04-4399-875C-0290845B6247}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Name",
          "content": "Retail Demo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\RelativePath",
          "content": "Microsoft\\Windows\\RetailDemo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{12D4C69E-24AD-4923-BE19-31321C43A767}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name",
          "content": "Common Start Menu Places"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu Places"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name",
          "content": "PicturesLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath",
          "content": "Pictures.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34595"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1003"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 5999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
          "content": "Public"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,103",
        "eid": 6011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21816"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
          "content": "D:PAI(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICIIO;0x1301ff;;;IU)(A;;0x1200af;;;IU)(A;OICIIO;0x1301ff;;;SU)(A;;0x1200af;;;SU)(A;OICIIO;0x1301ff;;;S-1-5-3)(A;;0x1200af;;;S-1-5-3)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name",
          "content": "RecordedTVLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder",
          "content": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath",
          "content": "RecordedTV.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-34615"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1008"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name",
          "content": "AppDataProgramData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath",
          "content": "ProgramData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,119",
        "eid": 6056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name",
          "content": "HomeGroupCurrentUserFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName",
          "content": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\$CurrentUser$"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
          "content": "LocalAppDataLow"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
          "content": "AppData\\LocalLow"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
          "content": "S:(ML;OICI;NW;;;LW)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,134",
        "eid": 6102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
          "content": "8192"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name",
          "content": "Roamed Tile Images"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath",
          "content": "Microsoft\\Windows\\RoamedTileImages"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name",
          "content": "ProgramFilesCommonX64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name",
          "content": "CryptoKeys"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name",
          "content": "Original Images"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath",
          "content": "Microsoft\\Windows Photo Gallery\\Original Images"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,150",
        "eid": 6186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name",
          "content": "User Pinned"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder",
          "content": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath",
          "content": "User Pinned"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name",
          "content": "ChangeRemoveProgramsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
          "content": "Common Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21801"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
          "content": "SystemX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,166",
        "eid": 6268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name",
          "content": "AccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath",
          "content": "Microsoft\\Windows\\AccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName",
          "content": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38305"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Name",
          "content": "OneDrivePictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParentFolder",
          "content": "{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\DefinitionFlags",
          "content": "64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\FolderTypeID",
          "content": "{71D642A9-F2B1-42cd-AD92-EB9300C7CC0A}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
          "content": "CommonMusic"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21803"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,181",
        "eid": 6342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name",
          "content": "SearchHistoryFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath",
          "content": "Microsoft\\Windows\\ConnectedSearch\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name",
          "content": "ProgramFiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21781"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
          "content": "Startup"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
          "content": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
          "content": "StartUp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21787"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name",
          "content": "AppDataFavorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath",
          "content": "Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,197",
        "eid": 6413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name",
          "content": "Recorded Calls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath",
          "content": "Recorded Calls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21827"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,212",
        "eid": 6449,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name",
          "content": "NetworkPlacesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName",
          "content": "::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,259",
        "eid": 6466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
          "content": "Playlists"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
          "content": "Playlists"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21818"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name",
          "content": "DpapiKeys"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6517,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name",
          "content": "OEM Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath",
          "content": "OEM Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 6536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name",
          "content": "SearchHomeFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName",
          "content": "::{9343812e-1c37-4a49-a12e-4b2d810d956b}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6566,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6567,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 6576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName",
          "content": "::{f8278c54-a712-415b-b593-b77a2be0dda9}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name",
          "content": "SystemCertificates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name",
          "content": "Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath",
          "content": "Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21810"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-185"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,306",
        "eid": 6635,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name",
          "content": "UserProgramFiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name",
          "content": "Common Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath",
          "content": "Microsoft\\Windows\\Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name",
          "content": "Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath",
          "content": "Microsoft\\Windows\\Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name",
          "content": "Device Metadata Store"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,322",
        "eid": 6703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath",
          "content": "Microsoft\\Windows\\DeviceMetadataStore"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name",
          "content": "ControlPanelFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
          "content": "ProgramFilesX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21817"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name",
          "content": "SyncCenterFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,337",
        "eid": 6785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name",
          "content": "CredentialManager"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,353",
        "eid": 6807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6809,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 6816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6821,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,447",
        "eid": 6831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6835,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6843,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6846,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6851,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6852,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,462",
        "eid": 6858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6861,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6867,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6873,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,478",
        "eid": 6874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 6875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 6876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 6877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 6878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 6879,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6882,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6887,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,525",
        "eid": 6895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6896,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6903,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6908,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 6910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6913,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6920,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6927,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6932,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6939,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,556",
        "eid": 6941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6942,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6944,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6946,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6948,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6950,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,572",
        "eid": 6951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 6952,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,619",
        "eid": 6953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,619",
        "eid": 6954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6957,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6962,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6971,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6978,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6983,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,666",
        "eid": 6984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6988,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6995,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 6999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7002,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7007,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7014,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
          "content": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": "17"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,697",
        "eid": 7028,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7031,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7036,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,728",
        "eid": 7040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7045,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7052,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7057,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7062,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7069,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,744",
        "eid": 7071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7076,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7081,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7088,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,759",
        "eid": 7090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateAsUser",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.StorageFileStaticsBrokered\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,416",
        "eid": 7121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,572",
        "eid": 7122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageContents",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,572",
        "eid": 7123,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,572",
        "eid": 7124,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,572",
        "eid": 7125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,572",
        "eid": 7126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,587",
        "eid": 7127,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7128,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,603",
        "eid": 7134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,822",
        "eid": 7135,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,869",
        "eid": 7136,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,869",
        "eid": 7137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7138,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7139,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,884",
        "eid": 7144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:49,900",
        "eid": 7145,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,916",
        "eid": 7146,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,916",
        "eid": 7147,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,916",
        "eid": 7148,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,916",
        "eid": 7149,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,931",
        "eid": 7150,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,931",
        "eid": 7151,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,931",
        "eid": 7152,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,931",
        "eid": 7153,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,931",
        "eid": 7154,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-03-05 10:24:49,931",
        "eid": 7155,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,947",
        "eid": 7156,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,947",
        "eid": 7157,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7158,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7159,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7160,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7161,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7163,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7165,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7167,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,962",
        "eid": 7169,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,978",
        "eid": 7170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShowFrequent",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,978",
        "eid": 7171,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,994",
        "eid": 7172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7174,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7179,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7188,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7195,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7200,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,009",
        "eid": 7202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7205,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7212,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7219,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7224,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7231,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,025",
        "eid": 7233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,041",
        "eid": 7234,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,056",
        "eid": 7241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7243,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7248,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7257,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7264,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,072",
        "eid": 7269,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7274,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7281,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7288,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7293,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7300,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,087",
        "eid": 7302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,119",
        "eid": 7313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,228",
        "eid": 7335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:08,744",
        "eid": 7336,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:08,853",
        "eid": 7337,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,103",
        "eid": 7338,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,119",
        "eid": 7339,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,150",
        "eid": 7340,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,369",
        "eid": 7341,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:17,541",
        "eid": 7342,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:17,759",
        "eid": 7343,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:18,962",
        "eid": 7344,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:19,603",
        "eid": 7345,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:20,150",
        "eid": 7346,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:20,150",
        "eid": 7347,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7348,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
          "content": "32"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7350,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7351,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7352,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7353,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7354,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7355,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7356,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,572",
        "eid": 7357,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,587",
        "eid": 7358,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,587",
        "eid": 7359,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,587",
        "eid": 7360,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:45,837",
        "eid": 7361,
        "data": {
          "file": "C:\\bx_3000n\\dll\\KWXNIGCf.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95c960000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:45,837",
        "eid": 7362,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,869",
        "eid": 7363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:45,869",
        "eid": 7364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 7365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "<\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 7366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "<\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 7367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "<\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 7368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "=\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 7369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "=\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,072",
        "eid": 7370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "=\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,103",
        "eid": 7371,
        "data": {
          "file": "C:\\bx_3000n\\dll\\KWXNIGCf.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95c960000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,103",
        "eid": 7372,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,306",
        "eid": 7373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,322",
        "eid": 7374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:46,353",
        "eid": 7375,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f7e0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,384",
        "eid": 7376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": ">\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,416",
        "eid": 7377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": ">\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,416",
        "eid": 7378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": ">\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,494",
        "eid": 7379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,494",
        "eid": 7380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,884",
        "eid": 7381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7382,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7383,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7384,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7385,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7386,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7387,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7388,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7389,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7390,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7391,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,900",
        "eid": 7392,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,916",
        "eid": 7393,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 7394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:46,978",
        "eid": 7395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,056",
        "eid": 7428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:47,228",
        "eid": 7429,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:47,228",
        "eid": 7430,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f7e0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 7431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 7432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,275",
        "eid": 7433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 7434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 7435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 7436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,291",
        "eid": 7437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,400",
        "eid": 7470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.PackageLocation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,494",
        "eid": 7477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,541",
        "eid": 7484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,587",
        "eid": 7495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,634",
        "eid": 7496,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\Favorites",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,634",
        "eid": 7497,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\Favorites",
          "content": "\\x00V\\x01\\x00\\x00:\\x00\\x1f\\x80\\xc8'4\\x1f\\x10\\\\x10B\\xaa\\x03.\\xe4R\\x87\\xd6h&\\x00\\x01\\x00&\\x00\\xef\\xbe\\x12\\x00\\x00\\x00mM\\xb1\\xb8\\x11\\xac\\xdc\\x01\\xdd\\x17r\t\\x12\\xac\\xdc\\x01\\x95yt\t\\x12\\xac\\xdc\\x01\\x14\\x00V\\x001\\x00\\x00\\x00\\x00\\x00d\\\\x80\\xa0\\x10\\x00TaskBar\\x00@\\x00\t\\x00\\x04\\x00\\xef\\xbed\\\\x80\\xa0d\\\\x80\\xa0.\\x00\\x00\\x00\\x9d\\x8d\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00k>\\x0e\\x01T\\x00a\\x00s\\x00k\\x00B\\x00a\\x00r\\x00\\x00\\x00\\x16\\x00\\xc4\\x002\\x00\\x99\t\\x00\\x00d\\b\\xa0 \\x00MICROS~1.LNK\\x00\\x00V\\x00\t\\x00\\x04\\x00\\xef\\xbed\\\\x80\\xa0d\\\\x80\\xa0.\\x00\\x00\\x00\\x9e\\x8d\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00-\\xee\\xc1\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00E\\x00d\\x00g\\x00e\\x00.\\x00l\\x00n\\x00k\\x00\\x00\\x00\\x1c\\x00\\x12\\x00\\x00\\x00+\\x00\\xef\\xbe\\xa0\\xdcv\t\\x12\\xac\\xdc\\x01\\x1c\\x00\\x1a\\x00\\x00\\x00\\x1d\\x00\\xef\\xbe\\x02\\x00M\\x00S\\x00E\\x00d\\x00g\\x00e\\x00\\x00\\x00\\x1c\\x00&\\x00\\x00\\x00\\x1e\\x00\\xef\\xbe\\x02\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00P\\x00i\\x00n\\x00n\\x00e\\x00d\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa4\\x01\\x00\\x00:\\x00\\x1f\\x80\\xc8'4\\x1f\\x10\\\\x10B\\xaa\\x03.\\xe4R\\x87\\xd6h&\\x00\\x01\\x00&\\x00\\xef\\xbe\\x12\\x00\\x00\\x00mM\\xb1\\xb8\\x11\\xac\\xdc\\x01\\xdd\\x17r\t\\x12\\xac\\xdc\\x01A\\xc7\\x82\t\\x12\\xac\\xdc\\x01\\x14\\x00V\\x001\\x00\\x00\\x00\\x00\\x00d\\\\x80\\xa0\\x11\\x00TaskBar\\x00@\\x00\t\\x00\\x04\\x00\\xef\\xbed\\\\x80\\xa0d\\\\x80\\xa0.\\x00\\x00\\x00\\x9d\\x8d\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\xf0\\xff\\x00T\\x00a\\x00s\\x00k\\x00B\\x00a\\x00r\\x00\\x00\\x00\\x16\\x00\\x12\\x012\\x00\\x97\\x01\\x00\\x00\\x87O\\x07I \\x00FI"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,634",
        "eid": 7498,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesVersion",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,634",
        "eid": 7499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,634",
        "eid": 7500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,634",
        "eid": 7501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\CLSID",
          "content": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\Attributes",
          "content": "17"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\DescriptionID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\RecursiveSearch",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1f3427c8-5c10-4210-aa03-2ee45287d668}\\Instance\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7516,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:47,650",
        "eid": 7517,
        "data": {
          "file": "C:\\Users\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-03-05 10:24:47,681",
        "eid": 7518,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,775",
        "eid": 7519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,775",
        "eid": 7520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,775",
        "eid": 7521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,775",
        "eid": 7522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,775",
        "eid": 7523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7527,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7528,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\appresolver.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:47,791",
        "eid": 7530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4234d49b-0245-4df3-b780-3893943456e1}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,869",
        "eid": 7531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,869",
        "eid": 7532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,900",
        "eid": 7533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:49,900",
        "eid": 7534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SortOrderIndex",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,150",
        "eid": 7535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,150",
        "eid": 7536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "?\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,150",
        "eid": 7537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "@\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,150",
        "eid": 7538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,150",
        "eid": 7539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,400",
        "eid": 7540,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,400",
        "eid": 7541,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,400",
        "eid": 7542,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:50,400",
        "eid": 7543,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,119",
        "eid": 7544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,119",
        "eid": 7545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "C\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,119",
        "eid": 7546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,119",
        "eid": 7547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,119",
        "eid": 7548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,134",
        "eid": 7549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,134",
        "eid": 7550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "D\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,134",
        "eid": 7551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,134",
        "eid": 7552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,134",
        "eid": 7553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,150",
        "eid": 7554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,150",
        "eid": 7555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "E\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,150",
        "eid": 7556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,150",
        "eid": 7557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,150",
        "eid": 7558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,166",
        "eid": 7559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,166",
        "eid": 7560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "F\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,166",
        "eid": 7561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "G\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,166",
        "eid": 7562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "G\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:52,166",
        "eid": 7563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Deployment\\Package\\*\\S-1-5-21-3749840076-4109591986-3192690632-1000\\{A36CD6FF-A636-491B-9285-2F83A2A272F3}\\Version",
          "content": "G\\x19\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:56,977",
        "eid": 7564,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,071",
        "eid": 7565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\DisableThresholdAppLaunchPerfFeature",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,102",
        "eid": 7566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,102",
        "eid": 7567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,102",
        "eid": 7568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,102",
        "eid": 7569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,102",
        "eid": 7570,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,102",
        "eid": 7571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7572,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,118",
        "eid": 7584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,227",
        "eid": 7585,
        "data": {
          "file": "C:\\Windows\\System32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff978400000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,227",
        "eid": 7586,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,227",
        "eid": 7587,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7599,
        "data": {
          "file": "C:\\Windows\\System32\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff979c20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7600,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,243",
        "eid": 7602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PLM\\InProcBgTaskResumeOverride",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7603,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7604,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot",
          "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7609,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExePath",
          "content": "C:\\Windows\\system32\\backgroundTaskHost.exe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7610,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7611,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IsPackageRelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7612,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\AppUserModelId",
          "content": "Microsoft.YourPhone_8wekyb3d8bbwe!App"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7613,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExecutionPackageFamily",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7614,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Instancing",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7615,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\IdentityType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7616,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7617,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\xac\\x00\\x00\\x00\\xb8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00|\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x00\\x000\\x00\\x0b\\x00\\x00\\x00\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x80f\\xe6f\\x87\\x03\\x12g\\xcc\\xbas\\x04o\\x1f\\x94\\xe5f\\x96A\\x80\\xf8R\\xfc\\xd7\\xf1\\xccH\\xd7\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7618,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ActivatableClasses",
          "content": "\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7619,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7620,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RunFullTrust",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7621,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\Proxied",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7622,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\RuntimeBehavior",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7623,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,274",
        "eid": 7624,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\Server\\App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\\HostRuntimeId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7625,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7626,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Server",
          "content": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7627,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7628,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\IsPackageRelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7629,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7630,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\Private",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7642,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7643,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7644,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.Aliased",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7645,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7646,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7647,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,290",
        "eid": 7648,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXn958k7nsj8mxxmsepqdam8xk948t30sc.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": "YourPhone.Background.Tasks.BackgroundTask"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7649,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7650,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Server",
          "content": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7651,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7652,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\IsPackageRelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7653,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7654,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\Private",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7655,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7656,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7657,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.Aliased",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7658,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7659,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7660,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7661,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppX7we8ppyvbcw1qgywtegdcnyzf5xb3mmb.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": "YourPhone.Background.Tasks.PreInstalledConfigTask"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7662,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7663,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Server",
          "content": "App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7664,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7665,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\IsPackageRelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7666,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,321",
        "eid": 7667,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\Private",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7668,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7669,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7670,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.Aliased",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7671,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7672,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7673,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7674,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\App.AppXttzrw798r0nwe8t40rg7enp84tvmygwf.mca\\CustomAttributes\\AppObject.EntryPoint",
          "content": "YourPhone.Background.Tasks.UpdateTask"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,336",
        "eid": 7676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,415",
        "eid": 7677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,415",
        "eid": 7678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,415",
        "eid": 7679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,415",
        "eid": 7680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,415",
        "eid": 7681,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7683,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{92696C00-7578-48E1-AC1A-2CA909E2C8CF}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:57,477",
        "eid": 7699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:58,118",
        "eid": 7700,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:58,336",
        "eid": 7701,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff977880000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:58,336",
        "eid": 7702,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFullName",
          "content": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFamily",
          "content": "86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
          "content": "41975884"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags2",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageOrigin",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Volume",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\OSMaxVersionTested",
          "content": "\\x00\\x00\\xf4e\\x00\\x00\n\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLocation",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\TargetDeviceFamilyName",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR",
          "content": "2006"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,352",
        "eid": 7716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{CF651713-CD08-4FD8-B697-A281B6544E2E}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,399",
        "eid": 7724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,461",
        "eid": 7725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,461",
        "eid": 7726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,461",
        "eid": 7727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
          "content": "41975884"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:58,461",
        "eid": 7728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,399",
        "eid": 7729,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,399",
        "eid": 7730,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
          "content": "S-1-5-21-3749840076-4109591986-3192690632-1000-MergedResources-1.pri"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,399",
        "eid": 7731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\UseSystemMetadataPath",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7732,
        "data": {
          "file": "api-ms-win-crt-private-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7733,
        "data": {
          "file": "AppxDeploymentClient.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff975fe0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7734,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7735,
        "data": {
          "file": "ext-ms-onecore-appmodel-staterepository-cache-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff973ad0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7736,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
          "content": "41975884"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
          "content": "41975884"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:24:59,727",
        "eid": 7739,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFullName",
          "content": "Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageFamily",
          "content": "86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags",
          "content": "41975884"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Flags2",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\PackageOrigin",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\Volume",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\OSMaxVersionTested",
          "content": "\\x00\\x00\\xf4e\\x00\\x00\n\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLocation",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\TargetDeviceFamilyName",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.UI.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:24:59,743",
        "eid": 7762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,055",
        "eid": 7763,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.UI.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff971f90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,055",
        "eid": 7764,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,055",
        "eid": 7765,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.UI.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Core.CoreWindow\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,071",
        "eid": 7777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,102",
        "eid": 7778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,102",
        "eid": 7779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,102",
        "eid": 7780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\Flags",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,102",
        "eid": 7781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\11e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsAppRuntime.1.7_7000.770.750.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7782,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.windowsappruntime.1.7_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7785,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97eb60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7786,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\Flags",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\f0\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7791,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.vclibs.140.00.uwpdesktop_8wekyb3d8bbwe\\ResourcesConfig\\CachedMergedResourcesPriFileName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mrt\\_Merged\\ShouldMergeInProc",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,118",
        "eid": 7793,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\Language",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7794,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\Flags",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7795,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\Flags",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7796,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Flags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7798,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7799,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
          "content": "\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7800,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7801,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
          "content": "\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7802,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7804,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7805,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
          "content": "\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7806,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7807,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
          "content": "\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7808,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.UI.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,133",
        "eid": 7819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.ViewManagement.AccessibilitySettings\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,149",
        "eid": 7820,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97adb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,149",
        "eid": 7821,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,149",
        "eid": 7822,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\Language",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7823,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.language-ru_8wekyb3d8bbwe\\Flags",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7824,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_neutral_split.scale-100_8wekyb3d8bbwe\\Flags",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7825,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Families\\Microsoft.YourPhone_8wekyb3d8bbwe\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Flags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7827,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7828,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile\\Languages",
          "content": "\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7829,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7830,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\ManifestLanguagesList",
          "content": "\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7831,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.yourphone_8wekyb3d8bbwe\\ResourcesConfig\\OverrideLanguagesList",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7844,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\DontSendAdditionalData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,165",
        "eid": 7847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\DllPath",
          "content": "C:\\Windows\\System32\\biwinrt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Threading",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,180",
        "eid": 7855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskInstance\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,196",
        "eid": 7856,
        "data": {
          "file": "C:\\Windows\\System32\\biwinrt.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff962f90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,196",
        "eid": 7857,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{A2ADD09A-FB9B-4E6E-BC69-0B810EEB0AB4}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,243",
        "eid": 7866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0166231B-FD21-4E33-A713-75EB3207A138}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,258",
        "eid": 7867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C21A025F-497A-47CE-ABB5-DD7CF34D04CB}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\DllPath",
          "content": "C:\\Windows\\System32\\biwinrt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Threading",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,274",
        "eid": 7890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7891,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7892,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7893,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\DllPath",
          "content": "NativeHostNE.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7894,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7895,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7896,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,290",
        "eid": 7897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7901,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7902,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7903,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\DllPath",
          "content": "NativeHostNE.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7904,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7905,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7906,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Background.Tasks.UpdateTask\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:05,305",
        "eid": 7910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7911,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7912,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7913,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-2",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7914,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7915,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": "0x7ff97eb60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7916,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHostNE.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964f50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7917,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,336",
        "eid": 7918,
        "data": {
          "file": "hostfxr.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,352",
        "eid": 7919,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,352",
        "eid": 7920,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,352",
        "eid": 7921,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff969170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,352",
        "eid": 7922,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,461",
        "eid": 7923,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,461",
        "eid": 7924,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,461",
        "eid": 7925,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff965fd0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,461",
        "eid": 7926,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,461",
        "eid": 7927,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,493",
        "eid": 7928,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7929,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7930,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff963350000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7931,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7932,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7933,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7934,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7935,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": "0x7ff97eb60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,508",
        "eid": 7936,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,524",
        "eid": 7937,
        "data": {
          "file": "ntdll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,524",
        "eid": 7938,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,524",
        "eid": 7939,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97eb60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,524",
        "eid": 7940,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,555",
        "eid": 7941,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9467a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,555",
        "eid": 7942,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,743",
        "eid": 7943,
        "data": {
          "file": "api-ms-win-core-winrt-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,743",
        "eid": 7944,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,743",
        "eid": 7945,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,790",
        "eid": 7946,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,790",
        "eid": 7947,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,790",
        "eid": 7948,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,790",
        "eid": 7949,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,790",
        "eid": 7950,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f320000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,790",
        "eid": 7951,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,805",
        "eid": 7952,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,805",
        "eid": 7953,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,805",
        "eid": 7954,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\clrjit.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff963170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:05,805",
        "eid": 7955,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7956,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7957,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7958,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7959,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7960,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97eb60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7961,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:06,086",
        "eid": 7963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,196",
        "eid": 7964,
        "data": {
          "file": "icu.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95f110000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,196",
        "eid": 7965,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,883",
        "eid": 7966,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy",
          "pathtofile": null,
          "moduleaddress": "0x7ff965fd0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:06,883",
        "eid": 7967,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,430",
        "eid": 7968,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\BCrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,430",
        "eid": 7969,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,430",
        "eid": 7970,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\BCrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,430",
        "eid": 7971,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,430",
        "eid": 7972,
        "data": {
          "file": "BCrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d580000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,430",
        "eid": 7973,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,446",
        "eid": 7974,
        "data": {
          "file": "C:\\Windows\\System32\\bcryptprimitives.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dc80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,461",
        "eid": 7975,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,649",
        "eid": 7976,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff975ce0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:07,649",
        "eid": 7977,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,727",
        "eid": 7978,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.dll",
          "pathtofile": null,
          "moduleaddress": "0x2887fce0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,727",
        "eid": 7979,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,852",
        "eid": 7980,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff972330000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,852",
        "eid": 7981,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,915",
        "eid": 7982,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9638d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,915",
        "eid": 7983,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,930",
        "eid": 7984,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff965af0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,930",
        "eid": 7985,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,930",
        "eid": 7986,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff965aa0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,930",
        "eid": 7987,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,946",
        "eid": 7988,
        "data": {
          "file": "api-ms-win-core-winrt-string-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,946",
        "eid": 7989,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,961",
        "eid": 7990,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff972310000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,961",
        "eid": 7991,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,993",
        "eid": 7992,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96cf20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:09,993",
        "eid": 7993,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,024",
        "eid": 7994,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET.dll",
          "pathtofile": null,
          "moduleaddress": "0x28882e10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,024",
        "eid": 7995,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,071",
        "eid": 7996,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96d0a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,071",
        "eid": 7997,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,086",
        "eid": 7998,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96bdf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,086",
        "eid": 7999,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,086",
        "eid": 8000,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96cf90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,086",
        "eid": 8001,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,118",
        "eid": 8002,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors.dll",
          "pathtofile": null,
          "moduleaddress": "0x2887fcf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,118",
        "eid": 8003,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,133",
        "eid": 8004,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff973cb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,133",
        "eid": 8005,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,774",
        "eid": 8006,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff961750000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:10,774",
        "eid": 8007,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:11,836",
        "eid": 8008,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9625f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:11,836",
        "eid": 8009,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:11,836",
        "eid": 8010,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96b630000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:11,852",
        "eid": 8011,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:11,883",
        "eid": 8012,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff962440000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:11,883",
        "eid": 8013,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,071",
        "eid": 8014,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff962140000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,086",
        "eid": 8015,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,165",
        "eid": 8016,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964980000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,165",
        "eid": 8017,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,274",
        "eid": 8018,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff973ce0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,274",
        "eid": 8019,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,321",
        "eid": 8020,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964da0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,321",
        "eid": 8021,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8022,
        "data": {
          "file": "api-ms-win-core-com-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8023,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8024,
        "data": {
          "file": "api-ms-win-core-winrt-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8025,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:12,368",
        "eid": 8036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,383",
        "eid": 8037,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff962ff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:12,430",
        "eid": 8038,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,165",
        "eid": 8045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8061,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.YourPhone_8wekyb3d8bbwe\\PSR\\WnfStateName",
          "content": "\\xe5\\xa8\\xbd\\xa3mN\\xc6A"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8062,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8063,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,180",
        "eid": 8065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000\\ProfileImagePath",
          "content": "C:\\Users\\cape"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,383",
        "eid": 8076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,493",
        "eid": 8077,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff961f30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,493",
        "eid": 8078,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,508",
        "eid": 8079,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,508",
        "eid": 8080,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,508",
        "eid": 8081,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,508",
        "eid": 8082,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,508",
        "eid": 8083,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,508",
        "eid": 8084,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,602",
        "eid": 8085,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff943a90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:14,602",
        "eid": 8086,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,790",
        "eid": 8087,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe",
          "content": "\\x01\\x19\\xf9\\x15[\\x8a\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:14,805",
        "eid": 8088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\TrustRidDll",
          "content": "logoncli.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:16,633",
        "eid": 8089,
        "data": {
          "file": "logoncli.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97c8e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:16,633",
        "eid": 8090,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,665",
        "eid": 8112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,680",
        "eid": 8113,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Probe",
          "content": "\\x01\\x19\\xf9\\x15[\\x8a\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:16,743",
        "eid": 8125,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.ApplicationModel.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff969920000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:16,758",
        "eid": 8126,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:16,774",
        "eid": 8127,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\Repository\\Packages\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\PackageStatus",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,461",
        "eid": 8135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8139,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8140,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8141,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\DllPath",
          "content": "YourPhone.Exp.WinRT.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8142,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8143,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8144,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,477",
        "eid": 8148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8149,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8150,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8151,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\DllPath",
          "content": "YourPhone.Exp.WinRT.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8152,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8153,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8154,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Exp.WinRT.RemoteConfigurationInstance\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:19,493",
        "eid": 8158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:23,743",
        "eid": 8159,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,915",
        "eid": 8160,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,915",
        "eid": 8161,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,946",
        "eid": 8162,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,946",
        "eid": 8163,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:30,649",
        "eid": 8164,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.WinRT.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964560000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:30,649",
        "eid": 8165,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Web.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:30,696",
        "eid": 8176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Data.Json.JsonObject\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8177,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Web.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff964e00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8178,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8179,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ucrtbase.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8180,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8181,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ucrtbase.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8182,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8183,
        "data": {
          "file": "ucrtbase.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:31,821",
        "eid": 8184,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:35,602",
        "eid": 8185,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:35,602",
        "eid": 8186,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:35,602",
        "eid": 8187,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\DllPath",
          "content": "YourPhone.Contracts.Exp.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:35,602",
        "eid": 8188,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:35,602",
        "eid": 8189,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:35,602",
        "eid": 8190,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,133",
        "eid": 8191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,133",
        "eid": 8192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,133",
        "eid": 8193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8195,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8196,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8197,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\DllPath",
          "content": "YourPhone.Contracts.Exp.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8198,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8199,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,149",
        "eid": 8200,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.Contracts.Exp.RemoteConfiguration\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,649",
        "eid": 8201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:36,649",
        "eid": 8202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:37,227",
        "eid": 8203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:37,227",
        "eid": 8204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:37,290",
        "eid": 8205,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Exp.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97aaa0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:37,290",
        "eid": 8206,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8207,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8208,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8209,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\DllPath",
          "content": "YourPhone.AppCore.WinRT.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8210,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8211,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8212,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Devices.DeviceDataStore\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:38,477",
        "eid": 8216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8217,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.WinRT.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95dae0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8218,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:39,524",
        "eid": 8240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8252,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\Version",
          "content": "\\x00\\x00\\x00\\x00\\x00\\x00\\x10@\\xe9\\xbalj\\x8a\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,524",
        "eid": 8253,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\DefaultRemoteDevice",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:40,555",
        "eid": 8254,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\Devices\\DefaultRemoteDevice",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:42,805",
        "eid": 8255,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing.dll",
          "pathtofile": null,
          "moduleaddress": "0x2887fcd0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:42,805",
        "eid": 8256,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:42,868",
        "eid": 8257,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97aa90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:42,868",
        "eid": 8258,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,040",
        "eid": 8259,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard.dll",
          "pathtofile": null,
          "moduleaddress": "0x2887fd40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,040",
        "eid": 8260,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:49,133",
        "eid": 8261,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95d920000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:49,305",
        "eid": 8262,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8263,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8264,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8265,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8266,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8267,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97dde0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8268,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8269,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8270,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8271,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\DllPath",
          "content": "YourPhone.AppCore.WinRT.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8272,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8273,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,446",
        "eid": 8274,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,571",
        "eid": 8275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,571",
        "eid": 8276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8279,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8280,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8281,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\DllPath",
          "content": "YourPhone.AppCore.WinRT.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8282,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\IsPackageRelativePath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8283,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,586",
        "eid": 8284,
        "data": {
          "regkey": "\\REGISTRY\\A\\{A55E658F-037D-4D42-90E5-89D2D16743F1}\\ActivatableClassId\\YourPhone.AppCore.WinRT.Utilities.TelemetryUtils\\Private",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,196",
        "eid": 8287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\InstalledLocation",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,196",
        "eid": 8288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateRepository\\Cache\\Package\\Data\\14e\\MutableLink",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,196",
        "eid": 8289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,196",
        "eid": 8290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,196",
        "eid": 8291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,196",
        "eid": 8292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:59,211",
        "eid": 8310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:12,415",
        "eid": 8322,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\ExpOverrides\\ExpRingOverrideSetting",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:16,899",
        "eid": 8323,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff972420000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:16,899",
        "eid": 8324,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:20,446",
        "eid": 8335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:33,243",
        "eid": 8336,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:33,243",
        "eid": 8337,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ImpressionId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:33,243",
        "eid": 8338,
        "data": {
          "regkey": "\\REGISTRY\\A\\{8a4a5abe-fc54-a7d3-de82-fcbabdefd098}\\LocalState\\FlightsDataStore\\ETag",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:45,493",
        "eid": 8339,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff978e50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:45,493",
        "eid": 8340,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,774",
        "eid": 8341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,774",
        "eid": 8342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,774",
        "eid": 8343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath",
          "content": "C:\\Windows\\System32\\biwinrt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,774",
        "eid": 8344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,774",
        "eid": 8345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,790",
        "eid": 8346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:57,790",
        "eid": 8347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\DllPath",
          "content": "C:\\Windows\\System32\\biwinrt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Threading",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:58,915",
        "eid": 8362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:04,305",
        "eid": 8363,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95dcf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:04,305",
        "eid": 8364,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:05,977",
        "eid": 8365,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95cf40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:05,977",
        "eid": 8366,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,055",
        "eid": 8367,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95bfa0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,086",
        "eid": 8368,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,133",
        "eid": 8369,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96c500000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,149",
        "eid": 8370,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,180",
        "eid": 8371,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95e940000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,180",
        "eid": 8372,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,633",
        "eid": 8373,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95edd0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,633",
        "eid": 8374,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,649",
        "eid": 8375,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95be70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,665",
        "eid": 8376,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,696",
        "eid": 8377,
        "data": {
          "file": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff95bcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:27:06,696",
        "eid": 8378,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,041",
        "eid": 8379,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,244",
        "eid": 8380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,244",
        "eid": 8381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,244",
        "eid": 8382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,244",
        "eid": 8383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,244",
        "eid": 8384,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,244",
        "eid": 8385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,462",
        "eid": 8405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AccessPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,509",
        "eid": 8413,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,572",
        "eid": 8414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,572",
        "eid": 8415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
          "content": "combase.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,572",
        "eid": 8416,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,572",
        "eid": 8417,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,603",
        "eid": 8418,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,697",
        "eid": 8419,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97adb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,697",
        "eid": 8420,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,697",
        "eid": 8421,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Class Factory for Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\thumbcache.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
          "content": "Apartment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Class Factory for Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\thumbcache.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
          "content": "Apartment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,744",
        "eid": 8438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppID",
          "content": "{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,759",
        "eid": 8458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8459,
        "data": {
          "file": "C:\\Windows\\System32\\thumbcache.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff965ec0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8460,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8461,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32\\(Default)",
          "content": "{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,791",
        "eid": 8468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\propsys.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\propsys.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:04,806",
        "eid": 8477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,822",
        "eid": 8478,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff979d80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:04,822",
        "eid": 8479,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,416",
        "eid": 8480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,431",
        "eid": 8481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,447",
        "eid": 8482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Class Factory for Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,447",
        "eid": 8483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,462",
        "eid": 8484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,462",
        "eid": 8485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\thumbcache.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,462",
        "eid": 8486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
          "content": "Apartment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,525",
        "eid": 8487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,541",
        "eid": 8488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,541",
        "eid": 8489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Class Factory for Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,541",
        "eid": 8490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,541",
        "eid": 8491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,556",
        "eid": 8492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\thumbcache.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:08,556",
        "eid": 8493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
          "content": "Apartment"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:13,666",
        "eid": 8494,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:13,666",
        "eid": 8495,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:13,666",
        "eid": 8496,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:13,666",
        "eid": 8497,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:26,961",
        "eid": 8498,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,961",
        "eid": 8499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,961",
        "eid": 8500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,961",
        "eid": 8501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,961",
        "eid": 8502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AuthenticationLevel",
          "content": "6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{15c20b67-12e7-4bb6-92bb-7aff07997402}\\AccessPermission",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x03\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xa1'`\\x8f\\x9a\\xbb\\x184c\\xb6w\\xff\\x9d\\xd5\\xb6l\\xe72\\x1ah\\x08RC\\x92\\x86\\xa6\\x1f\\xd8\\x98\\x17\\x1b;\t\\x00L\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8510,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}\\(Default)",
          "content": "PerAppRuntimeBroker"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:26,993",
        "eid": 8514,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,008",
        "eid": 8515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,008",
        "eid": 8516,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,024",
        "eid": 8517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6040EC14-6557-41F9-A3F7-B1CAB7B42120}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,024",
        "eid": 8518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,024",
        "eid": 8519,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\DllPath",
          "content": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\DllPath",
          "content": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,305",
        "eid": 8536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,321",
        "eid": 8537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,321",
        "eid": 8538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,321",
        "eid": 8539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,321",
        "eid": 8540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,321",
        "eid": 8541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Management.Deployment.PackageManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8542,
        "data": {
          "file": "api-ms-win-crt-private-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8543,
        "data": {
          "file": "C:\\Windows\\System32\\AppXDeploymentClient.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff975fe0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8544,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8545,
        "data": {
          "file": "api-ms-win-core-winrt-string-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8546,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8547,
        "data": {
          "file": "api-ms-win-security-base-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97d6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8548,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8549,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-1.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97b2e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8550,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8551,
        "data": {
          "file": "api-ms-win-security-capability-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f990000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8552,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageQuery",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageManagement",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:27,352",
        "eid": 8555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F7AAD08D-0840-46F2-B5D8-CAD47693A095}\\ProxyStubClsid32\\(Default)",
          "content": "{73959FD1-7360-42F7-807D-622341783DC0}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": "Windows.Management.Deployment.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": "Windows.Management.Deployment.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": "Windows.Management.Deployment.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,415",
        "eid": 8577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\(Default)",
          "content": "Windows.Management.Deployment.ProxyStubFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\AppXDeploymentClient.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:50,430",
        "eid": 8585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73959FD1-7360-42F7-807D-622341783DC0}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,602",
        "eid": 8596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8597,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.ApplicationModel.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff969920000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8598,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8601,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97b2e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8602,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\DllPath",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,649",
        "eid": 8613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Package\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{69ad6aa7-0c49-5f27-a5eb-ef4d59467b6d}\\ProxyStubClsid32\\(Default)",
          "content": "{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,665",
        "eid": 8636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:52,680",
        "eid": 8643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0bfee0ab-71c3-4ffe-89ef-bd28bef201e7}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\DllPath",
          "content": "C:\\Windows\\System32\\AppExtension.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\DllPath",
          "content": "C:\\Windows\\System32\\AppExtension.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\Permissions",
          "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,649",
        "eid": 8667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.AppExtensions.AppExtensionCatalog\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:37,680",
        "eid": 8668,
        "data": {
          "file": "C:\\Windows\\System32\\AppExtension.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff969730000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:37,680",
        "eid": 8669,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,680",
        "eid": 8670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3C36668A-5F18-4F0B-9CE5-CAB61D196F11}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,680",
        "eid": 8671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,680",
        "eid": 8672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,680",
        "eid": 8673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,696",
        "eid": 8694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8700,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff977880000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:37,711",
        "eid": 8701,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,711",
        "eid": 8702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\packageQuery",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,711",
        "eid": 8703,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fcb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,711",
        "eid": 8704,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{97872032-8426-4AD1-9084-92E88C2DA200}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath",
          "content": "C:\\Windows\\System32\\combase.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8724,
        "data": {
          "file": "C:\\Windows\\System32\\combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f480000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8725,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.AppExtension\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,727",
        "eid": 8740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21374459-f51f-462a-a7c1-53b8c35dd20b}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,743",
        "eid": 8754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,758",
        "eid": 8755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,758",
        "eid": 8756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,758",
        "eid": 8757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,758",
        "eid": 8758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,758",
        "eid": 8759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,790",
        "eid": 8760,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff96b9e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:38,790",
        "eid": 8761,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,805",
        "eid": 8762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6ee39249-1e54-55b9-9171-97e8c6778a96}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:38,821",
        "eid": 8763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{94520810-7E9B-5EFD-B74D-E9D4175FD94A}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,555",
        "eid": 8764,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,571",
        "eid": 8765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,571",
        "eid": 8766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,571",
        "eid": 8767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,571",
        "eid": 8768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,649",
        "eid": 8769,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff966910000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,649",
        "eid": 8770,
        "data": {
          "file": "C:\\Windows\\System32\\SyncCenter.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9732d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,727",
        "eid": 8771,
        "data": {
          "file": "C:\\Windows\\System32\\actxprxy.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff976c70000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6295DF2D-35EE-11D1-8707-00C04FD93327}\\(Default)",
          "content": "Sync Center (Private)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1202DB60-1DAC-42C5-AED5-1ABDD432248E}\\(Default)",
          "content": "Sync Center Client"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}\\(Default)",
          "content": "Sync Center Control"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B8558612-DF5E-4F95-BB81-8E910B327FB2}\\(Default)",
          "content": "Sync Center (Private)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,743",
        "eid": 8786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8D8B8E30-C451-421B-8553-D2976AFA648C}\\(Default)",
          "content": "Sync Center Schedule Wizard"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,774",
        "eid": 8787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,774",
        "eid": 8788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,774",
        "eid": 8789,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97adb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,774",
        "eid": 8790,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,774",
        "eid": 8791,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97adb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,774",
        "eid": 8792,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9B63616C-36B2-46BC-959F-C1593952D19B}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,790",
        "eid": 8808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,805",
        "eid": 8809,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,805",
        "eid": 8810,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,821",
        "eid": 8811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F566E43E-7497-4102-94EF-5F16500B2EF5}\\ProxyStubClsid32\\(Default)",
          "content": "{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:32,836",
        "eid": 8812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F8C87A7A-AB21-464A-89CE-D152348105C1}\\ProxyStubClsid32\\(Default)",
          "content": "{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,836",
        "eid": 8813,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff977880000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:32,836",
        "eid": 8814,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,008",
        "eid": 8815,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,008",
        "eid": 8816,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x7ff97f7e0000"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,008",
        "eid": 8817,
        "data": {
          "regkey": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,008",
        "eid": 8818,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\StartAtLogin",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,024",
        "eid": 8819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Syncmgr\\Handlers\\{750fdf10-2a26-11d1-a3ea-080036587f03}\\Isolate",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,086",
        "eid": 8820,
        "data": {
          "file": "C:\\Windows\\System32\\SyncInfrastructure.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff973f20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,102",
        "eid": 8821,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff966910000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,102",
        "eid": 8822,
        "data": {
          "file": "C:\\Windows\\System32\\cscui.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff965160000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,118",
        "eid": 8823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,118",
        "eid": 8824,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97eb60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,118",
        "eid": 8825,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,118",
        "eid": 8826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
          "content": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,118",
        "eid": 8827,
        "data": {
          "regkey": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,118",
        "eid": 8828,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\SyncTime",
          "content": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,165",
        "eid": 8829,
        "data": {
          "file": "Winsta.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,165",
        "eid": 8830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,165",
        "eid": 8831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,165",
        "eid": 8832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C947D50F-378E-4FF6-8835-FCB50305244D}\\(Default)",
          "content": "SyncInfrastructure Class"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,227",
        "eid": 8833,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,227",
        "eid": 8834,
        "data": {
          "regkey": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,227",
        "eid": 8835,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,227",
        "eid": 8836,
        "data": {
          "regkey": "HKEY_CURRENT_USER_LOCAL_SETTINGS\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:33,227",
        "eid": 8837,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\SyncMgr\\HandlerInstances\\{750FDF10-2A26-11D1-A3EA-080036587F03}\\Connected",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,258",
        "eid": 8838,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:33,258",
        "eid": 8839,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,336",
        "eid": 8840,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,336",
        "eid": 8841,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,336",
        "eid": 8842,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,352",
        "eid": 8843,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,352",
        "eid": 8844,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,352",
        "eid": 8845,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,368",
        "eid": 8846,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,368",
        "eid": 8847,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,368",
        "eid": 8848,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,368",
        "eid": 8849,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,383",
        "eid": 8850,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:43,383",
        "eid": 8851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:25:43,383",
        "eid": 8852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,383",
        "eid": 8853,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:25:43,383",
        "eid": 8854,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,071",
        "eid": 8855,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,086",
        "eid": 8856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,086",
        "eid": 8857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,086",
        "eid": 8858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,086",
        "eid": 8859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,086",
        "eid": 8860,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,102",
        "eid": 8881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AccessPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8889,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
          "content": "combase.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8892,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,118",
        "eid": 8893,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,133",
        "eid": 8894,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,149",
        "eid": 8895,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97adb0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,149",
        "eid": 8896,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,165",
        "eid": 8897,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Class Factory for Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\thumbcache.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
          "content": "Apartment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,180",
        "eid": 8906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\GipActivityBypass",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Class Factory for Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\thumbcache.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\InprocServer32\\ThreadingModel",
          "content": "Apartment"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppID",
          "content": "{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\(Default)",
          "content": "Thumbnail Cache Out of Proc Server"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LocalService",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\DllSurrogate",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RunAs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ActivateAtStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ROTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AppIDFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\MGOTFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProcessMitigationPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LaunchPermission",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\LegacyImpersonationLevel",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\AuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\RemoteServerName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\SRPTrustLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\PreferredServerBitness",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\LoadUserSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,196",
        "eid": 8934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\ProtectionLevel",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8935,
        "data": {
          "file": "C:\\Windows\\System32\\thumbcache.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff965ec0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8936,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8937,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{75121952-e0d0-43e5-9380-1d80483acf72}\\ProxyStubClsid32\\(Default)",
          "content": "{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,211",
        "eid": 8943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\propsys.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\propsys.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 10:26:39,227",
        "eid": 8953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,243",
        "eid": 8954,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff979d80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:39,243",
        "eid": 8955,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:44,321",
        "eid": 8956,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:44,321",
        "eid": 8957,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:44,321",
        "eid": 8958,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 10:26:44,321",
        "eid": 8959,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      }
    ],
    "encryptedbuffers": [
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "CryptEncrypt",
        "buffer": "d\\x9cp^\\xd7L\\xcb\\xa4\\xd1\\x94\\x85\\xfb\\x89\\xb9\\x04i",
        "crypt_key": "0x00f496c8"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xde\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9c\\xfa\\x05T\\x9c[\\xd3-\n7\\xae\\xc1\\x02\\x04\\x82C\\x13\\x9c\\xe0\\xee\\xde\\xb8\\x134\\xb8\\xbb\\xbb\\x05\\x08\\x10\\xb4q\\x82K\\x80`\\xc1=\\xb8\\xbb\\xbb[p\\x87\\x10\\xec6\\xd9;\\xef\\xbb\\xf7\\xf7\\x7fg\\xfc\\xe7\\xde\\xce \\xa3{U\\xad\\xaa\\x9a\\xb3d\\xad\\xa7G#\\xc7\\xae\\xc2 \\x93\n\\x8b\\xb0q\\x8bq\\x8a\\xb3p\\xb1\\x8apI\\x88\\x8aq\\xb1s\\x88qs\\xb0\\x89\\xb0\\xb3p0\\x8bq\\xb0\\x8as\\x92chX\\xd8\\x1a\\xdb\\xb99\\x91\\x8a\\x99\\x98\\x9a\\xd8\\x1a\\x9b8\\xd2\\xfeg\\x85\\x99\\x89\\x14\\xa2j\\xe1\\xcc\\x02\\xc7\\xc6\\xc8\\xc6\\xc8\\xc4\\xf3B\\xd8\\xd8\\xc6\\xc2\\xd6\\xc2\\xc9\\xd9\\xd1\\xc0\\xd9\\xceQ\\x04\\xcb\\xc8\\xc0\\xdeD[L\\EFUA\\x91AQ\\x94\\x89YWj\\x9eC\\x19\\x95\\x8b\\x9b\\x91\\x85\\x95\\x91\\x99\\x89\\x95\\x91\\x83I\\x0bF\\xfe\\xad\\xb0>\\xac#\\x8c:3\\x97'\\xb7(\\x8f\\x8e\\x9a\\x93\\x89\\xa3\\x93\\xce\\xf3N\\x1da{{1\\x03g\\x03\\x1dY;#\\x03k\\x1dU\\x13\\x1b{\\x1d.N&vVc&\\x03c.f\\x03#VV\\x0eN\\x13SvF\\x13w\\x93@(T&cR&sR&\\x1bRfN\\xa7p\\xa8\\xdce\\x98\\xa7\\xb9\\xa75\\x00\\x86\\xb4\\x04H\\x02\\x00\\x05\\x05\\x05\\xd0\\x87\\xfc\\x03<-\\x02D\\x01/\\x90\\x90Q\\x90\\x11_\\xa0\\xa0\\xa0\\xa0\\xa3\\xbd\\xc0\\xc0&\\xc3\\xc1\\xc6\\xc2\\xc2\\xa6&\"\\xc6#c\\xa2ea~K\\xcb\\xc8\\xc0\\xc6+#\\xc4\\xc6%\\xc9\\xcd\\xc0(\\xa2)\")\\xaf\\xa8\\xaa\\xa6\\xca*\\xa8k\\xa4\\xa3l(\\xa3\\xa2\\xaa\\xf4l\\x04\n\r\\x1d\\x1d\\x1b\\x13\\x9b\n\\x07\\x87J\\x89\\x83\\x91C\\xe9\\xff\\xf5\\xeb\\xa9\r\\x80\\x89\\x08\\xb5\\x06\\xed\\x0f\\x03E\\x0e\\x80\\xc6\\x84\\x82\\xc1\\x84z\\xea\\x02\\x90\\x00\\x00PpP\\xbf_\\x80\\xbf_P\\xd00\\xb0p\\xf0\\x08\\x88\\x90\\xa0!\n5\\x18\\x00h(\\x18\\x18hX\\x1888XX\\x88\\xd4\\x07\"\\x07\\xc0b\\xc2a\\x911\\x0b\\xc3\\xbfT2@ w\\xc0f\t\\x88\\xcdF\\xa4\\x10\\xa9h\\xc7Q\\x1e?\\x05\\xb2\\x1a:\\x06\"!\\xe3\\xbe\\xc2\\xc3\\x7fM\\xf9\\x86\\x8a\\x9a\\x86\\x96\\x8d\\x9d\\x83\\x93\\x8b\\x9bGTL\\BR\n$\\xad\\xa2\\xaa\\xa6\\xae\\xf1NS\\xcb\\xc8\\xd8\\xc4\\xd4\\xcc\\xdc\\xc2\\xd2\\xc9\\xd9\\xc5\\xd5\\xcd\\xdd\\xc3\\xf3CPp\\xc8\\xc7\\xd0\\xb0pp\\|BbRrJjNn^\\xfe\\x97\\x82\\xc2\\xa2\\xaf\\x95U\\xd55\\xb5u\\xf5\r\\x8d\\x1d\\x9d]\\xdd=\\xbd}\\xfd\\x03\\x13\\x93S\\xd33\\xb3s\\xf3\\x0b\\xeb\\x1b\\x9b[\\xdb;\\xbb?\\xf6\\xf6\\xcf\\xce/.\\xaf\\xaeo~\\xde\\xfez\\xc6\\x05\\x05\\x80\\x81\\xfa\\xf3\\xfa_qaBpA\\xc3\\xc2\\xc2\\xc0\"<\\xe3\\x82\\x82v{V\\xc0\\x84\\x85#c\\x86\\xc7\\x12VB0pxI\\xce\\x12\\x80\\x88-\\x12\\x9b]\\xd1\\x8eD\\xc1\\xaa|\\x8ac\\xe88\\x8e\\x8c\\x0bd[\\xa7<{\\x86\\xf6\\x1b\\xd9\\xff\\x1d\\xb0\\xc0\\xffO\\xc8\\xfe\\x03\\xec\\xbf\\xb8\\x16\\x00\\xa80P\\x90\\xe4\\xc1`\\x02\\x04\\x01\\x11\\xa9\\xac\\xc2\\xc5\\x8d\"\\xb9\\xba8\\xce\\xa8\\xc8if5>\\xf4\\xdb\\x83\\xaf(\\xb6h:3\\xa4\\xf9\\x07\\xfaQ+}\\xfa\\xfa\\x89\\xeb\\xbf\\xf4\\x13\\xc6\\xa6\\xf1\\xe0\\x08l\\xd4-\\xf4\\xcb\\xc0k\"^\\xdb\\xfaiI\\x08\\xa5h\\x129\\xec\\xdd\\xb4Jo\\xbf\\xabjX+\\xcd1\\xe3\\xbfU\\xd2p\\xc1\t\\x90\\xf6P:\\xa4\\xe2\\xe6>\\xf8\\xa9F\\xbb\\x1f4\\xb59\\x14E\\x1b\\xe3\\xbc\\xb5\\xd1\\x111.\\xae\t\\x95*;.\\x0e\\x83:.\\x8e\r0\\x05\\x87S\\x03\\x86\\xf1s\\xc0\\x01!\\xe6\\xc3\\xd8\\x8a\\xd0\\xa6\\x11\\xcf\\x92\t\\xd3D\\xc8\\x82\\x05\\xab\\x0cH\\x08I\\x9c\\x81\\x12\\xb2\\xa0\\xbc\\x01\\xf6G\\x96\\xd6\\x92\\x86\\xa7\\xc4\\xae\\x8eG\\x95\\x96\\xd6Q\n\\x87\\xa7\\xa4d\\xa4\\xa1\\xc6\\x8b7\r\\x97\\x86\\xc7\\x8e\\xff\\xbd\\xeaB\t\\xf3\\x92-%?/\\xcbPYy\\\\xa8+\\x0f\\xf2.\\x9b\\x86\\xc6\\x02\\xa2\\xa4<\\xa1\\xc8\\xfc\\x82\\x12b\nY\\x9a:\\xcb\\x00\\x041\\xdc\\xc9\\x06\\xd9\\x03P\\x86\\x08\\x98~\\xfb\\x0f\\x86\\x0f\\x97\\x06P?\\xbf\\xc1\\xcf\t\\x07\\xd0P\\xe7\\x04\\x04C\\xf4\\x01\\xd8J\\xe200 H\\xa4J\\xe2\\xd8\\xa8{\\x91\\x9a\\x93\\xc9\\xa5\\x87\\xee\\xfb\\x8e\\x08\\xdbj\\xc3\\x02\\x08\\xe7\\xbb\\x92\\x87%/\\xc4\\xa67\\xc67U\\xbc+e\\xabP\\x0f^2lU%\\xe7\\xb3`\\xd2\\xbbS\\xb9\\x8d\\xa9G\\x8e\\xfe\\xba.\\x02\\xdb\\xf0\\x1c\\x16\\x19F\\x0c8\\xc2D\t\\x17\\x96k\\x01S>q\\x91D\\xba_\\xd1\\xbe9\\x9cN\\xb9\\xc4\\xdec+K5\\xefo\\xe5NF\\x17V\\xb3\\xd4\\xfe\\x88%?\\xc4c\\x16\\x1e\\xd5b)=&uZ,\\x93\\x9a\\x97\\x99\\x1c\\xaf$\\xa3\\x85\\x8f$\\x0e!G\t\\x12v\\x0781\\x1c \\xfd\\x17\\xa6q!$\\x90|\\xde\\x17h\\xa5p-j\\xbc\\x05\\x1a\\xf3,\\xd8\\xbc\\xfc\\x9c\\x800\\x90\\x8c8\\x0c\\x818\\x036\\xe0y\\xc9\\xc8\\x82f\\xea\\x99\\x9a\\xdf\\x1a\\x16\\xcc\\x10R\\xd8\\xfe\\xa6\n\\xeeEN\\x12vr\\x96\\xe1\\xeb\\xdf\\xb2g\\xee\\xb0\\xc0\\xf1\\x10\\x9a\\xfe\",~_\\x1a\\x19cB9\\xf5on\\x9f\\x17\\x01\\xbf\\xadC\\x02a\\xa6\\x860$M\\xfd\\xfc\\xe1\\x99\\xa1\\xbf\\xe4\\x10\\xef9\\xe1\\x7f1\r%\\x8e\\x8d\\x0c\\xef\\x82\\xb0'%\\xd4\\xe3\\xe54j\\xbb\\xbaA#\\xa7\\x91t\\x04\\x9bS\\xe2\\xd0(I\\x95\\x96\\x1d%\\xe0+(\\x0b\\xcd|\\xa2\\xa9\\x16\\x9fS\\x0e\\xe7\\xd4\\x9f\\x8b\\x07Z\\xb0\\xedZB\\xdb\\xbc\\xc8\\xfa\\xeeY\\xeb\\xfb%\\xeb\\xa2\\xec\\xdb\\xb8mr\\x13\\xa1q\\x7fZY\\x07K/\ts\\xfff\\x81\\xb0<\\xd8jy\\xb4\\x12\\xc8\\x1bM\\x7fn\\x12\\xdaq6\\x19\\xa5qU\\xc2\\xdf\"\\xf9\\x04`\\x1c\\xc9,\\x9e\\xd0\\xf2R\\x95\\x89=\\x10\\x17\\x01\\xb6\\xd0\\x90\\xb39| \\xb7^\\x8a\\x00\\x10\\xc6\\xdd8\\x9c,\\x12\\xd1z\\xbf^I\\xdb\\xe6\\xbd\\x90\\xe8\\xe5\\xd7\\xb2\\x0fn0q\\x80D?\\xd6\\xf5W\\xc0\\x89\\xbf\\xab\\xea\\x0f\\x972\\xe2\\x80\\xe7\\xf2\\xea\\x81\\xfc\\xa7\\x08\r\\xa9 \\xa9\\xdfe\\xf4\\xbc\\x0e\\xa1&1\\xdc\\x08+fb\\\\xa8g\\x1c\\x92\\x85\\xae\\xbc\\x02\\xe5g\\x95g\\xba^\\xf0\\x80\\x03\\xc2\\xa4 L\\xc0A4\\x85\\x9f\t\\xff\\x07\\xeb\\xd2\\xc8\\xcf;\\xe19>\\xfc\\xde\\x94\\xcf\\x06Y\\xfcM\\xaf\\xd2_\\x99\\x84\\x94\\xf3kj(H@\\x907J\\xcf+\\x7f\\xe2Q\\x12\\x87\\xf0\nY\t\\xa7\\xfeM+\\xfe\\xd4kj6Ewa\\x08\\xf9P\\xcf\\x7f\\xa9L\\xd491H\\xd1\\xd2\"\\x88\\x05J\\xa9\\xf0\\x1c\\xe1n\\xc4\\xf1\\xfa\\xaf\\xf59\\xc0\\xe9\\xd5\\x13\\x861]\\x90\\xbcB\\x8a\\x05R\\xb3\\xbf\\xcb\\x9e\\xba\\x9b\\x01\\x1bU\\xf6_H\\xf4))!k\\xd2\\x7f\\xf7\\x13\\xa4\\x06\\x9e\\x8b[\\xf4\\xb9+\\xba \\x94<W\\xd0\\xefhs\\x02\"\\xd9\\xe2\\xf7E\\x9f!C*\n$\\x13\\xfe\\x8c&]\\xca\\xfc5\\x01\\xa4\\xec =\\xf6ZK\\xda\\x04\\xe9\\xaf\\xb7\\xbf\\x1d=7\\xdes\\x8d\\xc2\\xfd\\xd5h*\\x10:\\x7f\\xfb\\xf9W\\xa5@\\xc0\n=\\x83%\\x02\\xe5\\x8bY\\xe0\\xd1F\\xa4\\x8a\\xca\\x81\\xf7\\xb2\\xde3bp\\xd6\\xd1\\xf7\\xd6\\xd5\\xc8\\xa6\\xc7nt\\xf0\\x8dt\\xb7[\\xfb{w\\xc5\\xc9\\\\x9b/\\x06\\xc4j\\x1e88\\xc4\\xde\\x9d\\x83\\x0e\\x85v\\xaa\\x19\\xf2Y\\xd0\\x93\r>*\\xe9\\xa8\\x99)\\xd3\\x0c\\xec\\x8c a(\\xd8\\x9e\\xc6f\\xa8^\\x92\\xe7\\x94~Dah\\xcau\\xc3\\x89\\x95@\\xc1\\xb9\n\\xad\\xbe\\x11S\\xfdH\na@\\xc3!\\xe67\\x17\\xd5\\x10:#&\\x94\\x84P\\xba\\xdf\\xac\\x8a\\x8ac\\xb7\\x89 \\x1e\\x893\\x9a\\x8fx\\x86\\x03l\\xb0\\x0f\\x91\\xe5\\xbe@`K[\\xd0\\xfc\\xae\\xe4\\x7f\\xe5\\x1d\\x9c\\xfc;/X\\xe1\\x7f\\xa6\\x8f\\xe8_\\x90\r\\x7f3\\x15\\x0e\\xe9\\x1b\\x02P\\xb8C\\xde\\x176H\\x92\\xa5\\xcc\\x9f;\\xc7\\x06\\x0e\\x11\\x92\\xff\\x90\\x98\\x9e\t\\x95\"j\\xbc\t\\x1aH-\\x0c<\\x1b\n\\x08\\xfdOY@\\x86\\x17\\xd7\\xc4\\xefF\\xfa\\x9dy\\xa4\\xdf]\\x05\\xe1\\xef\\xf7h\\x82\\xfb;;\\xcc\\xff]G\\xcb\\x9b\\xa6\\x89\\x9a_dw\\x9eYM\\xf0r\\xb0\\xf8\\xb28\\x97#\\xa1I,\\x99\\xe2\\xdf\\x0exXI\\xb7\\xcahyo\\x1c\\xc7wHDb\\xf5\\xa6|l\\x8b\\xbc\\x1e\\xa5\\xd0d\\x04\\xe3E\\xeeB\\xad\\xbe\\x8b\\x0e\\xd8s\\xc6-\\xcc`\\xb1l\\x85\\xcd\\x12\\xda\\xe3\\xa3?\\x8f\\xba\\xb5\\x06'RP\\xd8\\xea\\x9cK\t\\x95e\\xf5\\xadI\\x8e\\x99\\xd8\\x0f=\\x8dO\\x8b\\xa2E^1\\x151\\x05\\xc035\\xda\\xf44\\xa7\\x0f;KR\\xdd\\xa1m:\\xa7\\xb43\\xfb\\xcd\\x8c\\xc4x\\xee5\\xc4-#\\xafK\\x1b\\xb4n\\x88\\xc49\\xeds]\\t\\x06:\\x8bh8\\x95\\xea",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xd6",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8e4\\x15U\\xf3\\xe6AH\\x9bc7Y\\xbbx;\\xf9\\x1c\\xa7j\\xf6\"\\x0byR\\xa2B\\x01h\\x14\\x13\\xa5J\\x92\\xdd\\xad\\xadM\\xbd\\x138\\x9ds\\xfbZ\\x98,6y\\x0b\\x90\\x16\\x17\\xe1\\xe9Z\\xa0\\xb3\\xb8$\\xe7a_\\xb5L\\x0f\\xee$I\\xa9\\xffp\\x11a\\x16\\xc5\\x7f7A6\\xfd\\x9aW?\\xd3\\x9c\\x1a\\xfd\\x18:\\xea\\xe7\\xd1OE\\x98Y\\xc9\\x94\\x19\t\\x10f\\xc2\\xcb!\\x95@\\x98\\xc8\\xa6\\xfaK\\xae#\\xe5\\xc8\\x97\\xce\\xfa\\xf4\\x03\\xc6\\xea\\x0e\\xcc\\xed\\x0b\\x9f]\\xcf\\x8e\\x1d\\xa7\\x95\\xad\\xd2E\\x10\\x12i\\xbe\\xa4\\xe0\\xdf\\xba\\x18\\xcdR\\xdc\\xd3.\\x88\\x16\\xf7\\xcd\\x0c\\xdd`e\\xfb\\xb4s\\x82\\xa5\\xfd\\xa1\\xa8\\x88\\x83\\x0c\\xfd\\xc9m\\x98Dm\\x1c/\\xa4\\xbfHM:\\xd2:\"\\xae\\xbc\\xe2\\xde\\x8b\\xaa\\x81\\xcf,\\x00\\x15J\\x19\\x85~\\xdd$\\x8cy\\xfe\\xa9\\x86r\\xb1%\\xcb\\x82\\x8d\n\\xabv\\xdf\\xdc\\x02\\xfa\\xc0\\x90\\x82\\xac\\xdbN:*O~\\xc90!\r\\x9f2\\x06~\\x82;\\xd7\\xa1_:\\x80\\xe5x\\x86\\xce\\x9d!O&\\x9ayGn\\x9b\\x03\\xb3\\x0e\\xcc\\xf3\\x88c\\xd8+\\xad]La\\x7f~\\x08\\xac\\x97O\\x1e(;\\xf6J\\xbbs.\\xfcR;%^Sm\\x0bfS\\xbe\\x1f+\\xe4\\xde\\xda\\xad\\xdb\\x95\\x97\\xb1\\x91 \\xc0O\\x15d6\\RWU\\x99\\x04\\x10f\\xb6\\x8d\\xc1\\x8e\\x9b\\xd7\\xdbL\\xca~\\x7f\\x9f\\xb0{\\xff\\x11\\xf6\\x8b\\x10\\x02C\\xdb\\xc1\\xd5F\\xc9\\x13\\xa0\\x83\\x83\\xf3\\x96|\\xcb#o\\x1b\\x1d\\xcfd\\xb5\\xae@\\xe7\\xe6\\xf2H\\xd3\\xc6\\xc5\\x0f%/\\x92\\xado\\x88\\xaf\\x1bx\\x85\\xd0\\xba\\x19=\\x91\\x01\\x9f\\xb5\\xe0\\x9e,C\\x16\\x90\\xdf3\\xb6\\x94t\\x90\\xe6\\x03\\xb9\\xbb\\x8f)\\xa0wl\\xbf?\\x02\\x8am+\\x12\\x16Qw\\xc5\\xf6\\xff\\xf0t&\\xbc\\x88\\x9a\\xd6Z\\x95\\xab\\xfd|\\xb8?J\\xcbW\\xc9Bx\\xd4\\x8e\\x8c&u\\xb9\\x0b\\x93\\xe9\\xe9\\xb9h\\xc5\\xe0\\xf1\\xfa\\xb62\\xac@\\xb8\\xfe\\xf8\\xae\\x18\\x0c\\x7f\"/\\xfcU\\x84\\xee\t\\xb0\\xd4X\\xd2\\xfb\\x93\\x9cb2\\x03\\xe1@\\x08\\xeb35\\\\xfc,\\xd4\\x9cM\\x9ca43\\xf3$\\xf7\\xe8\\x99/\\x0e\\xef\\x1e\\x13\\xf0z\\x9fX\\x13\\xcb\\xcc\\x18\\x0e\\xf9\\B\\xc0`v\\xbb\\xfdd\\x14G\\xe4\\x18\\xbf\\x94\\xe0\\xb0\\xb2\\x96\\xf9\\xe3\\x02: FPG\\xf5\\x04\\xadx\\xe7\\xcd\\xcfc\\x98J\\x1c\\x9d\\x08\\xef\\xfa-_\\xc9\\xab,$m\\x85j\\xa6*q\\xbef1S\\xd4\\x01\\x8ex\\xf4\\xba\\x822\\xee\\x07\\x9aN\\xa9\\xe023an\\xe6\\xde\\xed\\xa0\\xe5`33|\\x98z\\x1c\\x1d\\xc6/\\xd6\\xa7\\xb8~Ubs\\xbd\\xe2*\\x99g\\x0f\\x96\\x16\\xf2\\xe5\\xd7{\\xb1\\xa6\\x19\\x9a\\xb1\"}\\xfd\\x19\\xc9}$\\xbb\\xa7Y(\\xcc?\\xbdY\\x18M\\xc9\\x15\\xbf\\x9e3j\\x00q\\x18z\\x0bd\\x9d\\xae\\x8e\\x84O\\xef\\xbddPbD\\x03\r\\xac#\\xec\\x03\\xbe\\xf9x^\\xff\\x9a\\xf1\\xaa\\xcd\\x7f\\xd1\\x8c\\xc5+\\x1fS4$\\xeb\\x0e\\x13\\xc5\\xfcS\\x19\\xd8\\x184.\\xdfw\\xf1\\xff\\xb0\\xf7\\xd6oQ\\xb6\\xef\\xba\\xf8C\\xa7\\x94\\x80C\\xc7\\x0c\\x82\\x94\\x94t\\xf7\\x00R\\xd2%\\xdd\\xddC\\x87\\xa0\\xe0\\x103t\\x83tw\t( \\xdd%H\\x08H\\x8d\\xb4\\x80\\x80\\xa4\\xdb\\xf7]\\xef\\xde\\xc7\\xda{\\xad\\xb5\\xf7g\\xfd\\xfa=\\xbe\\xff\\xc03\\xc73\\xd7\\xfd\\xdc\\xf7y]g\\xdc\\xa2B|\\xeb?B>F\\x01\\x86\\x1fg\\xc0M\\xbc\tMXcq\\xe4YWK\\xd28\\xc2&\\xe7\\x93\\xea\\xcdyNh\\xed\\x1d\\xd1XLj\\x7f}\\xb4\\x8f\\xab\\xcdB\\x1d\\x8c4\\xf0\\xde#\\x15\\x10:\\xa0\\xe5\\x10w\\xdc\\xc3_\\xd4\\xd6\\xa2\\xc1+\\xa9\\x1b;,C \\xf3\\x8a\\x90 \\xd7n\\xe7\\x00\\xbbX ^\\xb9:S\\xdf\\xc0\\xda[A;4\\xa0\\xf3/e\\xc9\\xe7\\x0e\\x0e%\\xbf\\x08U\\xa8\\x99 \\x92u\\x8b^\\xael+\\x98\\x18\\xe7\\xe4\\x9dX\\xb0\\xde\\x91\\xa5\\xea\\x10\\xc4\\xe7\\xf4\\x0c\\xec\\xc2M\\x14\\xa2\\xb5\\x9f\\xcd0\\x82\\xe0\\xaa=t\\x99~\\xb5\\x8b/\\x86q\\xf9C3\\xe5\\x0f,\\x82\\xff\\x01Qk\\x86)\\xd0\\xad\\xf6\\x8c\\xa2\\xf680\\xe4\\xe1,+}v\\xacu\\xa6\\x98<\\xcagLQ\\x00\\xa2\\xfc\\xcdx\\x9b1\\x1cn\\x95\\xd7\\xc9\\xae\\x17\\xa9G:Jc\\x82r_\\xb2:\\xe3\\xb3\\xc6\\xcf?\\xd9CG\\xc4R\\xce\\xea\\xc5\\xca0\\xb6-#\\x97\\x8b\\xce\\x84\\xf5\\xd6yX\\x17R\\xf21\\xd3\\x14\\xa4\\x9c\\x90\\xa0\\x12i9\\xb2\\x8au\\x94\\xb9KG\\xcc\\x80\\xe8E\\x99\\xbeR\\xd6\\xd1\\xd00m\\x16\\xc1\\x9b\\x93T\\xf1\\xcd0\\xd1\\xcf\\x91\\x0e\\xd5.>|\\xd0v\\xeb\\x95\\xe9\\xe3\\xab\\xc6\\x0e\\x9a\\x0fY\\x1d\\xf7\\xcf\\xccv\\xcfiDH\\x86=\\x07\\xc7\\xd4\\x8abo\\xc2Mr_\\xefg\\x02\\xd6\\xbe\\xa9G.t\\xdb\\xa7\\x05\\xe9\\x14~\\xffSV\\xb2+\\xd0\\xaa\\xc5\\x01\\x87xl\\xe5l\\x91\\x15\\xba\\xae{\n3^\\xf4\\x13\\xb8\\x95\\x1b+`\\xf7\\xb97\\xe6\\xf1I\\xb4\\x89\\x88'|\\x82\\xcf>n{/\\x9f\\xbbdc\\xc1YU\\xa2g\\xe9'(J\\xac\\xa6\\x899\\xbd\\x0bE\\xb1\\xabzW\\xc4\\x11(C\\xe4\\xff\\x80\\x06a\\x9c.\\x12\\xfb\\xd3IB/\\xcei\\xac\\xe4oB\\x1e\\x88\\x0e\\xd7P\\xc9\\xaf\\x0e6\\x91\\x06\\xf1G\\x10\\x0b\\xde\\x9c?\\xc8\\x97\\xc8\\x1d\\x17U\\xba\\x90\\xf9Z4\\xd9\\x83\\xf7\\xee\\xfa\\x1dt\\x92\\xc1\\xe7\\xec\\xdaK\\x9a\\xf2c}*G\\xdb\\xe1N\\xdb\\x03\\xd4\\x13\\xb6\\x93l\\xaf\\xdd\\xe8\\xad\\x8bu]\\xffC\\x97\\x0f\\x93N\\x02\r\\xca\\xb9\\xceY A\\x1c\\xba/\\x81\\x18\\xfb\\xda\\xec\\x8ek\\x9d\\xf4\\xd6\\xbd\\xf2K\\x1d\\xfcg\\x16\\x8d\\xb3\\xb3\\x05e\\xd6\\xd4\\xf0\\x8b\\x1fJ\\xcc\\xe3\\x10\\xa5\\xed\\x18\\xe5\\xa1k\\xe2\\xf9\\xb0\\xc7\\xaf\\xd5\\x145\\xb8\\xf5\\xbd\\xdb\\x9e\\xb2\\x03\\xc0\\x12>\\x00;\\x1e7\\x14\\xa5U<\\xb10\\xb4\\xed^\\xb1\\x06\\x11\\xf6(\\xf2t\\x13\\xf5\\xfd\\xf9\\x19\\x9dZ\\x9b\\x8f-~-\\xb9\\xdf\\xeem\\xf4|p\"S\\xe8B\t\\xedv\\x9f;\\x99*+\\xcb\\xc9\t\\xc3\\xaeD0\\x1f\r\\x8a\\xdf'\\xa3\\x89/\\x99\\xf8^`;ly#\\xfc\\xac=\"\\xe4\\x0e\\xd9\\xc5P\\xb4;\\x15{$r.\\xfe?z'F\\xf2=\\x7fM(O\\xbaU\\x8bl\\xcc\\xd9\\xbe\\xf0bV\\xdb\\xe0\\x8f8\\xbce\\x95\\xbc\\xff\rTK\\x1e\\xad\\xde\\x07\\xeejk\\xf0\\xed\\xd8w\\xafv\\xd3cK|G\\x9b\\x7f\\xef91_\\x9fj~\\x06\\x1e\\xf3\\x88'\\xb1\\x0b\\xcfE9\\x94\\xae\\xec\\xd2\\x1bMr\\xea\\xe3N\\xf5\\xbdebEb\\x10\\xc6g\\xd3\\xfbo\\xee\\xcf\\xbc\\xc3+\\xab\\xd2\\xeb0OQ\\xb6\\xdaRF#\\xf4\\x9a\\xc0i}q5\\xc7\\xb7\\xb2\n\\x817<g\\x0c\\xca\\xe9n\\xf5\\xe4\tUgC\\xbf5\\xa2\\x89:cM\"\\xc5\\xe4\\xfcre`^\\x06\\xdeY\\x0f\\xfe6\\xae\\xf1\\x1b\\xc0]_\\xdb&\\xc8[MJ\\x16\\xb7H\\xfbG=\\xa6\\xa7U6\\x0cs\\xa3~)\\xd6\\xd8\\xbf\\x03\\x8e\\x08\\xd1\\x05g\\xc3\\xed\\x9au\\xe1{|\\xcbe\\x8a\\xe9\\xbd\\xa7\\x1eg\\xee/\\xa56\\xa5\\x89\\xe6\\x0e\\x90\\xe3\\xefx\\x87L!\\xda\\xee\\xca,\\xca\\x10\\x12\\xe5\\xcdf\\xb5%M\\x0f\\xd2\\x08o\\x16\\x04\\x01\\xd8\\x8e)\\x03\\x8aQ\\x1aduZ\\xf1>\\xd6L\\xc9w8\\xc8`\\xac\\x93n\\xf0\\x998qP\\xc8\\xc0\\xda\\xb3\\x01<\\x1ei\\xa8\\x94_\\xa1\\xb9/\\xc3\\xd4\\x14\\x86\\xf5\\xec\\x0c\\x07\\xb4\\x08\\xf9\\x1d\\xaf\\xd0G\\x83\\x93I<\\x85\\x95\\xea|\\x93\\x823\\x93\\xb3\\xde\\x04\\xc2g\"[\\xb5\\xdc\\xc0?\\x04\\xa6\\xb5\\xfah&\\x01+\\x1b\\xffPR\\xf7uBOA\\xf6K\\x1e\\x840)i\\xe87 \\xe1h\\xbf>\\x97\\xa9j\\x87\\\\xef==R\\x86G\\xe6\\x02\\x929\\xbf\\xf2\\xf1m\\xbf\\x10@\\x8b\\xae^%*\\x93~\"\\xb4\\xa6\\xdd\\x8c\\x1fd\\xaeh\\xc5\\xf7\\xda\\xd5\\xfb2\\xb4\\xa4\\x958Tl\\x16\\xbaJ\\xe4G9 \\xc3Z@\\x17*\\x1a\\xbf!\\xd6n\\x9b6ahf\\xf3|\\xb2#\\x15\\x1f\\xe7\\xc5!\\\\x13\\xe7\\xa3\\xc3\\xbfG\\xf0\\xeb\\xf7\\x7f!\\xf8\\xc9\\x7f\\x10\\xfc\\xce?\\xc0\\xff\\x1b\\xc3}\\x04G\\xe4\\xaf\\xb8\\xdf\\x00S\\xa5\\xd4\\xf5\\xe5o`1\\xce\\xe7OO\\x03\\x87;\\xdd\\x12\\xbePxRT\\xeb\\xfe\\xeb$\\xc1\\x046\\xb7\\xd3\\x9a\\xcb\\xfb _\\x8e@\\xe8\\xf9\\x9a\\xe4A\\x84\\xf29\\xf8c+\\xc5\\x17\t/\\x8d\\xea\\xde4\\xb4\\x13\\xd6\\x0c\\xdaz\\xf8!\\x0e[\\xfeV\\xb0\\xa7\\xbad\\xf3\\x8e\\xd5\\xfd\\xf0\\xe1\\xb6\\x94\\xdb\\x96]K1\\xe7\\x0f\\x93\\x9d9\\xc1\\x1f\\x153\\x11\\x8b\nth\\x92\\x19\\xa8\\xdc\\x92\\x0c\\xafJ\r\\xb1\\xca\\x9a/\\x19\\x06\\xed\\x1c\\x13\\x06ax(\\xe1\\xdd\\x99\\xaa\\xc1\\xb2\\xee\\xb7g",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": ",",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "M\\xa1\\xaf#\\xa9\\x15\\xc6\\x18\\x83\\xfb\\x85\\x96L\\xe5\\xf1a\\xb7\\x95\\xb0\\xb0\\xc4\\x03\\x89f\\x87\\xb8\\xbb\\xb1\\x8b\\x1f\\x11\\xc8\\xda\\xd4\n\\x9d\\x9c\\x0f\\xaf\\xac~5&\\xfd\\xca,\\xeb}Vg\\xde\\x8a?\\x8e\n\\xaa?\\xb8z3\\xb8\\xcaZv\\xad\\x1b\\xf7\\xf4\\x05u\\x90\\xb3\\xe0v\\xa6\\x8e\\xd5\\xa04\\xff\\xd0\\xe5N\\x18\\xd3sE\\xfb\\x9d\\xb8\\x1fE\\x10\\xd9\\x87T\\xacN\\xdc\\xb8=\\xb7\\xe3<_\\x11\\x84S\\xfd\\xa0\\xf8'*9\\x051\\x03\\xfc\\xf7\\xcf\\x8a\\xdc~N\\x13\\xaa\\x90\\xc6\\x18\n\\xb5|\\x0f\\x1f\\xeaY\\xf9\\x18\\xaf`\\xfbR\\x95\\xfc\\xd2\r\\x02vv\\x89+o\\xa5Q\\x14\r\\xdc\\\\xe8\\x024\\``v\\xe3\\xea\\xb6\\xecd^\\x8a\\xe1\\xd1\\x1a?\\xb4Aw\\x05Q.K\\x03-\\xb02#i>\\x8d\\xbe\\x1bc\\xf4\nQ\\xc0y%A\\xb0\\xdd\\xc5\\xb2\\xa1j\\x8a\\x8el\\x03\\xd6+\\x17q+ \\xf4|\\x0f\\x97\\xdb\\xe5]c<\\xab\\x17\\x8fa\\xa4\\xb8-\\xa3\\x10\\x9b\\x04\\x86\\x0f\\x15J\\xea\\xcf\\x06'a\\xb4N5\\xf6j\\x18\\x05\\x14\\x1ds4\\xa1\\xabc\\x8by\\xcd\\x14\\xb6v\\xa5\\x82\\xb4\\x85\\xe7\\x1e\\xe9\\xb1\\x80\\xc2\\xbe\\x10\\xf2|\\xc2Y\\x88\\xcd==Zu*\\xf5oy\\x97n\\xc8\\xc7Le\\xb5\\xcc\\xf8\\xf3\\xe7P\\x85/\\x12&\\xa4\\x05\\xdd\\x1106\\x16\\x9b\\xb3\\x8e%\\xe1\\xdb\\xdfKK\\xb8h5\\xf0\\xa5\\x12\\xf6\\x8c\\x95\\x1dD4\\x9dL\\x91\\x89e\"|\\xc4^\\xa5\\xf2>\\x88\\x81\\x0bHj\\xc6\\x10\\xdc\\x8e.p\\xacx\\xf2#\\x8e\\xf5\\x1e\\xe97&\\x1c\\x1a\\xeb\\x16=\\xe5l\\xe0\\xde\\xba\\xf96\\xc0\\xa3\\xe8\\xce\\xbb\\xe7u\\xa8-\\xd9n}0B\\xda\\xfba\\x83\\xb6|\\xcc\\xfaPx\\x1f)i\\xd6G\\x94\\xad\\x89\\xadV\\xcc\\xfa4\\x90\\xbfch2U\\x03\\xf2\\x8a\\xf5\\xa6\\xa3Q/\\xb4\\xe9h\\xe6\\xc2\\xf0]\\x93}1\\x9b\\xa4L\\x07.\\x8e\\\\x82\\xccR-]\\xc8T\\x1e\\xff\\xc1!rM\\xc0\\x7f=\\x81\\xdf\\xf7\\x00\\x05\\xdc\\xd3\\x05n\\xbcZp\\x9e\\x0e\\xfb28\\xba\\xa4\\xf7\\xbc\\x94+\\xda\\xaa\t\\x8e\\xfa\\xf5\\x1e\t;\\x94\\xa6\\xf2XUN4b7\\xe29\\xfd\\x9a\\x01\\xd13\\xb7f-\\xbb7}b;W\\xec\\xe1\\x9dd\\\\x9b%H\\x91\\xc5Y\\x95O\\x88u\\xed\\xce\\xa1\\xf0l\\x94\\xb1>\\x12\\x03\\x8bI\\x8e\r\\xe7\\xd2\\xfa\\x89Id^H$\\xdd\\xcd\\xbcb\\xa9w\\x9a_\\xb4\\x0e\\x08\\x8d\\x82\\x1f\\xee\\xda=\\xe0!\\xfd\\x90\\xbb\\x1a\\xf2\\x1cC\\x06S\\xebJ\\x19\\xdcs\\xf5\\xa9\\xcce\\x05\\xb56\\x93t\\xa35\\xcfL\\x86\\x8b\\x94{\\x9ammv\\x98\r\\xaf\\x95\\xc5\\xb1\\xd0a\\xcb\\x7f@|\\xa8\\xe7\\xd0\\xb9\\xe8R\\xe0{\\x1a\\x14/)\\x13\\xc1\\xa3AwU\\xecb\\xfbm#V\\xc8\\x0c\\xbc\\x84\\xa7o\\xc3In\\xee\\xbd\\xfb\\xcb\\xa7j\\xc9\\x08\\x98\n\\xb6\\xdd\\xee\\x1b\\xd1&C\\x96\\x9b\\x90c\\xc2\\xc3\\xf8\\x93\\x86\\x851\\x92\\xe4\\x03\\xca\\xe3\\x95i\\x0e\\x86z\\xb1\\x980:\\xc8\\x8a.q$\\xea\\xbb\\xbfsH\\xc6\\x02S\\xf7\\x0b\\xe9K\\x04V\\xd4\\xe9\\x03\\x8a\\x04B\\xec\\xc6\\x1e/&\\xc5/\\xf7cC/\\xc6\"\\xbem\\x1b{k\\xf6\\xe3>\\x1f\\x8f\\xe2\\xc8iC\\xe5O\\xaa\\xa7d(\\x00P\\xc2\\xe3\\x07#&lX\\xd3\\x97\\xf0x\\xbcJ\\xde=Im\\x8a\\xf8\\xd5g@}\\xc2\\x0e\\xeb\\xe8\n\\xcf\\x9a\\x99\\x84c\n9\\xda\\xb3\\xea\\x9eV>\\x0c\\xeaa\\xda\\x98\\xfa\\xe9\\x18**\\x9c\\xb2\\xef\\x9eX\\xc6o\\xf5S\\xc9\\x95gp1\\xed\\xb1?/\\x0f1\\xb5\\xdaI\\x04\\xcc\\xfb\\x90\\xa3\\x05H\\xe8\\xfd\\xb3\\xa8\\x88'\\xf4\\xed1\\xb3\t}Q\\xc5\n\\x0f\\x16c\\xd9\\xa6\n\\xdc\\xd8e\\xbf\\xf7\\x8c \\x10CC\\xb7\\x0f\\xf4\\xde\\x85=\\x1d\\xae\\xa0\\xd2\\xde\\x92h\nDus\\x83\\xa2\\x01B\\xb4\\xe3YV\t\r#\\xec\\xb2eJ\\xb0k\\x1c\\x89l\\x16\\xd5\\x17$\\x1f\\xb1\t\\x8aJkP\\xfd/Kj\\xa3W0K\\xb7\\xbb\\x96\\xd5\\xd9c~\\xc1\\xb1S\r\\x8dn\\xaf\\x84j\\xb5\\xf7M\\x95\\xe2\\xb3\\x9d\\xbc#\\xa6}\\x1d\\x06\\xd9\\x1c\\x84\\x9b\\x1f\\xdb7\\xca\\xb4\\xffq\\xf5i\\x88\\xcc\\xbah\\xfc'\\xf0\\xf9X\\xe0?\\x80n\\xfe\\xff\\x05\\xba\\xff\\xba6/%4\\x1cI\\xad\\xf2\\x02j\\xf6\\xed\\xa4\\x90\\xbe\\xdd\\xba\\xb9\\x85\\x0bg\t\\x89\\xf5\\x14\\x9c\\xd8\\x1d\\xf9\\xe5\\x90x\\x12\\x92W\"E\\xbd\\x97\\xdb\\xd6\\xf7w\\xe6\\x99x\\xec)\\xf4\\xb1n\\xc4m\\x8f\\xcc?\\x96\\x9c\\x1d[\\x06\\xebK\\xbe\\xbc\\xe6\\xd3;hik\\xf3b D\\xb3\\xd7\\x8a\\xb4l\t\\xff\\xd8P\\x10\\xbe\\x99\\x0b\\xfc\\x0f\\xd2\\xde:,\\xaa\\xf7]\\xfb^tJ\\xa3 \rCH\tC\\x0e\\x1d\\x12Cw\\x83t7\\x02\"\\xd2!\\xe0\\x103\\x944\\x08Hw\\x0bHww\\x0c 8 \\xd2\\x92J\\xe9\\xa3\\xfb}\\xf6~\\x9ew\\xef\\xdf~\\x8f\\xef>\\xde?\\xe6\\xdf9f\\xadY\\xf7u\\xdf\\xeb\\xbc\\xae\\xf3\\xfclg;\\xcc\\x16,\\xf0\\x1c\"\\x94#u\\x8a\\xb4\\xb7Ce\\x88\\x8c=\\xf9\\xd6|\\xa6$\\x9d\\x92\\xf7\\xd2Ni\\x12?\\xf3\\x93\\xf6\\xd7\\x17\\x9e\\xb6\\xc0\\x93\\x8a~\\x80N\\x87\\x16\\xdf\\xcf7^\\xd6q\\x92\\xde\\x8d\\xf3+Y\\xbe\\xdc\\xe0\\x87'\\xac\\xbb\\x8cK\\xd6\\xafy.\\xff\\x06\\xac\\xdf\\xd0\\x9bN\\x1a\\x86{\\xc1\\xd9~\\xa1\\x8dL\\xe2_\rJ\\xee7\\x17>\\xa8m\\xd5\\xa2c\\x92\\xd2\\xe2.\\xcf\\xb8\\xbe\\xde\\x8c\\x02\\x11OV\\xbc\\xb5\\xbd\\xa5\\xf5\\x11\\xb0\\xdaI\\x1f\\x93\\xd3\\xa0\\x94\\x19\\x84\\xde\r\\x1d\\xe8\\xfe\\x06\\x1c\\x8at\\xcd\\x14@Y0O\\xc1\\x18=J\\xe2\\x84M\\x14\\xfc\\xee\\x1b\\x86\\xcc?\\x87\\xe2\\x81\\x1e;\\xb5\\x9ea\\xea\\x16\\x04\\xb4\\xbc\\x8eR\\xe6\\xa4\\xb0\\xcd\\xf3\\x1a\\x90\\xf5uws\\x7fL\\xf6\\xed'\\x10\\xad\\xdb\\x83i\\x1f*\\xf4xC\\xa8\\xbd\\x8e\\xcb\r\\xbf\\xb0\\x970\\x06\\xbf\\x0b\\x02\\x994\\xad\\xe6\\xdf(S%\\x0c\\xb6\\xcdU)\\x0c):\\x94\\xff\\x1a_\\xe4G%\\x81\\xba/\\xcf\\xe4\\x11\\x9eU\\xcd\\x12\\x85\\xcd\\x0e]\\x85!*\\xf3k/\\xa4\\xbaoo\\xf4\\xb9\\x94\\xd3\\x02\\x87\\x99\\\\x8f\\x10\nrJ\\x05\\xa2\\xf9\\x0f\\x9a\\x9a\\xe7\\x96\\xb4m[\\x85\\x87{y\\xf2mcVj\\xbdQ\\xd4{\\xdd\\xf4\\x9d.\\x9c\\xab\\xa0uG5.&\\x7f\\xa6\\x08e\\xbee\\xc9!\\xac\\x10\\xfa&\\x91+y\\x81\\xe0//s\\x05\\x86]I\\xcf\\x8e9\\xa1\\xa8|\\xe6$''.\\x13%\\xac\\xd1\\x11\\xd6~{\\xb9b\\xdcUl\\xef\\xa0_G\\x04\\xadR\\x03\\xffz\\xe2\\xa2\\xc4\\xc9}\\xdaB\\xf6*%\\xd6\\x1a!-\\x98!c\\xd5\\xb0D\\xdf\\xa1\\xcd\\x966S\\xb4\\xadI\\xf3NF\\\\xf7+\\x884{\\xf3\\x05}\\xd3\\x835Y\\x9d\r;{\\xbb\\x0c\\x81\\xf3\\xec$\\xd9\\x1e\\x06\r\\xd1|\\x82\\xd3\\xb7\\xd0\\xaa\\x87\\x0e\\xe1\\xa2\\xc9\\x13c\\x8c\\x04\\x19h!\\x1fK T\\xf4\\xcb\\xa8*\\x83\\x05\\x04fk\\xbc\\xd5J\\xbb\\xc3\t\\xa6K\\x93\\xbc\\xed\\xd5\\xc8Q\\A\\x1c\\x07\\x86\\xf6?5\\xeaM9\\x15\\xbfD\\xb0\\xc13\\x05'\\x17\\xd8\\xa3\\xa6\\x8a\\x95dhb\\xff\\x9bi\t\\xe9/\\x86~\\xc5\\x14\\xae\\x19|\\xa2\\xac>\\xed,\\xd2Q\\xda\\xdd\\x17e\\x12{\\xcf\\xe8\\x95\\xdem\\x18\\x1c!\\x05\\x06\\x83\\x1c1\\xe4\\xa1\t\\x8fb\\xc7\\xe1\\xdd?S12\\x94ilv\\xbdh\\xef\\xc5\\xf4\\x9b\\xc2\\xa7\\xa6\\xea\\xf1\\xe1T\\xc6DP\\xfd\\xeb,\\xa7A\\x8d\\xc3\\xe4lOO.\\x0c\n\\xcbWZ\\xd8\\x17\\xff\\xb3I\\x07\\xca\\xf80E\\x9cb\\x00\\xfaO\\s\\xb9E\\x03\\x80\\xfb\\xff\\x04#\\x97\\x9a\\x15\\xb6\\xa7\\x00X\\xfc\\xc3\\xb9\\x83\\xdeA\\xc7\\xee|\\xa2\\xd8\\xc6N\\xbe\\x9a\\x0cR?\\x98\\xdb\\x83\\xdb\\xcb\\xfb\r\\xe8\\x18yB_\\x93\\x90\\xdbEl\\x97'\\xfe\\xe0(\\xcb:\\x9bW\\xfb\\x8e$\\xe4\\xd8+O\\xa5\\x87\\xb0\\x07\\x1f\\x9b\\xc9(\\\\xc9&!e\\x15\\xf8\\x9c\\xa81\\xab2Lo\\xa882\\xb8'\\x83\\xec>\\xfa\\x8cp\\xc6\\xe3n\\xfc\\x19!\\x9e\\xc6\\xa4?Z>\\x8e\\x97B\\xe8\\xe6z5\\xa9I\\xbf\\x90\\x18\\xb6\\xa7\\xc8\\x81!g\\x1a(}\\xb8\\xdb\\x113\\x8c}NV\\xc8\\xc7\\xee\\xe7M<\\xe7q\\xa0\\xef\\x0e\\xb7i\\xb5UX\\xc5\\x16\\xdd`h)\\xdd\\x9c{lLGJ\\xbd\\xfc\\xde\\xc19\\xb9\\xf7\\xfeI#Z\\xfd\\xcc\\xde9OUyLde\\xe9\\xc0\\xd2\\x0e\\xf2l'B\\xc4[C*\\x05\\xf9\\x96\\x80j`n\\x88\\x05\\xdcM\\xb1)\nY\\xeb\\x00\\x82\\xb2 W\\x95\\xafB2\\xd8\\x11L\\x1b\\x1bF\\xe2\\xcd\\x0e\\xb0\\x9bi\\xec\\xc6\\xb42\\xeeZ\\xeaT\\xea_\\xa3E\\x8a\\x08N\\x0fOOY\\x96PO\\x9f\\x9f\\xba\\xe9js\\xe3`\\xfev-\\xccv\\xed\\xfe\\x88\\xe3\\x13`;\\x08O",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x81",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xd9\\xe6\\xe9R\\x8dJ\\xadPF\\xc7X\\x00\\xbe\\xfbK\\xbd\\xea\\xd7\\x83\\xc06i\\xb6C\\xc4\\x94\\xb6\\x0c\\xc1?\\xec\\xcaGT\\xaa\\x8c?\\x1fI|\t\\x1a\\xbc\\x86\\xa8\\x95\\xea\\x84\\xac\\x8a\\xd2i\\xbeb\\xfd\\x94\\xf9]>\\x8bq\\x1f\\xe4\\xb0\\xda>\\xec\\xc7\\xe8~2T\\x8dS\\x058\\x10y%t\\xd6\\x99\\xe4Y/\\xb0d\\x14\\x80#\\x83b\\xb2G\\x96<\\xc5\\xb5\\x18,:\\xf4\tl\\xc0\\x9a\\xb4IO\\xc0,\\xf1]\\xbc\\xc1\\xee\\x0b/\\\\x0c\\x9f\\x88d\\xd5\\x0b\\xc1\\xb5\\x14\\x85\\xe3\\xf3I\\xa7\\x93\\xc42\\x01\\x16s\r#\\xb7\\x15\\xde\\x16f\\xba\\xb2X\\xe9\\xf9M\\xf2\\xa9\\x12\\xeaR\\xf7\\xf7]q\\xaaQ\\xef\\x86W\\xf0gk!\\x068\\xa9\\xec\\xc8\\xd9\\x927:\\xada<\\x84\\xc2\\x81\\x12\\x9d=F\\xee\\xfdE0\\x91/AJj\\xf85^^<\\xf3g\\xb1\\x8c\\xe3\\xc5r\\xa1\\xfe\\xee\\xb0\\xa7\\xe7\\xa8jGtqe\\xbb\\xbc\t\\xd2Qx\\xa9\\xe6\\xc6#\\xb7Bw\\x99\\x9e;/\\x1dU\\xb7\\x00\\xcc$\\x05&N\\xe4\\xa8\\xa2H\\xd0,M^\\x89\\x10]\\xceP\\x8a\\xad&\\xa3F}uo\\x86T\\xfe\\xd5\\x8d~l\\x13^5)[\\xda\\xb2\\xc0\\xd0\\x13\\xbb\\x14w\\x80L\\x16\\xb9\\xb7\\x1a\\xca\\x8c8\\xbb\\xe4\\x05}\\xf6a\\xcf\\x18w\\xf7w`\\xa4Oe{*\\x91%@q\\xc4{\\xdf\\x0b\\xd2FDz*\\xb1|\\xde\\xd36\\xably\\x04\\x163\\x86\\xd2\\x04\\xed*\\x10.\\xb3g\\x9f\\xcf~H8S\\xdej~V\\xbf\\xe5_*-r\"O\\xc8\\xf7\\x1b\\xb8\\xd4\nu\tq\\xfa\r\\x14a\\x9f\\xdf\\xdb\\xdf\\xd8t5K\\xab\\xe8:\\x94\\xc6\\xbcw\\xab\\xb7\\xd7\\xe7/\\xf7_\\xe6\\x0b\\xe1U0RW9b~\\xc7\\x1aC\\xd02\\xb6^\\xd7\\xe5\\xd7\\xee\\xb7\\x99gu\\xa0\\xbc:\\xfe}\\xb4{u\\x88Z\\xbcca\\x04\\xeb\\xade\\xf2\\x94\\xe6G\\x0et\\\\xd4|p\\x0f?1\\xb7\\xdf\\xf4\\x99,\\x88\\xf0\\x98\\x96x(\\xd3V\\xd7Y\\x84\\xfcQ4\\xb4(\\xc5*Vw\\x8aN:\\xa3\\x8cA'\\xf3\\xcb\\x86\\x9d#\\xe5r\\xc1\\x03~P}Y\\xd0g\\x8d\\xce=\\xee\\x1a\\xfbY\\x87\\xd7\\xc8\\x82\\xe4\\x1d\\xd1$\\x12C\\xda\\xc4)A@M\\x88\\xcb\\xc8\\xed\\x03|[yx\\x9d\\xc0\\xd6k\\xe9O\\x15\\x1e\\x10\\xa3\\x9c?a\t\\x98\\xf5wu\\x97\\xe8\\x1a_~\\x9e\\x85\\xd15\\x06\\xbb\\xd5{\\xc4\\xc3\\xd4\\xd4L\\x86<\\xec\\x85\\xd3v\\xc4\\x1f \\xbc\\xf6\\xe6\\xe7\\xd3>V^5\\xbb9\\x87\\xa9 \\xc6K@\\x96\\xf0\\x88K\\xd4R1`\\xdc\\x90\\xa5\\x15\\xfd-`\\x99p\\xdfZ\\xd7S\\xe5\\x07-:dJ\\xc5\\x07\\xb9\\xdf\\x10\\x8b\\xfe\\x91\\x93\\xda?@\\xbb\\x16\\x9f\\xe8\\xbe\\xfdM\\xf3\\xf1\\xa5\\xd9\\xbe\\x8f\\xaa\\x97\\xfb\\x01:5\\x13\\xbd\\x19\\xa3\\xed\\x11Uo\\xe2k_\\x8a\\x9fB\\xa6c\\x81\\xa2(R;&\\xb7\\x82I\\xaf\\x1f-n\\x92\r\\xb9\\xf7^2\\xf8\\xd3\\xce`\\x0bn\\x8f\\xd7\\xd1\\x06h3\\xb0\\x92\\x07\\xb0\\xcd\\x04q\\x9f=\\xed\\xdf\\x80\\xc3\\xf31\\x0fR\\x90\\xa0|\\x12\\xc1)\\xfdV;\\xfb\\x1c\\xa3}\\x96p\\xb1P?B\\xacW\\x84\n\\x16Xo\\x9c\n\\x1d\\x81H\\xfc\\x18\\xd4\\x945\\xb0Z\\xf4\\x05\\x92\\x02<\\x1f\\xaeb\\x06\\xa0\\xc5x\\xa2Q]\\xe0\\xe0\\xb4\\x08\\xa2\\x91\\xcc\tQ!\\x1c\\xe7\\xa2X\\xbcd>\\x1f\\xc8\\xd0\\xd4\\xe3\\xbcF\\x7f\\x00A-\\x1c\\xad\\xf2\\xd4\\x0f\\x1f\\xb1\\xb4j\\xd3\\xb8_\\xff\\xdc \\xeeR\\x9bC\\x1a\\xcdcz\\x17D\\xa5\\xb0\\xcb\\xc9\\xdbsWo\\x04\\xbd\\xfc\\xf5\\xe3/\\x0fFn\\xff\\xca\\xf1\\xf5\\x81\\xdc]\\x86D\\x87\\xc8\t\\x1e\\xd5\\xf01\\x0e\\x1d\\x0e\\x05\\x9a,\\xe1\\m\\x94*\\x04~\\xf6h!\\x91\\xbal\\x81\\xb7\\xca\\x0e\\xce\\xf3\\x95\\xc8\\x8f\\x9c)\\xaa\\xe5Aaup*V\\xc3\\x18\\xe5\\xbc&.\\x9b\\xbe\\xa7\\x9e\r\\x04\\xb2\\x17\\xf7:\\xb9\\xdf\\xce\\xef!|\\x10?u\\x99\\xfa\\x93\\xee\\xc1RK\\x89\nPK\\x94\\xaf\\x83\\x95\\xb0\\xb3\\x82\\x19\\xfc\\xe2\\xa5{\\x98\\xcf\\xdc\\x9a7\\x07\\x82\\xeb\\xd4\\x83\\xb5?\\x99O\\x0b#WS\\xfc\\x97\\xc5:\\x11\\x0e\\xe4\\x83\\xf1>\\xd8\\xf8\\xbd\\xb5\\x90uT\\x06\\x81Ch\\x1f\\xce\rCi\\xc9TyVT\\xdeD\\x0b\\xacc\\xb8\\xdc\\x88\\x9f\n\\xb9F\\#\\x08\\xacT5A\\xec\\xe2\\x9eled'&\\x89\\xeeb\\xd4\\\\x1c<k6<\\xfd\\xd4C\\x9bP;lc\\xa0\\xb6)\\x1c\\x18,\\xc4\\xb2\\xef\\x83\\x03wh\\x96ce]\\xa1a\\x11o\\xce\\x1b\\xdb\\xa1(1~7j\\x7f\\xc6|\\x0e\\xbd]\\xbb_G6\\xa3\\xa4:o\\xa61\\x0ek|)\\xc8\\x94ki\\xc2\\x18\t\\xcd\\x87\\xec\\xd8\\xf7\\xe0\\xc9\\xd3\\x97\\xa5-\\xce\\x84\\xb5\\x98\\xad\\xac\\x06\\x02\\x82\\xb2\\x1a\\xe8a\\xd9a'Kq>.\\xe0\\x8e\\xf6\\x8d\r\\x963\\xd7\\x95\\xe4\\xc63M\\x96\\xae\\xe7\\xb3\\x05\r\\xf3\\x163Z\\xdc\\xceG4\\xfcr\\xeb-\\xbc\\xb8\\xbf\\x94\\xf69\\xd0\\xce\\x94B\\xb6\\xa1>\\xdc\\xc7\\x00Z\\x02\\x14tr\\x1dB\\x84\\x13<o\\xba\\xb2\\xcf\\xa7\\xe6W\\x81\\x14I3j\\xb8+t\\x1c\\xf4\\xb9\\x8ec_x\\xbc\\xe5p\\xeeV\\xf8\\x14\\xcc\\x99F\\xa8(\\xfcch)S\\xba\\xc9V \\xa0\\x86\\x84\\x1b\\xe4\\x84\\xbdd\\xc7\\xd8\\x8c\\xa3\\x15T\\x8a\\x16&D=\\xff>\\xc36\\xc1aM\\xc3\\xbb\\xba\\x1f\\x05\\x91\\xba(\\xa3[(h#Y\\x0b\\x9d)=\\xc7t\r\\xa0\\xee9Z\\xfe\r\\x88\\x19\\x0b\\x89\\xa4=\\x8a\\xda\\x84\r\\x81\\xa2\r\\xf4G\\xef\\xae\\xf7\\xf9\\xe7\\x128\\x82\\xa0\\xdb\\x1f\\x13\\xeca\\x94\\xca\\xe3\n\\x04d\\xc6\\x1a\\xde\\x04\\xf4\\x9a\\xcfwd\\x08\\xd0\\x9d\\x13N#\\x9d\\x92\\xe8\\x8a\\x8d\\x13(\\xac\\xa0\\xb4\\xf7\\x02:\\xd0\\x87e\\xb4\\x86\\xbcs-\\xa9=\\xf0\\x08\\x04\\x03#\\xbd\\xe8\\x05\\xcbl\\xe1[}\\x04\\xa8E\\x16\\xd3\\x8e\\xe7|'\\CQ\\x91&Owi9\\xe1\\xc9Q\\xe5\\xf8mO,\\xf6\\x17\\xcf\\x15P\\xb5\\xde\\x13\\xf6\\xbcw\\x9b\\xfe'2\\xa4\\xc8\\xa9rs5\\xa9)\\xd6\\xfeY\\xe6\\xbc\\xf6\\x11\\x8c\\xbb/\\xb1\\x86\\xda\t\\xd3\\x19v\\xa9\\x86S\\xc8\\x1d\\x84OWu\\x88\\xf4\\xe2\\xdb\\xc0\\xa2\\xb9\\x95\\xdc\\xc5\\xe7\\xa2\\xad\\xab\\xf2\\x83\\x86\\x00\\xed\\xcd\\\\xd1\\x82\\xf9\\xd9g\\x87x\\xbb\\xf34\\xb7\\xcd\\*O\\xd1\\xbd8@K(\\xad-\\xe9\\xe9\\xaa\\x1a\\xf2\\x7f5v\\xe5\\xd1P\\xbe\\xed\\x7fPD\\xb6|\\xc9n\\x142T\\x14\\xb2\\x85\\xb1|\\x11b\\x905E\\xf6\\xadI\\xc8\\x1a\\xc6Rh,cW\\xc8.d\\xcb\\x1e*d_\"\\xfbN\\xb6F\\x18\\xdb\\x88\\x981~\\xcfL\\xf5\\xed}\\xcf\\xef=\\xefy\\xff0g\\xce}]\\xd7\\xe7\\xf3\\xb9\\xae\\xfbv\\xdf\\xd7\\xf3\\x9cy\\xce\\xa3\\xe8\\xe7\\xd1q\\xff\\xd0\\xe0\\xf2\\xd9\\x9c\\xcb\\xef\\xceT\\xe8|\\x8e\\x0fO\\x88\\x16\\xc7\\x1c\\x0e\\x99o\\xc5\\xca\\xb61>\\xb9i\\x98\\xea\\xfcW0\\xbd\\x1b\\xc3\\xe2-:}E\\xe6\\x03M\\xf0\\xf2\\xecj/\\xfb^\\xa4\\xe8P\\xd9\\x83*2.\\xd7Uj\\xda.\\x0eM>s\\x01\\x1ai<\\x82\\xa6>\\xa9\\xfe\\xa3\\x06k\\xb2\\xc4\\x07\\x1f\\xb5\\xe7B\\x9d\\xc2\\xa7\\xba\\x96\"m\\xb6\\x9b^w\\x18\\xba\\x99Dx'V\\xb4\\xd1,\\xf9\\xd8&;.fur\\xe3\\x86\\x95\t\\xb0*\\xfe>\\xe4\\xbc\\xd5\\x0e\\x92\\xe9\\xa1\\xf1\\x83\\xb9~f\\xb2\\xf3\\x16s.\\xb5\\xb5w\\xcaCo\\x86wl\\xd7`\\xa6\\x0f\\xb1:Q\\xdf9CS\\xd0}\\x1e<\\xa6\\x9e\\xd6i,T\\x99x\\xa7*\\xa9\\xd3\\xa7\\xf9r\\xa9\\xeb\\x04\\x98.2\\xb9\\x07\\xe1\\xa1\\xb0\\xd1\\x12\\x85\\xd2\\xc1Ns3\\x93\\xd4\\xabl\\x81'\n@h\\xc1\\xe8c\\xd0\\xbc\\xe2\\x99w\\xbe\\xa9S*\\x7f\\x95\\xb4(\\xb6\\xfah\\xba\\x87t\\xb0\\xe1\\xc5\\xb5S\\xb5\\x1b\\x9e\\xcd\\xf8%\\xf9#\\xf3\\x90\\x91O;\\xa9\\xc0%\n\\xf2\\xfa\\x06_Z#\\xf3\\x0cO\\xc9,\\x9d\\xbc\\x88j\\xfd\\x0b\\x067W[2k\\xcdS:\\xc3\\x08\\xdb\\xd8\\xc9\\xd2\\x91A\\x07\\xca~>\\xf9wU],2\\x97\\xde\\x84)\\xd7:\\x8b[U\\xb5\\xbav}R\\xcb\\x9e\\x8d\\xdb\\xfd\\xb6\\xbe\\xb3\\xbb\\x86\\xf0u%\\xb6S&\\x18ec\\x99\\x0e\\x0b\\xbd\\x8e5\\xc3\\x92\\x8d\\x1c\\xad\\x82eo\\x16W\\xe9\\x84*?F\\xf1}E\\xa0\\xde\\x8fn\\x1b\\xee&\\x0b=\\x80\\xcfp\\xbfqk\t\\xa4n\\x87U_\\x19\\x9f\\x86\\x07f\\xb3s\\xf8O\\x9dQ\\xe2_(\\xeb/\\xfe\\xbbVxo\\xeb\\x12R\\xb2f\\xec\\xa4\\xa1\\xa9\\x06o \\x03\\xec\\xf9\\xf6\\x9a\\xee\\xed\\xd5\\xabj\\xf0\\xd6\\xa4\\x96\\xfb\\xca7\\x13\\xad\\x93\\xa6s\\xc1\\xf9\\xd2\\xdf\\x14Y\\xa2\\x12\\x8a\\x981\\x82\\x1b\\xb3t\r9\\xf7\\xbc\\xee\\xa5Q|\\xd36\\xbb\\xfe\\xca?xVy\\x82\\x8fmC\\x96",
        "buffer_size": "7919"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x16",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x00\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00",
        "buffer_size": "21"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x9c",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xb3\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\xec\\xbauT\\x94]\\xf77~\r\\x03\\x0c\\x8d \\xdd\\x1dCHI\\xb7\\xd2JI\\x87twI\\x89\\x84\\x82\\x80C\r\\xa14\\xd2)\\xdd\\xa8t7H\\xa7CH+)\\x82\\xf0\\x1b\\xf4\\xbe\\x9f\\xe7~\\xbe\\xef7\\xee\\xe7]\\xeb\\xf7\\xc7\\xfb\\xaewX\\x8b5s\\xce>{\\xef\\xcfg\\xefs\\xae\\xeb\\xecs\\x08\\xbb\\xe2\\xc1\\x18\\xe8\\xb7@\\x0c\\xf8\\xea\\xee.6\\xeefNt\\x0f\\xcd\\x9c\\xcdl\\xac\\xdc\\xa18<\\x96t<\\xb6t<Nt|<\\x1e|\\x19\\xf1\\xe0\\xeb\\x99\\xeb\\x15\\xe0\\x96\\xb2\\xbc\\x92<\\x00\\x02\\x81\\x00S\\xe4\\x1fp=\\x0f\\xdc\\x03p1\\xb1\\xb0\\xb10p\\xb1\\xb1\\xb1\\xf1\\xf1po\\x11\\xd1\\x13\\x13\\x11\\x12\\x12\\xb1Q\\xd3\\x90\\xd1\\xf3@\\xf9x\\xef@\\xb9\\xb9\\x04\\xc4T\\xa4\\x05\\x84\\x15D\\xb8\\xb8e\\xf5e\\x15T\\xd5\\xb5\\xb4\\xb5\\xf8\\xa5\\x8c-\\x8c4\\xcdU\\x1eii\\xdc(\\x01\\xe1\\xe1\\xe3\\x13\\x11\\x10\\xb1\\x12\\x13\\xb3j\\x08r\\x0bj\\xfc\\xdb\\x9f\\xebV\\x80\\x00\\x03\\xb4\\x82\\x12\\x04\\x061\\x00(\\x04 0\\x01\\xe8\\xba\\x13\\xa0\\x05\\x00\\x10\\x1a\\xe8\\xd7\\x07\\xf8\\xe3\\x03B\\x01\\xa3\\xa2\\xa1C0\\x90N#\\x05jo\\x01( 0\\x18\\x05\\x15\\x8c\\x86\\x86\\x8a\\x8a\\xec\r@\\xf6\\x03\\xa8\\x04h\\x84\\xf4\\xbc2\\xe8\\xb75\\xcc \\x0cnD|\\xc1qo1\\x18e+\\xdb\\x885\\xc7\\xbe2\\xf1\\x9b\\xbb\\x87`b\\x91\\x90\\x92\\x91S0\\xb3\\xb0\\xb2\\xb1C\\x05\\xee\n\n\t\\x8b\\x88\\xde\\xbb/'\\xaf\\xa0\\xa8\\xa4\\xfcHK[GWO\\xdf\\xc0\\xc2\\xd2\\xca\\xda\\xc6\\xd6\\xce\\xde\\xc3\\xd3\\xeb\\x89\\xb7\\x8f\\xaf\\xdf\\xf3\\x17\\xa1a/\\xc3#\"\\xe1\\xf1\t\\x89I\\xaf\\xdf$\\xa7d\\xe7\\xe4\\xe6\\xe5\\x17\\x14\\x16\\x15WU\\xd7\\xd4\\xd6\\xd5746\\xb5wtvu\\xf7\\xf4\\xf6\\xf5\\x8fOL~\\x9a\\x9a\\x9e\\x99\\x9d[\\xfd\\x8cX[\\xdf\\xd8\\xfc\\xb2\\xb5\\xfd\\xed\\xf0\\xe8\\xf8\\xe4\\xf4\\xec\\xfb\\xf9\\x8f\\x1b\\ \\x00\\x0c\\xfa\\xf3\\xf3\\x9f\\xe2\"@\\xe2BAE\\x05\\xa3Bnp\\x81P\\xbco\\x04\\x08P\\xd1\\xe8y\\xd1\te4 fn\\xb7\\x19\\xf8\\x821\\x88d\\xe3\\xdeV\\xb6a2\\xf2k~%6w\\x1f\\xc3\"a\\x12Xe\\xfev\\x03\\xed\\x17\\xb2\\xbf\\x07,\\xe4\\x7f\\x0b\\xd9?\\x80\\xfd\\x13\\xd7\\x1c\\x80\\x03\\x06!\\x83\\x07&\\x00\\xa4\\x00X\n\\xbfLI\\x93l\\x8e1\\xb1'\\x0eV\\x9aMm\\x00\\xe7\\xfa\\x00)\\xe3\\x1a{G\\x86\\xb2D\\x7f\\x1fNU@o\\x1fMC~\\x1fU\\\\x9a(\\xb1\\xe4\\xe7\\xfa\\xb9>\\x15t%\\x8cS\\xe7@\\x03y\\xe9d}j\\xb7\\xad\\xb3\\x8f\\xcakz\\xd5\\x8d+e\\xd96\\x12\\xe7\\x1a\\xba\\xb5\\xc4\\xc1\\xca\\xbe\\x1a\\xbb\\xac\"\";\\xdf\\xb5)v^L\"\\x06\\xa3\\xa1\\xb1\\x9ek\\x9f\\xdbacr\\xfa\\xa0\\x94\\x07cr`\\x9c19\"\\xc0\\x1a\\x1e\\xc9\\x06\\x0c\\x91g\\xc3\\x83\\xc3l\\x87\\x88\\xd4Q\\xaca7=\\xe3\\xd6I\\xc8\\x06;~\\x15%iL9.fd\\x83\\xe6gx\\x10\\x96\\xb2\\x812:3QM\\x02\\x8e\\xb2\\xb2\\x91F$:337;\\x1bY\\x82u\\xa42:Q\\xc2\\xafV/f\\xf0m\\x81\\xe4\\xbc\\xdc,sM\\xcd1\\xe9\\xce\\\\xe4\\xb7\\xb7\\xec\\xecvH!\\xcdqu^\\f\\xa4*,e\\xb6,3%\\xa4\\xe2\\x0e\\x01\\xe4\\x18@\\x13\\xd9\\xc1\\xf3\\xcb~(z\\xa42\\xc0v\\xf3\\x85<;\\x12`g\\xcb\\x0e\\x0eE\\xca\\x03D\\x1ar`\\xb0\\x12\\xd2S\r9\"\\x9c\\xad(\\xfd\\x897e\\xbb>\\xdb\\xee\\x90u\\xed!I\\xc8\\xe1\\xa6\\xc2n)\\xee\\xfdO\\x9f\\xc7\\x10\\x8f\\x9eV=\\xa8\\xc6\\xd9\\xb9\\xcd\\xb5V\\xfd&\\x8f\\x8f\\x80\\xd3\\x87\\xd5{T'j\\xe4\\xc7i\\x11\\xdcIt\\xb7\\xc8\\x1c\\xd6\\xef\\x0e\\x8e\\x96),7`J~%L\\x1b\\xe5s\\x02e\\xd9\\xfd\\x94|L\\xb4%\\xf0.\\xc5\\xb6\\xef\\xa3\\xe30$\\xab\\xb8\\x96\\xab#\\x82\\xd5\\x9a\\x9a\\xbfK\\xe1\\xf1{f[&\\x1f\\xed\\xbc!M\\xb5Ae\\xb6\\xbc\\x12>\\xc2H\\xb6,\\xd4l$+H\\xa7\\x88\\x80_p\\xd8\\xf2\\xb2\\x83\\x08\\xe1\\xe9J\\x0fPs\\x88j\\xd4yk\\x90\\x881\\x95T\\xe4\\xc0\\x84\\xf0\\xa4Ht\\xc1H\\x036\\xd0MS\\xf7\\xf8\\xa3\"$\\xfe\\x84_\\x12\\xe3\\xe6\\xc1\\x11\\x8av7|$l+cQ\\xcaq\\xb3\\xf3Jw\n\\xfc\\xeaC6 \te\\xffE\\x1dR9;\\xfbd\\x02\\x11}n\\x9e@\\x02\\xce/\\x02o\\x1aA\\xbf\\xb4#\\x1d1Gr\\x01$h\\xdc\\xfc0P\\x06\\xfe\\xe8GZ\\x97#\\xba\\xf1*7\\x0b%\\x92\\x8d\\x08g\\x1b\\x7f<6\\x18v\\xba\\x99\\xb1\\xf8\\xb1S3\\xa5\\xfc\\xce\\x1c\\xa6\\x9c\\x1e\\xc23ZM\\xe4\\x1e\\xd5\\xd3\\xcbgoP-\\x96\\xaaJ\\xd8\\xe5\\x1ecm\\xc6\\xcb\\xf3\\xc4\\xd7,F4P\\xf7l\\xca<=q\\xfc\\xf9Pf\\xd3\\xd8,{\\x91\\xf7\\x89p_\\xbc\\x88\\xf1\\x0b\\xabhI\\x8b\\xf8\\x1e\\xd5\\x90t\\xa6\\xe9\\xe6LKEo\\x1a\\xfd\\xb5\\x01\\x82PD\\x01U\\xf9\\x8e\\x9e\\xbf_\\xcc\\x95q\\xba\\x94nn\\xcdi\\xe1k\\xc6\\xa9\\xc8\\x17J~\\x9a\\xf7m\\x11\\xe8\\xf7g\\x1b\\xc9\\x00\\x11\\xd6}\\xc4r\\x9d\\xa8\\xd6\\xf7\\xbb\\xefE\\xfa\\xbd7\\xa2\\xa2\\xfdjV\\xb1\\xdd\\xfb?k\\xc8\\x11\\xbf\r\\xff\\xed\\xefM|o\\xd0\\xff\\xa62)\\x12Pf\\xb7c\\x87)\\xb3\\xdbf\\xa1\\xe6\\xe6e\\xc7\"\\x13\\xe8w;\\x92\\x19.\\xa2nf\\xfa\\xbc\\xec\\xe0\\xa8\\x9b D(\\xa9\\xe6\\xde\\x88\\xdc\\xb0E\\x81L:\\xc2X$\\x11XH\\xc9\\xe7H\\xbe\\xffJz\\x02\\xd1\\xcdH\\x1c'\\xf4_\\x83\\x94\\xff\\xcc\\xc4_iv\\xd3\\xa1\\xcc&\\xa0\\x8er\\x93Y\\xca\\xff\\xc8\\xb7_\\xfe\\xfc\\x99\\x81D\\x1a\\xbfX\\xe5/\\x14P\\xb7\\xcd\\xfa\\x1a\\x82\\xe4\\x1e\\xc9m\\x16X\\xc0TC\\x8e\\xee6M\\xc2\\x0b\\x02\\xd5\\x1c\\x01\\x1c'\\xa2}\t\\xb6V\\x81V'f1\\xbb\\xdc.\\xfa\\x089\\xee\\x9b\\\\x89d\\x03\\xdd\\xc4\\xc2\\\\x03\\x99\tdo\\xfe\\x05I\\xab\\xb2\\xb2\\xc1o\\xf7p\\x90\\x80\\x91)\\x80\\x14&\\x0b\\x83\\xdf\\xf8x3\\xdb\\x08\\x7f}\\xbb\t6\\x85\\x1d\\xfbd\\xd8\rddB\\xc1_\\x13\\xdd\\xa0\\x11\\x8d\\x1d\\x15\\x10Df\\x1drv\t\\xd4$\\xf4\\x13\\xfe\\xfe\\xfa\\xcb\\x10rRu\"\\xd9\\xf9=O\\x89\\x12\\xf2\\x91t\\xfe\\xb2\\xf3/\\x89\\x82\\x04\\x1b\\x84\\x04\\x1b$\\x1a\\xaf\\x1c>\\xce\\xa3M.\\x10\\x96\\xca<!\\xfd\\xc1\\x88\\xce\\xc5Y?\\xc6\\xc5>Y\\x8c\\xb1\\xeb\\x85o\\xfa\\xab\\x90Y\\xe0<\\x82\\xe5\\xf5\\xeeX=\\x98\\xa1z\\xea3\\x82\\xf1l-~&x\\xc8\\xd6P\\xd9\\x92\\x96\\xa7\\x03/\\xbb\\xa1x8\\xf7Q\\xe2P\\x1a!]\\xc6\\xe2*\\xa3x\\xd1\\x1799C<\\x12Co\\xf9}\\x0e\\x06\\x18\t\\xc7\\x0e\\x81\\xdd~x\\x11\\x9e\\x0c\\x92\\x81w\\x08\\xba\\x1b.\\xd8m\\x91t\\x92\\xe7f\\x07\\x91F>\\xfc\\x10\\x16\\xc9\\x1e\\xf4\\x82`.\\xd2h,\\xed\\x84\\x08\\x98c\\x9f!J}\\x88\\x84\\x9d0\\xaeI\\xf6\\xc7\\xc2\\xf1O\\xb6\\x98y\\x7f\\xc5\\xe5\\xf7\\xbas\\x83 \\xec7\\xe4\\xae\\x1b\\xa6\\xe2\\x89\\x90\\xd3F0\\x9e\\x08\\xa1\\xf4\\xc0\\x16\\x19\\xe4\\xd8\\xd1\\x9b\\x893\\x87u\\x0b\\x19\\x7f\\\\xfa\\xa8\\xdc\\x02Mu\\xde\\\\xcdGE\\xec\t7\\x8a\\xc0\\xb7\\xfe\\x91\\x16\\xc8\\xb5\\xca-\\xf7\\xd7<\\xba\\x89|\\xd0\\xefI\\x85\\xe4\\xaf\\x1d\\xfe\\x9b\\xbf_R\\xe6\\xffl\\xa7V*~D]]g\\xbfU\\xf6\\x11z\\xfay\\xe2a}\\xe5}X\\x95x\\x0c?(\\x04t\\xf1^tZ\\xc2\\xefC\\x1f\\x8b\\xef\\x8c\\xa8\\xe4\\xd4C\\x93\\xb7\\xbdr\\xae\\xa4\\xea\\x03it\\x94\n\\xb5\\x8e\\xad\\xdb\\x8dL'\\xa5\\x07\\x84\\x1d\\xf5\\xc6-\\xb6\\x93\\xa8G\\xf8\\x80g\\xe9\\xcc;\\xee\\xdb\\x98\\xb7?V\\xec\\xe8\\xa9~\\xb2;\\x1c\\xb8?\\x1c1\\xdaRNZ\\xf7R\\xf3\\x8c\\xde\\x82^U\\xe9s\\xb1\\xb6\\x98\\xf0&d\\xa8!\\xee\\x15AP\\xe3\\x8av\\xd9'\\x1f#q\\x9eo\\xf6\\x12\\xfeiw\r\\xddk\\xf7E#\\x9dW\\xe5\\xb7\\xb7\\x1b\\x13_jj:\\xe7\\xb8f\\xafp\\x11\\xa5\\x86\\xb2ls\\x8b\\xe1e\\xa76EM\\x1aq\"\\x7f\\x17.\\xca\\xb5\\xb7\\x8f)5\\xc5{\\x91R\\xdf\\x88\\x119g\\xaf\\x9a\\xcd\n\\xb8\\xfa?\\xf2\\xd6h\\xd0p\\xadh\\x0e\\xc0\\xa5\\xd7\\x14\\xbbi?\\xcbF`)\\x1b_\\xb5\\x8c%\\xfe\\xb8Yt\\x02\\xa9\\xc6o\\xefH\\xa3\\xb3\\xb3-\\xb0\\xf3K\\xefr1\\x93\\xe7.Jw\\xe5\\xe6.\\xcao{\\x93i(\\xa5<\\x9c\\xc41P\\xe6WJ\\xe1\\xe6\\xb5\\xe3\\x95\\xdf\\x16\\xd2p%\\x84\\xa9\\x1b \\x8d\\x90ij4\\xc1\"\\xb9\\x91\n\\x94r\\x87H\\xd9\\x90\\x8f\\x87\\xf1\\xdbr\\xdd\\xccD",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "W",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xbc\\x0f\\x94\\xee\\xaew\\x8dE<n\\xad#\\xcf\\x9f\\x01\\xaf\\x0exIv|\\xa4\\xfe\\x02\\x16\\x91\\xdf\\x00\\xd3Y\"X\\xb3J^\\xe5+O\\xe42\\xf8;\\x1d\\xd2y\\xfe\\xdc\\xc4\\xc1\\x0bx\\xdf\\xfc\\xc9\\x84E\\xbd\\x19\\xc6G\\x0cA\\xdd\\x13\\x1e\\xc9\\xb7G<\\xf4\\x99&\\xe5\\x0b\\x88\\xeb\\x84\\xb3\\x0cb\\xcc\\x9f\\xd9\\xfb\\xac<Y1\\x0f\\xe2HUz6B\\xd5\\xaf\\xf1i\\x86\\x0ec\\x96>FZ\\xe1\\xbd\\xec\\x97\\xde\\xdd\\xe8<}U\\x0c\t\\x99\\xe3\\x12w#\\x81\\xa4\\xba\nl\\xae\\xc2\\x97\\xeb\\x1c\\xcd\\x84\\x19\\xd7\\x80f@qsi\\x98\\x12\\xb5\\x99%\\xd6,\\x1d\\xf8\\xc5\\xe6\\xdb\\x11\\xb5\\xee \\x96\\x00\\xd1u\\xebCm\\x1d\\xfd\n\\x15\\x05\\xf2\\x85\\xbe\\xe8\\xc6\\xe3\\xc2\\xb9\\xf1u\\x82\\xf4\\xb25\\xac\\xb2\\x1a\\xf8{\\xfc\\x07\\xda\\xc9\\xdc\\x9bIv\\xe4\\x8eu\\x0f=(!P\\xca;\\x19\\xb9\\xf8\\x1d\\xb5\"^b\\xb5U\\x8as|[\\x94\\x16\\xfe6\\xb8G\\xcesK-\\xa3\\xa8\\xec\\xf9&\\xc2\\xafIv\\xc5\\xf3\\xf0ZW\\U\\x85O\\xf2\\xefYx\\xb0\\xc7\\x10\\xec*\\xf1i/\\x87\\xae\\x10\\xfa\\xfe\\x00\\xeb\\xec\\xdf\\xd9\\xe7f\\xf1J\\xea$X;w\"!\\xbb\\xd5\\o3\\xe9\\xa1\\xd8\\xf4\\xa9?\\x97\\x0emP\\x99\\x88\\xea\\xabk\\x9e\\xbcB!z\\x10G_\\xfe\\x12\\xcb!\\x9d\\x1d\\x01`\\xfe\\xedr \\x84\\x0f\\xefY\\xda\\xc4\\xb3\\x0e\\xdf\\xf7\\xb7w\\xc7\\x9d\\xdd\\x12\\xc9\\xb6\\xd9\\xfcw^\\xbe\\xb2P\\xecj\\x19\\xe1\\x7f\\xe6;\\xcc{n^*X\\xba\\xd7Bi[\\xa7\\xd4\\xd0\\xdf(%\\xe2h\\xb9)\\xeeI\\xcd\\x86R0\\xeb,^\\xcd\\x1a\\xbb\\x0ev\\xea\\xa5>\\x82=\\xf3DXyRO\\xf4\\x06\\xf4\\xf2u\\\\xe4,\\x15P\\xa4e\\x0f9\\xc9:\\xdd\\x97\\xe2\\x9e\\xa2\\xdb[l\\xa6\\xb9<+\\x08\\xb4\\xaf\\x9f\\xa31\\xa9\\x96\\xf7\\xa6\\x93\\xcd\\x85S.~l\\xf1=\\x90\\xbeE\\x89\\x1d\\x8b9\\x9b\\xe6\\xf8\\xc5o\\x9f\\x9c(\\xac\\xfb+'\\xcc)\\x17\\x9bvY\\xcc\\xe71\\xffec\t{\\xa9\\x117\\xb8\\xb8\\x8fl6|\\x01\\x9ec\\x1f\\xcb#\\xe6\\x95\\x9b\\xaa\\x97\\xa1/\\xf4\\x06A\\xed\\x8a\\xee\\x9f\\xa5\\xb6\\xc6\\x06\\xaa\\xdc\\xd2\\xc5]\\xc3\\xc4x1\\xacG\\xe7\\xea\\xae\\x08\\x9c\\x9e\\x0ci\\xab\\xd8-\\x11@e7\\xf8\\x9e\\x84\\x81a\\x9f\\x0e\\xf6\\xdcm\\xa2-\\xec\\x08\\xd8\\xf6X\\x84x\\x16\\xf6`\\xf1#\\xf5\\xca\\x96~5c\\xf3\n(t\\xd8\\x94V\\xae=\\xf9{\\xf3j\\x85C\\x80.\\xbc\\x7f\\x9b\\x95\\x9d\\xb9%\\xb2M%V76\\xa7\\xa8p\\x156\\xc4w\\xbf\\xb4\\xd8(\\x14-\\x1a\\xdd\\xae{\\xa5\\x06.\\x1e\\xc9\\xb4\\xdc\\x0c\\x8ah\\x87{\\xc4=\\x0c\\x91\\xc1\\xf9\\xd6\\xaf.\\xd9\\x8d[\\x93fC\\xab\\x0c$\\xefr\\xeb\\x0es\\x90\\xc7\\xd13?V<WWxlg\\xa2\\xda\\xa4\\xc6\\xe4k\\x95\\xa1\\xcdy\\x0bO\\x1aBuZ\\x90\\xaet&\\xa2\\xa8\\xa1\\x9d\\xa1\\xd0\\xad\\xd4\\xe65g\\xafwB\\\\xadhQ7X\\Y%\\xe25\\xdf\\xeca\\x13\\xdd\\xd0\\x8d\\x06<2\\x14{m\\xdc\\x0e\\xe9\\xfe\\x99\\xccH+\\x94\\xa7\\xfc\\xc3i\\xd0\\xc3H\\x0e\\xea\\xeb\\x84B\\xfa\\xf4\\xa8\\xf5\\x87\\xa6\\xd1\\xf2\\xddAS\\x152;\\xe2W\\x9c\\xa1\\xd1\\xf2\\xaa\\x8a\\x92-g\\x05Q2\\x92\\x13\\xe2\\x1b\\xc3|\\x13%\\x1c\\xb8{\\xb0zM6\\x14\\xe2\\xaaf\\xaf\\xa8\\xa49y\\xc2\\x80\\xc1;K\\x07\\x1a*D\\xb1\\xbd\\xff\\x1f{o\\x15\\x15W\\xb7m\\x0b\\x17N\\x80@\\xd0\\x14\\xc1\\xa1\\x08Np(\\xdc5\\xb8[\\x82{\\xa1A\n\\xf7\\x00\\x81\\xc2\\xbd\\xb0\\xe0\\x1a\\\\x82\\x04\\xaf\\xc2\t\\x96@\\x01\\xc15\\x90\\xe0As\\xf3\\xedv\\xce\\xfd\\xf79{\\x9f\\xfb\\xef\\xfdx[\\xbb\\x0f\\xf3\\xadZ\\xab\\xb9\\xe6Zs\\x8e>\\xc7\\xe8\\xbd\\x8f\\xcf\\xa3Q4\\xfe\\x95\\x07\\xec\\x07\\x07\\x8dU\\x96\\x96\\xf1`\\xad\\xbak\\xb0;Y\\xc5\\x8d\\x05\\xed\\xbc\\xce\\x86]\\xbe\\xf4w\\x00\\x03\\xb9\\xc89\\x06\\xddL\\xe8s\\x88\\xe4\\x9ej2H\\x1d\\x94\\x00\\xcct\\x8aH\"\\xaae\\x9d\\xad\\x93D~!\\x8c\\x8f\\xa3\\x1b\\xd3g\\x1dl\\xf2\\x7f\\xb3yR\\x9a\\xaa\\xb5\\x1cf\\xdd\\xa6\\x8cH\\xdd\\x82\\xf3\\x82\\xcdv?\\xf9\\x1b\\xccs\\x13\\xbc\\x97iQ\\x86O\\xe2\\x88,{ f\\xe3\\x00\\xb5\\xe2\\xa4\\xa6=#\\xc5\\x0e(\\xca\\x01\\xc2\\xb9ugw\\x03>\\x86@\\xb5+\\x91\\xdbo\\xaa\\xa6\\xd5\\x05\\xcdP\\xa7\\x06N\\xeda\\=\\x1d\r>O\\xa8\\xe4N\\x8d\\\\xd5\\x08z/\t\\xe89\\xf5zV\\x06\\xe8\\x89\\x0c\\xed@~\\x1a\\x1a\\xd1\\xa5\\xf7Z[\\x86\\x17\\x06flx\\x8f\\x7fD\\xfcy\\xd9\\xe2\\x92Z\\x80{}\\x7fIj\\x8a\\xc6#<\\x1c\\x10\\/\\xf5u\\xf3!\\xdf\\xd8\\x13\\x0f\\x06\\x1da\\xdeQr P\\xe2\\x97\\x04;\\x95\\xe9\\xdb\\x96,5\\xba\\xd5\\xbe\\xd7\\xe3\\xc4\\xf7\\x0ehG\\xb6\\xee\\x18\\xa2\\xf2?\\x80\\x90\\xb0\\xfe'\\x8f&Ei\\xfd\\xe7\\xbcPS.\\xeb,Q\\x1bV|\\x18\\x04\\xfaY\\xde`\\x86X2\\xf9\\x04F@\\xb8\\xac\\x86\\xcf\\xf1J\\xfc\\x9b\\xc3\\xd5\\xaa1\\x8e1&\\xb1\\x14O\\x95a\\x7f\\x9b\\xad\\x8dP\\x90\\x90\\xa1\\xa5\\xb55\\xe4\\xf9b\\xf0:\\xea\\xaa\\xf3D\\xdd\\xd94\\xd2=\\x01#\\x1a\\x14\\xca;\\x07S7yk\\x98\\x8fc\\xa0\\xa7\\x81\\xfe\\x02\\xbc\\xc5\\x9e~/#\\xf0\\x1bpT\\x1d\\x9a\\xc2\\x92\\x11)\t\\xb5R\\xd1\\xd2{\\x81\\x83\"CS\\xc4\\x87\\xd6\\xbd\\xb6!\\x16\\xa8\\x8d_W\\xf4\\xbb(\\xbf\\x8f\\xfe1\\xc6\\x17\\x94c\\x1ez\\xc4\\xe2x\\x08\\xb7>\\xdb\\xc8\\xb3\\xf6 o+\\xd8\\x19\\xb41fd}\nB\\xf7$\\x02\\x05\\xb1+\\xcds\\xbf\\xda`;%\\xdf\\xb4\\xb3\\x8c_\\xdbn\n\\x97`Eg\\xb2\\xf6\\x019L4\\x87\\xcd\\xfb\\x12\\xc3\"\\x16rZ39\\x1b\\x1a\\xfb\\x18H\\xa8\\x190~\\xe8G\\xcf\\xc9\\xc9B&jB\\xec\\xd9\\x01\\xf1\\xfc\\xee\\x9e\\x1a^\\xf0\\x8b\\xe7po\\xe8\\x92\\x08q\\xe6\\xbd\\xc6\\xb7\\x8f\\xdb\\xbe\\x10 \\x8dD\\x05zeK;>\\x13\\xd0\\xd4\\xc5\\x9e0\\x00C\\xa1\\xb4\\xa6-\\x13\\x1fS\\xcc\\xb7M}\\x9cL\\xef\\xa8\\x92\\xc24\\xec\\xd2/\\xb4\\xe0\\x17t\\xa9\\xcb\\x9a\\xfe\\xcdT\\xb7\\x9c\\xad\\xd7\\xa5X\\xfb\\xb1xi\\xda\\xb0'y,\\x86T\\x14@\\x850\\xdbW\\x1c\\xdd!\\x89G\\x84\\xc1\\xeb\\xccZ\\xcc+\\xf1\\xe5\\x89N\\xc2\\xb3\\x93,\\xb4mrz\\xf2\\xa0\\xdf\\x00\\x0e\\x9b$\\x9e\\xe0\\xc2\\xd9\\xa2\\x85c\\x8bh\\x91\"}\\x19\\xe2kB\\x95\\xfe\\xbf\\xd6T\\xfc\\xea0\\xce\\xefK\\x1df\\xe9]\\x1a\\x13\\x06\\xa0\\xc9cD\\x1c\\xbe\\x15\\xae)\\x87P\\x05\\x8c;\\x94(/(\\xca\\x12\\x9f\\x92\\xc7\\xacm\\xd6\\xb1+\\x1f\\xd9\\x04\\xf8\\x14\\xbcq\\x042+^\\xf6Ya+\\x93\r\\xbb\\x7f~\\x1f3\\xaf\\x9a\\xa2Fp\\xb7x\\xb9\\x8fhQ\\xcd4j\\xbe\\x15H*\\x89\\x036\\xf2\\x82\\xc8@\\x16\\xe7\\x87\\xd3Z\\x18\\xd6\\xcd\\xd9(\\xd7\\x99\\x1ak\\xbeB\\xb7M\\xed\\xfdk\\xbaQx\\xabnc\\xb4>&\\xf0n\\xda\\x0b%rw_Y\\xe9n\\x95O\\xf9^A\\xf1\\x1d\\xcd#\\xb1\\x98c\\xafC\\x03\\x94aH\\xa3\\xe0{\\xd40=}\\x05%\\x18\\xd0\\xea\\x7f/r\\xa3\\x85\\xf9\\xa2l\\x05?\\xd6\\x02\\xf6<\\xfd\\xfd\\xf0i\\x9c\\x1fr\\xca_~\\xf68\\xff\\xabF\\x83\\xd0\\x82E\\x0c\\xef\\x98=K\\xa2+\\xbb\\xc1\\xfc\\xeb#l\\xa3\\xa3\\xcd\\x97]\\xae\\x86\\xa0\\xf8rU\\xf7\\xf9\\xadGm\\xdfOH\\xa4I\\x844\\xcc\\xb08`]\\xee\\x01ZXJ\\xcd\\x1dJ\\xb8?\\x95kT\\x00\\xc4_0X\\xce\\xcb\\xb9\\xd2\\xfb\\x82\\xe2\\xa3\\xa8\\x8b\\x92\\xf5?\\xd6c\\x88\\x07l\\xd4>v\\xb2\\x8dzo\\xc4\\x88k\\xe8t\\xc1\\x8c\\xbdR\\x88q\\x14?\\xc7\\xe7\\xc4'\\xbepZ\\xe3\\x94\\x88\\xc3\\xd0h\\x9c{\\xa0\\xa9-\\xfd\\x84\\xb9v0\\xb9&\\x16\\xbf\\x91\\x1f\\xa2\\x83\\xb3*\\x19\\xb1\\x10\\xe6\\xe8\\xb9\\xa7\\xda\\xbb\\x05\\xe1\\x82{\\xc4oJeU\\xa3_\\x07\\xa6\\xba6\\xc4\\x14\\xf3\\xb9\\x19\\x8ex=\\x05_+\\xb9\\x1d\\xeahV\\xdb]n\\xbc\\x89\\x14\\xf0\\xe4\\x9eOH\\x1c\\x05\\\\xd0\\x10\\x89?\\x08\\xa0\\x1d\\xfb\\xff\\x1d\\x0f\\xe0o\\xc8\\xb5\\xe6\\xef\\xe5<\\x04\\x7f\\xf1\\x11\\x89\\x7f\\x03\\xf6\\x18\\xdb\\xa5b~\\x03N)\\x9b~\\x03>\\x84\\xdcg\\xfd'\\xe5\\x10\\xf1\\x8c\\xed/X\\xbb!L\\x8e\\xec\\xf9\\x8f\\xca\\x8c\\xa9\\xe7\\xde\\xe7k\\xeb\\xf9\\xfa\\xde\\xaba%\\xda\\xf9/\\xdd\\x9e#\\xce.&D- \\xbcWJ\\x0ca8\rKt\\xf9*R/\\x83\\x05w\\xac\\x1fF\\x8em\\xa5\\xdc\\xb6\\x18\\x9d\\x96\\xfcK*\\x16\\xf6|SS\\xeaa~\\x18\\xe2\\xa7bsOV\\x978\\x8ccY\\xb28\\xf1\\x06\\x1b\\xd9\\xa8b\\xfb\\x00g\\xf9\\xc5",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1d",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "?\\x1cPb\\x7fek\\x01n\\x1b'(Dx\\x84\\x1f\\x16\\xe5\\x13\\x8d\\x8a\\xbf\\xb9=\\xaf,i\\x9c\\xc7P#\\x98\\x8d\\xd2{\\xf1\\xe9\\xcd\\xa7\\x17\\xd2F\\xb7\\xbb\\x8c\\x85<\\xab\t\\xe2\\x1f\\xf2\\x1f\\xf7\\xe0_\\xcb\\s\\xc0]\\x11e\\x0e\\xe8pd\\x03R\\xdf\\xdc\\x06\\xe3W(=\\xddd\\x8b\\xa9\\x82\\x9c\\xdb\\x0e\\xf34'9M\\x18\\x9d;9s\\x13\\xcc\\xef\\xe8\\xd08S2$\\xff\\x9b\\xd3\\xb7\\x9d\\x93\\xce\\x90W\\xf0\\xe0\\xacj+\\x1a\\xc5\\x17\\xcfm\\xa1\\x18\\xcb\\xe4_\\xd1\\xc4r\\xe9|Q\\xa5\\x00\\xb6\\x19jE\\x9b[y%\\xfafk\\x1cn\\xf4\\xe3)\r\\x11\\x89}]\\xcd\\xd6\\x14\\xbf\\xcd[\\xa5\\x8c\\x04'\\xbb\\x17\\xcd\\xad\\xca\\x98\\xe7\\x08\\x1av\\xfc\\x91\\x17\\xf4\\x9d\\x19\\x94\\xc7\\xc0\\xd1\\x1a\\xb9'\\xd7\\x98\\xc9\\x11\\x11\\xe7\\x1bu\\x12=5\\x82\\xc0\\xa2\\x14c\\xcc\\x18\\\\x98.\\x1c\\x80#\\xd2;)5\\x1cJ\\x1f\\xa1\\x91>\\xe8)\\xe7\\x1e.\\xf7V\\x1a\r\\xc7\\xf5\\xa8\\xb3\t\\x95\\xbf\\xe2\\xd4\\xbd\\xfd\\x115Qo\\xa6\\x04\\xdee\\xe6\\xef\\xc3\\xc1\\xa4\\x9e\\xdb\\xbdUy\\xb3\\xd5\\xfe\\x8d\\xbe\\xc5\\x17\\xf4d\\xd9\\x15\\x93z\\xf3P\\xdb\\xd4x\"\\xa0\\xfb\\xf3&\\x8e\\xdf\\xeb\\xbc\\x9f\\xc6\\xb9\"\\x18\\xcbk\\xd3\\x18\\xd1\\xf9j\\xf2\\xd16\\xc6\\xa0\\xc4\t\\xdb\\xbekR\\xca\\x11\\x89_\\xdf\\xd9uKDb>-1\\xd2\\x87\\x7f\\x8e\\xa7\\x83c=\\xce\\x87\\xbb\\x07\\xcc\\xea9\\xa1;;[rp\\x1c}{\\xb2r\\xa5$\\x95)7d\\xe0\\xdc\\x99\rl\\xd2d\\xa2\\x189\\xfc\\xc2\\x84s\\xbe\\x11* \\xd5TKq0\\xf3u\\xb4\\xceV\\xfaxt7\\xc5\\x90>hU\\xb2k\\xdevvy\\xbf\\xc0\\xd5Q_+\\xbe*]JX\\xcc\\xff|\\xaa\\xadT\\xed2\\xc8d\\xe6\\x94\\xa7\\x9a}\\x19jm)\\x97\\xda\\x86\\xf1\\xc9\\x95W=Hvm1\\x17'\\xd6+\\xa5$\\xc9\\xd7\\xdeG\\x93\\x86?\\xff\\x1c0!4\\x83\\x1f!6\\xc5X%G\\x19T\\x1a\\x97\\xb1E\\xd8.\\xee\\xa5\\xa3T\"^S\\xd5$_\\xe3\\xf3C\\xb7`%Zg\\x80\\x85\\xfa\\xa7\\x98\\x9e]\\xff\\xa5X\\xecZ\\x14\\xadl(g\\xbe\\x91H\\xdf.\\x8e\\xd4n\\\\xf0\\x8a\\xdaw\\x9f\\xef\\xcci\\xc5\\xbc\\xcaI\\xa4\\xf9yJk\\xea\\x00\\xdd|\\x818\\xf5Jv\\xd5vL\\xd17\\xbb\\x87&O\\xf6\\xe9\\x97\\x05\\xf8\\x9b\\x9aj$\\x9dAF\\x17@\\xaaD\\x9c\\x88\\x9c\\xd2K\\xb1$\\xd08!\\xe6\\xeb\\x90\\xc4N\\x9d\\x95\\x81\\x00\\x1b\n\\xfc\\x84\\xbdRI\\xfd\\x95\\xe4\\xe6\\xb5\\xcdk-\\xcc\\xa9\\x92\\xf0u\\xcb\\xae\\xb0q\\xd8\\xc8\\x130V/\\xa4\\xe3\\xfc7\\xe0y1D\\x00\\xf4|m\\x19q\t\\xe9 \\xc1r\\xd5P\\x1e\\xe6\\xcd/\\x9c\\xb3\\xe2Hl\\x18r\\xa7i\\x8d\\x15oO\\xb3\\xa7\\xbf\\xd8<)\\xd7\\xf4\\xaa\\x90s_}3SS\\xea\\xd3\\xba\\x89\\x9a\te\\x16\\x95\\x7fGM\\x04\\xfa\\xa9\\xb4\\x0bY\\xcf\\xa5\\x92#\\x88\\xf8\\xb3\\xbf\\x0e*P\\xea\\xee\\x998\\xe3\\x94\\xa1\\xa7\\xb9\\x84\\x1b\\xbc\\xf0\\xcd\\xfa\\xabR\\x8f\\x002\\x9f\\xb5Iaw\\xab\\x18\\x1e\\xee\\xc2\\xf3\\xcdoR\\xb5L\\xdd?\\xc3}\\xa1\\xcb\\xc1gc\\xd9*\\xd7M\\xb0\\x87e\\xeb\\x9f\\x85\\xb8\\xe7\\x87\\x0eu?\\xac\\xdb2\\x14\\x13lD\\xb0\\x0cY\\x04\\x83\\xc7\\xe4\\x9e\\x1a\\xd4\\xb7\\xe7\\xda4=>\\x10\\xe9\\xa3\\xba<?,\\x98m1\\x14\\xca\\xc9\\xc8\\xf3\t,I\\x07i\\xb9\\x9f\\xc0\\x8aaJ;\\xec8\\xed]:\\x0b\\xa7\\x9a\\x8cV/\\x1bSC\\xa9$BD\\x01s\\xeax+y\\x1e\\xee\\xeb\\xd4\\x00\\x00G\\xd2P\\r~\\xe4\\xc9\\xb4g\\x08\\xdeH\\x1c\\x1b\\xf71\\xa6\\xed5\\x9e\\xe7TA\\xba\\x9e\\xfd9F\\xa9\\x03\\x82\\xf0\\x03\\xf3\\xc8\\xe9\\xf1\\x95x\\\\xbb\\x07\\x0b\\x11\\xfc\\x08\\xe3[\\x84\\x96\\\\xd9\\x01qZ{L\\xa4\\x85\\xa2\\x91$\\x01\\x14s\\xbb[\\x04s\\x1a}\\xf9+J\\x8e\\x06);\\xfeY\\x89\\xb485\\xd4\\xd7Z\\xdcz5\\x9d\\x13R\\xea\\xf2\\x96\\xa7\\xb2\\x85\\xd4\\x16\\xf6]\\xe8\\xbb\\x0f\r\\x9b+\\xd3\\x02\\x93i\\x18C\\xde&=\\xa5\\x99g\r\\x0f\\xee\\xee'`\\xc5\\xce\\xc3\\xe7\\x9cmH\\xd7\"\\x8b\\x1b'\\xd6\\x92\\x1f\\xab{\\x08w\\x1a@\\xa5d\\x84\\xf6\\xe7\\x99<\\xc8\\xacA\\xb7\\xe0#\\x95\\xeb\\xf7\\xf3C\\xd57\\xed\\x9b\\xb7\\xca9{,\\xa9\\xc0d#E\\xe5\\xc0V\\x91\\xcb\\xab\\xd2\\x8e\\xa7\\xf5r\\xf4)\\xe7\\x8d\\xa5}0\\x85\\x11\\x11\\xd7\\x8e+j\\xbb\\xd8\\xa8sCaN\\xee\\xb1\\x11\\xbc\\xc7\\xe3%wH\\x8fi\\xebr\\xc6Pv\\xe3\\xa5\\x11_\\xcf$\\xa5\\xd0\\x89\\xd4\\xd4Y\\x80\\xcdCxMk:c\\xe9@\\xec\\x86m\\x1b\\xa0\\x83R\\x9c\\xf8\\xf4!H\\xa2s\\xe6\\x1dD\\x861*2W\\x9fl\\x04\\xef\\xc7\\x16\\xba0I\\xf1\\xf5l\\xcfTe\\x16\\xc1\\x83+S\\x9f\\xef\\xf5I\\x1b\\x13\\x1d\\xcfQ\\xf2\\x10\\x80d\\xeft\\xc0\\x8b\\xbc+U\\x11\\x94\\x94\\x86\\x06\\x1d\\x80!P\\xf9-\\x7f&\\xd4\\x12t\\xfc^>(\n\\x87\\xe50?\\xab\\xf6i\\xe3\\xfc\\xe3\\xe9h\\xe3y\\x1b\\xac\"\\x82\\x19\\xefk\\x19&\\xa6\\xd6\\xc7\\x06\\xa6j\\xc5.\\xc95q:J\\xe3\\x1e8\\xdb\\x93>\\xc7\\x18\\xe7\\x13\\xff\\xab\\xb3\\xaf\\x0e\\x8b\\xea\\xeb\\xfe\\x1d\\x1a\\x91\\x90\\x92\\x1a\\x18b\\xe8\\x90\\x12\\xe9\\x10I\\xa5\\xbb[B\\xe9.\t\\x01\\x05\\x87\\xeeF\\xba\\xbb\\x14$$\\x86\\x1e\\x05\\xa4K\\x07\\x18iI\\xa5\\xef\\x0c\\xea\\xfb\\xfd\\xdd\\xe7w\\x7f\\xef}\\xef\\xfd\\xe3<\\xcfy\\xceZ\\xeb\\xb3>{\\xed}\\xce\\xdeg\\x9f\\xb3\\xd7\\x06\\xf0\\xcf-\\xb14e\\xac{\\xc5\\x81\\x9f\\x97b\\x9a['\\xe6\\x9a.hYD\\x91\\x82\\xe9\\x9ew\\x82!:\\xc1\\x98d\\xdb\\xb7v\\xf6t\\xb7w\\xee\\xe9\\xfa\\xea\\xce\\xad\\x00\\xca\\xd2MIL\\xa4q\\xdev\\xad\\xae\\x97\\xc6\\x8a\\x06\\xa6l\\x9a\\x1a\\x93\\x10\\xe3H\\xf8\\xad\\xa0~v\\x9ax`$\\xb4\\xf1\\xd0\\xb8\\xb0\\x9e\\xa5\\x1f6\\xda\\xe4\\xe6z\\xf6\\xc5\\x7f\\x9e\\xa5\\xe1Nj<h\\xccd\\xa3E\\xbc\\xc6\\xea\\xd7\\x99\\xbfNE\\xd8$C\\xc4\\x9aM\\x1b}^t!\\xc4v\\x1d\\x1f@[\\xf7\\x9d@\\xce\\x95\\xa9w\\xf0$\\x85\"\\x92\\xf1\\x96\\x9e;o\\xb7\\x84\\x9a\\x93O\\x1eV\\xed\\xc4\\xf8\\x19\\x17\\x18\\xd2\\xe0\\x1b\\x956\\xc0\\x84\\x19\\x92\\xe5I\\xebwT\\xb1\\x91\\xf7\\xb0\\xcfl\\x87\\x8b\\xd1\\xad\\x94P;\\xd9Rq\\xf5HB\\x94\\xd0\\x17\\xea0\\xf0@s\\xe7 A>\\x8av>\\x94]\\xd8l\\xd3a\\xe1\\xa56\\xc5D\\xa1\\xd6\\xa8xT\\x9e\\x184G\\x1b\\x12\\x8b\\x90&\\x1d\\xcc\\xdby\\x1dTX>$\\x94\\xba8\\xb4R\\xf6\\x1c\\xe2>\\xdfiX\\xc4\\xfd:\\x86\\xbd\\xb9\\xe3\\x94q\\xe6\\x94\\x96Z\\x08\\x08\\x0cT\\xbc\\xf8n\\xb6\\xc3\\x12q\\xa7\\xc37\\x96\\xd9\\x12\\xa3\\x84\\xfe\\x87\\x14\\xfeU\\xe3FU\\xcd\\xceZ\\\\xdc\\xb6.}=\\xef*\\x16\\x87\\xb0\\x94L\\x14\\xa06\\xc3\\x98x\\xd8\\x198fm\\xcf\\x9c\\xc0.D\\xfb\\x16/\\xe4S\\xfc\\xd8\\xadr% \\x8e\\xaaQ\\x84\\xee\\x12\\x0b\\xee\\x8cS\\xb9\\xbc\\x0fm,\\xb9\\xe0\\xc4\\xe6\\xd4(Y\\xc3\\xa0;\\x15\\xe0\\xf5\\xec\\xb9\\xc7\\x98\\x94\\xb2U&l{{\\xd0\\x05\\x93\\x84\\xe4\\x1b\\x8b\\x93Y\\x8e>Q\\x15@\\_\\xee\\xa4\\xa2\\xd4\\xf0)\\x9d\\xb1\n\\xd7#\\x1e\\xef\\xe0\\x07\\xf8W\\xe4n\\xdch\\xd6Q\\x02\\x88\\xecs]\\x05\\xe3\\x1a\\x0e\\xf5\\x16\\xbal>\\xd8t\\x93f\\xf41.f\\x9b\\x8d\\x8f)nh\\xbd\\x87c\\xd85\\x80'\\xc8\\xd0\\xbf\\xaf\\xbc7e\\xde\\xf0\\xa9\\xca\\xdb\\xaf\\xecY\\xf8\\x90\\xfd_\\xb6\\xa8}n\\xedj\\x0b5[[\\x9f\\x9ezC!nBN\\xd7\\x80\\x10?\\xd7\\x89*[\\xfb\\x1f\n\\xee\\xfe@\\xfe:\\x9d\\xe7\\xe7\\xb61\\xe9\\xddE\t\\xebgL`7\\x15\\xfet\\x11O\\xabi\\xa6\\x0b\\x8eI\\xdeMFE\\x9b\\x88\\x1dy\\xa6\\x8f\\xca\\xe0\\xafd@\\xab\\x12`\\xfc\\xe9',Ws\\x95\\xd7\\xef\\x0f?\\xd9xow\\x0f\\x98\\xcc\\xbboL7)\\x94~L\\xf9\\xe9\\xd6G\\xccL\\x86O\\xe2\\x9e\\x15\\x1c\\x88Se\"\\xfa\\xa2\\xf2\\x01Q\\xa6_v\\xb1\\xc4\\xb2\\xd0\\x03\\xb8\\xf0\\xd1\\xa2\\xc6\\xd2\\xac\\x83\\xfb\\xe0\\xbar\\x8d\\xc7\\x13\\xff\\xb0\\xb2C\\xf4\\xf6\\x98\\xce\\x90\\x8bR\\x8cE\\xc1\\xbdS\\xec\\xb9\\xa0i\\xcck\\xc0'9\\x97 \\xe2k\\xc0\\xaa\\x80\\xed5\\xc0\\xf4\\x1ap\\xceW}\\xa8z\r\\x88\\xb3)\\xb9t\\x89\\xfd\\xefS\\xc5\\xefk\\x83\\xfa\\xe4\\xefw`\\x8b\\xa3r\n7\\xc0#$\\\\xa1\\x1a\\xad\\xa1\\xeb\\xe0\\xd0OL\\xbd&\\x11\\xb7_\\xfc\\x00\\xeeZJ(\\xee\\xcd\\x93\\xcf|p\\xad5\\xed!\\xff(>\\xa2\\xab\\x08NF\\x9bmc\\xeb\\x82\\xc7\\xfcb-\\xf9\\xe0\\x9bv\r\\xf8\\xfb[",
        "buffer_size": "13365"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x16",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x00\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00",
        "buffer_size": "21"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x81",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xc8\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x9c\\xba\\x05X\\x94\\xed\\xd66|\\xd3 \\x08\\x02\\x83\\x82\\xb4\\x03\\xd2HI\\xb7\\xd2]\\x92\\xd2\\x92\\xd2\\xd2\\x9d\\x02\\x0e\\xdd!9\\xb4t\\x97\\x840t#\\xdd)--\\xfd\\x0f\\xfa<{?\\xfb}\\xf7w\\x1c\\xff\\xf7\\x8d\\x87\\x1e3\\xf7\\xb5\\xae\\xb5\\xd6y\\xaes\\xad\\xeb\\x9e\\xb9\\xc5k\\xaaBBG|\\x84\\xf0\\x0cG\\xd1\\xde\\xc6\\xd4\\xde\\xc0\\x8aB\\xce\\xc0\\xda\\xc0\\xf4\\x9d==6\\x07\\x8f1\\x05\\xb7\\x19\\x05\\x1b\\x9b\\x15\\x05\\x07\\x97\\x03[L\\x15\\xd2\\xdd\\xd4\\xdd\\x12\\xf0HZ\\J\\x1c@@@\\x00\\xf4\\xe1\\x7f\\x80\\xbbY\\xe0\\x15\\xf0\\x10\\xe3\\x01\\xe6\\x03\\xf4\\x87\\x98\\x98\\x988\\xd8\\x0f\\x1f\\x81(\t@xx ZR2BJ\\x16z6\\xd6\\x17\\xf4\\xccL\\x1c|2\\xc2\\x1c\\xdc\\x12<L\\xcc\\xa2\\x9a\\xa2\\x12\\xf2\\x8a\\xaaj\\xaa\\xecBo\\x8dt\\x94\reTT\\x95\\xee\\x9d `\\xe3\\xe0\\x80pA4\\x04\\x044J\\x9c\\xcc\\x9cJ\\xff\\xd7\\xaf\\xbbV\\x00\\x17\\x1da\t\\xd1\\x07\t\\xe1\\x19\\x80\\x88\\x8b\\x80\\x84\\x8bp\\xd7\\x01\\x90\\x03\\x00\\x02\n\\xc2\\xef\\x17\\xf0\\xd7\\x0b\\x01\\x11\t\\x19\\x05\\x15\r\\x1d\\x9e4\\xdc\\xa0\\xfa\\x11\\x80\\x88\\x80\\x84\\x84\\x88\\x8c\\x84\\x82\\x82\\x8c\\x0c_\\xf5\\x84\\xaf\\x03\\xc8\\xb8(x\\x94\\xac\"\\xa8\\xf8J\\x06h\\xcf\\xec@l\\xbeQ\\x99\\xe8`\\xd1\\xf26\\x02\\xe5\\x91\\x9fT\\xec\\x86\\xf6~\\x18\\x0f\\x1e?!$zJ\\xfd\\x9c\\x86\\x96\\x8e\\x9e\\xe3%'\\x177\\x0f\\xef\\xab\\xd7b\\xe2\\x12\\x92R\\xd2*\\xaajo\\xd454\\xb5\\x8c\\x8c\\xdf\\x99\\x98\\x9a\\x99[8|ptrvqu\\xf3\\x0f\\x08\\x0c\\xfa\\x18\\x1c\\x12\\x1a\\x1d\\x13\\x1b\\x17\\x9f\\x90\\x98\\x94\\x9c\\x95\r\\xcd\\xc9\\xcd\\xcb/(\\xac\\xa8\\xac\\xaa\\xae\\xa9\\xad\\xaboh\\xff\\xd6\\xd1\t\\xeb\\xea\\xee\\xe9\\x1d\\x1d\\x1b\\xff>195=\\xb3\\xbc\\xb2\\xba\\xb6\\xbe\\xb1\\xf9ck\\xfb\\xf0\\xe8\\xf8\\xe4\\xf4\\xec\\xfc\\xd7\\xc5\\xe5=.\\x04\\x00\t\\xe1\\xef\\xd7\\x7f\\xc5\\x85\\x0b\\xc7\\x85\\x88\\x8c\\x8c\\x84\\x8cv\\x8f\\x0b\\x01\\xd1\\xf9\\xde\\x00\\x17\\x19\\x85\\x92\\x15\\x15OD\t\\xcd\\xc0\\x0e\\xff\\x19\\x9b/:H4*\\xb3\\xbc\r\\x03\\xcc\\xae\\xfc\\x93\\xc0\\xd0~\\xe4\\xc1c*\\x8ee\\xea\\xc3{h\\xbf\\x91\\xfd\\xff\\x03\\xe6\\xf7\\xff\\x84\\xec_\\xc0\\xfe\\x8dk\\x06\\xc0BB\\x80\\x17\\x0f\t\\x17\\x10\\x02 \\xc9\\xec\"E\r\\xa2\\xd9o\t>`=H5\\xad\\xf6d\\\\xef{\\x02^\\xa3\\xfb\\x96&-\\xd0\\xdb\\x83U\\xe1\\xd9\\xddCV\\x97\\xdbC\\x12\\x95\\xcaK \\xb8R;\\xd3#\\x83*\\x85~f\\xed\\xad%.\\x9c\\xa4Ij\\xb7u\\xde\"\\xbd\\xa6QY\\xbfT\\x9ce*p\\xa1\\xa4^M\\xe0+\\xed\\xaa\\xb4K\\xc3\\xc3\\xb3\\xf3K\\xed\\xe9N\\xc0\\xf8j\\x7f8}\\xe4\\x87\\xb5\\x95v\\xc8\\x88\\x98&B\\xb2\\xec\\x88\\x18\\x12\\xd6\\x88\\x18\\x080\\x89\\x0e\\xa5\\x05\\x06\\x88\\xb2\\xa2}\\x83\\xcc\\x06@\\x8a\\x88&\\x90\\xfb\\x95Q\\x93x\\xf8\\x05sv\\x19)a\\x0c1&j\\xf8\\x05\\xe5\\x95h\\x9f\\x07\\xd2Z\\xd2\\xa8\\xd4\\xa0\\xaaX,ii\\x1d\\xa5PTjjf:Z\\xc2X\\x93PiTP\\xec\\xef\\xab\\x8e\\xd4H\\xf8\\x1cI9\\xd0\\x0cCe\\xe5\\x11\\xe1\\x0e(\\xfc]&\\x1d\\x9d9\\xdcHyT\\x91\\xf5!5\\xdc\\xd5\\x03i\\xda\\x0c\\x03)\\xb8\\xe3o\\x1c\\xf0=\\x802|\\x81\\xe5w\\xfc@\\xd4Pi\\x80\\xf6\\xfe\rQV(@G\\x9b\\xe5\\x1b\\x08\\xb7\\x07@JbHHR\\xf0L\\x95\\xc4@X[a\\x9ac\\x89\\xc5\\xbb.\\xdb\\xf6h\\xebj\\x03\\x82hG\\x9b\\x12\\xbb_\\x1e\\xbe\\xfe\\xbe2\\xb2\\xaa\\xe2Q![\\x89\\xb5\\x83\\xcf\\xb4V\\x99\\x98\\xc3\\x86\\xcb\\xe8B\\xe3<\\xfc&l\\xe8\\xf2\\xac \\xda\\x8aw\\xb7\\xc0\\x10\\xd2k\\x8f\\x14.\\x92_\\xaaE\\x95\\xf4\\x89\\x9b<\\xcc\\xe5\\x94\\xfe\\xf9\\xee\\xf7\\xa4\\x13\\xd0\\x16GI\\xb2YO\\xcb\\xfbA\\xb4\\x8c\\xc2j\\xa6o!4&\\xa4\\xec\\x9d\\x12\\xba\\xcd\\xd4fT.j9\\x03\\xca\n\\xfd\\xd2\\xb49Elx\\xa1\\xb4\\x19\\xc8YpV\\xe0I\\x81\\x80\\xdfphs\\xb2|\\xf0\\xa2?K\\xc9\"g\\x83\\xaa\\x14Y\\xab\\xe0\\x881\\xa4d\\xc4\\x90\\xf0\\xa2\\xe3CQ9C\\xb5h\\x11\\xee/\\xc1FU\n\\xe0\\xf8c\\x7f[\\x8c\\x1a\\xfa\\x86H\\x9a\\xdf\\xf3\\x11\\xbb-\\xfd\\x80X\\x8c\\x99\\x8eU\\xb8\\x83\\xe3\\xf7\\x1a\\xfc\\x02\\x9cP\\xba\\xdf\\xd4\\xc1\\x9d\\xd3\\xd1\\x8d\\xc7\\x82(\\xa19\\x1c\\xb1X\\xbf\t\\xbc\\xbf\\x88\\xf0\\xdb;<\\x11C8\\x17@\\xac\\xd2\\xfd\\x07-i\\xe0\\xafuxt1\\xd0}V\\xd0\\x0c\\xc4PZ\\x10\\xd66\\xceh\\xa4/\\xe4l3m\\xbe\\xa5C9\\xb9\\xf4\\xc5\\x0c\\x86\\x98\\xc6\\xea\\x87p\\x05\\x9eW$\\x1e\\xd7^\\x89\\xc8F\\x0b\\x15Etb\\xba\\x0f6c\\xc4Yb\\xaa\\xe6C\\xeaH\\xbb6E<N\\xdf\\xdf\\xc8\\x89l\\xbe5\\xc8\\x9agu\\xe2\\xee\\x89\\xe1y\\x1b\\xf0.\\\\xd0(\\xa6K\\xde\\xef3\\xd5dc\\xba\\xb1\\xa43\\x99\\xe6Z\\x1fn\\xe0j\\x1eI\\xe9\\x8e\\x86\\xbb[\\xc4\\xed\\xdb\\xcfB\\xea\\xd0\\xaa\\xb3\\xfc\\x04\\xf0Dh\\x80\\x94\\x9b\\xf2k\\xb3U\\xd4\\xd7\\xd3\\xf5\\x84\\x00\\x0f\\xcd\\xfe\\xeab\r\\xaf\\xea\\xaf\\x97\\xcd<\\xbd\\xce\\x1ba\\xe1nU\\xcb\\x98\\xf6\\xbd+Jb\\x04\\x99\\xc1\\x7f\\xf2\\xbd\\xaf\\xef=\\xfa?T\\xc6\\x87\\x02\\xd2t\\xe6t\\x10i:\\xb3\\x0cdhNV$\\@\\x7f\\xae\\xc3\\x99a\\x02\\xc1\\xa8)s\\xb2|\\xc3\\xee\\x8b\\x10\"%\\x0f\\xbd7\\xb9g\\xeb)\\tx\\x91p\"\\x1e\\xc0-\\xfd\\xe1|\\xff\\x93\\xf4X\\xd0\\xfdN,+\\xd4\\xdf\\x9b\\xa4\\xffV\\xe2o\\x99\\xdd/H\\xd3r(\"\\xde+K\\xfa_z\\xfb\\x9d\\xcf\\xdf\n\\x04)\\xfdf\\x95=\\x9fC\\xd1,\\xe3\\xa7\\x1f\\x9c{8\\xb7\\x19H\\x1c\\xfaJb\\x14\\xf8d\\xb1\\x01\\xb8\\xf2\\xd9\\x1cXV\\xa0}\\x01\\xdaV\\x8eV+j>sh'e\\x88\\x18\\xf3\\xbdVBi\\x11\\xeeka\\xa8\\x04W\\x02a\\xe2\\x7f i\\x95\\x96\\xd6\\xfa\\x93\\x1e\\x16\\x1c0\\\\x02pc\\xc2\\xa0\\xe8\\xfb\\x1c\\xef\\xbb\r\\xef\\xf7\\xbb\\xfbb?5\\xa7\\x1b\\x0f\\xba\\x87\\x0c\\x17Tt\\x02\\xe8\\x1e\ro\\xe40\\x07'\\u\\xf0\\xee\\xe2\\xa8\\x8a\\xed\\xc5\\xfb\\xf3\\xf6w xSu\\xc0\\xd9\\xf9\\xd3\\xa7\\xa0\\xd8\\8\\x9d\\xbf\\xe3\\xfc\\x87P\\xe0`}\\xe0`}xc\\xa4\\x83GY\\xd4\\x888\\x82R\\xa8\\xc7\\x84\\xbf\\xeaP\\xd8XkF\\xd8X$\\xf1\\x81;\\x03\\?\\x7f\\xf2\\x9b\\x06.B\\x9e'\\xec\\x8e\\xd4\"=\\xab\\x9cXY\\x05\\x9f\\xaf\\xc5L\\xf9\\x0e\\x98iK\\x1b\\x93\\xb3|\\xc3\\xce\\xaa+\\x1c\\x84\\xaa\\xc4\r\\xa4\\xe2Q\\xa4\\xcd/\\x83\\xf9\\x0b~\\x88\\x89ic?\\xd6v\\x16\\xdfgx\\x06y\\xcc\\xb0\\x83k\\xbe\\x1f\\\\x80-\\x02g\\xa0d\\x95\\xe2\\x9e\\x0b:38\\x9dD\\xd0,\\x9f'\\xa1r_\\x83B\\xe9|\\x02pgBuFROA\\xc0\\x0c\\xdd\\x14(E\\x0e\\x0e;vT\\x99\\xf0\\xaf\\xc1\\xf1o\\xb6\\xa8Y\\x7f\\xd7\\xe5\\xcf\\xdc\\xb9G\\x10\\xf4\\x07r\\xe7=S1 x\\xdbp\\xc6\\x80V\\xa5d\\xcd\\xe0E\\x8e\\x1c\\xbeo\\x9c\\x99\\x07\\x8f\\xe0\\xf5\\x7fH\\x19\\x06\\xcdSVd\\x85*\\xab\\x14\\xd0\\xc5\\xde;Bz\\xf4/Y\\xc0g\\x95\\x1d\\xf4w\\x1f\\xddW\\xde\\xe7OS\\xc1\\xf9k\\x8f\\xfe\\xc3\\xdfo+\\xc3\\x7f_'\\x95*T!\\xad\\xac\\xb1\\xd8*n\\xa1?[\\x19\\x93\\xab-\\x7f\r\\xa9\\xe0\\x8f`G\\xf0C\\xb8j\\xe6\\x9d\\x14p\\xfb\\xda\\xf3\\xdcu\\x8aWpBN/\\xb3[\\xcc\\xf6\\x89b_*\\x05\\xb1D\\xf5\\xfb\\xd6\\xedz\\xaa\\xd3/\\x07x\\xdfj\\xdf6\\x99\\x8d#\\x1f\\xe3\\x00\\x1f\\xbeL\\x95X\\xe3c\\xe0\\xb7\\x94\\xedh\\xc8\\x7f7?\\xea{=\\x182\\xdcT\\xfa\\xa4\\xe6\\xa3\\xf29\\xa5\\x11\\xa5\\xbc\\xd4J\\xa1\\x1a\\x1f\\xf7&\\xda@]\\xd4'\\\\x9f\\xfa%\\xb5\\xe2\\xef.:\\xfc,\\x87\\x16\\x02\\xee\\xa9/\\xb5\\xed\\xab\\xf7yC\\xad\\x97\\xc5\\xb7\\xb7\\xeb\\xe3>*+[g\\xdbf-1\\x81R\\x02\\x9fo3\\xf3ag\\xa54\\x84\\x8d\\xeb0\\xc2?\\xe7\\xcf\\x8b\\xb5\\xb7\\x8fH5\\xc48>!\\xbd7\\x03Yg-\\x1bLs\\xd8\\xba\\xab8+\\xd5)\\xd9\\x965z>\\xa4T\\xe6\\xbb\\xbf~\\x9e\\xb5\\xfa@\\xfa\\xedm\\xd3H\\xdc\\xe5\\xfd\\xd0\\xf1&\\x19\\xc5\\xdf\\x11F\\xa5\\xa3\\x9d\\xa3c\\x17\\xdee\\xa2&\\x82\\xce\\x0bwB\\xa1\\xf3\\xe2\\xdb\\xce\\x84JR\\xc9r\\xe3XZ\\xd2\\xecR\\xc9\\xcc\\xac\\xe6\\xac\\xe2\\xdb\\J\\xb6x\\x10E-x\\x10Be\\xa5\\x06H(3\\xdc\\x81\\x14t\\xe0\t-\\xfcx\\x18\\xc5\\x17\\x83Q\\x83L\"\\x93\\x99\\x15\\x13\\xb3",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "=",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x84#\\xfb\n\\xa7\\xcb\to\\xda\\xc8\\x7f\\x1d\\x96\\xc0F1\\xb4z\\xa7\\xfd\\xf0\\xb0\\xe8\\xee\\x9f\\xcf\\xaf\\xf2\\xbbA\\x92s\\x92\\xcb\\xda\\x8epn\\x03,\\x8b\\xfe\\xfc\\xc8j\\x0c\\x0bU\\x91\\xd2]>\\%\\xab;\\x1b\\xcf\\xadv\\xd1\\xe2S\\x0b3rE\\xac\\xd1\\xc63\\xa5\\x8c\\x98L\\xcb\\xce#\\x98\\x12\\xb0{\n\\x19\\xeeAV\\xfa\\x12\\x98\\x132\\xc7r\\xf4\\x93E\\x81\\xe4\\xbc\\xd35\\xe9\\xe3\\xb4@S\\xde\\x9e\\x87\\x9f\\x9cZN\\xb8\\xa3\\xcb\\xa3\\xaa\\x0c\\xe6\\x9b\\xbdzU\\xec'\\x02]\\x0ei\\xb9\\xd1\\x9bju\\x9f\\xbf\\x8f3\\xca\\x12\\xd63\\x0cj\\xf8`lro\\x8d\\xe6\\x8f\\xe8\\x1a\\xec%\\x04\\x15\tM\\xbd\\x19\\x89e\\x03\\xd4y\\xc0\\xf4\\xdav\\x84[\\x93-Z\\xef`\\x99\\x1c\\xa3\\x07z\\xf3\\xb7\\x07};uQ\\xfb\n4\\xc5\\xaaY>\\x1c\\xda\\x1au.\\x06a\\x93\\xc1\\xed~j\\xd32V\\x84\\xa4\\xbc^\\xa4\\x169\\xf3\\xdf\\xe6\\xe78\\xf6\\x11+\\xf5\\xf5\\xdd\\xb1\\xbch\\x162\\xb3|^x\\x9b\\xf9R7\\x16\\x97\\xbd\\xb2Ny\\xf2\\xfe\\x0b\\xc6\\xa6\\x80\\xc3\\xbeE\\xe3\\x1c\\x06i\\x9a$\\xd8\\xc4\\xdc\\x03\\x06\\x13\\x06_\\xd5\\x91\\xb6h\\x05\\x85\\x02#\\xb7\\x93\\x8e\\xcd\\x96P_\\xa5`\\x80\"\\xaa\\x06\\xf2\\x81p_\\xa0AM\\xb2\\x04Y\\x0e\\x1f\\xdd\\xc7\\xac\\x87:nZ\\xc6t\\xeeCW\\xf5+1@\\xcfJ\\xcb\\x84\\xeb\\xe1z\\xc9V\\x82\\xf9E\n`D\\x12\\x1e\\xb0Z\\xbf\\xc9?\\xf6\\xac\\xc9of\\x7fa\\x05SQ\\x96\\x96\\x8d4b\\xf0\\x0eX\\xe0\\xbeU\\x93\\x0f\\x05\\x1a\\x1a\\xa0}\\xd6V\\xdf\\xc1\\xb8k\\x04\\xed\\xd7\\xddH\\xa6\\x08\r\\xa7\\x02\\x16\\x0c;=6\\xef\\xd4c\\x00\\xfa=54nR\\xef\\xa4\\xc2\\x13E\\x14X}\\x00\\xf5'\\x14\\xe6\\x9ftX\\x10\\x16\\x9c~\\xc95r\\xb7\\xa7\\x17\\x1ao\\xef\\x80\\xac\\x0c.\\x1a\\xaa\\x03\\x9b\\x84\\xd4\\xc3_\\x97\\xdf\\x19G\\x87Qv\\xc2d\\xf6\\xf0\\x8a\\x04\\xbe\\x88!%=\\x15\\x18\\xf8h\\xc8\\x1a\\xed\\x90\\xf6-G\\xca\\xa8\\x88X\\xc3\\xc8\\xa7=M\\xc3\\xf6m\\xd7\\x02\\x05\\x8b\\xcdP\\xe8\\x00\\x9c(l\\xe8W\\xa3(\\x8b !\\xa6l1\\xe6EZC)\\x9e}y\\x0b\\x06\\xe2\\xfc\\xe2\\x8d\\x90\\x05@\\x14\rK5\\xf5\\xeb\\x92\\xf0\\x10\\xbf\\x91@a\\x0e\\x08\\xc1\\xdaS\\xd4\\xdcH\\xa3\\x15\\xb7\\xb0\\xec\\xdd\\x94B/\\xe2\\x1e\\xd2Q\\x81\\xf6\\x1b\\xa7\\x85\\x87U\\xdaTs\\xeft\\xd2Sk\\xd8\\x1c\\xd2x\\xb1\\xe3\\xd2\\xc5\\x00\\xdd\\xa7\\xa9Y\\x03V\\xa2V\\xaf\\x85\\x98'(\\xf6\\xe6\\x1b\\xc9\\xae\\xcf\\xf3\\xbc-jg\\xc8l*\\xc5\\x9d)\\x94\\xa1\\xd1\\xc4\\xf3-M^\\xd5pK\rW\\xc3\\xdb\\x81 \\x14Fc<\\xf6\\x1au\\xc0\\x18@u?\\xc9\\xc2\\xcc|X5|\\xf1\\xe0\\xd6Z\\xd0\\xb0\\x83\\xa0\\xad\\xbbp\\xbc\n\\x01z9?\\x06\\x06\n!2\\xd7\\xdb\\x92\\x06\\x8d\\xa485\\xdc\\xf9\\x0f\\xaf\\x83\\xfe?\\xca\\xde;\\xac\\xa9\\xee\\xdb\\x16\\x0e\\x04\\x08\\x02\\xd2\\xa4wH\\x90\\x8e\\x10zo\\x12z\\x97\\x8eH\\xef-\\xa1\\x83tA\\xc1\\x10 t\\xa4Jo\\xd2;J\\xef%J\\x93\\x0e\\x1a\\x8a\\x80\\x80tQ\\xc0\\xcf\\xf7\\x9c\\xdf\\xb9\\xf5\\xdc{\\xcf\\xf7\\xff~\\xd6\\xb3\\xf6z\\xd6\\x9es\\xec9\\xc6\\x1csq\\xd0\\xde\\x88\\x1d9\\xb4K\\x19\\xe8\\xc1%y~\\xb0^e\\xa0H\\x9a\\xbd\\xa0A\\xcco'\\x14\\x11\\xab\\xc1\\x16\\xee\\x1f,\\x16\\x1a\\xbb^Su\\xd2\\xf8\\xe2tL\\x12@B.'b\\xfe\\xf7$w\\xe69m\\xaa8\\x12\rTx+0\\x80\\xb2\\xc9p\\xe5\\xe4}\\xe0T\\xec\\xc2\\x82\\x10\\xf8U\\xbf\\xa9/\\xf9\\xb8\\x12\\xebK\\xa3\\x99JC}\\xfc\\x9f-\\x12\\xb1\\xe4\\x10\\x8a8\\xa5\\x16\\xb3\\xd4\\xe47m\\x9e7\\xbf/\\xaa\\xd0\\xe3\\xa7\\xa3\\xd3[\\xb9hx~\\xb6\\x94d\\x99\\x81\"-A\\xa1\\xca\\xe3\\x1d<\\xc1\\x94k\\xd5\\xc6p\\xbfa!5/\\x99\\x04_\\xb7\\xc6zc\nXUQ\\xfa\\x13\\xe7H#'\\x05\\xf6'.\\x85\\xc4)\\xfb\\xa4m\\xc9\\xabc\\x94\\xe3v\\x8a\t5\\x83\\xa4\\x04\"&\\x0cw\\xf3\\xcd\\xb6n\\x14\\x0b\\xfa\\x84t\\xac\\x87G\\xc3G\\x07\\x87\\x07\\xe6~\\xfax\\xf5V\\xb2\\xc4\\xd0r\r#\\xdb\\xdd\\xc2Q\\x85\\x99\\xda\\xb2Z~[\\xcd!\\xba\\xe7\\xdc\\x81c\\x13\\x87\\x86\\xc5{\\x91\\xa1&aT\\x00J]\tJ\\x1f!h\\xa8\\xf1\\xa7\\xaa\\xd5x\\x06\\xefL\\x8c\\xcbMY&S\\xfdh\\x9f\\\\xd30o:\\x15\\x8e\\xab?q\\xac{ \\xd9Y\\xbf\\x16\\xae\\x86L\\xbc\\xe7\\x88|\\xf7\\bE\\xdc\\x8b\\x957fw\\xd3Op\\xe8\\x9c6\\xb7rw\\xa5\\xf6u\\x0c\\xfe\\xb9\\x02u2j\\xb8\\xd0?\\x80\\xca\\x95+\\xabw\\x87\\xc5\\xc0\\xf2\\x16\\xe1\\x16\\x8e\t\\x1fy\\x0c\\xf9\\xdf\\x9fL2\\x19S\\xa4\\x03i\\xf6U\\xd5\\x13}\\xbcKS\\xf4\\x92\\xce\\x8ej}*\\xf2\\xa5~o\\xa4/*<\\xdd\\xc3]\\x84\\xb0\\xbb\\x87\\xe3\\xc1\\xd9\\xf1\\xde\\xe9\\xed\\xe1F`\\x99\\xefp\\x08\\xf6\\x9f{%F\\xda\\x85\\xe0\\xa2\\xe4\\x87\\xdb\\xd3\\xf1b\\xc3C.\\xb8\n\\xbe\\x8a\\xe5\\x91D\\xf3d(w\\xb5\\xe6n\n?\\x9b\\xf3\\xfb{r\\x0c\\x86\\xee\\xa6\\x94j\\xbcT\\xc6\\x94L\\xd1%\\xd1\\xd0\"=\\xb9S\\x90TI\\xfb\\x02g>+\\xb7\\x12\\x95{C\\xea\\xbd\\x82\\xaf\\xc3\\x11\\xe7\\x14\\xe6s\\xfa\\xf8-=>\\xad\\xdb_\\xcd!mac`a\\x8c\\xd5\\xe6\\xaf3#\\x95\\x1a+\\xc5\\x8aJ*.W\\x10\\x7fWS\\xf4\\x08\\xd3\\x1f@\\xb7\\xbbx\\x02`Q\\xc7\\x82*G\\xd62\\x856\\x83F\\xfbA\\x06;Q\\xd4\\xe7\\xa8)\\xfd\\x9c\\x83iA\\x0b<\\xbc\\xaa\\xb7\\xe4zG\\xfd\\xe7#\\xb2'\\x07\\xc6\\xdf\n\\xefK|\\x16\\xb4\\xd8\\x16T\\xaeH\\x87>\\xd9J\\xa6\\xdb\\xa4\\x01~\\xc6}\\x9b\\xfa$\\xe5\\xfb\\xdd\\xc46\\xafZjd\\x8d\\xda\\xb8e\\xc0\\x06<\\xa7\\xf8\\xef-\\xcd9\\xd9M\\xebn(\\xc6a\\xcd\\x88\\x1f\\xa5@-\\x8e\\x94\\xbf\\x87.|\\xa9u\\xa6\\xac\\xaa\\xf6yR\\xedg\\x03#\\xbcIT\\xd1R\\xa4ln(\\x10\\x12\\xe8d\\xf3\\xf0\\xbc\\x8e_J\\xd2\r\\xc6\\xbc\\xd7\\xa3\\xfe\\x03\\xc8\\xa4\\x1c\\xfe\\xc1_\\x08\\xb3\\x93\\xb2\\x83\\x96D\\x83X^^\\xcf\\xf3r\\x03\\x95u4\\x8e\\xecB\\x83\\xe7ix\\x1c\\xce\\x98\\xd3(U\\xfe\\x00\\x82H~\\xc1\\x13\\x1ch\\x85\\x17uv,\\x1brS\\x90\\xf5\\xdc\\xa0\\x06\\xc0\\xcd\\xc0\\xe2\\xbc47\\xd0D.\\xfcH\\xec\\x15\\xbe\\xd5\\xdbX\\xd9\\x82,\\x80\"\\xdda\\xdf\\xbe\\%\\xe3\\xd3.a\\xd9PS\\xd0\\xd1\\xf3\\x91\\xed\\xeb\\x80_7\\xab!W;\\x8d\\xdf\n\\x89\\x93*\\xb5\\xcf ]\\xc6\\xe6\\x0fEHBr\\x1d\\xc2$\\xcb\\xc5\\xdf\\xde\\xefR\\x14\\xb0_VR\\xd4bz\\xb1\\xd1\\xe5]n}\\x01K\\x00|\\xf0\\xe7t\\xaf,\\x17\\x87\\xef\\x98\\xdd4v\\xad\\x00\\xec\\xe9o\\x1a\\xf4\\xfb\\xc2 \\xe4UlOG'\r^\\x81p\\xe2\\xe8l~\\xcd\\xbbq\\x035Z*\\xf3\\x9c\t\\x08\\xd5r5d` \\xbe\\xb6dI\\xf9\\xa5o\\xae\\x98w\\xab\\xd9\\x14\\x0b\\xdc\\x99\\xde\\xfa\\xa6>`6l~LToM'7\\xae+\\x97\\xb9VS\\x1f}`\\xea$?T\\xf2\\xeeH\\xda\\xfe\\xa2\\x9a\\xd2\\xed\\x9dc\\xb0!\\xe1\\xac/l\\x1b\\xa1>N*=\\xcf\\xf0/\\x01\\xd8\"\\xd3\\xdeB\\xf9\\x02\\xd5\\x1f\\xc0GU\\x9f\\x02\\x8a\\x9e-\\x11\\xd7\\xffh\\xd0<\\xd6\\xfd\\x03H\\xf6,\\xbf\\xf5\\xd1\\xbb\\xc53\\x05\\xfd\\x9b\\x00;\\xe2\\xe2\\xf8\\x0f\\xa0\\x89a\\xbf\\xef\\x0f\\x80\\x9e\\xee\\xf3O:\\xac*A\\xc2\\x15Y\\x12\\xdd\\xfcDim\\x83{D\\x0b\\x84\\xc8Z\\x8d=\n\\xd4\\xb0\\xcc\\x9a\\xaf\\xa1\\xa0\\x1d.6'\\x07\\xb7\\xeb\\xa7?\\x06s\\x8e\\x0f=z\\xf3>\\xe9G\\xe7V\\xc1@\\xd1\\x8d\\xfb\\xe4\\xa4\\xfc\\xd8\\xe1\\xb6\\x82\\xfb\\x96y\\xfe\\xfag\\xc7\\xef)*\\xf7\\x90\\xb0b\\x17\\xbe\\xf7\\x0e\\xcb\"\\xa8  \\x1a^\\xa0\\xf9\\xf2I[\\xa3\\x06\\x07\\x85f\\x8a\\x1a\\x1a\\x07 \\xe5\\xd8;\\x00\\xc7\\xc8^Tal\\x99L\\xaeHg@~f\\xebr\\x1d\\x80\\xea\\xc0\\xad\\xd0\\xf3\\xaf\\xa5\\x9e\\xdc\\xaa>\\xf5\\xdd\\xdf\\x0e\\xd9\\x83\\xe6\\xca\\x14)\\x01\\x84 p\\xca(kb\\xf0\\xcbV=&q\\x85\\xc5\\xa2\\x91\\x8c\\xb3\\xf4\\xcd\\\\x07\\x8d\\x9eH\\x84o\\xf4\\xfb\\x86\\xa4\\x90\\xda\\x8a\\x01\\x0fA*\\x90\\xba^\\x1a1oYxx\\x10\\xbb\\x06\\xf0\\xac$F=\\xc7\\xdd\\xa5\\xfc\\x8cCO\\xf4\\x8bq\\x12\\xc4k\\xe5\\xe6\\xb7\\xe1\\xbb\\[S\\xcbR\\xde\\x1dP:\\xc0\\xc3\\x93\\xef\\xe0 \\x07\\xf0\\x81}\\xd6py>C4\\x1d\\xd5/\\xdc\\xc6\\xaf\\x99\\xb7\\xb9u\\x16\\x83jg\\x8eux6\\xdc`\\xad\\x9e\\xf0m\\xd3>k\\x8e\\x9b\\xc9\\xaf\\x17\\x9b\\xe4\\xd6",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "t\\xc0\\x0b\\x1f\\xb5I\r\\xb6\\xbb\\xe2\\xa3\\x0b\\xb1Lw*\\xe8S\\x88\\xef\\xc4\\xd6\\xb0.\\xfd\\xe8\\xde\\xdd_\\x903=\\xbd\\xac#|\\xf4\\x90\\x84t\\xf7\\xe9\\x9d\r\\x8eO!J\\x06\\xad\\xcb\\x1b\\xd8\\x14\\xbb\\x1b\\x13\\xc2\\x86\\xbb\\xa4\\x8e\\xd4,\\xf6\\x05\\x8e\n\\x9cK\\xed\\xe6\\xc4\\x9eW'q\\x98ll\\x0f\\xd0sR\\xaa\\x81\\xe0\\xcb\\xa4JL\\x08\\xe1\\x98\\xf5\\x94fs\n\\xea\\xad\\x1c\\xc9\\x8f\\xc524F\\xa7\\x87\\x7f\\xc3[\\xc1W*\\x1c\\x96b&\\x0e\\xf7\\xf2xS\\x97vG\\x135\\xba\\x15\\x0cND\\x9df\\xaaZ\\xdc\\x82q\\x01\\x86\\xc8\\xca\\x93\\xb8\\xfd\\x1d\\xb5n\\xa08\\x99\\x15\\;IWI\\xaes\\xcc'\\xd6)\\xd3\\x0eol\\xbd\\xab\\xde\\x8c%\\xba\\xfc\\xa5\\x8a\\xc8\\x18\\x9b\\x06I|\\x93p\\xb3\\x8b\\xae%\\x04\\xe0;{\\x94\\xef\\x82\\xeb\"\\xd0\\xdc\\x84\\xff\\xf6\\xba~\\xfcq\\xe2\\x0e\\xf3\\x90\\xf9\\xf4d\\xd4(\\x80d\\xd3\\xe8n\\xcaN\\xe0(\\x9e\\x9cv\\xeb\\xacmK\\x06\\xfa\\x17(\\xac}\\x96\\x92\\x83?1R\\x0f\\xa6&\\xecxAY5M\\xe8\\xbd\\x16]\\x1a\\x17\\xb4\\x1b\\x19b,\\xf3\\xc6\\xde[H\\xa7_\\xd1\\xf8\\xa99\\x0c\\x07\\xcf\\xc1\\x7fO\\x91|f\\xa1\\xd8%\\x90\\xd8\\x97\\xb9-\\xef^\\xf6)\\xee\\xee\\xcf8\\xa8\\x02\\xf8s95\\xf1\\x1e*\\xc3\\xe9\\x1b\\x86>\\x89\\x8b\\xf95\\xb7gId\\xd8o}|\\x06\\xde\\xf9\\xa1\\x94\\xb6\\xac\\x11H\\x05(s\\x07ls\\x83\\xad\\x1f\\xd1\\xd7{\\x0f\\x1d_}j\\xf5j)\\xa1\\xc2$\\x80\\xcd\\xe1\\x8b\\x12\\x17\\xf0s\\x02 :!\\x1dMC)kHm\\x0c\\xa8\\x1a\\x95w\\xc2\\xb4c\\x13\\xda3\\xc8eF\\x87\\x8d\\x98\\x08Vu\\x18\\xdb$\\xb7pIA\\x92RT8y\\xaa\\xd6\\xed3\\xdbm\\xad\\x19\\x81\\x19\\xd0\\x06\\x8dmr\\x91\\xbc\\xbb\\x82L\\xa9\\xbb\\x16\\x96<O\\xea\\xb5\\x91T04\\x83\\x95\\x07\\xcf\\xff\\x17K\\xcf\\xdf\\x00b\\xfc\\xb6\\xf5\\xebG\\xbc\\x14\\xf6\\xb3W\\xa9n]\\xefL\\xd3y-\\x93t\\xb3v\\x0f\\x96\\xd3\\x9b\\xe9\\x06=\\xbe\\xee\\xf2\\xee[\\x80SP\\xe4\\xe2duV\\xf0\\x8bB\\x12i>\\xf5=e\\xa9\\x05\\xda<\\xabQ\\x0b1\\x9ed\\xbcH\\\\x9c\\xd1-\\x04\\x08k0d\\xd7c\\x93\\xb1\\xe3|\\xfd\"\\xdc\\xee\\xb1\\x08Z\"vL\\xae\\xeb#>\\x03\\x9f\\xb2\\x96\\x96cw\\xd7\\x0b\\xd0rr6X\\xe6\\x1a\\xe4\"{\\x82y\\xe6\\xe6As\\x0fq\\xd9\\x05Yb\\xaaZY<\\xab\\xaf\\xe0\\xec\\xd1\\xa6\\xb8($\\x125i\\xbb\\xe4c\\x0c\\xad\\x1c\\xc9\\xde~\\xeb\\xfd\\xd2e\\xad'\\x12\\xa1\\xceD\\xc2\\x10\\xfc\\xc9\\xce|\\t\\x1b-\\xd4\\xafF\\x02X\\x17NI\\xbd\n\\xbf2R\\xa4\\x9b\\xfb\\xc7N\\xba\\xac\\xf3\\x85\\xe5\\xda\\x04)\\xb6U\\x82\\xaf#\\x93\\x99\\x0cn\\xea0\\xb3\\xa0U\\x89M\\xf0\\x7f\\x8c|\\xfb\\xee\\x06=\\x14\\xf7\\xcf\\x0c\\xc8\\xfdB2\\xc4\\xffE\\xb4\\xd05%k\\xaf\\xd3\\x0c\\xba\\x0b*\\xbf\\x8b\\xe6\\x8b\\xf9\\x99\\xf4\\x07\\xc0\\xfeF\\xe1\\xd7\\xd5\\xdf\\x1c\\x9e\\xe8o\\xf3\\x07\\x80D\\xba\\xdf\\x90$\\xffK\\xd0 \\xe6s\\xd5\\xb8\\xf1\\x98=\\xe5\\xe8\\x99\\xab\\x93\\x10\n\\x11\\xc9\\xe4\\x13\\xc1p\\xc4\\xd2\\xae\\xb5d\\xf1\\x18\\x85\\xe3b\\xe4\\x91\\xd40\\xfc\\xf5\\x19W\\x81\\xd7Z\\xf5\\xbf\\x90\\xb3\\xf7\\xf6\\xaf\\xe47\\x07\\x8dh\\xf6\\x8e\\xe4\\x9a\\x97\\x82\\xf7\\xbe\\xa0\\x84o\\xaa\\xa4\\x8e\\xb8\\xda\\x89\\xb8\\xd2\\xb7\\x88\\x84\\xbaPp\\x1dau\\xe0\\x03\\xc6\\xc8\\x97\\xf7O\\x0b2\\x0f\\xf6\\xd4G\\xf7\\xab&\\x91@D\t\\x12x^'t9F\\xb3\\xf3\\x85\\x9d\\xbcf\\x9a\\x03\\xe4\\xa3}\\x92\\xe3q\\xa6\\xe5\\xf3{\\xc7\\x17lO\\xef\\xa6\\xc4\\x98\\xbeN\\x91\\xb0\\xeb\\xb5YN\\x7f\\xfekFZ\\xd6\\xc3\\xf8S\\xcaK\\xfd\\x01\\x82HN\\xdaLv{\\x03\\x99\\xc3\\xd7G$?Z\\x98\\xd0\\xb2\\x8d\\xa2h\\xa9@\\xaf\\x1a]\\x8dBU\\x1e\\xa2\\xc7\\xba*?\\xda\\x8d\\xce\\xc2\\xe4\\\\xe9\\xcd\\xe9\\xaa+M\\x98UH(\\x14iH\\x8b\\x82\\xcc\\xe9V;\\x84\\x13+\":\\xe5\\xf0\\x1f\\x0br\\x01q\\x9d\\x7f\\xdf9?\\xc3\\xde]-\\xe44h~\\xa7\\xb6\\x0b\\x808\\x00J\\xd0r\\xae\\xefO\\xd6#\\xf9\\xf3\\x94OJ\\\\xefO\\xc6.\\xda\\xbe\\x91-\\x18~\\xab\\x15\\x9f:\\xb1\\xc2\\x87C\\xc1\t\\xba\\xf2\\xfdL\\x15}o\\xa2\\x91\\xd0\\x81\\xbf;}\\x11!\\xff6\\xa7j\\xba\\xcf@K\\xf8\\x1b`L\\x14G\\xb8\\xbb\\x93\\x8f\\xe3M\\xbc\\xf0\\xa3\r\\xc6\\x0f\\x17\\x92\\xfb\\xb40\\xf55G\\xe1\\xff\\x8f\\xb8\\xf7\\x8ejj\\xdb\\xfa@C\\xef \\x08B\\xe8B\\x90\\x8e4\\x91^\\xa5\\x04\\x90\\xde\\x8bJo\\xd2\\xa5K\\x17D\\x0c-t\\x84\\x00\\xd2\\x91\"\\xbd\\x0b(\\x10:H\\x87P\\x94\\x16\\xe9J\\x15By\\xc1s\\xce\\xbd_9\\xf7~\\xde7\\xde\\x18\\xef\\x8f8B\\xe6\\x9as\\xfe\\xf6\\xdcs\\xaf\\xb5\\xd7Z\\xae\\xf9K[!\\xe7\\x1b\\xe6\\xcf\\xab\\x93\\xb7Hr\\x1d\\xd4!\\xc9\\x0eX\\x93\\xb9;=\\x96\\x115\\xc6\\xafg\\xe0-\\x85\t\\xc9\\x00\\xa4WV\\xcc\\xdd\\xe5\\xac\\x00Y\\xcf\\x9b:\\x88\\xa1g\\x91H\\xf5\\xc6F\\xd8\\xa6\\xa6\\xe0\\xb2A\\xf2\\x8f\\x98\\xa1i\\xca%.m\\xa64\\xcb\\xe0\\xbb(\\x84\\x86\\x8c\\xb8\\x137\\xe7'N\\xddoJ\\x1c\\x98\\x9d\\xad\\xf1l\\x8d\\xb2\\xac\\xd0\\xf9\\x1b\\xd5\\x9cb=\\xe03\\x1fa\\xba\\xadz\\x8ap\\xb7\\xd5\\x87\\x83\\x99\\x17W\\x80r\\x01g\\x17\\x9a\\x07\\x06\\xd4,\\xbaQ?Q\\xc8\\xb97kj\\xaf\\xc8Rf\\xe2^\\xae\\xec\\x1e\\xc4\\x06\\x8a\\xe5\\x10\\x98\\x9c\\xfd(\\x04g\\xac\\xeb\\x82\\x82\\xbd\\x1a<jM\\x97\\xe6\\x11Q\\x93w\\yi\\xf8!\\xd9I_\\x90\\xa7\\xd1\\xa1\\x9f\\xf3<b\\x0b\\x8c5\\xf0\\xa5\\x14\\xef\\x0bc\\xd8o\\xde\\x87y\\xf6\\xf3\\x99I\\x86;\\xdd\\xf0\\x8f\\xd3,`\\xab;\\xea\\xae\\xe9\\xea]\\x8dj\\xf0s\\\\xa0v\\xeb\\xec\\x96\\x8d\\xdaw\\xd9\\x9f\\xa8\\x1f5\\xfab\\x07\\xf0\\x12\\x9e\\x03@\\xc1\\xebo\\xa4\\x9f\\x96\\x9d:\\xc3\\xddGD{\\x82\\xb9RwN\">\\x0f\r\\x16\\xc4;\\xeb\\xb6\\xe4\\x94\\xce2\\xd6Z\\xfb\\x8fb/96\\xce\\xd6\\x0c;\\xb74X-U\\xa0\\x13\\xd7\\xa5e\\xf1\\xf1\\x0eYkL>\\xb2\\xe1\\xb0t6\\x8fu*\\x84= l*\\x01\\x81?\\xa9O\\xf3\\xe1\\x8b\\x86Q&\\xd9\\x06\\x98a\\xf0{\\xd7\\x0fen\\x90G\\xe0\\x11\\x03\\xdd\\xd6C{\\x1b\\x15\\xa8A\\xcc\\x0b\\xd7\\xac2e<\\x06\\x87[\\x9c\\x0cDe.\\xfdmF\\x9c\\xcc\\x81\\x0f\\x01*\\xd3><\\x11\\xb4~\\x84\\xd0\\xae\\xb0y\\xfa\\xa3\\xf3\\xef\\x9c\\xed\\x0e\\xd9\\xdbW\\x00\\xbb\\x83\\xec\\xbeao\\xbbh\\xc5H\\x03\\xe7\\xd7\\x94\\x11\\xcdO8\\xef\\xc4\\xc3\\x99u\\xd6\\xef\\x13\\x92\\x8e!40\\x0eG\\xca\\x01\\x14}\\xa01\\xea\\xe4\\x81\\xa6\\xcdA\\x0fMG\\xff\\x053P\\xa4\"L\\xd1\\x13\\x12\\xef'\\xbaq\\xaa\\xa7\\xd7\\xc2\\xf4$0\\xe6}&.\\x1c\\x1b\\xfd>o\\xd0\\xd2\\xe4\\xcd3\\xde\\x0b\\x06AM'\\x9e\\f\\xeaf\\x9c\\xed\\xe4\\xc7*\\xb8\\xdf\\xf6\\x8d$\\xaf\\xe9\\x8f\\x93\\xd3\\x9fU\\xad2\\xc0Q\\xd9\\xc4\\xef\\xa4\\xfcA\\.\\x13\\xcf\\xea\\xc9\\xe7^C\\x8fD\\xbf\\xc6Q\\xa7\\xca\\xcb\\xf0\\x98\\xa9\\xdc\\xf4\\xbe\\xc8\\xf9\\x91\\x89\\x94\\xc9\\xbeG\\xc0\\x96V%\\x06Z\\xcd6\\x91\\xc0\\x9a9)\\x02y\\x88Z&\\xb4\\xe0\\xac&\\xeb\\xa0;$\\x82[\\xfbk\\x06\\xf7\\x8c\\xe7\\xf1cu\\xb3[\\x0es+v\\xcd_\\x0b\\xefS\\x80A)G42ET\\xb7\\xa6@$E\\xec\\xf1\\x02S\\xd0\\x90;\\xd1\\xbb\\xcb@\\x03#\\xe4\\xb3\\x04C\\xfb'~XcE\\xce\\x1a\\xb6\\xefQ\\xac,T\\xab.b#\\xecbpu\\xd4$+\\xfc\\x91tm\\x12`\\xcd[\\xb6\\xd3(\\xe4\\x93\\x93U\\xe3aI\\xd0\\xacW\\xd5\\xcd\\x1d\n\\xe7\\xb8]\\x92\\x05\t=\\x1d\\xd6\\xae56\\x1d\\x88\\xf8;bZ\\x11\\x99\\xe4\\xf5\\x1d\\xe9G;-U=\\x81\\x1c\\x18\\x9c\\x97\\xcf><N]\\x17\\xe9(\\xf0FBnf\\x06\ni\\xaf\\xfa\\x8f\\xc5\\xcbu\\xd2\\x08\\x03\\xf6\\x04\\xd5\\x99\\x17g\\xe2v=O\\x02~\\xe8\\xd2\\xa1>\\xb1\\xaa\\xb8X\\xf3\r\\xd4f\\x1e1&\\x93\\xa5\\\\x1a\\xbey\\x7f\\x1aP\\xbf\\x0b\\x07nE\\xdbz\\xca\\xde|\\xdd\\x12RU\\x9c^\\xc54\\xbfW\\x1f\\xee\\xf7\\xecA\\xc80r\\x10u~\\xb1\\x19\\x95\\x17\\xd5\\x15As\\xfb\\x8b\\x88\\xa8L\\x0c\\x1d\\x9d\\xedE\\x91\\xad{K=\\xda\\xed\\xe8\\x08o+\\xccZP\\xd8\\x15b\\xa3\\xe9\\x88}@2\\x93|i\t\\xfc`\\xd5G\\x1f\\xfe\\xd0\\xcb~>\\xaf\\xc4@7\\x8c\\x0c[\\x07\\x00\\x06\\x10'\\x8eSb\\xd8\\xa1\\xe4O\\x06\\x1d\\xa4'\\xf9\\x8ei\\xd8}\\xb4\\xb5\\x94Y\\xbb\\x99\\xa1\"\\+\\xb9\\x94\\x1f\\xd4s",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xd7",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "8\\x90\\xee\\x8aL\\x8fR-.\\x8c}\\xc4\\x99\\xc4\\xef\\x9enf\\xa3\\xdd\\x1f\\xbc\\xfd\\x87\\xf4g^\\x9c\\xa3\\xf4\\xb5\\xa7\\xea\\xddg\\x8c\\xcf\\x1e\\x1fL\\xca\\xec\\xe5\\x82\\x91\\x8a\\x7f\\xc2\\x0b\\xbd\\xd6}\\x82\\x96\\xb9\\xfa}\\x0e\\xfe\\x03\\xc4_\\x8d\\xf4\\x9f\\xf28\\xb3\\xd7\\xd7\\xa7(\\xc6\\xa76\\xda\\xe7\\x9f~o\\x9c\\xc3g%T\\xd9\\xda\\xd3\\xadOt~\\xea\\xf2a\\xa2&j\\xe5\t\\x85\\'\\x9e\\x8c'\\xcdi\\xac \\x18\\x8f\\xf2C+\\x8als\\xa0q\\x0f\r\\xe2\\x1b\\x1aD\\xde\\xf0\\xeb_P\\xb9%\\x0cjc\\x87\\x7f\\xc2o\\xb0\\xdc\\xd1\\x87Jff\\xe5[\\xdb1?A\\xe9\\x8bK\\xb7\\xa2\\xf0&\\xa7==\\xffl\\xc6\\xf1\\x0b\\xf3\\xabk\\xcc\\xf0\\x86\\x86\\x8c\\xcd\\xaf\\xbc;\\xcb\\x0e\\xb6\\xf1_\\xc9\\x95\\xd4\\x98\\x1c'\\xd0c\\x93n\\x97\\xcc!N\\xeb\\x15\\xa0\\xfdY\\xa0\\xdf1\\xd9\\xbb\\x8aU\\x18\\x1a\\xe8g4P\\xd9\\x14\\xa1\\xc4\\xf5\\xbb\\x0c~e\\xcaJ\\xb1J1\\x13\\xefJ\\xb8:\\x8e\\xb0\\xbd(\\x7f\\xb6O\\x8c\\~\\xbb\\x02\\x8cF\\xc8T\\xaa\\xbd\\xbf\\xach\\x89\\xad\\xd4\\xfe\\x1e\\xa0\\xbeH6>\\xc6=CM\\xcdzb+5(\\x13\\xb0\\xb4\\xce\\xd4\\xdf\\xda\\x1c\\xa2\"\\x86\\x1d\\xbe\\xf3(\\xc0\\xf0\\x9e\\x06\\xfc\\xed\\xb9\\x81ZR\\xb8:\\xea\\xc1\\x8f\\x81\\x83\\xbe\\x98\\x84$8\\xd1\\xaeS\\xe2\\xf7\\xe0\\xf3\\x18\\x7f\\x9f\\x0b\\xaf\\xcb\\xc8\\xea\\x82F\\x98\\xb5^\\x8a\\x1fH\\x1f\\x95;\\x1f/\\x9d^\\xfe\\x18/\\xd3\\xb7R\\x93='\\xf1\\x8c\\xd6\\xa0\\x9aaw\\xe4\\x19\\xcc\\xb7<\\xd7\\xa1\\xd0-*\\x0f\\x94\\xd1\\x13\\xbdx\\xe6,\\xb6\\x1d\\x93\\x16s\\xc7;Xl\\xdeF\\xaf~;a:\\xf8\\x08~\\xafl\\xfaVe\\xccX\\xd7\\x8c\\x18\\x905\\\\xed\\xf8]\\xf0\\xe9\\xdeu\\x16\n\\xe9\\x18\\x00u\\x84 \\xd1\\x9f\\xe2\\x1dE6\r\\xbd\\xe1\\x91\\xa3;\\xcf\\xd8N\\xe2\\x95\\xb5\\x94\\x83\\x87\\xeb.']\\xffL\\xf5\\x08&\\xc7_\\x0f\\x17\\xba?\\x94\\x0f\\x11\\m\\xf9`\\xfa\\xf2\\x15\\xc86\\x19\\xac\\x1f\\xd5#m\\x83\\x88?=\\xbbd(mk;<~\\xcf\\xcdi\\x1cyx\\xc0\\xe6\\xb6\\x05\\xd5\\xaf\\xce\\xcf\\xcc\\x0c\\xc3C\\xc6r{\\xee\\x18\\?^\\xe8\\xc4\\xd5\\xfe\\xcb/\\x07fT[s\\xa2ZS\\xa3Qt?\\xdd\\x89\\xfd@8\\x84\\x94l\\xdd\\xb1|\\xbd \\x98Pf\\xf7X\\xb5ZdR\\xbb\\xc9\\x08\\xd0j\\x07\\x04\\xad\\x1eb\\xb5K\\x1a\\xc0\\xe7\\xca\\xaf\\x9fUt\\x9e\\xe7\\xfd\\xc3\\x98\\x16\\xaeyOn\\x00q\\x1c}\\x82J\\x08w\\xd6W\\\\xe9\\xb3\\x081\\xe4[\\x98\\x07\\x97p\\xeb\\x84\\xc9\\xa4\\x0b1\\x04?\\xcc\\x90s\\xed\\xbb\\xb1)V\\xbd\\x1f\\xfd\\xd4\\xdfZ\\xc0a\r\\x14>3\\xab\\x91\\x87\\x99EwRV\\x0e\\x92\\xb1&\\xc4\\x0bM\\x8f\\xd7\\x19d\\xec\\x1eS\\xfch\\xdd\\xce5\\xfe\\xd8o\\x81\\xe7G3\\xd7\\x88E\\xbfz\\xe1n\\xb2\\xf4\\xcf \\xc4\\xd5]we\\xbeW\\x00t2\\x005\\x8b\\x1d\\x95\\x94\\xf7w~B\\xde\\xdbp\\x04\\xd9\\xce6r\\x1c\\xe3\\x95\\x9cs\\x96\\x17\\x9b\\xe5\\xc7\\xe34\n\\xceU\\xef\\xa6\\xac\\xf4\\xf7\\x0c\\xfb[1\\xbd\\xacs\\xba(]\\xfa\\xb3\\x9f \\x99\\xac\\xa2\\x11\\xeaQF}\\x0c\\x01\\xc5L\\xa9L=\\x103\\x00\\x84o\\x92\\x88\\xe7R\\x1bt<\\xd1\\xa4a\\xda#\\x94\\xfeg\\xf8\\x01\\x0f\\x15\\x15\\xfe\\x11\\xbb\\xeb\\xbe\\xf3\\xba\\x83\\xa1\\xc4H]F\\xad\\x8f\\x9f\\xdf\\xf7\\x91\\xb4\\xa3\\xa0\\xda\\x1f=\\xbb\\xb5r6M{\\xc9\\x146\"\\x17\r\\xf4~\\x93\\xf3|*\\x89\\xf4\\xc5\\x15\\x804P\\xc0\\x9c=&\\xa6m=\\x81\\xaa\\xa9I\\xab\\<eNN\\x14xo\\xe4\\xe1\\xb2\\x1a\\x96\\x1b\\xef\\xdc]\\x89\\x81\\x0e\\x10L\\xe8\\xc2\\x91Kl\\xbf@3p8Z v\\x7f\\xa6\\x04\\xe7\\xbd\"\\xbde\\xd9)\\xb1\\x87\\x08}q\\x1fMa\\xc5;W7v\\xb5o+PNR\\xc3\\xc4\\xfd\\x0b\\x01\\xc3J\\x17^\\xf6\\xba\\xe8u\\x06u\\xf9(Y\\xae\\xcc\\x12\\xac\\xaa\\x11\\xffqD?X\\xda\\x94\\xe0\\xeb\\x98\\x7fKz\\xa5cu.w$\\x83\\xe8;i\\xc6\\xba\\xd8\\xa9\\x80\\x12ci\\xcb\\\\x05\\x7fR0S\\x7f\\xc6\\xc9T\\xc3\\xf4w\\xf9\\xf8n\\xc6\r\\x1f\\x9er\\x01\\x1e)_\\x06'%\\x89\\x01\\xeb\t\\xa0\\x02\\xf6K\\x89\\x0b\\xf7o\\xdc\\x92\\x1a\\xec'f1\\x8eC\\x0e\\xdaS[\\xb9\t\\xe5\\xb5\\xa3\\xdfh'[[A\\x85b+\\xc0U\\xfa\\x90\\xf9 }d\\xdd\\xa2o\\xec\\x86K-j\\x03\\x0f\\x04\\xef<\\x9e\\xaf\\xeb\\xfc\\x1c\\x91-uo-w\\xe8\\xf5K^M\\xdd\\xaa\\xa6\\x80<\\xa99\\x91\"\\x97\\xef\\xceI\\x81\\xc9\\xde{=S\\x1f/\\x94\\x0f+<M\\xe2\\xc1%B\\xf8\\x16\\xafO\\xdc\\xcf\\xdfWL\\xa2^\\xcf\\x15\\x1f(>3Zo\\xd4\\xbf \\xef\\xf2\\xcf\\xa0pS}\\x8f\\xb7D%\\x1f\\xa2\\x1a/\\xc7\\x1c+G\\xa5\\x95\\xca\\x93\\xc8\\xe2\\xbe\\xfe:\\xce\\xb3\\xd4Y\\xc9\\xc9\\\\x07\\xabQ\\xd9\\x91\\x14t\\xdb\\xf3tB\\x9a{\\xb2\\xdc\\xf5k}\\xd8|\\xea\\xfeL\\xd5\\xf3'\\x1e\\x02\\xa1\\xc62s\\x89\\xc9\\x9fJ\\x85\\x82}\\xbf?\\xd4\\x85*'\\x9f\\x88\\xf5\\xbd\\xab\\x1c\\xd0Qu\\xa8\\x81%\\x93\\x1a\\xbc1\\xc9\\xad\\x9b|.\\x19|\\xd7\\xa4\\xe9\\xb9\\x9ds\r}\\x10K\\x93\\xc9s]5\\xac\\xbdH\\xc3\\x98*H\\x1ey\\xb7\\xe7\\xc4\\xcb\\xda\\xf08\\xcfj\\x8a5\\x1f\\xa9p\\x94\\xa5\\x1c\\xc5\\xa03\\xcd\\x03\r,\\x97\\xe5\\xd6=8\\xbb4W\\x93ti\\xf6\\x19~Y\\xf6\\x0e\\xdd9r'\\x11\\x9d{vL\\xc9r \\xa8\\xfa\\xdaZB\\xbe\\xe7d\\xda\\xea\\x94\\xdb\\xa7\\x8f\\x99\\xa79\\xe5\\xed\\xc1\\xdc.\\xfd^l\\x1cs\\x1a\\xa8\\xe0N\\xe0\\xa3\\xaa\\xefs\\x9aw;\ry\\xf0\\x89kz;\\x12\\xe2\\xf1\\xf5\\x99\\x97[a\r\\xe72\\xcb;\n\\xb2\\xb5\\xd0\\xa9EQ\\x9b\\x88\\xa5\\xa0Y\\xb9S\\xcd\\xe7OP\\x06Cfi-\\x8c\r\\x05\\x8b\\xf3f\\xdb~\\xeb\\xb1\\x8a\\xfb\\x9fH\\x8a\\xe5\\x162m[\\xed\\xba\\xd9\\xa59'5\\xcb'\\xb2\\x87\\x1bF\\xba\\xb2\\x8c\\xe2~\\xee\\xd7\\x9c\\xbf9wJhnL\\xd9\\xdd4MG<\\xabn\\xf2\\x11\\xed\\x01\\x17\\x17\\xe1\\xd1-$s\\x9aE\\xb6\\xdd\\xfct\\xd7\\xc65\\x7f\\xee\\xcdk|>\\xaa\\xf8[\\x8b\\xe1\\xde\\x811~\\x0b\\x0e\\x9d\\x15\\x8fM\\x11plg\\xc6\\xde\\x9e\\xc9~\\xeb\\xe5\\xe6\\x12U\\x01\\xd7\\xb4\\xb5J\\x82>\\xbe\\x87\\x9f7|\\xd8\\x95\\xb2\\xbc\\x11\\x0e\\xf5\\xfdE\\xefhz\\xf6.\\xeb\\xfcx\\xbe\\x10\\xbd\\x92\\xa5\\xc1@`\\xfd('_fx \\xf2\\xe5G\\xf8\\xe5\\x9aM\\xcd-[\\xab\\xc9Ww\\xa2cI\\xd8\\xc8\\xb5#\\x14\\xeflzQ4\\xb7\\xdd\\x99u\\xa9\\x7f\\x87td\\xf6\\xc8\\xf1\\x98\\x0f\\x8d\\x9bj\\x1a\\x08 \\x1a\\xc8\\xbf\\xeb\\xea$\\xdcKJ\\xc4B!d\\x90\\xf3~j\\xa7\\x10\\x9c[\\xd3\\xaa,O\\x18\\x1fc,\\xba\\x94\\xfb\\xd9\\xabnx\\xda\\xe8\\xfbv\\xe2\\x06\\xf5\\x01\\x98\\xc28\\xedF\\x1f\rF\\xd0\\x13\\\\xd5\\xcc@\\xeea\\xeew\\xd3^\\x8fo:\\xa5|F\\x8c\\x14=$v\\xf4\\xf8H\\x93\\xe9*}\\x05\\xf8j69\\x945Y\\xb8T\\x8bP#\\xddkY\\xe74\\x9bz6\\xa9v_\\xf7;\\x9d\\xfb\\x1cO$4\\x9a[\\xf6\\xbf\\xb2\\xe3\\xdd\\xe2/gy\\xf7\\xa1\\x0b\\x84\\xfb\\xd4\\x0ek\\x9aa\\xf3\\xa2k\\xee\\xe9\\xa8\\xa4\\xb6i]ST\\xd0\\xfa\\xa3\\xf2\\xbb\\xc5\\x89\\xf3G\\xd8\\xcf6\\xf6\\x8c'\\xb4\\x04\\xa7\\xd2,i\\x93\\xdba\\x18q>\\xb7SY\\x11\\xac\\xed\\xa2\\xe5\\xdcKU\\x15\\xd1\\x03\\xa2\\xa1{'_\\xad\\xc3(Jq\\x95\\xb1Cp\\x83N\\x9e\\xee\\x8b\\x95\\xc9\\xaa0\\x87\\xc9\\xd1\\x87q\\x81+\\\\xf8\\x04\\x90#<-\\xfe\\xae\\x1e3\\xe7\\x1b\\x18\r_\\xdf\\xcdZ\\xfc?\\x01:\\x02\\xc5\\xfd\\xb2\\xd4m\\xa2!\\x1d\\xd02\\xb9r\\xbc\\x9f\\x93\\x1c\\x02\\x7f\\x8f#\\x1e\\x94\\xcb\\xc8\\xafl-\\xaf \\xd4o\\xf7\\xbc\\x91(H\\x9aGbN\\xf59\\xc1\\x18\\xe8\\x0f5\\x84\t\\x07 \\x90}\\xa9Y\\x99\\xbe\\xf3\\x16\\xfa\\x9c\\xd1a\\xdc\\xdd\\xd1\\xde\\x13\\xa5\\xdc\\xc5\\x14\\xb0G3C(\\x9bx\\xc3\\xba\\x91\\xf2\\xed'\\x8cg\\xa8\\x1c\\xd4~ \\xd1\"\\xd2#\\xb7h\\xee|\\xef79\\x1cq\\xff\\x00\\xd7\\xacZVvlnb\\xd8\\xe9\\x93\\x9a\\x96\\x9d\\xee\\x99\\xa4g\\x15\\x06\\x9a\\xd4\\xd5\\xd1\\xaf\\xed\\xacl\\xaf\\x0c\\xcb\\xe6H\\xe5\\x02G\\x81\\xf3\\x8c0 \\x928\\x1c\\x8c\\xe3\\x9a\\xb8\\xd7\\xf6d\\xf9QIo\\x15\\xc9\\x83q\\xb8\\xdb\\x94\\xf3\\x8e\\x01\\xc7\\x1c|\\xa3\\x19\\xc7\\x04\\x9f\\xads\\x94UX\\xce\\xe4\\x97\\x04\\xb5\\xc4\\x85\\xa4Y\tc\\x97Q\\x80\\xde\\xe2\\xac\\xc3\\xa5_\\D\\x92\\xc7\\x06Q\\xf2C\\x16Q\\xc0\\x04\\xe4\\xe4\\xf0>",
        "buffer_size": "2407"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x16",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x00\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x13b\\x00\\x00,b-9\\x02\\x00\\x00\\x00",
        "buffer_size": "21"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "'",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xad\\x00\\x00",
        "buffer_size": "3"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1f",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\xec{uT\\xd4\\xdf\\xb7\\xf6g\\x18\\xa4%\\x07\\xe9\\x1e:\\xa4\\xa4\\xbbK\\xbaC\\xbaT\\xba\\xbbQ\\x90\\x1a\\x1a\\xa4C\\xa4\\x05iPA\\xbaS\\xe9.\\x01\tI\\xe9w\\xf0\\xdb\\xf7\\xfe\\xee}\\x7f\\xf7]\\xeb\\xfd\\xef\\x0ek\\xb9f\\xce\\xd9g\\xef\\xfd<{\\x9f3{\\xce\\xfe\\x88\\xfb\\xed\\x05\\x18\\x05\\x11\\x1bD\\x8d\\xa5\\xea\\xec`\\xedljG\\xf9\\xd8\\xd4\\xde\\xd4\\xda\\xd2\\x99\t\\x93\\x9b\\xdf\\x82\\x92\\xcf\\x86\\x92\\x93\\xd3\\x8e\\x92\\x9b\\xd7\\x85\\xf3\\xd3\\x0b\\xf0\\xed\\xd4\\xed\\x12\\x80\\xad #/\\x03\\x80@ \\xc0\\x04\\xfe\\x07\\xdc\\xce\\x02\\x92\\xc0}T4t4\\x94\\xfb\\xe8\\xe8\\xe8X\\x98\\xf7\\xb1!T\\xf8\\x10\\\\\\x08\\x03\\x199!\\x15;\\x13'\\xc7C&6VnAE1n>Y~V6\t=\tYeUM-M.Q#sCu3E\rM\\xb5;% L,,\\x08\\x0e\\x84\\x1e\\x1f\\x9f^\\x8d\\x87\\x8dG\\xed\\x7f\\xfc\\xbam\\x05pP@K\\x08\\x81`\\x105\\x80\\x80\\x03\\x02\\xe3\\x80n;\\x00\n\\x00\\x00\\xdd\\x03\\xfdz\\x01\\xbf\\xbf@\\x08`\\xc4{H\\xc8(p\\xa7\\xe1\\x02\\xb5\\xd8\\x00\\x02\\x08\\x0cF@\\x04\\xdf\\xbb\\x87\\x88\\x08\\x9f\\xf5\\x83\\xcf\\x03\\x888\\xf7p\\xa98\\xc4\\x91\\xf0\\xd4L\\x91\\xa9\\x9d \\x9cA\\xb0\\\\x14\\x1a\\x89\\xaa6|\\xf5\\xd1\\x03(\\x97\\x99s0*\\xda\\x03\\x02B\"bZ:z\\x06F&\\xeeG<\\xbc|\\xfc\\x02\\x92R\\xd22\\xb2r\\xf2\n\\x1a\\x9aZ\\xda:\\xbaz\\xfa\\xe6\\x16\\x96V\\xd66\\xb6O]\\\\xdd\\xdc=<\\xbd\\xbcCB\\xc3\\xc2_\\xbc\\x8c\\x88\\x8cOHLJNIMK\\xcf\\xcb/(|S\\xf4\\xb6\\xb8\\xa4\\xfa}Mm]}Cc\\xd3\\xe7\\xf6\\x8e\\xce\\xae\\xee\\x9e\\xde\\xbe\\xb1\\xf1\\x89/_'\\xa7\\xa6g\\x96WV\\xd7\\xd676\\xbfmm\\xff8<:>9=\\xfby~q\\x87\\x0b\\x04\\x80A\\x7f\\xbc\\xfe%.\\x1c8.\\x04DD0\"\\xf2\\x1d.\\x10\\x82\\xc7\\x9d\\x00\\x0e\\xe2=*\\x0e$\\q5dS'<j\\xce \\x14\\x88\\x04,\\xb7\\xaa\r\\x95\\x86K\\xfd\\x00\\xdf\\xccy\\x14\\xed\\x01\\x94{\\x99\\xf6\\xc7\\x1d\\xb4_\\xc8\\xfe=`\\xc1\\xffO\\xc8\\xfe\\x04\\xf6\\x17\\xae\\x19\\x00\\x03\\x0c\\x82\\x07\\x0f\\x8c\\x03\\x88\\x02Q\\xe9\\\\xe2\\xa5M\\x12\\xf9F\\xf8\\xae\\x18h\\x19\\xd6\\xb5~,\\xeb\\xfd\\x044k\\x8c\\xedY\n\\xc2}\\xbd\\x18\\xd5~=\\xbd\\xe4\rozIa\\x19\\x02\\xf8\"+\\xf53\\xbd\\x8aH\\xf2(\\xa7\\xf6\\x01\\xfa2bizdN[g\\x9f\\x14\\xd6t\\xdf7.\\x95\\xe7Y\\x0b\\x9f\\xab\\xe9\\xd4\\xe2\\x07)x\\xa9}\\xa7\\xe7\\xe7\\xdf\\xf9\\xa9E\\xbc\\x13:\\xb1:\\x10\\xc3\\x14\\xe7\\xba\\xb6\\xf29jTZ\\x0f\\x94\\xae4*\r\\xc6\\x18\\x95\\x86\\x00V\\xf1\\x91\\x0c\\xc0 Q^|P\\xb8\\xcd D\\x15\\xc1*\\xeanf\\xcc*\\x19>`\\xcb\\xa5(/\\x86*\\xcdJ\\x0b\\x1fP_\\x89\\x0fDS\\xd0W@\\xa2\\x85\\xd4$b((\\x18\\xaaE\"\\xd1\\xd2\\xb212\\x10&ZE* A\\x12\\x7f\\x8d\\xba\\xd1\\x82\\xf1\\xb8\\xd3\n\\x0br\\xcc\\xd4\\xd5G\\xc5:\n\\xe0\\xefr\\x19\\x19m\\xe1B\\xeac\\xaa\\x1c\\xf7i\\xe1\\xaa\\xd0\\x14\\x18rL\\xe5\\xe1\\x8a\\xdb\\xb9\\xe1k\\x00u\\xf8\\x04\\xfb/\\xfbaH\\x91\n\\x00\\xc3\\xdd\\x1b\\xa2\\xbcH\\x80\\x91!/(\\x0c.\\x0f@\\xd4\\xa4\\xc1`y\\xb8\\xa7j\\xd2\\x10\\x8c\\xadh\\xbd\\xf1\\xd4\\xf2\\xef\\x9e\\xdb\\xce\\xc8\\xebZ\\x83\"\\xc8\\x87\\x9b\\xb2\\xdf\\xcb\\xeeK}Y\\x19]\\xd5\\xf0\\xadVz\\x8f\\xb1\\x83\\xc7\\xba\\xf6>\\xb5\\x90\\x13\\x87\\xc5\\x93\\xdecD;z\\xf8\\xe2\\xb48\\xdeN\\xe0{\\xb1YT\\x9f38F\\xfcm\\xa5>4\\xed\\x15\\x1fE\\xb4\\xe7\t\\x13\\xdd\\xf7/i\\xc7\\x90-\\xee\\x8at\\x9b\\xdeO\\xcf\\x87\\x90sJjY\\xdb#\\xe8\\xad\\xc8\\xb8:e\\x9f|\\xa0\\xb5\\x81zj\\x15\\x0e\\xaa\\xab\\x0c(0\\x14\\x96r\\xe2F2\\xe4 \\xe6\\xc1Y\\x81;\\x05\\x01~\\xc1a(\\xcc\\x0b\\xc4\\x8d\\xcf\\x94WB\\xcc\\x87\\xd4\\xa8r\\xd4\\xc0\\x11\\xa3\\xca+J\\x83q\\xe3\\x93#\\x91x\"\\xf5\\x19@wC]c\\x1a\\xc5p\\xfc\\x89\\xbf$\\xc6\\xcc\\x82\"\\xe4l\\xef\\xf8H\\xdcV@#\\x91fc\\xe4\\x10\\xeb\\xe0\\xfe5\\x07\\x1f\\x80\\x13\\xca\\xf8\\x8b:\\xb8rF\\xc6\\x89D\\x08UA!w\"\\xc6/\\x02\\xef\\x06A\\xbf\\xb4\\xc3\\x1d1\\x83s\\x01$\\xaa\\xdd}\\xd0W\\x00~\\x9f\\x87[\\x97\\x86\\xdcyU\\x90\\x83\\x10\\xc9\\x00\\xc1\\xd8\\xc6\\x1a\\x8b\\x0b\\x8a:\\xdd\\xcc\\x9a\\xff\\xd4\\xa1\\x9e^\\xf9p\\x06UZw\\xd55F\\x85_\\x92\\xd4\\xf7\\xca?\\x15\\xd1|\\xa1\\xba\\x94Q\\xfa\t\\xdaf\\x82\\x0c{B\\xcd|D\\x03Y\\xf7\\xa6\\xb8\\xef\\xc9\\xf3\\xeb\\xc7\\xe2\\x9bF\\xa6y\\xf3\\x1c\\xee|\\xbd\t\\xfcF\\xa1\\x961\"\\xe6\t\\xdd\\xca\\xc1\\x99\\xd0\\xc9\\xe6l\\x0b9\\x0fr\\xbd\\xb5~\\x9c\\xb0\\xd5\"\\xd2\\xca\\x1d]\\x1f\\xef\\xd8\\x1b\\xa3LQ\\x9d\\x82\\x9a\\xd3\\xb7)4_#C\\xe5\\xbd\\xd5\\xa5lV\\x91\\xa4\\xa6\\x1b\t\\x01~\\xfa\\xbd\\xd5\\xc5:\\x01\\xcd\\x9f\\x8f>\\xf0\\xf7ylD\\xc7x\\xd7,\\xa3;\\xf7\\xad\\xa8I\\xe3\\xe7\\xbe\\xfc\\xcd\\xdf\\xbb\\xf8\\xde\\xa1\\xff\\x8d\\xca\\xe4H@\\x81\\xd1\\x961J\\x81\\xd1&\\x07\\xb1\\xa00/\\x0e\\x9e@\\xbf\\x8d\\xc3\\x99a\\x85t\\xd1R\\x15\\xe6\\x05E\\xdf\\x05!B^\\xb9\\xe0N\\xe4\\x8e-bx\\xd2\\xe1\\xc6\\xc1\\x89@\\x83K\\x86\\xc0\\xf9\\xfe;\\xe9\\x89\\x90\\xbb\\x95\\x18vH\\xbf\\x16)\\xfc\\x91\\x89\\xbf\\xd2\\xecnB\\x81\\x81[\\x15\\xe1.\\xb3\\x14\\xfe\\xcc\\xb7_\\xfe\\xfc\\x91\\x81\\x10\\xb5_\\xacr\\xbd\\xe5V\\xb5\\xc99\\x08\\x86s\\x0f\\xe76\\x07\\xccm\\xa2&M\\x89G\\x9e\\x18\\x8a\\xa3\\x9c\\xcf\\x8da\\x07\\xd9\\x13fh\\xe5n\\xb5\\xa3\\x15\\xb4-\\xe8\\xa4\\x8a\\x90f\\xbb\\xcb\\x95H\\x06\\xd0],\\xcc\\xd4\\xe0\\x99@\\x98\\xfa\\x0f$\\xad\n\n\\xfa\\xbf\\xb9\\x87\\x01\\x07\\x0cO\\x01\\xb80ax\\xfc\\x9d\\x8fw\\xbb\r\\xf7\\xd7\\xbb\\xbb`\\x13\\xdb2N\\x84\\xdfA\\x86'T|\n\\xe4\\x0e\\x8d@\\xdc\\x087\\x0f<\\xeb\\xe0\\xbb\\x8b\\xbb&\\xb1\\x0f\\xf7\\xb7\\xb7\\xbf\\x0c\\xc17U\\x07\\x9c\\x9d\\xdf\\xf6)$\\xf1\r\\x9c\\xce_v\\xfe\\x91(p\\xb0\\x81p\\xb0\\x81\\x02\t\n/\\xc7\\xd8\\xb5\\x88\\xb8\\xc3_\\xd3\\x8e\\x8b}4\\xa4t\\xb0\\xd7\\x8bux\\x9a&H\\xd3\\x19\\xea\\x95\\xf9*x\\x1a8\\x8f\\xa0K\\xf9>Z\\x0f\\xa6~\\xffue\\x95\\xe6l-a*h\\xd0\\xc6@\\xc1\\x82\\x82\\xbd\\x1d3\\xaf\\xa1d\\xa8@#i0\\x03\\x972k~\\x99F\\xa8\\xf8\\x9b\\xb4\\xb4\\x01\\xe6\\x03\\x03\\x0f\\x99=f\\xea\\xa8\\x07\\xcc;8\\xb6{/\\x8b1\\xc5\\xe1\\x0cT\\xacR\\xdeq\\xc1h\\x03\\xa7\\x93\\xa8 /\\x90 \\xf2\\xf1\\xc7\\xf0H\\xc6\\xc0P\\x9c\\x99H\\xc3\\xd1\\x8c\\x13\\x080\\xc38\\x05y\\xfd\\x18\\x0e;qL\\x9d\\xf0\\xf7\\x83\\xe3/\\xb6h9~\\xc5\\xe5\\xb7s\\xe7\\x0eA\\xf8o\\x90;\\xef\\x98J\\x80\\xc0\\xb7\rO\\x02dU^\\xc9\\x06\\x1e\\xe4\\xb8\\x91\\xbb\\x8d3\\x83\\x86\r\\x8f\\xff}\\xaa\\xe8\\x82\"uU\\x8e\\x02u\\x8db\\xc6\\xc4;E`\\xec?\\xd3\\x02~V9\\x15\\xfc\\xdaGw\\x91\\x0f\\xfcmS\\xc1\\xf9\\xfb\\x1c\\xff\\x1b\\x7f\\xbf\\xa4\\xcc\\xfe\\x1a'\\x93/\\xd1 {_\\xf7t\\xab\\xfc\\x13\\xd3\\xe9\\xca\\xf8\\xe3\\xfa*\\xa9\\xa8j\\xa1X.P0\\xe8\\xf2\\x83\\xc0\\xa4\\xb0\\xf7\\xc7^:\\xaf)\\x01\\x91\\xaf\\x8f\\x8ds{\\xa4\\x1d\tT\\xfb3(Idk\\x9f\\xb7n7BO\\xca\\xf6q\\xdb\\xeb\\x8dZl&\\x10\\x8f\\xb0\\x00\\xd7\\xb2\\xa9\n{<T\\xbcO\\xefvt\\x95\\xbf\\xd8\\x1e\\xf6K\rE\\x8c\\xb4T\\x12\\xd4\\xbdP?\\xa32\\xa7R\\x96_)\\xd1\\x12\\xe4\\xdbD\\x1el\\x80\\xbd\\xc2\tl\\\\xd2*\\xff\\xe2i(\\xc4\\xfe\\xe3\\xa9\\xb0O\\xc6#\\x03\\xe7\\xda=\\x81H\\xfbe\\x99\\xed\\xed\\xc6\\xa4\\x17\\xea\\xea\\xf6\\xf9\\x8eyK\\xac\\x90\\xd7at\\xdbl\\x82\\x98y\\xaf\\x9b\\xa2'\\x0cY\\xe0\\x9f\\xdf\\xceK\\x7f\\xfe<*\\xdf\\x94\\xe0F@v'\\x06\\xb1\\xcf[6\\x9d\\xe6v\\xf4\\xd1\\xf0PkPs|\\xd7\\xecw\\x9fJ]\\xf0n\\xfc,o\\x15M\\xc1\\xe8\\xa6e4\\xe9\\xe2\\xee\\xd0\t \\x1d\\xc3\\xdb\\x11Cbd\\x98c\\xe4\\x12\\xfb\\xceJKT0/\\xd6YP0/\\xb3\\xedA\\xa8&\\x9f\\xfex\\x02C_\\x81K>\\x9d\\x8d\\xc3\\x96Cf\\x9bW\\xcd\\x117JU\\x1fn\\x84P]\\xad)*\\x92\r\\xae@\\xbe`\\x90\\x80\\x01\\xfe\\xf50\\x86'\\xddE\\x0b\\xb1\\x8aKgSM\\xcd\\x8b",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "i",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x1c\\x1f\\x85q!`5\\xaa\\xc3\\xe6zVW\\x8f[\\xf3\\xb6{}.\\x12S\\xc7\\x11\\xea2r,\\xcc\\xc8\\xca}n\\xbf\\xbb\\x91F\\xc8\\x10\\x85\\xd7#\\xb4dqt\\x9c\\x83\\x96\\xa8ud\\x0e\\xa9\\x96]\\x97\\xa3\\x92|N\\xefB\\xc5\\x1a\\xe3\\xe8\\x14\\xa40#\\xf5yqH/\\xcf\\xb1\\x1b\\x05r\\xfd\\xa3\\xd9^\\xb6R\\xb8i\\x04\\xc9\\x0f\\xbf\\x9c\\xfce\\xbf\\x07\\x9a\\xa1r\\x1e=\\x13/\\x03?m\\x04!\\xb8\\xea\\xfc\\xb1FC\\xb5'\\xebW\\xe7ms\\xdf\\xe7]\\xfe\\xcf7E\\x93\\xd9m\\x10\\xca\\xf1\\xcd\\x08\\xcd}\\x98\\xd3^Qp\n7\\xeb\\xf0-eX\\x17q_\\xee UwY\\xc9\\xfb[I\\xbe\\xc3\t'\\xec\\xd9\\xdcf@(\\xc4wz\\x9e\\xef#h\\xab\\xbd\\xe65\\xdeg\\x8e\\x93\\xc8G&x\\xf3\\x88[_p\\xd8\\xd5$|\\x83\\x11e\\xa9:\\xbc\\xf59,\\xa4\\x9b\\x8c\\x01\\xcc\\x139R7.\\x95\\xe2~\\xba\\xcf\\xc09T\\x18\\xfa\\xac\rl\\xcb\\xdc\\xbb:\\x16T\\xa0d\\x96.\\xce\\xad\\x1b\\x11\\xe9\\x02k\\x0c\\xec\\x05\\x8b\\xae\\xdd\\xb9\\xe9~\\xdai\\xc7\\x9a\\xef\\xc0\\xeb\\xfbF6\\xfa\\x00\\x13\\xf2\\x96\\xd4e\\xb2\\x1c{k\\x90\\x9b\\xbdiN\n\\x9a\\xb1\\xc2\\xf7\\x9a\\xb2~\\x80\\xa0R\\xf9\\x18$\\x93\\\\xab!\\x99\\xf4\\xc6\\xe2RI\\\\x13\\xc1\\x18q\\x15\\x1a#\\xb65r\\xf8\\xb4i\\xaa\\xe0\\xdd,a\\x01Q\\x9c\\xdc\\x18\\xc7\\x10\\xe4!}\\x94\\xb7\\x9f\\x8b\\x18\\xe4m9^A\\xc3\\xcb\\xde\\xd3\\x97/)k\\xcc\\x91\\xd9\\x10\\xc2\\x87\\x95\\xf9\\x84\\xb7\\xeb2!:\\x04\\xa3\\x92\\xecf\\xb1\\xb0\\xc3:\\x14\\xbe\\x1d1\\xfco\\xa5\\x8c\\x0e$[[\\xbc\\xa9\\x88\\xd1\\xecQkK\\x0c4B?.6\\xca\\xc88\\xf9n\\xc6\\xe8\\x9aQ\\xd7\\xba\\xc8te\\xe4|\\xeb\\xf8N\\xef\\xf2\\x89q P*\\x06\\x8aX\\xe7\\x9cCZ!\\xec_\\x9bk^X\\xfe\\xe5\\x95\\xa1\\xd0,*[q\\xcf\\x9f\\x8f\\x94[\\x8d\\xeaW\\xd9\\x14\\xb9o\\x15\\x19?\\xec\\xfd\\xebaq\\xf8\\xa6\\xbf\\xa2\t\tHd\\x0b\\xf0VV\\xfd\\x11nt\\xe9\\xed6\\x1c\\xa0<\\x01\n\\x91v\\xa0\\x0bBO\n\\xa8\\x81\\xe1%\\x899\\x17\\x94\\xe2\\xca\\xd2\\xe7n\\x8d\\xb8\\x0c\tj\\x19\\xf8\t,8\\xbc/\\x95\\xe7\\x14\\x8a\\xe7$MjC\\xc3\\x94;\\xde\\xbc{\n\\xbc?\\xaf\\xf25\\x83H\\xe7\\xa3\\xee\\xd4E\\x96\\xd7\\x90?\\x9e\\xf0.\\xcd\\x9e\\x82\\x99\\xf4\\xd0\\x9b\\xa3\\x85\\xb3\\xcc&l\\x00o\\xe70\\x1d\\x91\\x07\\x17\\xb3\\x18\\xc0\\xb8\\xb0\\x8f[\\x17\\xda\\xf5\\xa7\\x9a\\xfe\\xcf\\x0fP3\\x0b\\xc2-\\xa3\\x92\\xda\\xed\\xef\\x05\\x0e-\\xe4\\xbf\\xbd\\xd1\\xdc:~\\xed\\x19o}\\x94\t\\xa3\\xc1\\xf8$\\x00\\xc8\\x9b\\x89\\x9cI\\x8e\\xd7\\x0b\\xbf\\x05\\xcf\\xba\\xc2\\xbf\\xd5f\\x02&\\x11o\\x81\\x11i\\xc7\\x00\\x9cOk\\\\x7f\\xfe\\xdf\\xda\\xa3\\xbb'h-\\x8b\\xae\\x1dc\\xef:lmW\\x7f\\xef\\xb05\\xbd\\x0b\\xe8\\x92y\\xf4\\x11I \\xf2>\\xfe\\x1e\\x059\\xc7\\x0e,\\xfd\\xbe\\xde\\xb4\\xae\\xb2;\\\\xe8\\xe1\\xf0M\\x81\t,[<*}'\\xab\\x91\\xf1Q\\xe9\\xcf\r%\\xe9\\xd1Hp\\xf8\\xf5\\x12\\x91*\\xf2\\xe6\\x84K\\x86NZ\\xec%}}\\xe2\\xf5\\xa7\\xb8\\xae\\xda\\xaf\\x08*DI\\x91uF\t\\xee\\xbe\\x8b\\x89\\xb8b\\xfb\\x87\\xb0--7\\xc2\\x87\\xf1|\\xe9\\x87\\x92L\\x87\\x91\\xff\\x87\\xbb\\xb7\\x0ck\\xfb\\xdb\\xbaE\\x03\\xc1\\x1d\n4\\x14'\\xc1\\xa5Xqw)\\xeeZ\\xdc\\x9d\"A\\x8a\\xb4\\xd0B\\x83$8\\x85\\x00\\xc5\\xb5\\xb8\\x96\\x02E\\x82{q(%H\\xf1\\xe2\\x05\n=\\xfd\\xef\\xbd\\xdf\\xb3\\xf7+\\xe7\\xb9\\xfb<\\xcf\\xfdr\\xef\\x87|M\\xf2[k\\xae5\\xe7\\x1cs\\x8c\\xf1\\x0b\\xf2\"P\\x11,\\xfdZl\\xee\\xe9\\xf4\\x1b0\\x9c&\\x85\\xc0\\xa4\\x03\\x9e\\xbd\\xd8O\\xf8xsrw\\xf4kV4;\\xe7J\\x87(\\xc3xxj\\xf3\\xd3\\xdc\n\\xb5\\x82\\x8a\\xd0|\\xd4\\x81\\xd8\\x07\\xfe\\xcbaw\\x7f\\x9f\\xe47\\xc6\\xce\\xe4\\xc0V\\xb6\\xe01\\x11hqk\\xf8\\x998\\xbc\\x0e\\xd6\\xc4\\x940|\\x84\\xd7\\xef\\xdf\\xe2c\\x00\\xbb\tw\\xfd\\x17\\x12(\\xc5\\xdb\\x91\\xe4\\xba\\xb2\\xdc\\xcb\\xfe+\\x9c`\\xf3\\xc4\\x7fb@\\x90I\\x96\\xd4\\x18\\x16v\\xe6\\x9f\\x96\\x9c\\xd7\\x9f\\x90\\x8d\\xb0*\\x98\\xd1l%IA,^>!\\xae\\xeeG\\x1e\\x98\\x97e\\xe6\\xc0\\xac\\xec*C\\xf4\\xfb\\x87\\x0f\\xa2\\xa2\\x84\\xee~\\x03\\x84>\\x9c\\xfc\\x06\\x84\\xeek\\x99\\x16\\x07\\x12\\xd4IR\\x08\\x02\\xf4\\xd5\\x19\\x1a\\xd7~\\x1e\\xcbQk\\x17\\x848\\xbaj\\xcdv\\xac\\xd8\\xbe\\x93\\x82\\xeb\\xd28\\xb8L\\x0b\\x1e\\xe8\t5\\xf9\\x7f\\xde\\xa9\\xe1\\x0c\\xcb\n\\xebeLc;\\x19\\xb2*\\x05\\xff(\\xd1\\xfd\\xb3!^\\x1d\\xa7\\x9bI\\x87\\x82\\x94\\xc9[=\\xe2+\\xbe\\xb0{\\xc3\\xed\\xaevAe\\x96a{\\x97Br\\xb6q\\xfe\\xc2&9\\xbbTn\\x81\\xb8n\\x83XIm\\xca\\xdb\\x1b\\x03#M~#\\xec\\xb8\\xef\\x80\\xa1|\\xfcO\\x7f\\xc1\\xee/B\\x0fV;h\\xf6\\xfcs\\xf2\\xac]S\\xb4x\\x8e?\\xb9\\xd2,\\x83\\x86\\xceKb\\xec\\x8a\\xa3\\x11\\xb8X\\xe8(\\xc5\\xc2\\x81e+\\x1aP\\xe0\\xffo)\\xb0Ed>\\xaa,U\\xb9*?\\x07\\xa7i\\xdb\\x82j\t,\\xa4\\x92%\\x8c\\xdc\\xfe\\x13\\x10\\x10\\xc9\\x90aB>D\\x17'T\\xd9\\xc7\\x0f#\\xe5\\x92\\xee\\x12R\\xbb\\x12\\xea\\xcaj7\\x96q\\x12\\xfd\rhJ\\xcc*\\xfa?\\xc0\\x00\\xf9\\xb8<\\x89\\xf1\\xc35\\x86\\xfc\\xbd\\x80\\x90\\xd9\\xb1\\xf0\\xc0\\x93\\xcc\\xa5\r\\x15\\x85\\xe5Avq\\xefg\\xd5r\\x15\\xa3\\xcbF\\x9a\\x0f\\x16\\x88\\xb2\\x83R\\x1e\\xa7\\xd6_{n5x\\x1a\\xa3\\xb0nt\\xb1P\\xba\\x9d\\x82\\x8d%{\\xcf\\x04b\\xe7<NU\\xdd\\xec\\xd6\\xac\\xb8\\x06\\xa8\\x830\\x1f\\xb7M\\xac\\xde\\x18\\xfa\r\\xfcP\\x9b\\x1a\\x8e\\xa1\\xd7&\\xa8\\xed\\xa1\\x1c\\x9d\\xc4\\xda>\\xdd\\x82\\xc5\\x94\\xfaoG2\\xb2\\x1fc\\xcc\\x08\\xff\\x06\\x1c\\x12N\\x7f\\xff\rpM\\xf1\\xe3\\xfb\"\\xfe]Z&\\xcd\\xa294d\\xba]\\xcaV\\xb3\\w\\xa4\\xcdO\\x00\\xbe\\xff'\\x8c;\\xd2<?o\\xc8\\xadu\\xb4\\xed\\xe7\\xed\\x8c\\xf1\\x98\\xb4\\xe8\\x02XZ\\xe1\\x80ul\\xaf\\x9c\\x9d\\xeb\\xecH?9\\xba\\x94\\x05]y\\x00\\x05?\\xe9\\xd3\\xab|\\xfc\\xf4\\xa3-\\x90\\xe0\\x04\\x13\\x18\\xc4tCD:9\\x93}s\\x92n\\xe4\\x9e\\x05\\xd2\\xec\\x8b\\xcc9\\xba\\xf9\\xe2\\x91d\\x9e\\xba<\\x0ev%\\xe2#\\xf7MG\\x01\\xa5e%\\x00&\\xed\\xad)\\xc7\\xa3\\x87\\xa7\\x07\\x9b\\x97\\xe7w\\x9cH\\xfbkk\\xe3\\xb3\\xad\\xa3\\xd5\\x16)\\xe7\\x12\\xd7,\\x86F]\\xac8\\xe1\\xbaH0<\\x19\\x87D$\\xc7O\\xe2Q\\xc6\\xe1U0,\\xbc\\xe0\\x84f%\\xe7nf\\x8f\\xabU\\x7f\\xf1sJTJ\\xd4\\xa4\\xe1\\xfb\\xa5\\xf5\\xcc\\xc8\\x98\\xa1ww\\xcf\\x18#v\\xe5H\\xdc\\x97\\x9b)^\\xfa2S\\x9c\\xb1\\xcb\\x86\\xeek<\\xae\\xe9\\xe5\\x0e/\\xd1\\x1a\\xee\\x90\\x9f\\x10;\\xaf8 \\x100\\xa65\\xa5#\\x0by\\xf9\\xa7\\xad\\x94{pW\\xb3Y\\xc9\\x99;\\x18\\xb4\\xd6\\x9d\\xb3\\xd5\\xf9\\xa2\\xf1\\xac\\xcc:\\xcb\\xdc \\xe0qf\\xaf\\xbb\\x08\\x94\\xa5\\xf29\\xcd\\xe1\\xbe6\\x9c\\x81\\x9d\\x93+\\xf5/\\xaaz>\\xb6k\\xf1\\xf3\\x85i\\x01k1\\xf6\\x99\\xa8k\\x83\\xc2\\xf6\\xd6x\\xb6x\\xf1\\\\xb0\\xc7\\x91n\\xb08H\\xb6X1[H\\x8e\\x1a\\xf2\\xb1=\\x15\\x03r\\xd4\\xcd\\xd7\\x93\\xf2K&O\\xc3me\\x1c\\x8e7\\xe7\\x84W\\xea\\x038\\x97\\xf6\\x93\\xe6\\xac\\xef\\x87\\x10Q\\x1b:@p0b\\x05I\\x15\\xf5\\xb6#y\\x89U~\\xaa9<\\xf4{\r\\xa6!^\\xae\\x16\\x0c\\xcd\\xc8\\xe6\\xb0[\\xa2\\x16\\x93'\\xc8O\\x19\\x12gGn\\xbf\\xff\\x97\\x96;\\x15\\x83'H\\xa8\\x9f\\xb0\\x97\\xae\\xaan\\xe8j\\xf6\\xb9w\\xb5\\x88zq\\xc6\\x9d\\x03\\xec7@\\xc0K\\x1b*\\xad\\xb3\\xabV\\xd7\\x01n/\\xe0\\xca\\\\x91\\xfb\\xe6?#<\\xba\\x1d\\xc9\\xaa\\x19\\x87N\\x1aQ73\\xf0\\xf1\\xcc?\\x81\\x7f\\xdd\\xd7\\x8e=\\xda\\xc6q\\x8a\rJ\\xc8\\xd9\\x8aG\\x96\\x14\\x1c\"\\xd7\\x1a\\xff,4\\x86\\xec\\xd2Q \\x0b\\xf4\\xb8I\\xa8\\xd1\\xb9$\\V\\x82xk\\x84\\xbbR\\xfb\\xa0\\x06`\\xa3\\xed\\x1f\\x95\\xb4\\xa5\\xc7\"\\x9cTG\\xd9\\x10B\\xa2%\\xfa\\xe7\\xac\\xb2!\\xf76\\xd69\\x90A\\xc9\\xec\\xabD\\xfe\\xf1\\xceYld\\xde\\x1e\\xaaW\\xe2\\xb7\\x9d?\\x8b\\x96\\x96\\x81\\x87\\x92\\xeaL\\x0c}\\xf1^.@\\x85e\\x93\\xb6\\xa8\"'B!uX\\xc6\\xe5D\\xa9\\xde\\x84\\xa2nx\\xfb\\xb1\\x87\\x1b\\x1f\\x1d\\x8f\\xaa@T\\xb7\\xe2\\xa1Q\\xbd\\xb4\\xebAb]\\x15\\xac\\x08\\xec\\xecN\\xde\\x83\\xb2\\xd4\\xc5J\\x08\\xf2;0",
        "buffer_size": "16306"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\xf9",
        "buffer_size": "1"
      },
      {
        "process_name": "87053d0ad81ac3367ef5.exe",
        "pid": 4920,
        "api_call": "SslEncryptPacket",
        "buffer": "\\x99\\xc3\\xe0F\\xfb\\xe6\\xe9\\x03\\xd0\\xdb\\xc2\\xb4=\\xddM\\xa7H\\xf2\\x92\\xb4\r\\xb5l\\x15\\x97\\x19IC\\xe4C\\x994z3\\x11?\\xca\\x96\\xd3\\xdf\\x00(k7\\xab\\xbd\\x9c\\xa6\r\\x85lA\\x91;m\\x13\\x05us2\\xdeuDF)\\xcd\\x9f\\x93\\xff\\x0c8]tVL\\x06e\\xb0\\x87Z\\xb4xL\\xd0\\T\\x92\\xbb\\x06M\\x0f\\x92{\\xe6\\x08(\\xa0\\x83h\\x80\\xd5\\xca\\x97N\\xb7<)\\x19\\xba\\xf6>\t4\\xb8`\\xf1\\x9d\\x99\\xba|<\\x01\\x15\\xdcb\\xb3\\xa6\\xfa\\xf4C\\xd3\\x81)\\x18\\xbf\\x1c}][\\xa2\\x0f\\xee\\x96>\\xb1\\x88\\xdf\tsp\\xda\\x96U\\x8f\\xa6_!\\xd6\\xe6\tJQ\\x8e\\xb2\\x96\\xa3\\xfb\\xbc2\\xa9d\\x95\\xa7\\x92\\x81,\\x9d\\xe7!q\\xb2OA\\x17\\x9cr\\x91\\xc79\\xd1\\xf15!d\\x0c\\xbe5\\x10\\xc4/\\xf3z-\\x92[\\xdf&\\xc4 M\\x93\\xdfh3%\\xca\\xc4D\\xbd\\xdd=\\x8e\\x89\\xc1\\xf8\\xe7\\xe5\\xe6\\xf1z:\\x8d.i'@\\xb7\\x1fT\\xa9\\xd0?\\x8a/\\x9a\\x8b3\\x10\\xfe\\xfaqB)\\xcdN\\xbc\\xc3\\J/\\xa4b(\\x8f\\x9bv\\x11\n`x-s\\x8eA\\xcc\\x86[\\xac\\xe3\\xea\\xc9\\xbb\\xf5\\xb9\\x07\\x0f{\\x90}[\\x8c.t\\xd2\\xf3M\\xd3\\xad<\\\\x8e\\x02\\xfa\\xb4U\\xdc\\x006\\x89\\x05bH\\xb5\t1j\\x13\\xbe\\x8d\n\\xe0!g\\xce\\x19\\xc0`\\xe3\\xf7\\x8d\\x16\\xe4z\\\\xbfB\\x99\\xf0+c\\x99\\xf93]\\xf8q1@1j\\xf7\\xcfCZH\\x04l\\xf4\\xf0\\x1c\\x02\\xb9\\x94z\\x9eI\\x91\\xf9\"S\\x93l}\\xeaQ\\x14\\x03\\x0ep4\\x85\\xa7n0\\xee\\$\\xd7T\\xd4\\xaeq\\xe1\\xcc\\x07\\xc8\\xf2\\xdb \\x82\\x89Z!\"\\xa2\\x1d\\xc6\\x89x\\xe5\\xba\\xf6\\x00\\x85\\xe4\\x86c\\xfd\\xee\\xc7\\xec\\x00\\xf4u<\\xa0:\\x9e_\\x9a\\x0b\\xb5Ps9\\xf0\\xd5)\\xc5\\xe3#\\xf3\\xf2U\\xc7\\x89\\xbeN\\xa9&\\xe6S\\x87\\xe7\\xa4x*\\x0e;b\\x1e\\xf6\\xcb\\x9d\\x00\\x83\\xee\\xe2J\\xcc\\xcf'\\xb9\\xba\\x16\\x1af\\xb1\\xeb\"\\x17\\x0cM\\xb4=\\xc2n\\xa3'\\x121\\xe10\\xb5\\x01\\xda\\x99}9r\\xbd\\xa8]\\x83e\\xf3\\xb1\\x80m(\\x17iz\\xcc2;]h\\xe8LL\\x89\\xf1\\x97\\x8f\\x9b\\x84>\\x1a/_\\x9e&\\xcb\\xed$\\xfd\\xa9\\x98-\\x80\\xd30R\\x8d\\xda\\xb9 \\xc0D3[@L|G\\xd9\\xba}5\\xa3]\\xfbZ\\xdc\\xa6\\xcc.\\xce\\x16h3\\xc9\\x1c\\xf0!\\xea\\xcf#\\x9a\\x87\\xcb\\x1cI:\\xb6\\xba\\xa8%d\\xe6\\xb3\\xd7\\xa8\\x82PhM\\xb6<\\xbf\\x16\\xfd\\xe5\"O\\xee\\xfe\\x84e\\xca\\x138\\xf2\\x1cC\\x1ff8m\\xbe\\xa2L\\xa0\\x05\\xe1\\x83w\\xad\\xda\\xf1\\x13C|\\xb4x\\xbc!\\xbeB\\x15Du\\xc0b\\x80\\xf2\\x9f\\xc5\\xe2\\x9a1}\\xea\\x98(\\x86\\x8bt\\x80iH\\xd5\\x86\\x84ng\\xceep\\xc0\\x0e\\xbd\\x99\\x8c<\\x8b\\xd2\\xbe\\x87\\xd8E2u\\x9f\\x97\\x0e\\xf1 \\xd2\\x04%e&)\\x1d\\xce\\x19\\xd2\\x9c\\xe8\\x05O\\xdd\\x8b[\\xc8\\x04;l\\xb6^\\x03\\x186o\\x0cI\\xb1\\xa6\\xa2'h\\xb1AC\\xe0\\xc4\\x90\\x17\\xcf1\\xa89\\xca\\xd1\\xcdP^\\xa7V\\x10>9\\xe0\\x07\\x142\\xad\\xe3\\xee\\xeb\\xd92\\x11\\xb3\\xb1:\\xe33\\xe0\\x82I\\xa7\\x17\\xdfpI\\xfb\\xa1\\x1e\\xf5\\x9c\\x85\\x8d\\x93\\xd6-9$\\xaf\\x14-?sl\\xfc\\x8cci\\x182pX\\x0c\\xed\\x07\\x18\\xf7\\x83\\xfe\\xfc\\x0e-m\\XC\\xed\\xfbA|c/\\x8cn\\xf6\\x1b\\x03\\xad\\xdcI\\x13{o&r\\xd8'\\xd5U\\xb4\\xd4\\x9f\\x88(\\xae|\\xb0\\xa8\\xe3\\xedM9\\xc3,\\xcf\\xc9lx\\x81\\xa6\\xbbo\\xfc\\xd2\\xd8\\x16,u\\xd1\\x02\\x7f?.\\x1a\\x83\\xae\\x91\\xcd\\x05\\x88\\x10\\xc6\\x1d\\xf6\\xe2\\xb1\\x06\\xf7\\x06,\\xf9f\\xbf\\xa5r}~;\\x9f\\xf9\\xb9\\xb9>\\x0b0>)\\xa9\\xff$\\xf5\\x1b\\xef\\xa0\\xfe\\x98L \\x13\\xae\\x94.\\xb6\\x87\\x1e\\xecK\\x8a}0\\xb5\\x8a\\xc8tL\\xd2q\\xee\\xc7\\xc7\\x7f\\x0e\\xda\\xb2\\xa6\\x7f\\x80O->\\x15MCt7Z&G\\xf7oa\\xf8\\xbc_\\x9b\\xb7H\\xe4\\xad\\x1f\\xee\\xf0)\\xd4\\x8d\\xdfO[H\\xbf$+\\xe4\\xde\\x87\\x8c\\xeesA\\x0e\\x85 \\x86X>Aj\\xeae\\xc2\\x9c0<\\xf9U\\xd8\\xa1\\x9d\\x98\\xd8~<r\\xed\\xf3\\xc66u:\\xab\\xfeC1\\xac\\xd3\\x05\\x1a1\\x86\\xcf\\x91\\\\xeb!z\\xc6\\xe8\\x99\\x9a\\xdc\\xe1Fk]\\x9a\\x11\\xf5\\xd3(X\\xc4\\x9b_{\\x06\\x85\\xcf\\x12z\\x87i\\xbf\\xd4\\xdaO\\x8c]5\\xef0d\\xa1\\x851\\xf2\\xa2v\\x95]j\\x12\\x82\\xc7+\\xde\\x0b\\xd2\\x11\\xc3\\x18\\xb7\\xfc\\xd4\\x01\\xc0\\x95M\\xc6\\xe1\\xc2\\xb7ZH\\xc7\\x04\\x84\\x9a\\xf6\\xd5b\\xc2O.\\x1f\\xf5\t\\x86\\xe8H\\xce\\xe9?\\xc7\\xe4C\\x9dl\\xf2\\x19\\xbe\\x1dGu-\\x19j[l\\x1c\\x97\\x8as\\xda\\xeb\\xe5!\\x1b\\x13\\x8e\\xa2\\xc8=Y4\\x06\\xeeW\\xc8\\x9f}R\\xa4\\x84\\xe1\\xcc\\xf4[\\xdd\\x8f\\xb5\\x11\\xed\\xbe:\\x03'\\xab\\x9c\\x1c]\\xa7\\xa6D\\xddL\\x8f\\x14O<\\x1a\\xb4V3\\xd2S\\xa4\\xfe\\xda3\\x04\\x9e\\xa9\\x91\\xcf'\r\\xfe7\\xa6'\\x9fe\\xffg\\xad\\xfd\\xdcO\\xd0\\x992N\\xfc\\xe5D\"\\xe8b W#\\x14j{\\xea\\x89\t\\xf5\\xfa\\xa6\\xb6\\x1a\\xf7\\xbf\\x8a\\xfb\\xee\\xb8\\xa6\\x82m\\xddP\\x14D\\x9a\n\\x02\\x82\\x80\\x14\t H\\x11\\x01)\\x01\\x91\\x12PzG\\x8aT\\xe9M\\xba\\x18\\x8aTCBGz\\x97^\\xa5\nH\\xef\\xbd\t\\x04\\x90N\\xa4K\\xe8-\\xbc\\x80z\\xce\\xbd\\xe7\\x9dw\\x8f\\xf7\\xaf\\xf7G\\xf8\\x85\\xbdf}\\xeb\\x9b\\xb5g\\xd6\\xcc\\xac={\\x02\\xee\\xb0mAf\\xafx\\xeb~\\x18{\\x8c\\x18\\x8d\\x13\\x90\\xf2+\t\\xcd\\x07\\x80\\xee\\x11t\\x87:n\r\\x18\\xd5\\xbb\\xef\\xd8\\x9f\\x03\\x8c\\x0fx\\x92+Q\\xbc\\x99#,\\xe1B\\x99\\x1e\\xa0X\\x9f\\xf4\\xaf:o,\\x04\\x08\\x14>\\xb9!s>M\\xafj8\\x08\\xdb\\x18\\xa1\\xa8\\xef?\\x9fMl\\xf1\\xbaF]c?\\x19<h\\xed0\\xd2v\\x0e\\xf8\\xc2\\xdc\\xc0~\\xe0\\x1aIv\\xbd\\xa3\\xff\\xae\\x10\\x12\\xee\\x9e\\x97\\xb3z\\xdbe\\x83\\xcc\\xa8\\x07v\\x8fQ\\xa6\\xf7\\xf3\\x83X\\x9c\\xa5\\xc5\\x9d\\x8e}\\xda\\xd1e\\xda\tM\\x8b\\xcfg~\\xd6T\\x12\\xf4W\\x1c\\xc3y2+o\\xc0\\x12=\\xf6>\\xbd\\xb4\\xb8\\xf5\\x82s\\xeflf\\xf3\\xf4kM\\x10\\xed\"\\xca}T\\x16\\x88#Y\\xfe!\\xc0\\x9fr\\xda\\x15\nd\\xd6\\x8d\\xac\\x18\\xf4\\x1e\\xce\\x9a\\xfb\\x96\\xab;%2\\xdd,?\\xcb\\xfe\\xf8*^q\\xfb\\xfc\\xc5o8a\\x1f\\xec\\x07\\xde\\xd4\\xf92\\x89\\xfbx\\xa5\\xc4\\xb9\\xab!\\xc9qLt9\\xaf\\xae!lb\\xd1\\xe7\\xb1iL\\x8f\\x9516\\xa8\\xc6{r\\xef\\xe2M|\\xd0F\\xec\\x95\\xe6\\xae\\x8a\\x1f\\xa9\\xc1\\xa4\\xf1\\xf1\\x04\\x1aB\\xf6\\xfd\\xe2I\\x89l\t.B\\xb4,\\xa8\\xb6]\\xe6\\x0f\\xec\\xa5\\xd1\\xfdU+p\\x0b\\x9f`\\xc0\\xf0\\x93\\xa5A\\xd8\\xb3q_7f\\x19\\x96\\xa5\\xae\r\\xd0\\x96\\x9d\\xd0\\xc1r\nl_\\xc8|>\\xfc\\x1bv\\x8d!\\xfel5\\xf5d\\xb5\\x00ZoT>\\x18P\\x85\\xf8\\x00&\\x0cbbC\\x81\\xb9b3\\xa7\\xc4\\xa7\\xfb\\x0f\\xe3`\\xfb\\xdb[L\\x1aN\\xd7K\\x9car4f\\xc2\\x11\\x9dkj?R\\xae7\\xed\\x19\\xea\\xb020uc\\xf3\\xf0\\x147,&\\x89\\xf7\\x9f\\xa8v{>\\xd5\\xbc\\xa7\\xb9\\xcf^j\\x83\\x9a\\x0e\\xea268\\xa1\\xc5s\\xcf\\x92\\x13\\xa3\\x98Tu\\x0e\\xe5\\x9f\\x98'\\x90+\\xfb\\x10\\xb1\\x13Mi4\\x06\\x13a#\\x8f#\\x1fF\\x06\\xda\\x900\\x057\\xda7y'\\x9d\\x03B\\xd43R\\xae;\\xbb|\\x1a\\xa5z\\xc6\\xca\\xd2W\\xcaj\\xf8N\\xfd\\xe5\\xec\\xf6X\\x91l\\x82\\xe5-\\xb7h\\x14\\xd9\\xd4O\\x9f\\xea\\x1dJ\\x9cP)\\xfb$\\x12\\x11\\xc9\\x8b\\xb7\\x9f9\\xfe>\\xc7\\x9f\\xad$\\x06h\\x93\\x92\\x92\\xb6_\\xd3\\xb6,\\x10v!y\\xe4\\\\x92\\xe3$&f\\x8a\\xbe\\xe1=\\x13\\x06KO\\xcd\\xef\\x02b\\x8f\\xb8\\xd4hO:\\xd5*\\xd0\\xe0\\x16C\\x91\\x96\\xe1\\x0e\\xe03\\x10\\x9b\\xf1\\x01\\x83\\x1bKX\\x1au&\\xfd\\xe6\\x03\\xb0\\xca\\xccZ\\xb2;\\xc6\\x9fIC\\x9br\\xbc\\x8c\\xcf\\xb2\\xb5\\xc6lt%\\x0c\\x8ci\\x03V\\x94\\xfb\\xdf}ne\\xe0\\xcb7\\xe8\\xe4Oh\\xd5\n\\x10\\xfd\\xb8\\xbb8\\xfaD\\x160\\xf4\\xa4\\x84\\xb7,\\xed\\x9b\\xf0m\\xe9\\xeb\\xd5\\xc5w\\xa5p\\x9c\\xce\\xd8\\xb8\\xb3#\\x84y\\xebjm\\x1fH\\x98\\x1b%p\\xb5]\\x95Vh\\xcbQ\\x12\\xa3\\xb0q\\xba\\xfde\\xa7v\\x9c\\x91A\\xf7c#\\xa3\\xb9\\x92\\x97\\xf4\\x9c\\xac\\x13\\xf9=\\x8d\\xf5\\xb0\\xa3w\\x8a~\\x11\\x1eo\\x1bh`\\x1e4\\x17\\x875<",
        "buffer_size": "11712"
      }
    ],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": []
    }
  },
  "debug": {
    "log": "2026-03-05 02:28:17,856 [root] INFO: Date set to: 20260305T13:23:07, timeout set to: 200\n2026-03-05 13:23:07,165 [root] DEBUG: Starting analyzer from: C:\\bx_3000n\n2026-03-05 13:23:07,181 [root] DEBUG: Storing results at: C:\\GyVrCf\n2026-03-05 13:23:07,181 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\pFZVJSIwj\n2026-03-05 13:23:07,181 [root] DEBUG: Python path: C:\\Python310\n2026-03-05 13:23:07,181 [root] INFO: analysis running as an admin\n2026-03-05 13:23:07,181 [root] INFO: analysis package specified: \"exe\"\n2026-03-05 13:23:07,181 [root] DEBUG: importing analysis package module: \"modules.packages.exe\"...\n2026-03-05 13:23:07,196 [root] DEBUG: imported analysis package \"exe\"\n2026-03-05 13:23:07,196 [root] DEBUG: initializing analysis package \"exe\"...\n2026-03-05 13:23:07,196 [lib.common.common] INFO: wrapping\n2026-03-05 13:23:07,212 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 13:23:07,227 [root] DEBUG: New location of moved file: C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe\n2026-03-05 13:23:07,227 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option\n2026-03-05 13:23:07,227 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option\n2026-03-05 13:23:07,227 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option\n2026-03-05 13:23:07,227 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option\n2026-03-05 13:23:07,290 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-03-05 13:23:07,337 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-03-05 13:23:07,399 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-03-05 13:23:07,681 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-03-05 13:23:08,103 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-03-05 13:23:08,165 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'\n2026-03-05 13:23:08,274 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'\n2026-03-05 13:23:08,368 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance\n2026-03-05 13:23:08,368 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-03-05 13:23:08,384 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-03-05 13:23:08,384 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-03-05 13:23:08,384 [root] DEBUG: attempting to configure 'Browser' from data\n2026-03-05 13:23:08,384 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-03-05 13:23:08,384 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-03-05 13:23:08,384 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-03-05 13:23:08,384 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-03-05 13:23:08,384 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-03-05 13:23:08,384 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-03-05 13:23:08,399 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-03-05 13:23:08,399 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-03-05 13:23:08,868 [modules.auxiliary.digisig] DEBUG: File is not signed\n2026-03-05 13:23:08,868 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-03-05 13:23:08,899 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-03-05 13:23:08,899 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-03-05 13:23:08,915 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-03-05 13:23:08,915 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-03-05 13:23:08,915 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-03-05 13:23:08,915 [modules.auxiliary.disguise] INFO: Disguising GUID to ee524675-2229-454c-8cf2-c7df03eca110\n2026-03-05 13:23:08,915 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-03-05 13:23:08,915 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-03-05 13:23:08,915 [root] DEBUG: attempting to configure 'Human' from data\n2026-03-05 13:23:08,915 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-03-05 13:23:08,915 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-03-05 13:23:08,946 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-03-05 13:23:08,946 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-03-05 13:23:08,946 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-03-05 13:23:08,946 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-03-05 13:23:08,962 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-03-05 13:23:08,962 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-03-05 13:23:08,962 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-03-05 13:23:08,977 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-03-05 13:23:08,977 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-03-05 13:23:08,977 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-03-05 13:23:08,993 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 656\n2026-03-05 13:23:09,071 [lib.api.process] INFO: Monitor config for <Process 656 lsass.exe>: C:\\bx_3000n\\dll\\656.ini\n2026-03-05 13:23:09,149 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor\n2026-03-05 13:23:09,243 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:09,446 [root] DEBUG: Loader: Injecting process 656 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:09,478 [root] DEBUG: 656: Python path set to 'C:\\Python310'.\n2026-03-05 13:23:09,478 [root] DEBUG: 656: Disabling sleep skipping.\n2026-03-05 13:23:09,478 [root] DEBUG: 656: TLS secret dump mode enabled.\n2026-03-05 13:23:09,602 [root] DEBUG: 656: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:23:09,618 [root] DEBUG: 656: Monitor initialised: 64-bit capemon loaded in process 656 at 0x00007FF95C960000, thread 5992, image base 0x00007FF794EB0000, stack from 0x000000A2778F2000-0x000000A277900000\n2026-03-05 13:23:09,618 [root] DEBUG: 656: Commandline: C:\\Windows\\system32\\lsass.exe\n2026-03-05 13:23:09,649 [root] DEBUG: 656: Hooked 5 out of 5 functions\n2026-03-05 13:23:09,649 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 13:23:09,649 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:09,649 [lib.api.process] INFO: Injected into 64-bit <Process 656 lsass.exe>\n2026-03-05 13:23:09,649 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-03-05 13:23:10,837 [root] DEBUG: 656: TLS 1.2 secrets logged to: C:\\GyVrCf\\tlsdump\\tlsdump.log\n2026-03-05 13:23:38,618 [root] INFO: Restarting WMI Service\n2026-03-05 13:23:38,837 [root] DEBUG: package modules.packages.exe does not support configure, ignoring\n2026-03-05 13:23:38,837 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'\n2026-03-05 13:23:38,837 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 13:23:38,884 [lib.api.process] INFO: Successfully executed process from path \"C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe\" with arguments \"\" with pid 4920\n2026-03-05 13:23:38,884 [lib.api.process] INFO: Monitor config for <Process 4920 87053d0ad81ac3367ef5.exe>: C:\\bx_3000n\\dll\\4920.ini\n2026-03-05 13:23:38,899 [lib.api.process] INFO: 32-bit DLL to inject is C:\\bx_3000n\\dll\\bESyLPqs.dll, loader C:\\bx_3000n\\bin\\TLKZESx.exe\n2026-03-05 13:23:38,962 [root] DEBUG: Loader: Injecting process 4920 (thread 5380) with C:\\bx_3000n\\dll\\bESyLPqs.dll.\n2026-03-05 13:23:38,978 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.\n2026-03-05 13:23:38,978 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.\n2026-03-05 13:23:38,993 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\bESyLPqs.dll.\n2026-03-05 13:23:39,009 [lib.api.process] INFO: Injected into 32-bit <Process 4920 87053d0ad81ac3367ef5.exe>\n2026-03-05 13:23:41,040 [lib.api.process] INFO: Successfully resumed <Process 4920 87053d0ad81ac3367ef5.exe>\n2026-03-05 13:23:41,243 [root] DEBUG: 4920: Python path set to 'C:\\Python310'.\n2026-03-05 13:23:41,292 [root] DEBUG: 4920: Disabling sleep skipping.\n2026-03-05 13:23:41,306 [root] DEBUG: 4920: Dropped file limit defaulting to 100.\n2026-03-05 13:23:41,337 [root] DEBUG: 4920: YaraInit: Compiled 44 rule files\n2026-03-05 13:23:41,337 [root] DEBUG: 4920: YaraInit: Compiled rules saved to file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:23:41,352 [root] DEBUG: 4920: YaraScan: Scanning 0x00990000, size 0x1f0\n2026-03-05 13:23:41,352 [root] DEBUG: 4920: Monitor initialised: 32-bit capemon loaded in process 4920 at 0x73940000, thread 5380, image base 0x990000, stack from 0xbb2000-0xbc0000\n2026-03-05 13:23:41,352 [root] DEBUG: 4920: Commandline: \"C:\\Users\\cape\\AppData\\Local\\Temp\\87053d0ad81ac3367ef5.exe\"\n2026-03-05 13:23:41,446 [root] DEBUG: 4920: hook_api: LdrpCallInitRoutine export address 0x779A2A40 obtained via GetFunctionAddress\n2026-03-05 13:23:41,571 [root] DEBUG: 4920: hook_api: Warning - SetWindowLongW export address 0x769F5420 differs from GetProcAddress -> 0x74BD59E0 (apphelp.dll::0xfe2159e0)\n2026-03-05 13:23:41,587 [root] DEBUG: 4920: hook_api: Warning - EnumDisplayDevicesA export address 0x769E95A0 differs from GetProcAddress -> 0x74BD6780 (apphelp.dll::0xfe216780)\n2026-03-05 13:23:41,587 [root] DEBUG: 4920: hook_api: Warning - EnumDisplayDevicesW export address 0x769FFB70 differs from GetProcAddress -> 0x74BFE4D0 (apphelp.dll::0xfe23e4d0)\n2026-03-05 13:23:41,602 [root] WARNING: b'Unable to place hook on GetCommandLineA'\n2026-03-05 13:23:41,602 [root] DEBUG: 4920: set_hooks: Unable to hook GetCommandLineA\n2026-03-05 13:23:41,602 [root] WARNING: b'Unable to place hook on GetCommandLineW'\n2026-03-05 13:23:41,602 [root] DEBUG: 4920: set_hooks: Unable to hook GetCommandLineW\n2026-03-05 13:23:41,618 [root] DEBUG: 4920: Hooked 630 out of 632 functions\n2026-03-05 13:23:41,634 [root] DEBUG: 4920: Syscall hook installed, syscall logging level 1\n2026-03-05 13:23:41,665 [root] INFO: Loaded monitor into process with pid 4920\n2026-03-05 13:23:41,712 [root] DEBUG: 4920: DLL loaded at 0x738B0000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei (0x8d000 bytes).\n2026-03-05 13:23:41,743 [root] DEBUG: 4920: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-03-05 13:23:41,759 [root] DEBUG: 4920: DLL loaded at 0x74D40000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-03-05 13:23:41,759 [root] DEBUG: 4920: DLL loaded at 0x74F50000: C:\\Windows\\SYSTEM32\\VERSION (0x8000 bytes).\n2026-03-05 13:23:41,806 [root] DEBUG: 4920: DLL loaded at 0x72FB0000: C:\\Windows\\SYSTEM32\\ucrtbase_clr0400 (0xab000 bytes).\n2026-03-05 13:23:41,868 [root] DEBUG: 4920: DLL loaded at 0x73C70000: C:\\Windows\\SYSTEM32\\VCRUNTIME140_CLR0400 (0x14000 bytes).\n2026-03-05 13:23:42,024 [root] DEBUG: 4920: DLL loaded at 0x73060000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr (0x848000 bytes).\n2026-03-05 13:23:42,321 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x02C13000, size: 0x1000.\n2026-03-05 13:23:42,321 [root] DEBUG: 4920: GetEntropy: Error - Supplied address inaccessible: 0x02C10000\n2026-03-05 13:23:42,321 [root] DEBUG: 4920: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:23:42,384 [root] DEBUG: 4920: api-rate-cap: NtQueryPerformanceCounter hook disabled due to rate\n2026-03-05 13:23:42,493 [root] DEBUG: 4920: InstrumentationCallback: Added region at 0x75C633EC (base 0x75B30000) to tracked regions list (thread 5380).\n2026-03-05 13:23:42,509 [root] DEBUG: 4920: ProcessTrackedRegion: Region at 0x75B30000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-03-05 13:23:42,603 [root] DEBUG: 4920: DLL loaded at 0x71BA0000: C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\a403a0b75e95c07da2caa7f780446a62\\mscorlib.ni (0x140e000 bytes).\n2026-03-05 13:23:42,821 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x04560000, size: 0x1000.\n2026-03-05 13:23:42,837 [root] DEBUG: 4920: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:23:42,978 [root] DEBUG: 4920: DLL loaded at 0x76C00000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-03-05 13:23:43,118 [root] DEBUG: 4920: hook_api: clrjit::compileMethod export address 0x71B13700 obtained via GetFunctionAddress\n2026-03-05 13:23:43,134 [root] DEBUG: 4920: DLL loaded at 0x71B10000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit (0x8a000 bytes).\n2026-03-05 13:23:43,134 [root] DEBUG: 4920: .NET JIT native cache at 0x04560000: scans and dumps active.\n2026-03-05 13:23:43,212 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x02CD5000, size: 0x1000.\n2026-03-05 13:23:43,228 [root] DEBUG: 4920: GetEntropy: Error - Supplied address inaccessible: 0x02CD0000\n2026-03-05 13:23:43,228 [root] DEBUG: 4920: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:23:43,228 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x02CD0000.\n2026-03-05 13:23:43,228 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x02CD0000.\n2026-03-05 13:23:43,696 [root] DEBUG: 4920: .NET JIT native cache at 0x05520000: scans and dumps active.\n2026-03-05 13:23:44,353 [root] DEBUG: 4920: .NET JIT native cache at 0x07F20000: scans and dumps active.\n2026-03-05 13:23:44,634 [root] DEBUG: 4920: caller_dispatch: Added region at 0x07F20000 to tracked regions list (kernel32::SetErrorMode returns to 0x07F36B62, thread 5380).\n2026-03-05 13:23:44,634 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x07F20000 skipped\n2026-03-05 13:23:44,775 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x04560000 skipped\n2026-03-05 13:23:45,056 [root] DEBUG: 4920: DLL loaded at 0x76C60000: C:\\Windows\\System32\\shell32 (0x5b5000 bytes).\n2026-03-05 13:23:45,071 [root] DEBUG: 4920: DLL loaded at 0x751C0000: C:\\Windows\\SYSTEM32\\Wldp (0x27000 bytes).\n2026-03-05 13:23:45,087 [root] DEBUG: 4920: DLL loaded at 0x751F0000: C:\\Windows\\SYSTEM32\\windows.storage (0x60d000 bytes).\n2026-03-05 13:23:45,102 [root] DEBUG: 4920: DLL loaded at 0x76190000: C:\\Windows\\System32\\SHCORE (0x87000 bytes).\n2026-03-05 13:23:45,228 [root] DEBUG: 4920: DLL loaded at 0x74D50000: C:\\Windows\\SYSTEM32\\profapi (0x18000 bytes).\n2026-03-05 13:23:45,259 [root] DEBUG: 4920: DumpPEsInRange: Scanning range 0x02C10000 - 0x02C10BBC.\n2026-03-05 13:23:45,274 [root] DEBUG: 4920: ScanForDisguisedPE: No PE image located in range 0x02C10000-0x02C10BBC.\n2026-03-05 13:23:45,415 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4920_13956004523105432026 to CAPE\\50fe3f888e158345bc5992769fb1750cf4848e0ba78d6263e877c9d6e10156de; Size is 3004; Max size: 100000000\n2026-03-05 13:23:45,431 [root] DEBUG: 4920: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\4920_13956004523105432026 (size 3004 bytes)\n2026-03-05 13:23:45,431 [root] DEBUG: 4920: DumpRegion: Dumped entire allocation from 0x02C10000, size 4096 bytes.\n2026-03-05 13:23:45,446 [root] DEBUG: 4920: ProcessTrackedRegion: Dumped region at 0x02C10000.\n2026-03-05 13:23:45,446 [root] DEBUG: 4920: YaraScan: Scanning 0x02C10000, size 0xbbc\n2026-03-05 13:23:45,524 [root] DEBUG: 4920: DLL loaded at 0x74D70000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x13000 bytes).\n2026-03-05 13:23:45,556 [root] DEBUG: 4920: DLL loaded at 0x74700000: C:\\Windows\\system32\\rsaenh (0x2f000 bytes).\n2026-03-05 13:23:45,634 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x02CCA000, size: 0x1000.\n2026-03-05 13:23:45,634 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x02CC0000.\n2026-03-05 13:23:45,696 [root] DEBUG: 4920: DLL loaded at 0x70F70000: C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\920e3d1d70447c3c10e69e6df0766568\\System.ni (0xa56000 bytes).\n2026-03-05 13:23:46,102 [root] DEBUG: 4920: DLL loaded at 0x70AD0000: C:\\Windows\\SYSTEM32\\amsi (0x19000 bytes).\n2026-03-05 13:23:46,446 [root] DEBUG: 4920: DLL loaded at 0x702D0000: C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\2062ed810929ec0e33254c02b0c61bb4\\System.Xml.ni (0x774000 bytes).\n2026-03-05 13:23:46,696 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x07AE0000, size: 0x1000.\n2026-03-05 13:23:46,696 [root] DEBUG: 4920: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:23:46,712 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x07AE0000.\n2026-03-05 13:23:46,712 [root] DEBUG: 4920: .NET JIT native cache at 0x07AE0000: scans and dumps active.\n2026-03-05 13:23:46,728 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x07AE0000 skipped\n2026-03-05 13:23:47,243 [root] DEBUG: 4920: .NET JIT native cache at 0x07B20000: scans and dumps active.\n2026-03-05 13:23:47,259 [root] DEBUG: 4920: caller_dispatch: Added region at 0x07B20000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07B2089C, thread 5380).\n2026-03-05 13:23:47,274 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x07B20000 skipped\n2026-03-05 13:23:47,540 [root] DEBUG: 4920: AllocationHandler: Previously reserved region at 0x07B20000, committing at: 0x07B29000.\n2026-03-05 13:23:47,665 [root] DEBUG: 4920: DLL loaded at 0x70230000: C:\\Windows\\SYSTEM32\\MSASN1 (0xe000 bytes).\n2026-03-05 13:23:53,009 [root] DEBUG: 4920: .NET JIT native cache at 0x07D80000: scans and dumps active.\n2026-03-05 13:23:53,138 [root] DEBUG: 4920: caller_dispatch: Added region at 0x07D80000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x07D82239, thread 5380).\n2026-03-05 13:23:53,138 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x07D80000 skipped\n2026-03-05 13:23:53,306 [root] DEBUG: 4920: DLL loaded at 0x73C40000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\wminet_utils (0x21000 bytes).\n2026-03-05 13:23:53,353 [root] DEBUG: 4920: AllocationHandler: Previously reserved region at 0x07D80000, committing at: 0x07D85000.\n2026-03-05 13:23:53,415 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x7F860000, size: 0x50000.\n2026-03-05 13:23:53,415 [root] DEBUG: 4920: GetEntropy: Error - Supplied address inaccessible: 0x7F860000\n2026-03-05 13:23:53,415 [root] DEBUG: 4920: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:23:53,415 [root] DEBUG: 4920: AllocationHandler: Processing previous tracked region at: 0x07D80000.\n2026-03-05 13:23:53,431 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x07D80000 skipped\n2026-03-05 13:23:53,431 [root] DEBUG: 4920: AllocationHandler: Memory region (size 0x50000) reserved but not committed at 0x7F860000.\n2026-03-05 13:23:53,431 [root] DEBUG: 4920: AllocationHandler: Previously reserved region at 0x7F860000, committing at: 0x7F860000.\n2026-03-05 13:23:53,446 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x7F860000.\n2026-03-05 13:23:53,446 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x7F860000.\n2026-03-05 13:23:53,446 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x7F850000, size: 0x10000.\n2026-03-05 13:23:53,446 [root] DEBUG: 4920: GetEntropy: Error - Supplied address inaccessible: 0x7F850000\n2026-03-05 13:23:53,462 [root] DEBUG: 4920: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:23:53,462 [root] DEBUG: 4920: AllocationHandler: Processing previous tracked region at: 0x7F860000.\n2026-03-05 13:23:53,462 [root] DEBUG: 4920: DumpPEsInRange: Scanning range 0x7F860000 - 0x7F86003C.\n2026-03-05 13:23:53,462 [root] DEBUG: 4920: ScanForDisguisedPE: Size too small: 0x3c bytes\n2026-03-05 13:23:53,571 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4920_133564205323105432026 to CAPE\\1c29368399684906f0e8f70815a33e8453a2bd2a8362cdcfd720393e5798d252; Size is 60; Max size: 100000000\n2026-03-05 13:23:53,603 [root] DEBUG: 4920: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\4920_133564205323105432026 (size 60 bytes)\n2026-03-05 13:23:53,603 [root] DEBUG: 4920: DumpRegion: Dumped entire allocation from 0x7F860000, size 4096 bytes.\n2026-03-05 13:23:53,603 [root] DEBUG: 4920: ProcessTrackedRegion: Dumped region at 0x7F860000.\n2026-03-05 13:23:53,618 [root] DEBUG: 4920: YaraScan: Scanning 0x7F860000, size 0x3c\n2026-03-05 13:23:53,618 [root] DEBUG: 4920: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x7F850000.\n2026-03-05 13:23:53,618 [root] DEBUG: 4920: AllocationHandler: Previously reserved region at 0x7F850000, committing at: 0x7F850000.\n2026-03-05 13:23:53,665 [lib.api.process] INFO: Monitor config for <Process 772 svchost.exe>: C:\\bx_3000n\\dll\\772.ini\n2026-03-05 13:23:53,681 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:53,743 [root] DEBUG: Loader: Injecting process 772 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:53,743 [root] DEBUG: 772: Python path set to 'C:\\Python310'.\n2026-03-05 13:23:53,759 [root] DEBUG: 772: Disabling sleep skipping.\n2026-03-05 13:23:53,759 [root] DEBUG: 772: Dropped file limit defaulting to 100.\n2026-03-05 13:23:53,868 [root] DEBUG: 772: Services hook set enabled\n2026-03-05 13:23:53,931 [root] DEBUG: 772: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:23:53,978 [root] DEBUG: 772: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:23:53,978 [root] DEBUG: 772: Monitor initialised: 64-bit capemon loaded in process 772 at 0x00007FF95C960000, thread 4508, image base 0x00007FF63D200000, stack from 0x000000168B3F5000-0x000000168B400000\n2026-03-05 13:23:53,978 [root] DEBUG: 772: Commandline: C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p\n2026-03-05 13:23:54,118 [root] DEBUG: 772: Hooked 69 out of 69 functions\n2026-03-05 13:23:54,165 [root] INFO: Loaded monitor into process with pid 772\n2026-03-05 13:23:54,181 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 13:23:54,181 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:54,197 [lib.api.process] INFO: Injected into 64-bit <Process 772 svchost.exe>\n2026-03-05 13:23:54,821 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 1032: C:\\Windows\\system32\\BackgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:23:54,821 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 1032\n2026-03-05 13:23:54,821 [lib.api.process] INFO: Monitor config for <Process 1032 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\1032.ini\n2026-03-05 13:23:54,837 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:54,868 [root] DEBUG: Loader: Injecting process 1032 (thread 2696) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:54,884 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:23:54,884 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:54,899 [lib.api.process] INFO: Injected into 64-bit <Process 1032 backgroundTaskHost.exe>\n2026-03-05 13:23:54,899 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 1032\n2026-03-05 13:23:54,899 [lib.api.process] INFO: Monitor config for <Process 1032 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\1032.ini\n2026-03-05 13:23:55,024 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:55,056 [root] DEBUG: Loader: Injecting process 1032 (thread 2696) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,056 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:23:55,056 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,071 [lib.api.process] INFO: Injected into 64-bit <Process 1032 backgroundTaskHost.exe>\n2026-03-05 13:23:55,071 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 1032\n2026-03-05 13:23:55,071 [lib.api.process] INFO: Monitor config for <Process 1032 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\1032.ini\n2026-03-05 13:23:55,087 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:55,134 [root] DEBUG: Loader: Injecting process 1032 (thread 2696) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,290 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:23:55,290 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,290 [lib.api.process] INFO: Injected into 64-bit <Process 1032 backgroundTaskHost.exe>\n2026-03-05 13:23:55,665 [root] DEBUG: 772: DEBUG:Initialized 9 com hooks\n2026-03-05 13:23:55,946 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 6224: C:\\Windows\\System32\\RuntimeBroker.exe, ImageBase: 0x00007FF67C000000\n2026-03-05 13:23:55,946 [root] INFO: Announced 64-bit process name: RuntimeBroker.exe pid: 6224\n2026-03-05 13:23:55,946 [lib.api.process] INFO: Monitor config for <Process 6224 RuntimeBroker.exe>: C:\\bx_3000n\\dll\\6224.ini\n2026-03-05 13:23:55,946 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:55,962 [root] DEBUG: Loader: Injecting process 6224 (thread 7156) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,962 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:23:55,977 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,977 [lib.api.process] INFO: Injected into 64-bit <Process 6224 RuntimeBroker.exe>\n2026-03-05 13:23:55,977 [root] INFO: Announced 64-bit process name: RuntimeBroker.exe pid: 6224\n2026-03-05 13:23:55,977 [lib.api.process] INFO: Monitor config for <Process 6224 RuntimeBroker.exe>: C:\\bx_3000n\\dll\\6224.ini\n2026-03-05 13:23:55,977 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:55,993 [root] DEBUG: Loader: Injecting process 6224 (thread 7156) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:55,993 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:23:56,009 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,009 [lib.api.process] INFO: Injected into 64-bit <Process 6224 RuntimeBroker.exe>\n2026-03-05 13:23:56,009 [root] INFO: Announced 64-bit process name: RuntimeBroker.exe pid: 6224\n2026-03-05 13:23:56,009 [lib.api.process] INFO: Monitor config for <Process 6224 RuntimeBroker.exe>: C:\\bx_3000n\\dll\\6224.ini\n2026-03-05 13:23:56,009 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:56,071 [root] DEBUG: Loader: Injecting process 6224 (thread 7156) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,087 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 3316: C:\\Windows\\system32\\DllHost.exe, ImageBase: 0x00007FF799000000\n2026-03-05 13:23:56,087 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:23:56,102 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 3316\n2026-03-05 13:23:56,102 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,102 [lib.api.process] INFO: Monitor config for <Process 3316 dllhost.exe>: C:\\bx_3000n\\dll\\3316.ini\n2026-03-05 13:23:56,102 [lib.api.process] INFO: Injected into 64-bit <Process 6224 RuntimeBroker.exe>\n2026-03-05 13:23:56,118 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:56,134 [root] DEBUG: Loader: Injecting process 3316 (thread 3376) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,134 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:23:56,134 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,134 [lib.api.process] INFO: Injected into 64-bit <Process 3316 dllhost.exe>\n2026-03-05 13:23:56,134 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 3316\n2026-03-05 13:23:56,134 [lib.api.process] INFO: Monitor config for <Process 3316 dllhost.exe>: C:\\bx_3000n\\dll\\3316.ini\n2026-03-05 13:23:56,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:56,165 [root] DEBUG: Loader: Injecting process 3316 (thread 3376) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,165 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:23:56,165 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,165 [lib.api.process] INFO: Injected into 64-bit <Process 3316 dllhost.exe>\n2026-03-05 13:23:56,196 [root] DEBUG: 3316: Python path set to 'C:\\Python310'.\n2026-03-05 13:23:56,196 [root] DEBUG: 3316: Dropped file limit defaulting to 100.\n2026-03-05 13:23:56,212 [lib.api.process] INFO: Monitor config for <Process 3820 svchost.exe>: C:\\bx_3000n\\dll\\3820.ini\n2026-03-05 13:23:56,212 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:23:56,290 [root] DEBUG: Loader: Injecting process 3820 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,290 [root] DEBUG: 6224: Python path set to 'C:\\Python310'.\n2026-03-05 13:23:56,290 [root] DEBUG: 3316: Disabling sleep skipping.\n2026-03-05 13:23:56,290 [root] DEBUG: 6224: Dropped file limit defaulting to 100.\n2026-03-05 13:23:56,290 [root] DEBUG: 3820: Python path set to 'C:\\Python310'.\n2026-03-05 13:23:56,305 [root] DEBUG: 3316: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:23:56,305 [root] DEBUG: 3820: Disabling sleep skipping.\n2026-03-05 13:23:56,305 [root] DEBUG: 3820: Dropped file limit defaulting to 100.\n2026-03-05 13:23:56,305 [root] DEBUG: 3820: Services hook set enabled\n2026-03-05 13:23:56,321 [root] DEBUG: 3820: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:23:56,321 [root] DEBUG: 3316: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:23:56,321 [root] DEBUG: 3316: YaraScan: Scanning 0x00007FF799000000, size 0x8026\n2026-03-05 13:23:56,337 [root] DEBUG: 3316: Monitor initialised: 64-bit capemon loaded in process 3316 at 0x00007FF95C960000, thread 3376, image base 0x00007FF799000000, stack from 0x0000003ACBEF4000-0x0000003ACBF00000\n2026-03-05 13:23:56,337 [root] DEBUG: 3316: Commandline: C:\\Windows\\system32\\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\n2026-03-05 13:23:56,337 [root] DEBUG: 3820: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:23:56,368 [root] DEBUG: 3820: Monitor initialised: 64-bit capemon loaded in process 3820 at 0x00007FF95C960000, thread 5640, image base 0x00007FF63D200000, stack from 0x0000000FDAF75000-0x0000000FDAF80000\n2026-03-05 13:23:56,368 [root] DEBUG: 3316: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:23:56,384 [root] DEBUG: 3820: Commandline: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Winmgmt\n2026-03-05 13:23:56,384 [root] DEBUG: 6224: Disabling sleep skipping.\n2026-03-05 13:23:56,384 [root] DEBUG: 6224: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:23:56,415 [root] DEBUG: 3820: Hooked 69 out of 69 functions\n2026-03-05 13:23:56,415 [root] INFO: Loaded monitor into process with pid 3820\n2026-03-05 13:23:56,415 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 13:23:56,415 [root] DEBUG: 6224: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:23:56,415 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:23:56,430 [root] DEBUG: 6224: YaraScan: Scanning 0x00007FF67C000000, size 0x1b158\n2026-03-05 13:23:56,430 [lib.api.process] INFO: Injected into 64-bit <Process 3820 svchost.exe>\n2026-03-05 13:23:56,430 [root] DEBUG: 6224: Monitor initialised: 64-bit capemon loaded in process 6224 at 0x00007FF95C960000, thread 7156, image base 0x00007FF67C000000, stack from 0x000000C60B7A4000-0x000000C60B7B0000\n2026-03-05 13:23:56,446 [root] DEBUG: 6224: Commandline: C:\\Windows\\System32\\RuntimeBroker.exe -Embedding\n2026-03-05 13:23:56,462 [root] DEBUG: 6224: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:23:56,602 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:23:56,602 [root] DEBUG: 6224: set_hooks: Unable to hook LockResource\n2026-03-05 13:23:56,602 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:23:56,602 [root] DEBUG: 3316: set_hooks: Unable to hook LockResource\n2026-03-05 13:23:56,649 [root] DEBUG: 6224: Hooked 627 out of 628 functions\n2026-03-05 13:23:56,649 [root] DEBUG: 3316: Hooked 627 out of 628 functions\n2026-03-05 13:23:56,649 [root] DEBUG: 6224: Syscall hook installed, syscall logging level 1\n2026-03-05 13:23:56,649 [root] DEBUG: 3316: Syscall hook installed, syscall logging level 1\n2026-03-05 13:23:56,665 [root] DEBUG: 6224: RestoreHeaders: Restored original import table.\n2026-03-05 13:23:56,665 [root] DEBUG: 3316: RestoreHeaders: Restored original import table.\n2026-03-05 13:23:56,681 [root] INFO: Loaded monitor into process with pid 6224\n2026-03-05 13:23:56,681 [root] INFO: Loaded monitor into process with pid 3316\n2026-03-05 13:23:56,696 [root] DEBUG: 6224: DLL loaded at 0x00007FF97D220000: C:\\Windows\\System32\\UMPDC (0x12000 bytes).\n2026-03-05 13:23:56,696 [root] DEBUG: 3316: caller_dispatch: Added region at 0x00007FF799000000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF799001349, thread 3376).\n2026-03-05 13:23:56,696 [root] DEBUG: 6224: caller_dispatch: Added region at 0x00007FF67C000000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF67C0065A9, thread 7156).\n2026-03-05 13:23:56,696 [root] DEBUG: 3316: YaraScan: Scanning 0x00007FF799000000, size 0x8026\n2026-03-05 13:23:56,712 [root] DEBUG: 6224: YaraScan: Scanning 0x00007FF67C000000, size 0x1b158\n2026-03-05 13:23:56,727 [root] DEBUG: 3316: ProcessImageBase: Main module image at 0x00007FF799000000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:23:56,727 [root] DEBUG: 6224: ProcessImageBase: Main module image at 0x00007FF67C000000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:23:56,743 [root] DEBUG: 3316: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:23:56,743 [root] DEBUG: 6224: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:23:56,743 [root] DEBUG: 3316: DLL loaded at 0x00007FF97B2E0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-03-05 13:23:56,743 [root] DEBUG: 6224: DEBUG:Initialized 9 com hooks\n2026-03-05 13:23:56,774 [root] DEBUG: 3316: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:23:56,790 [root] DEBUG: 6224: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:23:56,790 [root] DEBUG: 3316: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:23:56,899 [root] DEBUG: 3316: DEBUG:Initialized 9 com hooks\n2026-03-05 13:23:56,946 [root] DEBUG: 3316: DLL loaded at 0x00007FF97C8E0000: C:\\Windows\\system32\\logoncli (0x43000 bytes).\n2026-03-05 13:23:56,962 [root] DEBUG: 3316: DLL loaded at 0x00007FF97C8C0000: C:\\Windows\\system32\\netutils (0xc000 bytes).\n2026-03-05 13:23:56,962 [root] DEBUG: 3316: DLL loaded at 0x00007FF9760E0000: C:\\Windows\\system32\\dhcpcsvc (0x1d000 bytes).\n2026-03-05 13:23:56,993 [root] DEBUG: 3316: DLL loaded at 0x00007FF974FC0000: C:\\Windows\\system32\\WINHTTP (0x10a000 bytes).\n2026-03-05 13:23:57,009 [root] DEBUG: 3316: DLL loaded at 0x00007FF97C0D0000: C:\\Windows\\SYSTEM32\\ntmarta (0x33000 bytes).\n2026-03-05 13:23:57,009 [root] DEBUG: 3316: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:23:57,024 [root] DEBUG: 3316: DLL loaded at 0x00007FF97C7B0000: C:\\Windows\\system32\\IPHLPAPI (0x3b000 bytes).\n2026-03-05 13:23:57,024 [root] DEBUG: 3316: DLL loaded at 0x00007FF97D2D0000: C:\\Windows\\system32\\USERENV (0x2e000 bytes).\n2026-03-05 13:23:57,024 [root] DEBUG: 3316: DLL loaded at 0x00007FF97D310000: C:\\Windows\\system32\\profapi (0x1f000 bytes).\n2026-03-05 13:23:57,024 [root] DEBUG: 3316: DLL loaded at 0x00007FF978F50000: C:\\Windows\\system32\\XmlLite (0x36000 bytes).\n2026-03-05 13:23:57,040 [root] DEBUG: 3316: DLL loaded at 0x00007FF97C7F0000: C:\\Windows\\system32\\DNSAPI (0xca000 bytes).\n2026-03-05 13:23:57,040 [root] DEBUG: 3316: DLL loaded at 0x00007FF96A7D0000: C:\\Windows\\system32\\domgmt (0x7e000 bytes).\n2026-03-05 13:23:57,087 [root] DEBUG: 3316: DLL loaded at 0x00007FF97F3D0000: C:\\Windows\\System32\\NSI (0x8000 bytes).\n2026-03-05 13:23:57,227 [root] DEBUG: 6224: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:23:57,227 [root] DEBUG: 6224: DLL loaded at 0x00007FF966CF0000: C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId (0xf4000 bytes).\n2026-03-05 13:23:57,259 [root] DEBUG: 3316: DLL loaded at 0x00007FF96BCA0000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x7f000 bytes).\n2026-03-05 13:23:57,337 [root] DEBUG: 6224: DLL loaded at 0x00007FF977880000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7c9000 bytes).\n2026-03-05 13:23:57,384 [root] DEBUG: 3316: DLL loaded at 0x00007FF97C4D0000: C:\\Windows\\system32\\msvcp110_win (0x8a000 bytes).\n2026-03-05 13:23:57,384 [root] DEBUG: 3316: DLL loaded at 0x00007FF976D20000: C:\\Windows\\SYSTEM32\\policymanager (0xa0000 bytes).\n2026-03-05 13:23:58,118 [root] DEBUG: 6224: DLL loaded at 0x00007FF978400000: C:\\Windows\\System32\\twinapi.appcore (0x200000 bytes).\n2026-03-05 13:23:58,181 [root] DEBUG: 6224: DLL loaded at 0x00007FF96BCA0000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x7f000 bytes).\n2026-03-05 13:23:58,337 [root] DEBUG: 6224: DLL loaded at 0x00007FF96CA70000: C:\\Windows\\SYSTEM32\\familysafetyext (0x8000 bytes).\n2026-03-05 13:23:58,353 [root] DEBUG: 6224: DLL loaded at 0x00007FF97DFF0000: C:\\Windows\\System32\\SHELL32 (0x743000 bytes).\n2026-03-05 13:23:58,353 [root] DEBUG: 6224: DLL loaded at 0x00007FF97F980000: C:\\Windows\\System32\\Normaliz (0x8000 bytes).\n2026-03-05 13:23:58,368 [root] DEBUG: 6224: DLL loaded at 0x00007FF975490000: C:\\Windows\\System32\\VERSION (0xa000 bytes).\n2026-03-05 13:23:58,368 [root] DEBUG: 6224: DLL loaded at 0x00007FF950ED0000: C:\\Windows\\System32\\wpc (0x198000 bytes).\n2026-03-05 13:23:58,462 [root] DEBUG: 6224: DLL loaded at 0x00007FF9754A0000: C:\\Windows\\System32\\samcli (0x19000 bytes).\n2026-03-05 13:23:58,462 [root] DEBUG: 6224: DLL loaded at 0x00007FF968760000: C:\\Windows\\System32\\wlidprov (0xaa000 bytes).\n2026-03-05 13:23:58,462 [root] DEBUG: 4920: DLL loaded at 0x759E0000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-03-05 13:23:58,571 [root] DEBUG: 4920: DLL loaded at 0x71A80000: C:\\Windows\\SYSTEM32\\wbemcomn (0x70000 bytes).\n2026-03-05 13:23:58,587 [root] DEBUG: 4920: DLL loaded at 0x71AF0000: C:\\Windows\\system32\\wbem\\wmiutils (0x1d000 bytes).\n2026-03-05 13:23:58,649 [root] DEBUG: 4920: DLL loaded at 0x71A70000: C:\\Windows\\system32\\wbem\\wbemprox (0xd000 bytes).\n2026-03-05 13:23:58,790 [root] DEBUG: 4920: DEBUG:Initialized 9 com hooks\n2026-03-05 13:23:58,806 [root] DEBUG: 3820: DEBUG:Initialized 9 com hooks\n2026-03-05 13:23:58,869 [root] DEBUG: 4920: DLL loaded at 0x71A60000: C:\\Windows\\system32\\wbem\\wbemsvc (0x10000 bytes).\n2026-03-05 13:23:58,931 [root] DEBUG: 4920: DLL loaded at 0x70EA0000: C:\\Windows\\system32\\wbem\\fastprox (0xc9000 bytes).\n2026-03-05 13:23:58,978 [root] DEBUG: 4920: Unable to set COM hook on WbemLocator_ConnectServer\n2026-03-05 13:23:59,056 [root] DEBUG: 6224: DLL loaded at 0x00007FF9678D0000: C:\\Windows\\System32\\Windows.Networking.Connectivity (0xb9000 bytes).\n2026-03-05 13:23:59,337 [root] DEBUG: 6224: DLL loaded at 0x00007FF974EB0000: C:\\Windows\\System32\\npmproxy (0x10000 bytes).\n2026-03-05 13:23:59,368 [root] DEBUG: 6224: DLL loaded at 0x00007FF979C20000: C:\\Windows\\System32\\WinTypes (0x154000 bytes).\n2026-03-05 13:23:59,431 [root] DEBUG: 6224: DLL loaded at 0x00007FF96BF20000: C:\\Windows\\System32\\Windows.Networking.HostName (0x39000 bytes).\n2026-03-05 13:23:59,462 [root] DEBUG: 6224: DLL loaded at 0x00007FF97C7B0000: C:\\Windows\\System32\\IPHLPAPI (0x3b000 bytes).\n2026-03-05 13:23:59,477 [root] DEBUG: 6224: DLL loaded at 0x00007FF97F3D0000: C:\\Windows\\System32\\NSI (0x8000 bytes).\n2026-03-05 13:23:59,509 [root] DEBUG: 6224: DLL loaded at 0x00007FF978D20000: C:\\Windows\\System32\\netprofm (0x3e000 bytes).\n2026-03-05 13:23:59,696 [root] DEBUG: 6224: DLL loaded at 0x00007FF97D170000: C:\\Windows\\SYSTEM32\\sxs (0xa2000 bytes).\n2026-03-05 13:23:59,899 [root] DEBUG: 6224: DLL loaded at 0x00007FF969710000: C:\\Windows\\System32\\dusmapi (0x11000 bytes).\n2026-03-05 13:24:01,587 [root] DEBUG: 6224: DLL loaded at 0x00007FF97DC30000: C:\\Windows\\System32\\cfgmgr32 (0x4e000 bytes).\n2026-03-05 13:24:01,587 [root] DEBUG: 6224: DLL loaded at 0x00007FF979D80000: C:\\Windows\\System32\\PROPSYS (0xf6000 bytes).\n2026-03-05 13:24:01,587 [root] DEBUG: 6224: DLL loaded at 0x00007FF97C4D0000: C:\\Windows\\System32\\msvcp110_win (0x8a000 bytes).\n2026-03-05 13:24:01,727 [root] DEBUG: 6224: DLL loaded at 0x00007FF97CCC0000: C:\\Windows\\SYSTEM32\\cryptsp (0x18000 bytes).\n2026-03-05 13:24:01,727 [root] DEBUG: 6224: DLL loaded at 0x00007FF97A470000: C:\\Windows\\System32\\dsreg (0x13d000 bytes).\n2026-03-05 13:24:01,743 [root] DEBUG: 6224: DLL loaded at 0x00007FF969F90000: C:\\Windows\\System32\\cdp (0x4cb000 bytes).\n2026-03-05 13:24:01,743 [root] DEBUG: 6224: DLL loaded at 0x00007FF97CD60000: C:\\Windows\\System32\\Wldp (0x30000 bytes).\n2026-03-05 13:24:01,743 [root] DEBUG: 6224: DLL loaded at 0x00007FF97B4E0000: C:\\Windows\\SYSTEM32\\windows.storage (0x795000 bytes).\n2026-03-05 13:24:01,743 [root] DEBUG: 6224: DLL loaded at 0x00007FF967670000: C:\\Windows\\System32\\ContentDeliveryManager.Utilities (0x1b8000 bytes).\n2026-03-05 13:24:02,181 [root] DEBUG: 6224: DLL loaded at 0x00007FF9507B0000: C:\\Windows\\System32\\usoapi (0x26000 bytes).\n2026-03-05 13:24:02,337 [root] DEBUG: 6224: DLL loaded at 0x00007FF970920000: C:\\Windows\\System32\\iertutil (0x2b1000 bytes).\n2026-03-05 13:24:02,462 [root] DEBUG: 6224: DLL loaded at 0x00007FF964E00000: C:\\Windows\\System32\\Windows.Web (0xc3000 bytes).\n2026-03-05 13:24:02,743 [root] INFO: Process with pid 3316 has terminated\n2026-03-05 13:24:02,759 [root] DEBUG: 3316: NtTerminateProcess hook: Attempting to dump process 3316\n2026-03-05 13:24:02,759 [root] DEBUG: 3316: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:24:03,587 [root] DEBUG: 4920: Unable to set COM hook on WbemLocator_ConnectServer\n2026-03-05 13:24:04,352 [root] DEBUG: 4920: Unable to set COM hook on WbemLocator_ConnectServer\n2026-03-05 13:24:05,040 [root] DEBUG: 4920: DLL loaded at 0x71A50000: C:\\Windows\\SYSTEM32\\secur32 (0xa000 bytes).\n2026-03-05 13:24:05,337 [root] DEBUG: 4920: DLL loaded at 0x6FA10000: C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\8b2c1203fd20aea8260bfbc518004720\\System.Core.ni (0x818000 bytes).\n2026-03-05 13:24:05,337 [root] DEBUG: 4920: DLL loaded at 0x70D90000: C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\2192b0d5aa4aa14486ae08118d3b9fcc\\System.Configuration.ni (0x106000 bytes).\n2026-03-05 13:24:05,743 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x02CC0000.\n2026-03-05 13:24:05,868 [root] DEBUG: 4920: DLL loaded at 0x742B0000: C:\\Windows\\system32\\mswsock (0x52000 bytes).\n2026-03-05 13:24:06,274 [root] DEBUG: 4920: DLL loaded at 0x75F20000: C:\\Windows\\System32\\psapi (0x6000 bytes).\n2026-03-05 13:24:06,305 [root] DEBUG: 4920: api-rate-cap: NtReadVirtualMemory hook disabled due to rate\n2026-03-05 13:24:06,352 [root] DEBUG: 4920: DLL loaded at 0x719D0000: C:\\Windows\\System32\\schannel (0x7e000 bytes).\n2026-03-05 13:24:06,477 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x02CBD000, size: 0x1000.\n2026-03-05 13:24:06,759 [root] DEBUG: 4920: DLL loaded at 0x70D80000: C:\\Windows\\SYSTEM32\\mskeyprotect (0x10000 bytes).\n2026-03-05 13:24:06,868 [root] DEBUG: 4920: DLL loaded at 0x70D50000: C:\\Windows\\SYSTEM32\\NTASN1 (0x28000 bytes).\n2026-03-05 13:24:06,899 [root] DEBUG: 4920: DLL loaded at 0x70D20000: C:\\Windows\\SYSTEM32\\ncrypt (0x21000 bytes).\n2026-03-05 13:24:06,899 [root] DEBUG: 4920: DLL loaded at 0x70D00000: C:\\Windows\\system32\\ncryptsslp (0x1f000 bytes).\n2026-03-05 13:24:07,493 [root] DEBUG: 4920: DLL loaded at 0x70CE0000: C:\\Windows\\SYSTEM32\\gpapi (0x1e000 bytes).\n2026-03-05 13:24:08,227 [root] DEBUG: 4920: Unable to set COM hook on WbemLocator_ConnectServer\n2026-03-05 13:24:08,446 [root] DEBUG: 4920: .NET JIT native cache at 0x082D0000: scans and dumps active.\n2026-03-05 13:24:08,509 [root] DEBUG: 4920: Unable to set COM hook on WbemLocator_ConnectServer\n2026-03-05 13:24:09,259 [root] DEBUG: 6224: DLL loaded at 0x00007FF97D160000: C:\\Windows\\System32\\DPAPI (0xa000 bytes).\n2026-03-05 13:24:10,181 [root] DEBUG: 4920: caller_dispatch: Added region at 0x082D0000 to tracked regions list (ntdll::NtOpenProcessToken returns to 0x082D04F9, thread 5380).\n2026-03-05 13:24:10,181 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x082D0000 skipped\n2026-03-05 13:24:10,306 [root] DEBUG: 4920: Unable to set COM hook on WbemLocator_ConnectServer\n2026-03-05 13:24:12,290 [root] DEBUG: 4920: AllocationHandler: Allocation already in tracked region list: 0x02CD0000.\n2026-03-05 13:24:14,274 [root] DEBUG: 4920: DLL loaded at 0x740C0000: C:\\Windows\\system32\\uxtheme (0x74000 bytes).\n2026-03-05 13:24:14,696 [root] DEBUG: 4920: DumpPEsInRange: Scanning range 0x02CB0000 - 0x02CB0015.\n2026-03-05 13:24:14,696 [root] DEBUG: 4920: ScanForDisguisedPE: Size too small: 0x15 bytes\n2026-03-05 13:24:14,743 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4920_291921424105432026 to CAPE\\523d7fd0e4727844fceb01575c54418f4730a5f46d0937e4a4dbb5366f0e25f8; Size is 21; Max size: 100000000\n2026-03-05 13:24:14,759 [root] DEBUG: 4920: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\4920_291921424105432026 (size 21 bytes)\n2026-03-05 13:24:14,759 [root] DEBUG: 4920: DumpRegion: Dumped entire allocation from 0x02CB0000, size 4096 bytes.\n2026-03-05 13:24:14,759 [root] DEBUG: 4920: ProcessTrackedRegion: Dumped region at 0x02CB0000.\n2026-03-05 13:24:14,774 [root] DEBUG: 4920: YaraScan: Scanning 0x02CB0000, size 0x15\n2026-03-05 13:24:14,790 [root] DEBUG: 4920: DLL loaded at 0x75D50000: C:\\Windows\\System32\\MSCTF (0xd4000 bytes).\n2026-03-05 13:24:14,790 [root] DEBUG: 4920: .NET JIT native cache at 0x08880000: scans and dumps active.\n2026-03-05 13:24:14,821 [root] DEBUG: 4920: caller_dispatch: Added region at 0x08880000 to tracked regions list (kernel32::SetErrorMode returns to 0x08880A5D, thread 5380).\n2026-03-05 13:24:14,837 [root] DEBUG: 4920: ProcessTrackedRegion: .NET cache region at 0x08880000 skipped\n2026-03-05 13:24:14,899 [root] DEBUG: 4920: DLL loaded at 0x70B70000: C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\\gdiplus (0x167000 bytes).\n2026-03-05 13:24:15,134 [root] DEBUG: 4920: DLL loaded at 0x6F890000: C:\\Windows\\SYSTEM32\\WindowsCodecs (0x171000 bytes).\n2026-03-05 13:24:15,165 [root] DEBUG: 4920: AllocationHandler: Adding allocation to tracked region list: 0x07B31000, size: 0x1000.\n2026-03-05 13:24:15,368 [root] DEBUG: 4920: DLL loaded at 0x70B50000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrcompression (0x1f000 bytes).\n2026-03-05 13:24:38,243 [root] DEBUG: 6224: DLL loaded at 0x00007FF97ADB0000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-03-05 13:24:38,727 [root] DEBUG: 6224: DLL loaded at 0x00007FF95ED30000: C:\\Windows\\system32\\mssprxy (0x28000 bytes).\n2026-03-05 13:24:39,040 [root] DEBUG: 6224: DLL loaded at 0x00007FF965E90000: C:\\Windows\\SYSTEM32\\edputil (0x24000 bytes).\n2026-03-05 13:24:41,665 [root] DEBUG: 6224: DLL loaded at 0x00007FF96C930000: C:\\Windows\\System32\\StructuredQuery (0xa6000 bytes).\n2026-03-05 13:24:41,727 [root] DEBUG: 6224: DLL loaded at 0x00007FF95E760000: C:\\Windows\\system32\\Windows.Storage.Search (0xc6000 bytes).\n2026-03-05 13:24:41,837 [root] DEBUG: 6224: DLL loaded at 0x00007FF97AC20000: C:\\Windows\\SYSTEM32\\apphelp (0x90000 bytes).\n2026-03-05 13:24:42,102 [root] DEBUG: 6224: DLL loaded at 0x00007FF97D310000: C:\\Windows\\SYSTEM32\\profapi (0x1f000 bytes).\n2026-03-05 13:24:42,571 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 6420: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:24:42,571 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6420\n2026-03-05 13:24:42,571 [lib.api.process] INFO: Monitor config for <Process 6420 SearchApp.exe>: C:\\bx_3000n\\dll\\6420.ini\n2026-03-05 13:24:43,071 [root] DEBUG: 6224: DLL loaded at 0x00007FF96B9E0000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-03-05 13:24:44,165 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:44,196 [root] DEBUG: Loader: Injecting process 6420 (thread 2936) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:44,227 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:24:44,227 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:44,243 [lib.api.process] INFO: Injected into 64-bit <Process 6420 SearchApp.exe>\n2026-03-05 13:24:44,243 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6420\n2026-03-05 13:24:44,243 [lib.api.process] INFO: Monitor config for <Process 6420 SearchApp.exe>: C:\\bx_3000n\\dll\\6420.ini\n2026-03-05 13:24:44,884 [root] DEBUG: 6224: DLL loaded at 0x00007FF95E840000: C:\\Windows\\System32\\Windows.FileExplorer.Common (0x61000 bytes).\n2026-03-05 13:24:44,930 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: ￎ￲￪￠￧￠￭￮ ￢ ￤￮￱￲￳￯￥.\n2026-03-05 13:24:44,962 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:44,962 [root] INFO: Announced 64-bit process name: explorer.exe pid: 4524\n2026-03-05 13:24:44,962 [root] INFO: Announced 64-bit process name: explorer.exe pid: 4524\n2026-03-05 13:24:44,962 [lib.api.process] INFO: Monitor config for <Process 4524 explorer.exe>: C:\\bx_3000n\\dll\\4524.ini\n2026-03-05 13:24:44,977 [lib.api.process] INFO: Monitor config for <Process 4524 explorer.exe>: C:\\bx_3000n\\dll\\4524.ini\n2026-03-05 13:24:44,977 [root] DEBUG: 6224: OpenProcessHandler: Injection info created for process 4524, handle 0x5c0: Error obtaining target process name\n2026-03-05 13:24:44,993 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:44,993 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:45,024 [root] DEBUG: Loader: Injecting process 6420 (thread 2936) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,024 [root] INFO: Announced 64-bit process name: explorer.exe pid: 4524\n2026-03-05 13:24:45,040 [lib.api.process] INFO: Monitor config for <Process 4524 explorer.exe>: C:\\bx_3000n\\dll\\4524.ini\n2026-03-05 13:24:45,040 [root] DEBUG: Loader: Injecting process 4524 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,040 [root] DEBUG: Loader: Injecting process 4524 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,040 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:45,040 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:24:45,055 [root] DEBUG: 4524: Python path set to 'C:\\Python310'.\n2026-03-05 13:24:45,118 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,118 [root] DEBUG: Loader: Injecting process 4524 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,118 [lib.api.process] INFO: Injected into 64-bit <Process 6420 SearchApp.exe>\n2026-03-05 13:24:45,118 [root] DEBUG: 4524: Dropped file limit defaulting to 100.\n2026-03-05 13:24:45,134 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6420\n2026-03-05 13:24:45,134 [root] DEBUG: 4524: Disabling sleep skipping.\n2026-03-05 13:24:45,134 [lib.api.process] INFO: Monitor config for <Process 6420 SearchApp.exe>: C:\\bx_3000n\\dll\\6420.ini\n2026-03-05 13:24:45,165 [root] DEBUG: 4524: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:24:45,259 [root] DEBUG: 4524: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:24:45,337 [root] DEBUG: 4524: YaraScan: Scanning 0x00007FF7CE580000, size 0x4e1114\n2026-03-05 13:24:45,462 [root] DEBUG: 4524: Monitor initialised: 64-bit capemon loaded in process 4524 at 0x00007FF95C960000, thread 7028, image base 0x00007FF7CE580000, stack from 0x0000000007F62000-0x0000000007F70000\n2026-03-05 13:24:45,462 [root] DEBUG: 4524: Commandline: C:\\Windows\\Explorer.EXE\n2026-03-05 13:24:45,493 [root] DEBUG: 4524: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:24:45,540 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:24:45,540 [root] DEBUG: 4524: set_hooks: Unable to hook LockResource\n2026-03-05 13:24:45,587 [root] DEBUG: 4524: Hooked 627 out of 628 functions\n2026-03-05 13:24:45,665 [root] DEBUG: 4524: Syscall hook installed, syscall logging level 1\n2026-03-05 13:24:45,681 [root] INFO: Loaded monitor into process with pid 4524\n2026-03-05 13:24:45,696 [root] DEBUG: 4524: caller_dispatch: Added region at 0x0000000002B60000 to tracked regions list (kernel32::LoadLibraryExW returns to 0x0000000002B60044, thread 6676).\n2026-03-05 13:24:45,712 [root] DEBUG: 4524: api-rate-cap: LdrpCallInitRoutine hook disabled due to rate\n2026-03-05 13:24:45,712 [root] DEBUG: 4524: DumpPEsInRange: Scanning range 0x0000000002B60000 - 0x0000000002B60135.\n2026-03-05 13:24:45,712 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 13:24:45,712 [root] DEBUG: 4524: ScanForDisguisedPE: Size too small: 0x135 bytes\n2026-03-05 13:24:45,712 [root] DEBUG: 4524: caller_dispatch: Added region at 0x0000000002B70000 to tracked regions list (kernel32::LoadLibraryExW returns to 0x0000000002B70044, thread 3644).\n2026-03-05 13:24:45,712 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,727 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:45,743 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4524_291924524105432026 to CAPE\\75f7129dc6c1a1f9f5f0138a37dd7b51769c7f3d4a39cc0880a7c857721a4e73; Size is 309; Max size: 100000000\n2026-03-05 13:24:45,743 [lib.api.process] INFO: Injected into 64-bit <Process 4524 explorer.exe>\n2026-03-05 13:24:45,743 [root] DEBUG: 4524: DumpPEsInRange: Scanning range 0x0000000002B70000 - 0x0000000002B70135.\n2026-03-05 13:24:45,759 [root] DEBUG: Loader: Injecting process 6420 (thread 2936) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,759 [root] DEBUG: 4524: ScanForDisguisedPE: Size too small: 0x135 bytes\n2026-03-05 13:24:45,759 [root] DEBUG: 4524: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\4524_291924524105432026 (size 309 bytes)\n2026-03-05 13:24:45,774 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:24:45,774 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4524_311194524105432026 to CAPE\\02572b02fa877dba868632ca025b2ec64d791e9fdfbbd01cf60e4ba6c9d82c4d; Size is 309; Max size: 100000000\n2026-03-05 13:24:45,774 [root] DEBUG: 4524: DumpRegion: Dumped entire allocation from 0x0000000002B60000, size 4096 bytes.\n2026-03-05 13:24:45,805 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:45,805 [root] DEBUG: 4524: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\4524_311194524105432026 (size 309 bytes)\n2026-03-05 13:24:45,805 [root] DEBUG: 4524: ProcessTrackedRegion: Dumped region at 0x0000000002B60000.\n2026-03-05 13:24:45,805 [lib.api.process] INFO: Injected into 64-bit <Process 6420 SearchApp.exe>\n2026-03-05 13:24:45,821 [root] DEBUG: 6224: DLL loaded at 0x00007FF97C0D0000: C:\\Windows\\SYSTEM32\\ntmarta (0x33000 bytes).\n2026-03-05 13:24:45,821 [root] DEBUG: 4524: DumpRegion: Dumped entire allocation from 0x0000000002B70000, size 4096 bytes.\n2026-03-05 13:24:45,821 [root] DEBUG: 4524: YaraScan: Scanning 0x0000000002B60000, size 0x135\n2026-03-05 13:24:45,837 [root] DEBUG: 4524: ProcessTrackedRegion: Dumped region at 0x0000000002B70000.\n2026-03-05 13:24:45,899 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 13:24:45,962 [root] DEBUG: 6224: DLL loaded at 0x00007FF97E9B0000: C:\\Windows\\System32\\coml2 (0x79000 bytes).\n2026-03-05 13:24:45,993 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:46,102 [root] DEBUG: 4524: YaraScan: Scanning 0x0000000002B70000, size 0x135\n2026-03-05 13:24:46,102 [lib.api.process] INFO: Injected into 64-bit <Process 4524 explorer.exe>\n2026-03-05 13:24:46,118 [root] DEBUG: 4524: caller_dispatch: Added region at 0x00007FF7CE580000 to tracked regions list (user32::MsgWaitForMultipleObjectsEx returns to 0x00007FF7CE5FA819, thread 4604).\n2026-03-05 13:24:46,134 [root] DEBUG: 4524: YaraScan: Scanning 0x00007FF7CE580000, size 0x4e1114\n2026-03-05 13:24:46,149 [root] INFO: Added new file to list with pid 6224 and path C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms\n2026-03-05 13:24:46,196 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 13:24:46,227 [root] DEBUG: 4524: YaraScan: Scanning 0x00007FF7CE580000, size 0x4e1114\n2026-03-05 13:24:46,352 [root] DEBUG: 4524: ProcessImageBase: Main module image at 0x00007FF7CE580000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:24:46,368 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:46,384 [root] DEBUG: 4524: ProcessImageBase: Main module image at 0x00007FF7CE580000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:24:46,384 [lib.api.process] INFO: Injected into 64-bit <Process 4524 explorer.exe>\n2026-03-05 13:24:46,384 [root] INFO: Added new file to list with pid 6224 and path C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms\n2026-03-05 13:24:47,118 [root] DEBUG: 6224: api-cap: RegQueryValueExW hook disabled due to count: 5000\n2026-03-05 13:24:47,227 [root] DEBUG: 4524: DEBUG:Initialized 9 com hooks\n2026-03-05 13:24:47,290 [root] DEBUG: 4524: DEBUG:Initialized 9 com hooks\n2026-03-05 13:24:47,493 [root] DEBUG: 6224: api-cap: RegQueryValueExW hook disabled due to count: 5001\n2026-03-05 13:24:55,071 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 1872: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:24:55,071 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 1872\n2026-03-05 13:24:55,071 [lib.api.process] INFO: Monitor config for <Process 1872 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\1872.ini\n2026-03-05 13:24:55,087 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:55,102 [root] DEBUG: Loader: Injecting process 1872 (thread 6324) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:55,102 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:24:55,102 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:55,118 [lib.api.process] INFO: Injected into 64-bit <Process 1872 backgroundTaskHost.exe>\n2026-03-05 13:24:55,134 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 1872\n2026-03-05 13:24:55,134 [lib.api.process] INFO: Monitor config for <Process 1872 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\1872.ini\n2026-03-05 13:24:55,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:55,165 [root] DEBUG: Loader: Injecting process 1872 (thread 6324) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:55,165 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:24:55,165 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:55,180 [lib.api.process] INFO: Injected into 64-bit <Process 1872 backgroundTaskHost.exe>\n2026-03-05 13:24:55,180 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 1872\n2026-03-05 13:24:55,180 [lib.api.process] INFO: Monitor config for <Process 1872 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\1872.ini\n2026-03-05 13:24:55,196 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:24:55,212 [root] DEBUG: Loader: Injecting process 1872 (thread 6324) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:55,227 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:24:55,227 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:24:55,227 [lib.api.process] INFO: Injected into 64-bit <Process 1872 backgroundTaskHost.exe>\n2026-03-05 13:24:55,524 [root] DEBUG: 1872: Python path set to 'C:\\Python310'.\n2026-03-05 13:24:55,540 [root] DEBUG: 1872: Dropped file limit defaulting to 100.\n2026-03-05 13:24:56,150 [root] DEBUG: 1872: Disabling sleep skipping.\n2026-03-05 13:24:56,165 [root] DEBUG: 1872: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:24:56,259 [root] DEBUG: 1872: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:24:56,274 [root] DEBUG: 1872: YaraScan: Scanning 0x00007FF77C630000, size 0x6020\n2026-03-05 13:24:56,649 [root] DEBUG: 1872: Monitor initialised: 64-bit capemon loaded in process 1872 at 0x00007FF95C960000, thread 6324, image base 0x00007FF77C630000, stack from 0x00000094C8F44000-0x00000094C8F50000\n2026-03-05 13:24:56,681 [root] DEBUG: 1872: Commandline: \"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXapskvk16gk8da8kch5g4qxh42vxccved.mca\n2026-03-05 13:24:56,743 [root] DEBUG: 1872: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:24:56,868 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:24:56,868 [root] DEBUG: 1872: set_hooks: Unable to hook LockResource\n2026-03-05 13:24:56,931 [root] DEBUG: 1872: Hooked 627 out of 628 functions\n2026-03-05 13:24:56,931 [root] DEBUG: 1872: Syscall hook installed, syscall logging level 1\n2026-03-05 13:24:56,946 [root] DEBUG: 1872: RestoreHeaders: Restored original import table.\n2026-03-05 13:24:56,962 [root] INFO: Loaded monitor into process with pid 1872\n2026-03-05 13:24:56,962 [root] DEBUG: 1872: caller_dispatch: Added region at 0x00007FF77C630000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF77C6314D1, thread 6324).\n2026-03-05 13:24:56,962 [root] DEBUG: 1872: YaraScan: Scanning 0x00007FF77C630000, size 0x6020\n2026-03-05 13:24:56,978 [root] DEBUG: 1872: ProcessImageBase: Main module image at 0x00007FF77C630000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:24:57,087 [root] DEBUG: 1872: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:24:57,087 [root] DEBUG: 1872: DLL loaded at 0x00007FF97B2E0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-03-05 13:24:57,087 [root] DEBUG: 1872: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:24:57,102 [root] DEBUG: 1872: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:24:57,118 [root] DEBUG: 1872: DLL loaded at 0x00007FF978400000: C:\\Windows\\System32\\twinapi.appcore (0x200000 bytes).\n2026-03-05 13:24:57,228 [root] DEBUG: 1872: DEBUG:Initialized 9 com hooks\n2026-03-05 13:24:57,243 [root] DEBUG: 1872: DLL loaded at 0x00007FF979C20000: C:\\Windows\\System32\\WinTypes (0x154000 bytes).\n2026-03-05 13:24:57,259 [root] DEBUG: 1872: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:24:57,462 [root] DEBUG: 1872: DLL loaded at 0x00007FF972150000: C:\\Windows\\SYSTEM32\\mrmcorer (0xf4000 bytes).\n2026-03-05 13:24:58,134 [root] DEBUG: 1872: DLL loaded at 0x00007FF9696D0000: C:\\Windows\\SYSTEM32\\windows.staterepositoryclient (0x40000 bytes).\n2026-03-05 13:24:58,290 [root] DEBUG: 1872: DLL loaded at 0x00007FF973AD0000: C:\\Windows\\SYSTEM32\\windows.staterepositorycore (0x11000 bytes).\n2026-03-05 13:24:58,321 [root] DEBUG: 1872: DLL loaded at 0x00007FF977880000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7c9000 bytes).\n2026-03-05 13:24:59,399 [root] DEBUG: 1872: DLL loaded at 0x00007FF97D310000: C:\\Windows\\system32\\profapi (0x1f000 bytes).\n2026-03-05 13:24:59,602 [root] DEBUG: 1872: DLL loaded at 0x00007FF975FE0000: C:\\Windows\\SYSTEM32\\AppxDeploymentClient (0xf7000 bytes).\n2026-03-05 13:25:00,462 [root] INFO: Announced starting service \"b'WaaSMedicSvc'\"\n2026-03-05 13:25:00,477 [lib.api.process] INFO: Monitor config for <Process 640 services.exe>: C:\\bx_3000n\\dll\\640.ini\n2026-03-05 13:25:00,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:00,509 [root] DEBUG: Loader: Injecting process 640 with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:00,524 [root] DEBUG: Loader: Copied config file C:\\bx_3000n\\dll\\640.ini to system path C:\\640.ini\n2026-03-05 13:25:00,634 [root] DEBUG: Loader: Unable to open process, launched: PPLinject64.exe 640 C:\\bx_3000n\\dll\\KWXNIGCf.dll\n2026-03-05 13:25:00,649 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:00,665 [lib.api.process] INFO: Injected into 64-bit <Process 640 services.exe>\n2026-03-05 13:25:00,743 [root] INFO: Process with pid 4524 appears to have terminated\n2026-03-05 13:25:01,165 [root] DEBUG: 1872: DLL loaded at 0x00007FF97A910000: C:\\Windows\\system32\\CoreMessaging (0xf2000 bytes).\n2026-03-05 13:25:01,165 [root] DEBUG: 1872: DLL loaded at 0x00007FF978600000: C:\\Windows\\system32\\WindowManagementAPI (0xa1000 bytes).\n2026-03-05 13:25:01,180 [root] DEBUG: 1872: DLL loaded at 0x00007FF97C0D0000: C:\\Windows\\SYSTEM32\\ntmarta (0x33000 bytes).\n2026-03-05 13:25:01,180 [root] DEBUG: 1872: DLL loaded at 0x00007FF97A5B0000: C:\\Windows\\system32\\CoreUIComponents (0x35e000 bytes).\n2026-03-05 13:25:01,368 [root] DEBUG: 1872: DLL loaded at 0x00007FF971E90000: C:\\Windows\\system32\\TextInputFramework (0xf9000 bytes).\n2026-03-05 13:25:01,665 [root] DEBUG: 1872: DLL loaded at 0x00007FF979D80000: C:\\Windows\\system32\\PROPSYS (0xf6000 bytes).\n2026-03-05 13:25:02,462 [root] DEBUG: 1872: DLL loaded at 0x00007FF971D30000: C:\\Windows\\system32\\InputHost (0x152000 bytes).\n2026-03-05 13:25:02,540 [root] DEBUG: 1872: DLL loaded at 0x00007FF971F90000: C:\\Windows\\System32\\Windows.UI (0x141000 bytes).\n2026-03-05 13:25:02,837 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 1008: C:\\Windows\\system32\\DllHost.exe, ImageBase: 0x00007FF799000000\n2026-03-05 13:25:02,868 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 1008\n2026-03-05 13:25:02,915 [lib.api.process] INFO: Monitor config for <Process 1008 dllhost.exe>: C:\\bx_3000n\\dll\\1008.ini\n2026-03-05 13:25:02,930 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:02,946 [root] DEBUG: Loader: Injecting process 1008 (thread 3828) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:02,993 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:03,102 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:03,118 [lib.api.process] INFO: Injected into 64-bit <Process 1008 dllhost.exe>\n2026-03-05 13:25:03,134 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 1008\n2026-03-05 13:25:03,134 [lib.api.process] INFO: Monitor config for <Process 1008 dllhost.exe>: C:\\bx_3000n\\dll\\1008.ini\n2026-03-05 13:25:03,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:03,227 [root] DEBUG: Loader: Injecting process 1008 (thread 3828) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:03,259 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:03,290 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:03,337 [lib.api.process] INFO: Injected into 64-bit <Process 1008 dllhost.exe>\n2026-03-05 13:25:03,587 [root] DEBUG: 1008: Python path set to 'C:\\Python310'.\n2026-03-05 13:25:03,634 [root] DEBUG: 1008: Dropped file limit defaulting to 100.\n2026-03-05 13:25:03,649 [root] DEBUG: 1008: Disabling sleep skipping.\n2026-03-05 13:25:03,665 [root] DEBUG: 1008: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:25:03,696 [root] DEBUG: 1008: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:25:03,696 [root] DEBUG: 1008: YaraScan: Scanning 0x00007FF799000000, size 0x8026\n2026-03-05 13:25:03,712 [root] DEBUG: 1008: Monitor initialised: 64-bit capemon loaded in process 1008 at 0x00007FF95C960000, thread 3828, image base 0x00007FF799000000, stack from 0x000000FC42124000-0x000000FC42130000\n2026-03-05 13:25:03,712 [root] DEBUG: 1008: Commandline: C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\n2026-03-05 13:25:03,774 [root] DEBUG: 1008: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:25:03,837 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:25:03,868 [root] DEBUG: 1008: set_hooks: Unable to hook LockResource\n2026-03-05 13:25:03,931 [root] DEBUG: 1008: Hooked 627 out of 628 functions\n2026-03-05 13:25:03,962 [root] DEBUG: 1008: Syscall hook installed, syscall logging level 1\n2026-03-05 13:25:03,962 [root] DEBUG: 1008: RestoreHeaders: Restored original import table.\n2026-03-05 13:25:03,977 [root] INFO: Loaded monitor into process with pid 1008\n2026-03-05 13:25:03,977 [root] DEBUG: 1008: caller_dispatch: Added region at 0x00007FF799000000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF799001349, thread 3828).\n2026-03-05 13:25:03,993 [root] DEBUG: 1008: YaraScan: Scanning 0x00007FF799000000, size 0x8026\n2026-03-05 13:25:04,040 [root] DEBUG: 1008: ProcessImageBase: Main module image at 0x00007FF799000000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:25:04,071 [root] DEBUG: 1008: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:25:04,102 [root] DEBUG: 1008: DLL loaded at 0x00007FF97B2E0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-03-05 13:25:04,118 [root] DEBUG: 772: DLL loaded at 0x00007FF97D160000: C:\\Windows\\System32\\DPAPI (0xa000 bytes).\n2026-03-05 13:25:04,134 [root] DEBUG: 1008: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:25:04,337 [root] DEBUG: 1008: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:25:04,680 [root] DEBUG: 1008: DLL loaded at 0x00007FF97ADB0000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-03-05 13:25:04,727 [root] DEBUG: 1008: DEBUG:Initialized 9 com hooks\n2026-03-05 13:25:04,759 [root] DEBUG: 1008: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:25:04,790 [root] DEBUG: 1008: DLL loaded at 0x00007FF965EC0000: C:\\Windows\\System32\\thumbcache (0x66000 bytes).\n2026-03-05 13:25:04,821 [root] DEBUG: 1008: DLL loaded at 0x00007FF979D80000: C:\\Windows\\system32\\propsys (0xf6000 bytes).\n2026-03-05 13:25:05,102 [root] DEBUG: 1872: DLL loaded at 0x00007FF971CB0000: C:\\Windows\\system32\\bcp47mrm (0x2d000 bytes).\n2026-03-05 13:25:05,149 [root] DEBUG: 1872: DLL loaded at 0x00007FF97ADB0000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-03-05 13:25:05,180 [root] DEBUG: 1872: DLL loaded at 0x00007FF962F90000: C:\\Windows\\System32\\biwinrt (0x53000 bytes).\n2026-03-05 13:25:05,321 [root] DEBUG: 1872: DLL loaded at 0x00007FF964F50000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHostNE (0x12b000 bytes).\n2026-03-05 13:25:05,337 [root] DEBUG: 1872: DLL loaded at 0x00007FF969170000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostfxr (0x5d000 bytes).\n2026-03-05 13:25:05,431 [root] DEBUG: 1872: DLL loaded at 0x00007FF965FD0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\hostpolicy (0x60000 bytes).\n2026-03-05 13:25:05,477 [root] DEBUG: 1872: api-rate-cap: FindNextFileW hook disabled due to rate\n2026-03-05 13:25:05,493 [root] DEBUG: 1872: DLL loaded at 0x00007FF963350000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\coreclr (0x4a9000 bytes).\n2026-03-05 13:25:05,509 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF903790000, size: 0x10000.\n2026-03-05 13:25:05,524 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:05,540 [root] DEBUG: 1872: DLL loaded at 0x00007FF9467A0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.CoreLib (0xe8c000 bytes).\n2026-03-05 13:25:05,555 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF903840000, size: 0x4000.\n2026-03-05 13:25:05,618 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:05,680 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF903850000, size: 0x4000.\n2026-03-05 13:25:05,696 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:05,759 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF9038E0000, size: 0x1000.\n2026-03-05 13:25:05,759 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:05,774 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:05,790 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF9037AD000, size: 0x1000.\n2026-03-05 13:25:05,805 [root] DEBUG: 1872: DLL loaded at 0x00007FF963170000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\clrjit (0x1de000 bytes).\n2026-03-05 13:25:05,821 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:05,821 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF903850000.\n2026-03-05 13:25:05,837 [root] DEBUG: 1872: DumpPEsInRange: Scanning range 0x00007FF9038E0000 - 0x00007FF9038E26A8.\n2026-03-05 13:25:05,852 [root] DEBUG: 1872: ScanForDisguisedPE: No PE image located in range 0x00007FF9038E0000-0x00007FF9038E26A8.\n2026-03-05 13:25:05,884 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\1872_35588525105432026 to CAPE\\7c809991dd355a53f3f02e58c0ffe5903c66c945349b5c3e59c43dda69a13c11; Size is 9896; Max size: 100000000\n2026-03-05 13:25:05,946 [root] DEBUG: 1872: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\1872_35588525105432026 (size 9896 bytes)\n2026-03-05 13:25:05,962 [root] DEBUG: 1872: DumpRegion: Dumped entire allocation from 0x00007FF9038E0000, size 12288 bytes.\n2026-03-05 13:25:06,009 [root] DEBUG: 1872: ProcessTrackedRegion: Dumped region at 0x00007FF9038E0000.\n2026-03-05 13:25:06,055 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF9039D0000, size: 0x4000.\n2026-03-05 13:25:06,071 [root] DEBUG: 1872: YaraScan: Scanning 0x00007FF9038E0000, size 0x26a8\n2026-03-05 13:25:06,087 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:06,196 [root] DEBUG: 1872: DLL loaded at 0x00007FF95F110000: C:\\Windows\\SYSTEM32\\icu (0x22e000 bytes).\n2026-03-05 13:25:06,540 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:06,884 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9037A0000.\n2026-03-05 13:25:06,946 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4708: C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe, ImageBase: 0x00007FF634590000\n2026-03-05 13:25:06,962 [root] INFO: Announced 64-bit process name: StartMenuExperienceHost.exe pid: 4708\n2026-03-05 13:25:06,962 [lib.api.process] INFO: Monitor config for <Process 4708 StartMenuExperienceHost.exe>: C:\\bx_3000n\\dll\\4708.ini\n2026-03-05 13:25:06,977 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:07,243 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 5420: C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe, ImageBase: 0x00007FF69BBD0000\n2026-03-05 13:25:07,305 [root] INFO: Announced 64-bit process name: TextInputHost.exe pid: 5420\n2026-03-05 13:25:07,305 [lib.api.process] INFO: Monitor config for <Process 5420 TextInputHost.exe>: C:\\bx_3000n\\dll\\5420.ini\n2026-03-05 13:25:07,477 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF903A80000, size: 0x4000.\n2026-03-05 13:25:07,477 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 5696: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:07,493 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:07,493 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 5696\n2026-03-05 13:25:07,509 [lib.api.process] INFO: Monitor config for <Process 5696 SearchApp.exe>: C:\\bx_3000n\\dll\\5696.ini\n2026-03-05 13:25:07,509 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:07,540 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:07,634 [root] DEBUG: 1872: DLL loaded at 0x00007FF975CE0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\NativeHost (0x6000 bytes).\n2026-03-05 13:25:07,665 [root] DEBUG: Loader: Injecting process 4708 (thread 3612) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:07,805 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:07,805 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:07,821 [lib.api.process] INFO: Injected into 64-bit <Process 4708 StartMenuExperienceHost.exe>\n2026-03-05 13:25:07,868 [root] INFO: Announced 64-bit process name: StartMenuExperienceHost.exe pid: 4708\n2026-03-05 13:25:07,868 [lib.api.process] INFO: Monitor config for <Process 4708 StartMenuExperienceHost.exe>: C:\\bx_3000n\\dll\\4708.ini\n2026-03-05 13:25:08,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:08,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:08,555 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:08,571 [root] DEBUG: Loader: Injecting process 5696 (thread 5136) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:08,602 [root] DEBUG: Loader: Injecting process 5420 (thread 5544) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:08,618 [root] DEBUG: Loader: Injecting process 4708 (thread 3612) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:08,634 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:08,649 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:08,680 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:08,712 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:08,727 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:08,790 [lib.api.process] INFO: Injected into 64-bit <Process 5696 SearchApp.exe>\n2026-03-05 13:25:08,790 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:08,821 [lib.api.process] INFO: Injected into 64-bit <Process 5420 TextInputHost.exe>\n2026-03-05 13:25:08,837 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 5696\n2026-03-05 13:25:08,852 [lib.api.process] INFO: Injected into 64-bit <Process 4708 StartMenuExperienceHost.exe>\n2026-03-05 13:25:08,852 [lib.api.process] INFO: Monitor config for <Process 5696 SearchApp.exe>: C:\\bx_3000n\\dll\\5696.ini\n2026-03-05 13:25:08,852 [root] INFO: Announced 64-bit process name: TextInputHost.exe pid: 5420\n2026-03-05 13:25:08,868 [lib.api.process] INFO: Monitor config for <Process 5420 TextInputHost.exe>: C:\\bx_3000n\\dll\\5420.ini\n2026-03-05 13:25:08,868 [root] INFO: Announced 64-bit process name: StartMenuExperienceHost.exe pid: 4708\n2026-03-05 13:25:08,868 [lib.api.process] INFO: Monitor config for <Process 4708 StartMenuExperienceHost.exe>: C:\\bx_3000n\\dll\\4708.ini\n2026-03-05 13:25:09,430 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:09,493 [root] DEBUG: Loader: Injecting process 5696 (thread 5136) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:09,493 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:09,509 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:09,509 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:09,509 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:09,540 [lib.api.process] INFO: Injected into 64-bit <Process 5696 SearchApp.exe>\n2026-03-05 13:25:09,555 [root] DEBUG: Loader: Injecting process 5420 (thread 5544) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:09,555 [root] DEBUG: Loader: Injecting process 4708 (thread 3612) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:09,555 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 5696\n2026-03-05 13:25:09,555 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:09,555 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:09,555 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:09,555 [lib.api.process] INFO: Monitor config for <Process 5696 SearchApp.exe>: C:\\bx_3000n\\dll\\5696.ini\n2026-03-05 13:25:09,571 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:09,588 [lib.api.process] INFO: Injected into 64-bit <Process 5420 TextInputHost.exe>\n2026-03-05 13:25:09,588 [lib.api.process] INFO: Injected into 64-bit <Process 4708 StartMenuExperienceHost.exe>\n2026-03-05 13:25:09,602 [root] INFO: Announced 64-bit process name: TextInputHost.exe pid: 5420\n2026-03-05 13:25:09,602 [lib.api.process] INFO: Monitor config for <Process 5420 TextInputHost.exe>: C:\\bx_3000n\\dll\\5420.ini\n2026-03-05 13:25:09,712 [root] DEBUG: 1872: DLL loaded at 0x000002887FCE0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime (0xe000 bytes).\n2026-03-05 13:25:09,727 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF903A80000.\n2026-03-05 13:25:09,837 [root] DEBUG: 1872: DLL loaded at 0x00007FF972330000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Runtime.InteropServices (0x19000 bytes).\n2026-03-05 13:25:09,852 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:09,915 [root] DEBUG: 1872: DLL loaded at 0x00007FF9638D0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\WinRT.Runtime (0x158000 bytes).\n2026-03-05 13:25:09,915 [root] DEBUG: 1872: DLL loaded at 0x00007FF965AF0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections.Concurrent (0x45000 bytes).\n2026-03-05 13:25:09,930 [root] DEBUG: 1872: DLL loaded at 0x00007FF965AA0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Collections (0x4f000 bytes).\n2026-03-05 13:25:09,946 [root] DEBUG: 1872: DLL loaded at 0x00007FF972310000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background.Tasks (0x12000 bytes).\n2026-03-05 13:25:09,977 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:09,993 [root] DEBUG: 1872: DLL loaded at 0x00007FF96CF20000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Memory (0x25000 bytes).\n2026-03-05 13:25:10,024 [root] DEBUG: 1872: DLL loaded at 0x0000028882E10000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.SDK.NET (0x39fc000 bytes).\n2026-03-05 13:25:10,040 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,071 [root] DEBUG: 1872: DLL loaded at 0x00007FF96D0A0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Threading (0x12000 bytes).\n2026-03-05 13:25:10,087 [root] DEBUG: 1872: DLL loaded at 0x00007FF96BDF0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Private.Uri (0x3d000 bytes).\n2026-03-05 13:25:10,087 [root] DEBUG: 1872: DLL loaded at 0x00007FF96CF90000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ObjectModel (0x12000 bytes).\n2026-03-05 13:25:10,102 [root] DEBUG: 1872: DLL loaded at 0x000002887FCF0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Numerics.Vectors (0x8000 bytes).\n2026-03-05 13:25:10,118 [root] DEBUG: 1872: DLL loaded at 0x00007FF973CB0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.ComponentModel (0x5000 bytes).\n2026-03-05 13:25:10,149 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,149 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,181 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,181 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:10,196 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,212 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:10,227 [root] DEBUG: Loader: Injecting process 5420 (thread 5544) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:10,243 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF903EC0000, size: 0x4000.\n2026-03-05 13:25:10,243 [root] DEBUG: Loader: Injecting process 5696 (thread 5136) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:10,243 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:10,243 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:10,243 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:10,259 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:10,274 [lib.api.process] INFO: Injected into 64-bit <Process 5420 TextInputHost.exe>\n2026-03-05 13:25:10,274 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:10,274 [lib.api.process] INFO: Injected into 64-bit <Process 5696 SearchApp.exe>\n2026-03-05 13:25:10,290 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,446 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,774 [root] DEBUG: 1872: DLL loaded at 0x00007FF961750000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq.Expressions (0x37d000 bytes).\n2026-03-05 13:25:10,774 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:10,946 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,009 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,071 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,149 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,321 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,571 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,805 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:11,821 [root] DEBUG: 1872: DLL loaded at 0x00007FF9625F0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.Managed (0x46e000 bytes).\n2026-03-05 13:25:11,837 [root] DEBUG: 1872: DLL loaded at 0x00007FF96B630000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Background (0x17000 bytes).\n2026-03-05 13:25:11,884 [root] DEBUG: 1872: DLL loaded at 0x00007FF962440000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Managed (0x1af000 bytes).\n2026-03-05 13:25:12,040 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9039D0000.\n2026-03-05 13:25:12,071 [root] DEBUG: 1872: DLL loaded at 0x00007FF962140000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Utilities (0x2f2000 bytes).\n2026-03-05 13:25:12,165 [root] DEBUG: 1872: DLL loaded at 0x00007FF964980000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp (0x7f000 bytes).\n2026-03-05 13:25:12,274 [root] DEBUG: 1872: DLL loaded at 0x00007FF973CE0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Extensions.Logging.Abstractions (0x21000 bytes).\n2026-03-05 13:25:12,305 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:12,321 [root] DEBUG: 1872: DLL loaded at 0x00007FF964DA0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\SharedUtilities (0x57000 bytes).\n2026-03-05 13:25:12,384 [root] DEBUG: 1872: DLL loaded at 0x00007FF962FF0000: C:\\Windows\\System32\\Windows.Storage.ApplicationData (0x68000 bytes).\n2026-03-05 13:25:12,634 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:12,962 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:13,665 [root] INFO: Process with pid 1008 has terminated\n2026-03-05 13:25:13,680 [root] DEBUG: 1008: NtTerminateProcess hook: Attempting to dump process 1008\n2026-03-05 13:25:13,680 [root] DEBUG: 1008: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:25:14,399 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:14,430 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:14,493 [root] DEBUG: 1872: DLL loaded at 0x00007FF961F30000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Security.Cryptography (0x205000 bytes).\n2026-03-05 13:25:14,509 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF903EC0000.\n2026-03-05 13:25:14,587 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:14,602 [root] DEBUG: 1872: DLL loaded at 0x00007FF943A90000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.WinUI (0xfeb000 bytes).\n2026-03-05 13:25:14,618 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:14,649 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:14,727 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:14,759 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:15,024 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:15,134 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:15,305 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:15,337 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:16,634 [root] DEBUG: 1872: DLL loaded at 0x00007FF97C8E0000: C:\\Windows\\system32\\logoncli (0x43000 bytes).\n2026-03-05 13:25:16,712 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:16,743 [root] DEBUG: 1872: DLL loaded at 0x00007FF969920000: C:\\Windows\\System32\\Windows.ApplicationModel (0xe6000 bytes).\n2026-03-05 13:25:17,493 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:20,415 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 3668: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:20,462 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 3668\n2026-03-05 13:25:20,477 [lib.api.process] INFO: Monitor config for <Process 3668 SearchApp.exe>: C:\\bx_3000n\\dll\\3668.ini\n2026-03-05 13:25:21,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:21,524 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 3184: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:25:21,524 [root] DEBUG: Loader: Injecting process 3668 (thread 2560) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,524 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 3184\n2026-03-05 13:25:21,540 [lib.api.process] INFO: Monitor config for <Process 3184 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\3184.ini\n2026-03-05 13:25:21,540 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:21,540 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,555 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:21,555 [lib.api.process] INFO: Injected into 64-bit <Process 3668 SearchApp.exe>\n2026-03-05 13:25:21,571 [root] DEBUG: Loader: Injecting process 3184 (thread 6852) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,571 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 3668\n2026-03-05 13:25:21,571 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:21,587 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,587 [lib.api.process] INFO: Monitor config for <Process 3668 SearchApp.exe>: C:\\bx_3000n\\dll\\3668.ini\n2026-03-05 13:25:21,602 [lib.api.process] INFO: Injected into 64-bit <Process 3184 backgroundTaskHost.exe>\n2026-03-05 13:25:21,618 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 3184\n2026-03-05 13:25:21,618 [lib.api.process] INFO: Monitor config for <Process 3184 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\3184.ini\n2026-03-05 13:25:21,634 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:21,665 [root] DEBUG: Loader: Injecting process 3184 (thread 6852) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,665 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:21,665 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,680 [lib.api.process] INFO: Injected into 64-bit <Process 3184 backgroundTaskHost.exe>\n2026-03-05 13:25:21,680 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 3184\n2026-03-05 13:25:21,696 [lib.api.process] INFO: Monitor config for <Process 3184 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\3184.ini\n2026-03-05 13:25:21,712 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:21,727 [root] DEBUG: Loader: Injecting process 3184 (thread 6852) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,743 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:21,743 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,759 [lib.api.process] INFO: Injected into 64-bit <Process 3184 backgroundTaskHost.exe>\n2026-03-05 13:25:21,899 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4900: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:25:21,915 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 4900\n2026-03-05 13:25:21,930 [lib.api.process] INFO: Monitor config for <Process 4900 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\4900.ini\n2026-03-05 13:25:21,946 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:21,977 [root] DEBUG: Loader: Injecting process 4900 (thread 4884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,977 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:21,977 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:21,993 [lib.api.process] INFO: Injected into 64-bit <Process 4900 backgroundTaskHost.exe>\n2026-03-05 13:25:21,993 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 4900\n2026-03-05 13:25:22,009 [lib.api.process] INFO: Monitor config for <Process 4900 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\4900.ini\n2026-03-05 13:25:22,024 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,055 [root] DEBUG: Loader: Injecting process 4900 (thread 4884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,055 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:22,071 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,087 [lib.api.process] INFO: Injected into 64-bit <Process 4900 backgroundTaskHost.exe>\n2026-03-05 13:25:22,118 [root] INFO: Process with pid 4900 has terminated\n2026-03-05 13:25:22,212 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 2172: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:25:22,212 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 2172\n2026-03-05 13:25:22,227 [lib.api.process] INFO: Monitor config for <Process 2172 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\2172.ini\n2026-03-05 13:25:22,243 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,259 [root] DEBUG: Loader: Injecting process 2172 (thread 2960) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,274 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:22,274 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,290 [lib.api.process] INFO: Injected into 64-bit <Process 2172 backgroundTaskHost.exe>\n2026-03-05 13:25:22,290 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 2172\n2026-03-05 13:25:22,305 [lib.api.process] INFO: Monitor config for <Process 2172 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\2172.ini\n2026-03-05 13:25:22,352 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,384 [root] DEBUG: Loader: Injecting process 2172 (thread 2960) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,399 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:22,399 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,430 [lib.api.process] INFO: Injected into 64-bit <Process 2172 backgroundTaskHost.exe>\n2026-03-05 13:25:22,430 [root] INFO: Process with pid 2172 has terminated\n2026-03-05 13:25:22,462 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 5720: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:25:22,462 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 5720\n2026-03-05 13:25:22,462 [lib.api.process] INFO: Monitor config for <Process 5720 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\5720.ini\n2026-03-05 13:25:22,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,509 [root] DEBUG: Loader: Injecting process 5720 (thread 1740) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,509 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:22,524 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,540 [lib.api.process] INFO: Injected into 64-bit <Process 5720 backgroundTaskHost.exe>\n2026-03-05 13:25:22,540 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 5720\n2026-03-05 13:25:22,555 [lib.api.process] INFO: Monitor config for <Process 5720 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\5720.ini\n2026-03-05 13:25:22,587 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,602 [root] DEBUG: Loader: Injecting process 5720 (thread 1740) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,602 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:22,602 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,618 [lib.api.process] INFO: Injected into 64-bit <Process 5720 backgroundTaskHost.exe>\n2026-03-05 13:25:22,634 [root] INFO: Process with pid 5720 has terminated\n2026-03-05 13:25:22,649 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 3688: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:25:22,649 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 3688\n2026-03-05 13:25:22,665 [lib.api.process] INFO: Monitor config for <Process 3688 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\3688.ini\n2026-03-05 13:25:22,680 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,696 [root] DEBUG: Loader: Injecting process 3688 (thread 5212) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,696 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:22,712 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,712 [lib.api.process] INFO: Injected into 64-bit <Process 3688 backgroundTaskHost.exe>\n2026-03-05 13:25:22,727 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 3688\n2026-03-05 13:25:22,727 [lib.api.process] INFO: Monitor config for <Process 3688 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\3688.ini\n2026-03-05 13:25:22,759 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,774 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,774 [root] DEBUG: Loader: Injecting process 3688 (thread 5212) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,790 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:22,790 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,821 [root] DEBUG: Loader: Injecting process 3668 (thread 2560) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,821 [lib.api.process] INFO: Injected into 64-bit <Process 3688 backgroundTaskHost.exe>\n2026-03-05 13:25:22,821 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:22,837 [root] INFO: Process with pid 3688 has terminated\n2026-03-05 13:25:22,852 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,852 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4056: C:\\Windows\\system32\\backgroundTaskHost.exe, ImageBase: 0x00007FF77C630000\n2026-03-05 13:25:22,868 [lib.api.process] INFO: Injected into 64-bit <Process 3668 SearchApp.exe>\n2026-03-05 13:25:22,868 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 4056\n2026-03-05 13:25:22,868 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 3668\n2026-03-05 13:25:22,868 [lib.api.process] INFO: Monitor config for <Process 4056 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\4056.ini\n2026-03-05 13:25:22,868 [lib.api.process] INFO: Monitor config for <Process 3668 SearchApp.exe>: C:\\bx_3000n\\dll\\3668.ini\n2026-03-05 13:25:22,884 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:22,946 [root] DEBUG: Loader: Injecting process 4056 (thread 5180) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,946 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:22,946 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:22,993 [lib.api.process] INFO: Injected into 64-bit <Process 4056 backgroundTaskHost.exe>\n2026-03-05 13:25:23,024 [root] INFO: Announced 64-bit process name: backgroundTaskHost.exe pid: 4056\n2026-03-05 13:25:23,024 [lib.api.process] INFO: Monitor config for <Process 4056 backgroundTaskHost.exe>: C:\\bx_3000n\\dll\\4056.ini\n2026-03-05 13:25:23,040 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:23,087 [root] DEBUG: Loader: Injecting process 4056 (thread 5180) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:23,087 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:23,087 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:23,102 [lib.api.process] INFO: Injected into 64-bit <Process 4056 backgroundTaskHost.exe>\n2026-03-05 13:25:23,118 [root] INFO: Process with pid 4056 has terminated\n2026-03-05 13:25:24,009 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:24,087 [root] DEBUG: Loader: Injecting process 3668 (thread 2560) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:24,118 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:24,118 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:24,134 [lib.api.process] INFO: Injected into 64-bit <Process 3668 SearchApp.exe>\n2026-03-05 13:25:24,368 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 884: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:24,384 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 884\n2026-03-05 13:25:24,384 [lib.api.process] INFO: Monitor config for <Process 884 SearchApp.exe>: C:\\bx_3000n\\dll\\884.ini\n2026-03-05 13:25:25,399 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:25,415 [root] DEBUG: Loader: Injecting process 884 (thread 3960) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:25,415 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:25,415 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:25,430 [lib.api.process] INFO: Injected into 64-bit <Process 884 SearchApp.exe>\n2026-03-05 13:25:25,446 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 884\n2026-03-05 13:25:25,446 [lib.api.process] INFO: Monitor config for <Process 884 SearchApp.exe>: C:\\bx_3000n\\dll\\884.ini\n2026-03-05 13:25:25,962 [root] DEBUG: 1872: DLL loaded at 0x00007FF974DB0000: C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\VCRUNTIME140 (0x1e000 bytes).\n2026-03-05 13:25:26,274 [root] DEBUG: 1872: DLL loaded at 0x00007FF97A450000: C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\VCRUNTIME140_1 (0xc000 bytes).\n2026-03-05 13:25:26,290 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 1048: C:\\Windows\\System32\\RuntimeBroker.exe, ImageBase: 0x00007FF67C000000\n2026-03-05 13:25:26,290 [root] INFO: Announced 64-bit process name: RuntimeBroker.exe pid: 1048\n2026-03-05 13:25:26,290 [lib.api.process] INFO: Monitor config for <Process 1048 RuntimeBroker.exe>: C:\\bx_3000n\\dll\\1048.ini\n2026-03-05 13:25:26,321 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:26,337 [root] DEBUG: Loader: Injecting process 1048 (thread 4804) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,337 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:26,337 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,352 [lib.api.process] INFO: Injected into 64-bit <Process 1048 RuntimeBroker.exe>\n2026-03-05 13:25:26,368 [root] INFO: Announced 64-bit process name: RuntimeBroker.exe pid: 1048\n2026-03-05 13:25:26,368 [lib.api.process] INFO: Monitor config for <Process 1048 RuntimeBroker.exe>: C:\\bx_3000n\\dll\\1048.ini\n2026-03-05 13:25:26,399 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:26,430 [root] DEBUG: Loader: Injecting process 1048 (thread 4804) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,430 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:26,430 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,446 [lib.api.process] INFO: Injected into 64-bit <Process 1048 RuntimeBroker.exe>\n2026-03-05 13:25:26,462 [root] INFO: Announced 64-bit process name: RuntimeBroker.exe pid: 1048\n2026-03-05 13:25:26,462 [lib.api.process] INFO: Monitor config for <Process 1048 RuntimeBroker.exe>: C:\\bx_3000n\\dll\\1048.ini\n2026-03-05 13:25:26,477 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:26,493 [root] DEBUG: Loader: Injecting process 1048 (thread 4804) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,509 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:26,509 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,524 [lib.api.process] INFO: Injected into 64-bit <Process 1048 RuntimeBroker.exe>\n2026-03-05 13:25:26,634 [root] DEBUG: 1048: Python path set to 'C:\\Python310'.\n2026-03-05 13:25:26,649 [root] DEBUG: 1048: Dropped file limit defaulting to 100.\n2026-03-05 13:25:26,649 [root] DEBUG: 1048: Disabling sleep skipping.\n2026-03-05 13:25:26,649 [root] DEBUG: 1048: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:25:26,680 [root] DEBUG: 1048: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:25:26,680 [root] DEBUG: 1048: YaraScan: Scanning 0x00007FF67C000000, size 0x1b158\n2026-03-05 13:25:26,696 [root] DEBUG: 1048: Monitor initialised: 64-bit capemon loaded in process 1048 at 0x00007FF95C960000, thread 4804, image base 0x00007FF67C000000, stack from 0x0000007D490A4000-0x0000007D490B0000\n2026-03-05 13:25:26,696 [root] DEBUG: 1048: Commandline: C:\\Windows\\System32\\RuntimeBroker.exe -Embedding\n2026-03-05 13:25:26,727 [root] DEBUG: 1048: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:25:26,774 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:25:26,774 [root] DEBUG: 1048: set_hooks: Unable to hook LockResource\n2026-03-05 13:25:26,790 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:26,805 [root] DEBUG: 1048: Hooked 627 out of 628 functions\n2026-03-05 13:25:26,821 [root] DEBUG: Loader: Injecting process 884 (thread 3960) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,837 [root] DEBUG: 1048: Syscall hook installed, syscall logging level 1\n2026-03-05 13:25:26,837 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:26,837 [root] DEBUG: 1048: RestoreHeaders: Restored original import table.\n2026-03-05 13:25:26,852 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:26,852 [root] INFO: Loaded monitor into process with pid 1048\n2026-03-05 13:25:26,884 [lib.api.process] INFO: Injected into 64-bit <Process 884 SearchApp.exe>\n2026-03-05 13:25:26,884 [root] DEBUG: 1048: DLL loaded at 0x00007FF97D220000: C:\\Windows\\System32\\UMPDC (0x12000 bytes).\n2026-03-05 13:25:26,884 [root] INFO: Process with pid 884 has terminated\n2026-03-05 13:25:26,915 [root] DEBUG: 1048: caller_dispatch: Added region at 0x00007FF67C000000 to tracked regions list (ntdll::NtAllocateVirtualMemoryEx returns to 0x00007FF67C006552, thread 4804).\n2026-03-05 13:25:26,946 [root] DEBUG: 1048: YaraScan: Scanning 0x00007FF67C000000, size 0x1b158\n2026-03-05 13:25:26,946 [root] DEBUG: 1048: ProcessImageBase: Main module image at 0x00007FF67C000000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:25:26,962 [root] DEBUG: 1048: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:25:26,977 [root] DEBUG: 1048: DEBUG:Initialized 9 com hooks\n2026-03-05 13:25:26,977 [root] DEBUG: 1048: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:25:27,321 [root] DEBUG: 1872: DLL loaded at 0x00007FF9630E0000: C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\\MSVCP140 (0x8d000 bytes).\n2026-03-05 13:25:27,337 [root] DEBUG: 1048: DLL loaded at 0x00007FF975FE0000: C:\\Windows\\System32\\AppXDeploymentClient (0xf7000 bytes).\n2026-03-05 13:25:27,915 [root] DEBUG: 1872: DLL loaded at 0x00007FF964560000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Exp.WinRT (0x65000 bytes).\n2026-03-05 13:25:28,290 [root] DEBUG: 656: DLL loaded at 0x00007FF96BCA0000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x7f000 bytes).\n2026-03-05 13:25:28,540 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 1388: C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe, ImageBase: 0x00007FF746D30000\n2026-03-05 13:25:28,587 [root] INFO: Announced 64-bit process name: ShellExperienceHost.exe pid: 1388\n2026-03-05 13:25:28,602 [lib.api.process] INFO: Monitor config for <Process 1388 ShellExperienceHost.exe>: C:\\bx_3000n\\dll\\1388.ini\n2026-03-05 13:25:29,899 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:29,930 [root] DEBUG: Loader: Injecting process 1388 (thread 1668) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:29,946 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:29,946 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:29,962 [lib.api.process] INFO: Injected into 64-bit <Process 1388 ShellExperienceHost.exe>\n2026-03-05 13:25:29,977 [root] INFO: Announced 64-bit process name: ShellExperienceHost.exe pid: 1388\n2026-03-05 13:25:29,977 [lib.api.process] INFO: Monitor config for <Process 1388 ShellExperienceHost.exe>: C:\\bx_3000n\\dll\\1388.ini\n2026-03-05 13:25:30,712 [root] DEBUG: 1872: DLL loaded at 0x00007FF970920000: C:\\Windows\\system32\\iertutil (0x2b1000 bytes).\n2026-03-05 13:25:31,305 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:31,337 [root] DEBUG: Loader: Injecting process 1388 (thread 1668) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:31,337 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:31,337 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:31,352 [lib.api.process] INFO: Injected into 64-bit <Process 1388 ShellExperienceHost.exe>\n2026-03-05 13:25:31,352 [root] INFO: Announced 64-bit process name: ShellExperienceHost.exe pid: 1388\n2026-03-05 13:25:31,368 [lib.api.process] INFO: Monitor config for <Process 1388 ShellExperienceHost.exe>: C:\\bx_3000n\\dll\\1388.ini\n2026-03-05 13:25:31,696 [root] DEBUG: 1872: DLL loaded at 0x00007FF964E00000: C:\\Windows\\System32\\Windows.Web (0xc3000 bytes).\n2026-03-05 13:25:31,852 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:32,009 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4260: C:\\Windows\\System32\\mobsync.exe, ImageBase: 0x00007FF6C0C10000\n2026-03-05 13:25:32,024 [root] INFO: Announced 64-bit process name: mobsync.exe pid: 4260\n2026-03-05 13:25:32,024 [lib.api.process] INFO: Monitor config for <Process 4260 mobsync.exe>: C:\\bx_3000n\\dll\\4260.ini\n2026-03-05 13:25:32,040 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:32,071 [root] DEBUG: Loader: Injecting process 4260 (thread 6952) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:32,071 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:32,071 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:32,087 [lib.api.process] INFO: Injected into 64-bit <Process 4260 mobsync.exe>\n2026-03-05 13:25:32,087 [root] INFO: Announced 64-bit process name: mobsync.exe pid: 4260\n2026-03-05 13:25:32,102 [lib.api.process] INFO: Monitor config for <Process 4260 mobsync.exe>: C:\\bx_3000n\\dll\\4260.ini\n2026-03-05 13:25:32,118 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:32,149 [root] DEBUG: Loader: Injecting process 4260 (thread 6952) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:32,149 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:32,149 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:32,196 [lib.api.process] INFO: Injected into 64-bit <Process 4260 mobsync.exe>\n2026-03-05 13:25:32,290 [root] DEBUG: 4260: Python path set to 'C:\\Python310'.\n2026-03-05 13:25:32,290 [root] DEBUG: 4260: Dropped file limit defaulting to 100.\n2026-03-05 13:25:32,290 [root] DEBUG: 4260: Disabling sleep skipping.\n2026-03-05 13:25:32,305 [root] DEBUG: 4260: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:25:32,337 [root] DEBUG: 4260: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:25:32,352 [root] DEBUG: 4260: YaraScan: Scanning 0x00007FF6C0C10000, size 0x1d056\n2026-03-05 13:25:32,368 [root] DEBUG: 4260: Monitor initialised: 64-bit capemon loaded in process 4260 at 0x00007FF95C960000, thread 6952, image base 0x00007FF6C0C10000, stack from 0x000000C3A6CB4000-0x000000C3A6CC0000\n2026-03-05 13:25:32,368 [root] DEBUG: 4260: Commandline: C:\\Windows\\System32\\mobsync.exe -Embedding\n2026-03-05 13:25:32,399 [root] DEBUG: 4260: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:25:32,462 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:25:32,462 [root] DEBUG: 4260: set_hooks: Unable to hook LockResource\n2026-03-05 13:25:32,477 [root] DEBUG: 4260: Hooked 627 out of 628 functions\n2026-03-05 13:25:32,493 [root] DEBUG: 4260: Syscall hook installed, syscall logging level 1\n2026-03-05 13:25:32,509 [root] DEBUG: 4260: RestoreHeaders: Restored original import table.\n2026-03-05 13:25:32,509 [root] INFO: Loaded monitor into process with pid 4260\n2026-03-05 13:25:32,524 [root] DEBUG: 4260: caller_dispatch: Added region at 0x00007FF6C0C10000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF6C0C14861, thread 6952).\n2026-03-05 13:25:32,524 [root] DEBUG: 4260: YaraScan: Scanning 0x00007FF6C0C10000, size 0x1d056\n2026-03-05 13:25:32,540 [root] DEBUG: 4260: ProcessImageBase: Main module image at 0x00007FF6C0C10000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:25:32,540 [root] DEBUG: 4260: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:25:32,556 [root] DEBUG: 4260: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:25:32,556 [root] DEBUG: 4260: DLL loaded at 0x00007FF97B2E0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-03-05 13:25:32,571 [root] DEBUG: 4260: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:25:32,571 [root] DEBUG: 4260: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:25:32,618 [root] DEBUG: 4260: DEBUG:Initialized 9 com hooks\n2026-03-05 13:25:32,618 [root] DEBUG: 4260: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:25:32,634 [root] DEBUG: 4260: DLL loaded at 0x00007FF9732D0000: C:\\Windows\\System32\\SyncCenter (0x83000 bytes).\n2026-03-05 13:25:32,649 [root] DEBUG: 4260: DLL loaded at 0x00007FF966910000: C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\\comctl32 (0x29a000 bytes).\n2026-03-05 13:25:32,681 [root] DEBUG: 4260: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:25:32,681 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:32,727 [root] DEBUG: 4260: DLL loaded at 0x00007FF976C70000: C:\\Windows\\System32\\ActXPrxy (0xa1000 bytes).\n2026-03-05 13:25:32,727 [root] DEBUG: Loader: Injecting process 1388 (thread 1668) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:32,774 [root] DEBUG: 4260: DLL loaded at 0x00007FF97ADB0000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-03-05 13:25:32,821 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:32,837 [root] DEBUG: 4260: DLL loaded at 0x00007FF977880000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7c9000 bytes).\n2026-03-05 13:25:32,837 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:32,930 [lib.api.process] INFO: Injected into 64-bit <Process 1388 ShellExperienceHost.exe>\n2026-03-05 13:25:32,946 [root] DEBUG: 4260: DLL loaded at 0x00007FF97EC20000: C:\\Windows\\System32\\MSCTF (0x115000 bytes).\n2026-03-05 13:25:33,055 [root] DEBUG: 4260: DLL loaded at 0x00007FF979D80000: C:\\Windows\\system32\\PROPSYS (0xf6000 bytes).\n2026-03-05 13:25:33,087 [root] DEBUG: 4260: DLL loaded at 0x00007FF97A420000: C:\\Windows\\system32\\WTSAPI32 (0x14000 bytes).\n2026-03-05 13:25:33,087 [root] DEBUG: 4260: DLL loaded at 0x00007FF973F20000: C:\\Windows\\system32\\SyncInfrastructure (0x6e000 bytes).\n2026-03-05 13:25:33,087 [root] DEBUG: 4260: DLL loaded at 0x00007FF965160000: C:\\Windows\\System32\\cscui (0xcd000 bytes).\n2026-03-05 13:25:33,118 [root] DEBUG: 4260: DLL loaded at 0x00007FF97D0B0000: C:\\Windows\\system32\\WINSTA (0x5a000 bytes).\n2026-03-05 13:25:33,212 [root] DEBUG: 4260: DLL loaded at 0x00007FF965230000: C:\\Windows\\System32\\CSCAPI (0x12000 bytes).\n2026-03-05 13:25:34,009 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:34,884 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4056\n2026-03-05 13:25:34,899 [lib.api.process] INFO: Monitor config for <Process 4056 SearchApp.exe>: C:\\bx_3000n\\dll\\4056.ini\n2026-03-05 13:25:35,977 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:35,993 [root] DEBUG: Loader: Injecting process 4056 (thread 6884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:36,009 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:36,024 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:36,040 [lib.api.process] INFO: Injected into 64-bit <Process 4056 SearchApp.exe>\n2026-03-05 13:25:36,040 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4056\n2026-03-05 13:25:36,055 [lib.api.process] INFO: Monitor config for <Process 4056 SearchApp.exe>: C:\\bx_3000n\\dll\\4056.ini\n2026-03-05 13:25:37,134 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:37,165 [root] DEBUG: Loader: Injecting process 4056 (thread 6884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:37,165 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:37,165 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:37,180 [lib.api.process] INFO: Injected into 64-bit <Process 4056 SearchApp.exe>\n2026-03-05 13:25:37,180 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4056\n2026-03-05 13:25:37,196 [lib.api.process] INFO: Monitor config for <Process 4056 SearchApp.exe>: C:\\bx_3000n\\dll\\4056.ini\n2026-03-05 13:25:37,274 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:37,290 [root] DEBUG: 1872: DLL loaded at 0x00007FF97AAA0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Contracts.Exp (0x16000 bytes).\n2026-03-05 13:25:38,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:38,165 [root] DEBUG: Loader: Injecting process 4056 (thread 6884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:38,165 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:38,227 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:38,243 [lib.api.process] INFO: Injected into 64-bit <Process 4056 SearchApp.exe>\n2026-03-05 13:25:38,384 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 6860: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:38,399 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6860\n2026-03-05 13:25:38,399 [lib.api.process] INFO: Monitor config for <Process 6860 SearchApp.exe>: C:\\bx_3000n\\dll\\6860.ini\n2026-03-05 13:25:38,446 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:39,477 [root] DEBUG: 1872: DLL loaded at 0x00007FF97A420000: C:\\Windows\\system32\\WTSAPI32 (0x14000 bytes).\n2026-03-05 13:25:39,493 [root] DEBUG: 1872: DLL loaded at 0x000002887FCC0000: C:\\Windows\\system32\\icuuc (0x9000 bytes).\n2026-03-05 13:25:39,509 [root] DEBUG: 1872: DLL loaded at 0x00007FF95DAE0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.AppCore.WinRT (0x1d8000 bytes).\n2026-03-05 13:25:39,696 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:39,727 [root] DEBUG: Loader: Injecting process 6860 (thread 1032) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:39,727 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:39,727 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:39,743 [lib.api.process] INFO: Injected into 64-bit <Process 6860 SearchApp.exe>\n2026-03-05 13:25:39,759 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6860\n2026-03-05 13:25:39,759 [lib.api.process] INFO: Monitor config for <Process 6860 SearchApp.exe>: C:\\bx_3000n\\dll\\6860.ini\n2026-03-05 13:25:40,602 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF904190000, size: 0x4000.\n2026-03-05 13:25:41,196 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:41,227 [root] DEBUG: Loader: Injecting process 6860 (thread 1032) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:41,243 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:41,243 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:41,259 [lib.api.process] INFO: Injected into 64-bit <Process 6860 SearchApp.exe>\n2026-03-05 13:25:41,274 [root] INFO: Process with pid 6860 has terminated\n2026-03-05 13:25:41,696 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:42,571 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 3408: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:42,587 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 3408\n2026-03-05 13:25:42,587 [lib.api.process] INFO: Monitor config for <Process 3408 SearchApp.exe>: C:\\bx_3000n\\dll\\3408.ini\n2026-03-05 13:25:42,790 [root] DEBUG: 1872: DLL loaded at 0x000002887FCD0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Diagnostics.Tracing (0x8000 bytes).\n2026-03-05 13:25:42,821 [root] DEBUG: 1872: DLL loaded at 0x00007FF97AA90000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\Microsoft.Windows.Apps.TraceLogging (0xa000 bytes).\n2026-03-05 13:25:43,040 [root] DEBUG: 1872: DLL loaded at 0x000002887FD40000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\netstandard (0x1c000 bytes).\n2026-03-05 13:25:43,352 [root] DEBUG: 4260: NtTerminateProcess hook: Attempting to dump process 4260\n2026-03-05 13:25:43,352 [root] DEBUG: 4260: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:25:43,384 [root] INFO: Process with pid 4260 has terminated\n2026-03-05 13:25:43,743 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:43,774 [root] DEBUG: Loader: Injecting process 3408 (thread 5192) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:43,774 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:43,790 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:43,790 [lib.api.process] INFO: Injected into 64-bit <Process 3408 SearchApp.exe>\n2026-03-05 13:25:43,805 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 3408\n2026-03-05 13:25:43,805 [lib.api.process] INFO: Monitor config for <Process 3408 SearchApp.exe>: C:\\bx_3000n\\dll\\3408.ini\n2026-03-05 13:25:43,899 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:44,993 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:25:44,993 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF9041D0000, size: 0x1000.\n2026-03-05 13:25:45,009 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:45,337 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:45,352 [root] DEBUG: Loader: Injecting process 3408 (thread 5192) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:45,368 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:45,368 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:45,399 [lib.api.process] INFO: Injected into 64-bit <Process 3408 SearchApp.exe>\n2026-03-05 13:25:45,430 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 3408\n2026-03-05 13:25:45,430 [lib.api.process] INFO: Monitor config for <Process 3408 SearchApp.exe>: C:\\bx_3000n\\dll\\3408.ini\n2026-03-05 13:25:46,399 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF9041F0000, size: 0x4000.\n2026-03-05 13:25:46,399 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:25:47,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:47,165 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF904190000.\n2026-03-05 13:25:47,180 [root] DEBUG: Loader: Injecting process 3408 (thread 5192) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:47,196 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:47,196 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:47,212 [lib.api.process] INFO: Injected into 64-bit <Process 3408 SearchApp.exe>\n2026-03-05 13:25:47,305 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 5244: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:47,321 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 5244\n2026-03-05 13:25:47,321 [lib.api.process] INFO: Monitor config for <Process 5244 SearchApp.exe>: C:\\bx_3000n\\dll\\5244.ini\n2026-03-05 13:25:48,540 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:48,555 [root] DEBUG: Loader: Injecting process 5244 (thread 5400) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:48,555 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:48,571 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:48,571 [lib.api.process] INFO: Injected into 64-bit <Process 5244 SearchApp.exe>\n2026-03-05 13:25:48,587 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 5244\n2026-03-05 13:25:48,587 [lib.api.process] INFO: Monitor config for <Process 5244 SearchApp.exe>: C:\\bx_3000n\\dll\\5244.ini\n2026-03-05 13:25:49,134 [root] DEBUG: 1872: DLL loaded at 0x00007FF95D920000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Text.Json (0x1b4000 bytes).\n2026-03-05 13:25:50,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:50,180 [root] DEBUG: Loader: Injecting process 5244 (thread 5400) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:50,180 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:50,180 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:50,227 [lib.api.process] INFO: Injected into 64-bit <Process 5244 SearchApp.exe>\n2026-03-05 13:25:50,243 [root] INFO: Process with pid 5244 has terminated\n2026-03-05 13:25:51,040 [root] INFO: Process with pid 6224 has terminated\n2026-03-05 13:25:51,040 [root] DEBUG: 6224: NtTerminateProcess hook: Attempting to dump process 6224\n2026-03-05 13:25:51,055 [root] DEBUG: 6224: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:25:51,587 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4884: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:51,634 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4884\n2026-03-05 13:25:51,634 [lib.api.process] INFO: Monitor config for <Process 4884 SearchApp.exe>: C:\\bx_3000n\\dll\\4884.ini\n2026-03-05 13:25:52,618 [root] DEBUG: 1048: DLL loaded at 0x00007FF978400000: C:\\Windows\\System32\\twinapi.appcore (0x200000 bytes).\n2026-03-05 13:25:52,634 [root] DEBUG: 1048: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:25:52,649 [root] DEBUG: 1048: DLL loaded at 0x00007FF969920000: C:\\Windows\\System32\\Windows.ApplicationModel (0xe6000 bytes).\n2026-03-05 13:25:53,040 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:53,055 [root] DEBUG: Loader: Injecting process 4884 (thread 5372) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:53,087 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:53,087 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:53,102 [lib.api.process] INFO: Injected into 64-bit <Process 4884 SearchApp.exe>\n2026-03-05 13:25:53,102 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4884\n2026-03-05 13:25:53,118 [lib.api.process] INFO: Monitor config for <Process 4884 SearchApp.exe>: C:\\bx_3000n\\dll\\4884.ini\n2026-03-05 13:25:55,087 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:55,118 [root] DEBUG: Loader: Injecting process 4884 (thread 5372) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:55,118 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:55,118 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:55,134 [lib.api.process] INFO: Injected into 64-bit <Process 4884 SearchApp.exe>\n2026-03-05 13:25:55,149 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4884\n2026-03-05 13:25:55,149 [lib.api.process] INFO: Monitor config for <Process 4884 SearchApp.exe>: C:\\bx_3000n\\dll\\4884.ini\n2026-03-05 13:25:56,649 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:56,696 [root] DEBUG: Loader: Injecting process 4884 (thread 5372) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:56,696 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:25:56,696 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:56,712 [lib.api.process] INFO: Injected into 64-bit <Process 4884 SearchApp.exe>\n2026-03-05 13:25:56,805 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 6468: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:25:56,805 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6468\n2026-03-05 13:25:56,821 [lib.api.process] INFO: Monitor config for <Process 6468 SearchApp.exe>: C:\\bx_3000n\\dll\\6468.ini\n2026-03-05 13:25:58,071 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:58,134 [root] DEBUG: Loader: Injecting process 6468 (thread 4296) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:58,352 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:58,368 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:58,399 [lib.api.process] INFO: Injected into 64-bit <Process 6468 SearchApp.exe>\n2026-03-05 13:25:58,524 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 6468\n2026-03-05 13:25:58,540 [lib.api.process] INFO: Monitor config for <Process 6468 SearchApp.exe>: C:\\bx_3000n\\dll\\6468.ini\n2026-03-05 13:25:59,618 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:25:59,712 [root] DEBUG: Loader: Injecting process 6468 (thread 4296) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:59,712 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:25:59,712 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:25:59,727 [lib.api.process] INFO: Injected into 64-bit <Process 6468 SearchApp.exe>\n2026-03-05 13:25:59,727 [root] INFO: Process with pid 6468 has terminated\n2026-03-05 13:26:03,384 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4948: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:26:03,415 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4948\n2026-03-05 13:26:03,415 [lib.api.process] INFO: Monitor config for <Process 4948 SearchApp.exe>: C:\\bx_3000n\\dll\\4948.ini\n2026-03-05 13:26:05,149 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:05,196 [root] DEBUG: Loader: Injecting process 4948 (thread 4708) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:05,196 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:05,212 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:05,227 [lib.api.process] INFO: Injected into 64-bit <Process 4948 SearchApp.exe>\n2026-03-05 13:26:05,227 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4948\n2026-03-05 13:26:05,243 [lib.api.process] INFO: Monitor config for <Process 4948 SearchApp.exe>: C:\\bx_3000n\\dll\\4948.ini\n2026-03-05 13:26:07,930 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:07,946 [root] DEBUG: Loader: Injecting process 4948 (thread 4708) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:07,962 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:07,962 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:07,977 [lib.api.process] INFO: Injected into 64-bit <Process 4948 SearchApp.exe>\n2026-03-05 13:26:07,977 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4948\n2026-03-05 13:26:07,993 [lib.api.process] INFO: Monitor config for <Process 4948 SearchApp.exe>: C:\\bx_3000n\\dll\\4948.ini\n2026-03-05 13:26:09,696 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:09,727 [root] DEBUG: Loader: Injecting process 4948 (thread 4708) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:09,727 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:26:09,743 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:09,743 [lib.api.process] INFO: Injected into 64-bit <Process 4948 SearchApp.exe>\n2026-03-05 13:26:09,852 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 2624: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:26:09,868 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 2624\n2026-03-05 13:26:09,868 [lib.api.process] INFO: Monitor config for <Process 2624 SearchApp.exe>: C:\\bx_3000n\\dll\\2624.ini\n2026-03-05 13:26:11,071 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:11,102 [root] DEBUG: Loader: Injecting process 2624 (thread 6884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:11,102 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:11,118 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:11,118 [lib.api.process] INFO: Injected into 64-bit <Process 2624 SearchApp.exe>\n2026-03-05 13:26:11,134 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 2624\n2026-03-05 13:26:11,134 [lib.api.process] INFO: Monitor config for <Process 2624 SearchApp.exe>: C:\\bx_3000n\\dll\\2624.ini\n2026-03-05 13:26:12,446 [root] DEBUG: 1872: DLL loaded at 0x00007FF972420000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Linq (0x9e000 bytes).\n2026-03-05 13:26:12,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:12,526 [root] DEBUG: Loader: Injecting process 2624 (thread 6884) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:12,526 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:12,526 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:12,540 [lib.api.process] INFO: Injected into 64-bit <Process 2624 SearchApp.exe>\n2026-03-05 13:26:12,540 [root] INFO: Process with pid 2624 has terminated\n2026-03-05 13:26:13,790 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 2352: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:26:13,805 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 2352\n2026-03-05 13:26:13,805 [lib.api.process] INFO: Monitor config for <Process 2352 SearchApp.exe>: C:\\bx_3000n\\dll\\2352.ini\n2026-03-05 13:26:14,915 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:14,946 [root] DEBUG: Loader: Injecting process 2352 (thread 4832) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:14,946 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:14,946 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:14,962 [lib.api.process] INFO: Injected into 64-bit <Process 2352 SearchApp.exe>\n2026-03-05 13:26:14,977 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 2352\n2026-03-05 13:26:14,977 [lib.api.process] INFO: Monitor config for <Process 2352 SearchApp.exe>: C:\\bx_3000n\\dll\\2352.ini\n2026-03-05 13:26:16,852 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:16,884 [root] DEBUG: Loader: Injecting process 2352 (thread 4832) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:16,884 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:16,930 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:16,930 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:16,962 [lib.api.process] INFO: Injected into 64-bit <Process 2352 SearchApp.exe>\n2026-03-05 13:26:16,977 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 2352\n2026-03-05 13:26:16,977 [lib.api.process] INFO: Monitor config for <Process 2352 SearchApp.exe>: C:\\bx_3000n\\dll\\2352.ini\n2026-03-05 13:26:18,399 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:18,462 [root] DEBUG: Loader: Injecting process 2352 (thread 4832) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:18,462 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-03-05 13:26:18,462 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:18,477 [lib.api.process] INFO: Injected into 64-bit <Process 2352 SearchApp.exe>\n2026-03-05 13:26:18,509 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 4616: C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe, ImageBase: 0x00007FF6B3BE0000\n2026-03-05 13:26:18,524 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4616\n2026-03-05 13:26:18,524 [lib.api.process] INFO: Monitor config for <Process 4616 SearchApp.exe>: C:\\bx_3000n\\dll\\4616.ini\n2026-03-05 13:26:20,946 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:20,962 [root] DEBUG: Loader: Injecting process 4616 (thread 6156) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:20,977 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:20,977 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:20,993 [lib.api.process] INFO: Injected into 64-bit <Process 4616 SearchApp.exe>\n2026-03-05 13:26:21,009 [root] INFO: Announced 64-bit process name: SearchApp.exe pid: 4616\n2026-03-05 13:26:21,009 [lib.api.process] INFO: Monitor config for <Process 4616 SearchApp.exe>: C:\\bx_3000n\\dll\\4616.ini\n2026-03-05 13:26:22,493 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:22,524 [root] DEBUG: Loader: Injecting process 4616 (thread 6156) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:22,524 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:22,524 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:22,540 [lib.api.process] INFO: Injected into 64-bit <Process 4616 SearchApp.exe>\n2026-03-05 13:26:22,555 [root] INFO: Process with pid 4616 has terminated\n2026-03-05 13:26:33,259 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:34,321 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:35,415 [root] DEBUG: 1872: AllocationHandler: Adding allocation to tracked region list: 0x00007FF9042A0000, size: 0x4000.\n2026-03-05 13:26:36,493 [root] DEBUG: 1872: AddTrackedRegion: GetEntropy failed.\n2026-03-05 13:26:37,649 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:37,680 [root] DEBUG: 1048: DLL loaded at 0x00007FF979D80000: C:\\Windows\\System32\\PROPSYS (0xf6000 bytes).\n2026-03-05 13:26:37,680 [root] DEBUG: 1048: DLL loaded at 0x00007FF969730000: C:\\Windows\\System32\\AppExtension (0x37000 bytes).\n2026-03-05 13:26:37,712 [root] DEBUG: 1048: DLL loaded at 0x00007FF977880000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7c9000 bytes).\n2026-03-05 13:26:38,555 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 6708: C:\\Windows\\system32\\DllHost.exe, ImageBase: 0x00007FF799000000\n2026-03-05 13:26:38,587 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 6708\n2026-03-05 13:26:38,587 [lib.api.process] INFO: Monitor config for <Process 6708 dllhost.exe>: C:\\bx_3000n\\dll\\6708.ini\n2026-03-05 13:26:38,618 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:38,634 [root] DEBUG: Loader: Injecting process 6708 (thread 4944) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:38,634 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:38,649 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:38,649 [lib.api.process] INFO: Injected into 64-bit <Process 6708 dllhost.exe>\n2026-03-05 13:26:38,665 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 6708\n2026-03-05 13:26:38,665 [lib.api.process] INFO: Monitor config for <Process 6708 dllhost.exe>: C:\\bx_3000n\\dll\\6708.ini\n2026-03-05 13:26:38,680 [lib.api.process] INFO: 64-bit DLL to inject is C:\\bx_3000n\\dll\\KWXNIGCf.dll, loader C:\\bx_3000n\\bin\\ewlnRPvT.exe\n2026-03-05 13:26:38,759 [root] DEBUG: Loader: Injecting process 6708 (thread 4944) with C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:38,774 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 13:26:38,790 [root] DEBUG: 1048: DLL loaded at 0x00007FF96B9E0000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-03-05 13:26:38,790 [root] DEBUG: Successfully injected DLL C:\\bx_3000n\\dll\\KWXNIGCf.dll.\n2026-03-05 13:26:38,805 [lib.api.process] INFO: Injected into 64-bit <Process 6708 dllhost.exe>\n2026-03-05 13:26:38,852 [root] DEBUG: 6708: Python path set to 'C:\\Python310'.\n2026-03-05 13:26:38,852 [root] DEBUG: 6708: Dropped file limit defaulting to 100.\n2026-03-05 13:26:38,868 [root] DEBUG: 6708: Disabling sleep skipping.\n2026-03-05 13:26:38,884 [root] DEBUG: 6708: YaraInit: Compiled rules loaded from existing file C:\\bx_3000n\\data\\yara\\capemon.yac\n2026-03-05 13:26:38,915 [root] DEBUG: 6708: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 13:26:38,930 [root] DEBUG: 6708: YaraScan: Scanning 0x00007FF799000000, size 0x8026\n2026-03-05 13:26:38,930 [root] DEBUG: 6708: Monitor initialised: 64-bit capemon loaded in process 6708 at 0x00007FF95C960000, thread 4944, image base 0x00007FF799000000, stack from 0x0000002F33AF4000-0x0000002F33B00000\n2026-03-05 13:26:38,946 [root] DEBUG: 6708: Commandline: C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\n2026-03-05 13:26:38,977 [root] DEBUG: 6708: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 13:26:39,024 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 13:26:39,024 [root] DEBUG: 6708: set_hooks: Unable to hook LockResource\n2026-03-05 13:26:39,040 [root] DEBUG: 6708: Hooked 627 out of 628 functions\n2026-03-05 13:26:39,040 [root] DEBUG: 6708: Syscall hook installed, syscall logging level 1\n2026-03-05 13:26:39,055 [root] DEBUG: 6708: RestoreHeaders: Restored original import table.\n2026-03-05 13:26:39,055 [root] INFO: Loaded monitor into process with pid 6708\n2026-03-05 13:26:39,071 [root] DEBUG: 6708: caller_dispatch: Added region at 0x00007FF799000000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF799001349, thread 4944).\n2026-03-05 13:26:39,071 [root] DEBUG: 6708: YaraScan: Scanning 0x00007FF799000000, size 0x8026\n2026-03-05 13:26:39,071 [root] DEBUG: 6708: ProcessImageBase: Main module image at 0x00007FF799000000 unmodified (entropy change 0.000000e+00)\n2026-03-05 13:26:39,071 [root] DEBUG: 6708: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 13:26:39,087 [root] DEBUG: 6708: DLL loaded at 0x00007FF97B2E0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-03-05 13:26:39,087 [root] DEBUG: 6708: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 13:26:39,102 [root] DEBUG: 6708: DLL loaded at 0x00007FF97F1B0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-03-05 13:26:39,149 [root] DEBUG: 6708: DLL loaded at 0x00007FF97ADB0000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-03-05 13:26:39,180 [root] DEBUG: 6708: DEBUG:Initialized 9 com hooks\n2026-03-05 13:26:39,212 [root] DEBUG: 6708: DLL loaded at 0x00007FF97DF10000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-03-05 13:26:39,212 [root] DEBUG: 6708: DLL loaded at 0x00007FF965EC0000: C:\\Windows\\System32\\thumbcache (0x66000 bytes).\n2026-03-05 13:26:39,227 [root] DEBUG: 6708: DLL loaded at 0x00007FF979D80000: C:\\Windows\\system32\\propsys (0xf6000 bytes).\n2026-03-05 13:26:39,821 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:42,055 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:43,149 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:44,274 [root] DEBUG: 1872: DLL loaded at 0x00007FF978E50000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\System.Reflection.Emit (0x47000 bytes).\n2026-03-05 13:26:44,321 [root] INFO: Process with pid 6708 has terminated\n2026-03-05 13:26:44,337 [root] DEBUG: 6708: NtTerminateProcess hook: Attempting to dump process 6708\n2026-03-05 13:26:44,337 [root] DEBUG: 6708: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:26:46,602 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:48,774 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:50,915 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:51,977 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:53,149 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:54,290 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:55,384 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:26:56,618 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9042A0000.\n2026-03-05 13:27:00,040 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:27:01,087 [root] DEBUG: 1872: AllocationHandler: Allocation already in tracked region list: 0x00007FF9038E0000.\n2026-03-05 13:27:01,680 [root] INFO: Analysis timeout hit, terminating analysis\n2026-03-05 13:27:01,680 [lib.api.process] INFO: Terminate event set for <Process 4920 87053d0ad81ac3367ef5.exe>\n2026-03-05 13:27:01,680 [root] DEBUG: 4920: Terminate Event: Attempting to dump process 4920\n2026-03-05 13:27:01,696 [root] DEBUG: 4920: VerifyCodeSection: Executable code does not match, 0x930b2 of 0x930b3 matching\n2026-03-05 13:27:01,696 [root] DEBUG: 4920: DoProcessDump: Code modification detected, dumping Imagebase at 0x00990000.\n2026-03-05 13:27:01,696 [root] DEBUG: 4920: DumpImageInCurrentProcess: Attempting to dump virtual PE image.\n2026-03-05 13:27:01,696 [root] DEBUG: 4920: DumpProcess: Instantiating PeParser with address: 0x00990000.\n2026-03-05 13:27:01,712 [root] DEBUG: 4920: DumpProcess: Module entry point VA is 0x00A250AE.\n2026-03-05 13:27:01,712 [root] DEBUG: 4920: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00A26000, section 2\n2026-03-05 13:27:01,712 [root] DEBUG: 4920: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00A28000, section 3\n2026-03-05 13:27:01,743 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4920_29807127105432026 to procdump\\bb8336c1e35099bae6648caef872f56c2261d269f3100b712da0764872bc3c24; Size is 603648; Max size: 100000000\n2026-03-05 13:27:01,759 [root] DEBUG: 4920: DumpProcess: Module image dump success - dump size 0x93600.\n2026-03-05 13:27:01,759 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x04560000 (jit-dumps=0)\n2026-03-05 13:27:01,774 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x05520000 (jit-dumps=0)\n2026-03-05 13:27:01,774 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07AE0000 (jit-dumps=0)\n2026-03-05 13:27:01,774 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07B20000 (jit-dumps=0)\n2026-03-05 13:27:01,774 [root] DEBUG: 4920: DumpInterestingRegions: Dumping .NET image at 0x07C40000.\n2026-03-05 13:27:01,774 [root] DEBUG: 4920: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image (process 4920)\n2026-03-05 13:27:01,805 [root] DEBUG: 4920: DumpPE: Instantiating PeParser with address: 0x07C40000.\n2026-03-05 13:27:01,837 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4920_15161407127105432026 to CAPE\\1418cd079560e4f80be6d45ff9d81ae35a49daff118cecad4c66766f7fa4fa0e; Size is 662528; Max size: 100000000\n2026-03-05 13:27:01,837 [root] DEBUG: 4920: DumpPE: PE file at 0x07C40000 dumped successfully - dump size 0xa1c00.\n2026-03-05 13:27:01,852 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07D80000 (jit-dumps=0)\n2026-03-05 13:27:01,852 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07F20000 (jit-dumps=0)\n2026-03-05 13:27:01,868 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x082D0000 (jit-dumps=0)\n2026-03-05 13:27:01,868 [root] DEBUG: 4920: DumpInterestingRegions: Skipping .NET JIT native cache at 0x08880000 (jit-dumps=0)\n2026-03-05 13:27:01,884 [root] DEBUG: 4920: DumpPEsInRange: Scanning range 0x07B30000 - 0x07B31FFE.\n2026-03-05 13:27:01,884 [root] DEBUG: 4920: ScanForDisguisedPE: No PE image located in range 0x07B30000-0x07B31FFE.\n2026-03-05 13:27:01,915 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\4920_5599256127105432026 to CAPE\\e66aa3ffd9975b12e03c7c6a8ea5c1398308af843513323665f4e5b3db8ebcb4; Size is 8190; Max size: 100000000\n2026-03-05 13:27:01,915 [root] DEBUG: 4920: DumpMemory: Payload successfully created: C:\\GyVrCf\\CAPE\\4920_5599256127105432026 (size 8190 bytes)\n2026-03-05 13:27:01,930 [root] DEBUG: 4920: DumpRegion: Dumped entire allocation from 0x07B30000, size 8192 bytes.\n2026-03-05 13:27:01,930 [root] DEBUG: 4920: ProcessTrackedRegion: Dumped region at 0x07B30000.\n2026-03-05 13:27:01,930 [root] DEBUG: 4920: YaraScan: Scanning 0x07B30000, size 0x1ffe\n2026-03-05 13:27:01,946 [lib.api.process] INFO: Termination confirmed for <Process 4920 87053d0ad81ac3367ef5.exe>\n2026-03-05 13:27:01,946 [root] DEBUG: 4920: Terminate Event: monitor shutdown complete for process 4920\n2026-03-05 13:27:01,946 [root] INFO: Terminate event set for process 4920\n2026-03-05 13:27:01,962 [lib.api.process] INFO: Terminate event set for <Process 772 svchost.exe>\n2026-03-05 13:27:01,962 [root] DEBUG: 772: Terminate Event: Attempting to dump process 772\n2026-03-05 13:27:01,962 [root] DEBUG: 772: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:27:01,977 [lib.api.process] INFO: Termination confirmed for <Process 772 svchost.exe>\n2026-03-05 13:27:01,993 [root] INFO: Terminate event set for process 772\n2026-03-05 13:27:02,009 [root] DEBUG: 772: Terminate Event: monitor shutdown complete for process 772\n2026-03-05 13:27:02,009 [lib.api.process] INFO: Terminate event set for <Process 3820 svchost.exe>\n2026-03-05 13:27:02,009 [root] DEBUG: 3820: Terminate Event: Attempting to dump process 3820\n2026-03-05 13:27:02,009 [root] DEBUG: 3820: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:27:02,024 [lib.api.process] INFO: Termination confirmed for <Process 3820 svchost.exe>\n2026-03-05 13:27:02,040 [root] INFO: Terminate event set for process 3820\n2026-03-05 13:27:02,040 [root] DEBUG: 3820: Terminate Event: monitor shutdown complete for process 3820\n2026-03-05 13:27:02,040 [lib.api.process] INFO: Terminate event set for <Process 1872 backgroundTaskHost.exe>\n2026-03-05 13:27:02,165 [root] DEBUG: 1872: DLL loaded at 0x00007FF95DCF0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Calling.Managed (0x1d3000 bytes).\n2026-03-05 13:27:02,196 [root] DEBUG: 1872: Terminate Event: Attempting to dump process 1872\n2026-03-05 13:27:04,852 [root] DEBUG: 772: CreateProcessHandler: Injection info set for new process 852: C:\\Windows\\system32\\wbem\\wmiprvse.exe, ImageBase: 0x00007FF739F10000\n2026-03-05 13:27:05,962 [root] DEBUG: 1872: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:27:05,977 [root] DEBUG: 1872: DLL loaded at 0x00007FF95CF40000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Devices.Managed (0x198000 bytes).\n2026-03-05 13:27:06,056 [root] DEBUG: 1872: DLL loaded at 0x00007FF95BFA0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Fre.Managed (0x37d000 bytes).\n2026-03-05 13:27:06,134 [root] DEBUG: 1872: DLL loaded at 0x00007FF96C500000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Hotspot.Managed (0x61000 bytes).\n2026-03-05 13:27:06,180 [root] DEBUG: 1872: DLL loaded at 0x00007FF95E940000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Photos.Managed (0x145000 bytes).\n2026-03-05 13:27:06,571 [root] DEBUG: 1872: DumpPEsInRange: Scanning range 0x00007FF9042A0000 - 0x00007FF9042ACE9E.\n2026-03-05 13:27:06,618 [root] DEBUG: 1872: ScanForDisguisedPE: No PE image located in range 0x00007FF9042A0000-0x00007FF9042ACE9E.\n2026-03-05 13:27:06,618 [root] DEBUG: 1872: DLL loaded at 0x00007FF95EDD0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Settings.Managed (0xbf000 bytes).\n2026-03-05 13:27:06,649 [root] DEBUG: 1872: DLL loaded at 0x00007FF95BE70000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.SharedContent.Managed (0x123000 bytes).\n2026-03-05 13:27:06,696 [root] DEBUG: 1872: DLL loaded at 0x00007FF95BCB0000: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.25072.79.0_x64__8wekyb3d8bbwe\\YourPhone.Shell (0x1bc000 bytes).\n2026-03-05 13:27:06,727 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\CAPE\\1872_25994627105432026 to CAPE\\07c22227e862bed1e988bacdd788ae7cf4de30cf2072325898321cb66d96a71a; Size is 52942; Max size: 100000000\n2026-03-05 13:27:07,055 [lib.api.process] INFO: Termination confirmed for <Process 1872 backgroundTaskHost.exe>\n2026-03-05 13:27:07,055 [root] INFO: Terminate event set for process 1872\n2026-03-05 13:27:07,055 [lib.api.process] INFO: Terminate event set for <Process 1048 RuntimeBroker.exe>\n2026-03-05 13:27:07,071 [root] DEBUG: 1048: Terminate Event: Attempting to dump process 1048\n2026-03-05 13:27:07,071 [root] DEBUG: 1048: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 13:27:07,087 [root] DEBUG: 1048: Terminate Event: monitor shutdown complete for process 1048\n2026-03-05 13:27:07,087 [lib.api.process] INFO: Termination confirmed for <Process 1048 RuntimeBroker.exe>\n2026-03-05 13:27:07,087 [root] INFO: Terminate event set for process 1048\n2026-03-05 13:27:07,102 [root] INFO: Created shutdown mutex\n2026-03-05 13:27:08,118 [root] INFO: Shutting down package\n2026-03-05 13:27:08,118 [root] INFO: Stopping auxiliary modules\n2026-03-05 13:27:08,118 [root] INFO: Stopping auxiliary module: Browser\n2026-03-05 13:27:08,118 [root] INFO: Stopping auxiliary module: Human\n2026-03-05 13:27:11,915 [root] INFO: Stopping auxiliary module: Screenshots\n2026-03-05 13:27:12,149 [root] INFO: Finishing auxiliary modules\n2026-03-05 13:27:12,149 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-03-05 13:27:12,165 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\f01b4d95cf55d32a.automaticDestinations-ms to files\\b044f900caf7f7ed584fc54b10c2839616f27ba3e8230343e3727246e9620597; Size is 7168; Max size: 100000000\n2026-03-05 13:27:12,180 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\5f7b5f1e01b83767.automaticDestinations-ms to files\\07aceb40c46fd8c7c36ff46f79c1063a632588fedc69bdc7e61994a91555eda7; Size is 1536; Max size: 100000000\n2026-03-05 13:27:12,180 [root] WARNING: Folder at path \"C:\\GyVrCf\\debugger\" does not exist, skipping\n2026-03-05 13:27:12,196 [root] INFO: Uploading files at path \"C:\\GyVrCf\\tlsdump\"\n2026-03-05 13:27:12,196 [lib.common.results] INFO: Uploading file C:\\GyVrCf\\tlsdump\\tlsdump.log to tlsdump\\tlsdump.log; Size is 10412; Max size: 100000000\n2026-03-05 13:27:12,212 [root] WARNING: Monitor injection attempted but failed for process 1032\n2026-03-05 13:27:12,212 [root] WARNING: Monitor injection attempted but failed for process 6420\n2026-03-05 13:27:12,212 [root] WARNING: Monitor injection attempted but failed for process 4708\n2026-03-05 13:27:12,212 [root] WARNING: Monitor injection attempted but failed for process 5420\n2026-03-05 13:27:12,212 [root] WARNING: Monitor injection attempted but failed for process 5696\n2026-03-05 13:27:12,227 [root] WARNING: Monitor injection attempted but failed for process 3668\n2026-03-05 13:27:12,227 [root] WARNING: Monitor injection attempted but failed for process 3184\n2026-03-05 13:27:12,227 [root] WARNING: Monitor injection attempted but failed for process 4900\n2026-03-05 13:27:12,227 [root] WARNING: Monitor injection attempted but failed for process 2172\n2026-03-05 13:27:12,227 [root] WARNING: Monitor injection attempted but failed for process 5720\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 3688\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 4056\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 884\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 1388\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 6860\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 3408\n2026-03-05 13:27:12,243 [root] WARNING: Monitor injection attempted but failed for process 5244\n2026-03-05 13:27:12,259 [root] WARNING: Monitor injection attempted but failed for process 4884\n2026-03-05 13:27:12,259 [root] WARNING: Monitor injection attempted but failed for process 6468\n2026-03-05 13:27:12,259 [root] WARNING: Monitor injection attempted but failed for process 4948\n2026-03-05 13:27:12,259 [root] WARNING: Monitor injection attempted but failed for process 2624\n2026-03-05 13:27:12,259 [root] WARNING: Monitor injection attempted but failed for process 2352\n2026-03-05 13:27:12,259 [root] WARNING: Monitor injection attempted but failed for process 4616\n2026-03-05 13:27:12,259 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "4a26c914a0ba53fde3e573ad4fbd564b21b312921e3b3739d75fbbc2301849e9",
    "hosts": [
      {
        "ip": "89.23.103.60",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          7001
        ]
      },
      {
        "ip": "72.154.7.109",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.16",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "4.207.247.138",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "135.232.92.97",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "176.99.136.153",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      }
    ],
    "domains": [],
    "tcp": [
      {
        "src": "192.168.1.100",
        "sport": 50628,
        "dst": "52.182.143.215",
        "dport": 443,
        "offset": 13334,
        "time": 3.9464499950408936
      },
      {
        "src": "192.168.1.100",
        "sport": 50625,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 13618,
        "time": 4.009819030761719
      },
      {
        "src": "192.168.1.100",
        "sport": 50615,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 14781,
        "time": 4.098873138427734
      },
      {
        "src": "192.168.1.100",
        "sport": 50629,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 21283,
        "time": 4.139031171798706
      },
      {
        "src": "192.168.1.100",
        "sport": 50631,
        "dst": "109.61.38.38",
        "dport": 80,
        "offset": 1013865,
        "time": 15.803874015808105
      },
      {
        "src": "192.168.1.100",
        "sport": 50633,
        "dst": "135.232.92.97",
        "dport": 443,
        "offset": 1016765,
        "time": 17.347069025039673
      },
      {
        "src": "192.168.1.100",
        "sport": 49739,
        "dst": "4.207.247.138",
        "dport": 443,
        "offset": 1030646,
        "time": 19.817674160003662
      },
      {
        "src": "192.168.1.100",
        "sport": 50636,
        "dst": "23.46.116.231",
        "dport": 80,
        "offset": 1038549,
        "time": 20.26698613166809
      },
      {
        "src": "192.168.1.100",
        "sport": 50641,
        "dst": "72.145.35.144",
        "dport": 443,
        "offset": 1060284,
        "time": 23.55815601348877
      },
      {
        "src": "192.168.1.100",
        "sport": 50643,
        "dst": "2.23.89.205",
        "dport": 443,
        "offset": 1084172,
        "time": 24.091794967651367
      },
      {
        "src": "192.168.1.100",
        "sport": 50647,
        "dst": "52.137.106.217",
        "dport": 443,
        "offset": 1154228,
        "time": 25.870371103286743
      },
      {
        "src": "192.168.1.100",
        "sport": 50649,
        "dst": "20.50.80.214",
        "dport": 443,
        "offset": 1167552,
        "time": 26.51731514930725
      },
      {
        "src": "192.168.1.100",
        "sport": 50653,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 1186107,
        "time": 38.2508499622345
      },
      {
        "src": "192.168.1.100",
        "sport": 50655,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 1189610,
        "time": 49.32087206840515
      },
      {
        "src": "192.168.1.100",
        "sport": 50657,
        "dst": "72.154.7.109",
        "dport": 443,
        "offset": 2318492,
        "time": 50.32613801956177
      },
      {
        "src": "192.168.1.100",
        "sport": 50656,
        "dst": "72.154.7.16",
        "dport": 443,
        "offset": 2318784,
        "time": 50.32652401924133
      },
      {
        "src": "192.168.1.100",
        "sport": 50660,
        "dst": "20.190.181.5",
        "dport": 443,
        "offset": 2335718,
        "time": 51.53600311279297
      },
      {
        "src": "192.168.1.100",
        "sport": 50663,
        "dst": "135.232.92.97",
        "dport": 443,
        "offset": 2353198,
        "time": 52.982141971588135
      },
      {
        "src": "192.168.1.100",
        "sport": 50664,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 2368136,
        "time": 53.730173110961914
      },
      {
        "src": "192.168.1.100",
        "sport": 50672,
        "dst": "51.132.193.104",
        "dport": 443,
        "offset": 2382879,
        "time": 58.45113205909729
      },
      {
        "src": "192.168.1.100",
        "sport": 50676,
        "dst": "150.171.22.17",
        "dport": 443,
        "offset": 2402272,
        "time": 60.7710120677948
      },
      {
        "src": "192.168.1.100",
        "sport": 50677,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 2416164,
        "time": 61.16400504112244
      },
      {
        "src": "192.168.1.100",
        "sport": 50699,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 3562878,
        "time": 77.81115913391113
      },
      {
        "src": "192.168.1.100",
        "sport": 50700,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 3563567,
        "time": 77.82710695266724
      },
      {
        "src": "192.168.1.100",
        "sport": 50698,
        "dst": "72.154.7.107",
        "dport": 443,
        "offset": 3721422,
        "time": 77.93868613243103
      },
      {
        "src": "192.168.1.100",
        "sport": 50702,
        "dst": "89.23.103.60",
        "dport": 7001,
        "offset": 15296076,
        "time": 79.3038580417633
      },
      {
        "src": "192.168.1.100",
        "sport": 50706,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 25097442,
        "time": 81.29552507400513
      },
      {
        "src": "192.168.1.100",
        "sport": 50707,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 25734274,
        "time": 81.40086507797241
      },
      {
        "src": "192.168.1.100",
        "sport": 50713,
        "dst": "20.223.35.26",
        "dport": 443,
        "offset": 37412295,
        "time": 84.39216494560242
      },
      {
        "src": "192.168.1.100",
        "sport": 50714,
        "dst": "20.223.35.26",
        "dport": 443,
        "offset": 37412827,
        "time": 84.39652109146118
      },
      {
        "src": "192.168.1.100",
        "sport": 50718,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 37441397,
        "time": 85.4339051246643
      },
      {
        "src": "192.168.1.100",
        "sport": 50723,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 37522094,
        "time": 91.32703900337219
      },
      {
        "src": "192.168.1.100",
        "sport": 50728,
        "dst": "51.116.253.169",
        "dport": 443,
        "offset": 37614094,
        "time": 115.39310908317566
      },
      {
        "src": "192.168.1.100",
        "sport": 50741,
        "dst": "20.42.73.25",
        "dport": 443,
        "offset": 37633890,
        "time": 124.1066300868988
      },
      {
        "src": "192.168.1.100",
        "sport": 50749,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 37649007,
        "time": 132.8362820148468
      },
      {
        "src": "192.168.1.100",
        "sport": 50790,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 37721345,
        "time": 161.36942505836487
      }
    ],
    "udp": [
      {
        "src": "192.168.1.100",
        "sport": 59091,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 134,
        "time": 0.023201942443847656
      },
      {
        "src": "192.168.1.100",
        "sport": 61416,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 14229,
        "time": 4.054877996444702
      },
      {
        "src": "192.168.1.100",
        "sport": 60944,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 20737,
        "time": 4.111823081970215
      },
      {
        "src": "192.168.1.100",
        "sport": 49186,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 1031074,
        "time": 20.136783123016357
      },
      {
        "src": "192.168.1.100",
        "sport": 56891,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 1032019,
        "time": 20.194980144500732
      },
      {
        "src": "192.168.1.100",
        "sport": 55947,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1077384,
        "time": 23.944472074508667
      },
      {
        "src": "192.168.1.100",
        "sport": 59121,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1078839,
        "time": 24.045022010803223
      },
      {
        "src": "192.168.1.100",
        "sport": 50393,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1125558,
        "time": 24.848584175109863
      },
      {
        "src": "192.168.1.100",
        "sport": 50531,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1184968,
        "time": 38.1707489490509
      },
      {
        "src": "192.168.1.100",
        "sport": 65099,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1188677,
        "time": 48.26188111305237
      },
      {
        "src": "192.168.1.100",
        "sport": 62760,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2366675,
        "time": 53.651283979415894
      },
      {
        "src": "192.168.1.100",
        "sport": 51334,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2369862,
        "time": 54.4370641708374
      },
      {
        "src": "192.168.1.100",
        "sport": 61033,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 2381785,
        "time": 58.395554065704346
      },
      {
        "src": "192.168.1.100",
        "sport": 54302,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2401681,
        "time": 60.71186304092407
      },
      {
        "src": "192.168.1.100",
        "sport": 57393,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 3545325,
        "time": 70.70813298225403
      },
      {
        "src": "192.168.1.100",
        "sport": 57566,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 14166332,
        "time": 79.11364817619324
      },
      {
        "src": "192.168.1.100",
        "sport": 50361,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 37408191,
        "time": 83.95556902885437
      },
      {
        "src": "192.168.1.100",
        "sport": 55042,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 37410781,
        "time": 84.33056306838989
      },
      {
        "src": "192.168.1.100",
        "sport": 63288,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 37504139,
        "time": 89.20548915863037
      },
      {
        "src": "192.168.1.100",
        "sport": 60073,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 37521240,
        "time": 91.28374195098877
      },
      {
        "src": "192.168.1.100",
        "sport": 138,
        "dst": "192.168.1.255",
        "dport": 138,
        "offset": 37599141,
        "time": 107.58953213691711
      },
      {
        "src": "192.168.1.100",
        "sport": 64692,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37623303,
        "time": 118.91399812698364
      },
      {
        "src": "192.168.1.100",
        "sport": 60823,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37703056,
        "time": 137.63570713996887
      },
      {
        "src": "192.168.1.100",
        "sport": 50529,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 37720671,
        "time": 161.30615401268005
      }
    ],
    "icmp": [
      {
        "src": "192.168.1.100",
        "dst": "8.8.8.8",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.8.8",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      }
    ],
    "http": [
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.126\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772716991.713182
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.127\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772716991.802236
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772716991.842394
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=25165824-26079085\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772716996.884754
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717025.954213
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.2.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717037.024235
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=17825792-18874367\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.2.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717037.218054
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717041.433536
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717048.867368
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=8388608-9437183\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717055.745437
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717065.514522
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717065.53047
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=290455552-291504127\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717065.907649
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=291504128-292552703\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.027779
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=292552704-293601279\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.106111
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=293601280-294649855\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.223673
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=294649856-295698431\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.414241
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=295698432-296747007\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.531654
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=296747008-297795583\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.10\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.592445
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=297795584-298844159\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.11\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.73049
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=298844160-299892735\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.12\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.936421
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=299892736-300941311\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.13\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717066.954912
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=300941312-301989887\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.14\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717067.165655
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=301989888-303038463\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.15\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717067.175767
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=303038464-304087039\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.16\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717067.439694
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=304087040-305135615\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.17\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717067.449543
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=305135616-306184191\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.18\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717067.631672
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=306184192-307232767\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.19\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717068.273939
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=307232768-308281343\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.20\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717068.539401
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=308281344-309329919\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.21\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717068.955291
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=9437184-10485759\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717068.998888
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=309329920-310378495\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.22\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.064428
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=10485760-11534335\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.104228
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=310378496-311427071\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.23\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.366124
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=11534336-12582911\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.425544
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=12582912-13631487\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.660333
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=13631488-14680063\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.799273
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=14680064-15728639\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717069.837516
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=15728640-16777215\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717070.019402
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=16777216-17825791\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.10\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717070.172937
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.7.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772717079.030402
      }
    ],
    "dns": [],
    "smtp": [],
    "irc": [],
    "dead_hosts": [
      [
        "4.207.247.137",
        443
      ]
    ]
  },
  "suricata": {
    "alerts": [],
    "tls": [
      {
        "srcport": 50702,
        "srcip": "192.168.1.100",
        "dstport": 7001,
        "dstip": "89.23.103.60",
        "timestamp": "2026-03-05 13:24:27.112316+0000",
        "fingerprint": "f1:58:65:84:d0:5c:16:ea:93:8d:58:b1:32:34:2b:8b:a0:08:92:e5",
        "issuerdn": "CN=Myyre",
        "version": "TLSv1",
        "subject": "CN=Myyre",
        "ja3": {
          "hash": "fc54e0d16d9764783542f0146a98b300",
          "string": "769,49162-49161-49172-49171-53-47-10,10-11-35-23-65281,29-23-24,0"
        },
        "ja3s": {
          "hash": "b74704234e6128f33bff9865696e31b3",
          "string": "769,49172,23-65281"
        },
        "serial": "00:8B:58:1C:11:56:BC:7F:06:8B:1B:4D:52:11:77:0B",
        "notbefore": "2025-07-19T14:57:54",
        "notafter": "9999-12-31T23:59:59"
      }
    ],
    "perf": [],
    "files": [],
    "http": [
      {
        "srcport": 50629,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:23:11.930625+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50629,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:23:17.190592+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 913262,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50653,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:23:46.053345+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50655,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:23:57.114629+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50655,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:23:57.516706+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50664,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:01.520523+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50677,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:08.957389+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50677,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:16.024064+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:25.806024+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.019328+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.094915+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.201017+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.383711+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.531654+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.592445+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.730490+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.834154+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:26.937433+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:27.165655+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:27.175767+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:27.424688+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:27.441582+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:27.621228+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:27.830855+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:28.018348+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:28.534872+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:28.924613+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.211112+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50700,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.315273+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50706,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.410394+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50706,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.650969+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50699,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.737066+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50707,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.799273+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50706,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:29.826908+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50706,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:30.010349+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50707,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:30.172937+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50706,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:30.237047+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50707,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:30.440096+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50723,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 13:24:39.173983+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      }
    ],
    "dns": [],
    "ssh": [],
    "fileinfo": [],
    "eve_log_full_path": "/opt/CAPEv2/storage/analyses/9/logs/eve.json",
    "alert_log_full_path": null,
    "tls_log_full_path": null,
    "http_log_full_path": null,
    "file_log_full_path": null,
    "ssh_log_full_path": null,
    "dns_log_full_path": null
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "antivm_checks_available_memory",
      "description": "Checks available memory",
      "categories": [
        "antivm"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 387
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 4789
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 2800
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 2818
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_user_name",
      "description": "Queries the username",
      "categories": [
        "system_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 2105
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "encrypt_pcinfo",
      "description": "Collects and encrypts information about the computer likely to send to C2 server",
      "categories": [
        "c2",
        "encryption"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 2108
        },
        {
          "data_being_encrypted": "0F8BFBFF000206D7DESKTOP-PC01cape[DESKTOP-PC01]"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_keyboard_layout",
      "description": "Queries the keyboard layout",
      "categories": [
        "location_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 6611
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7650
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8736
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 4389
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7223
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8280
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8388
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8405
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9168
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 20683
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 20691
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 20719
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 20728
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 20737
        },
        {
          "type": "call",
          "pid": 1008,
          "cid": 878
        },
        {
          "type": "call",
          "pid": 4260,
          "cid": 741
        },
        {
          "type": "call",
          "pid": 4260,
          "cid": 752
        },
        {
          "type": "call",
          "pid": 4260,
          "cid": 784
        },
        {
          "type": "call",
          "pid": 4260,
          "cid": 793
        },
        {
          "type": "call",
          "pid": 6708,
          "cid": 786
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3316,
          "cid": 775
        },
        {
          "type": "call",
          "pid": 3316,
          "cid": 832
        },
        {
          "type": "call",
          "pid": 3316,
          "cid": 834
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7447
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7456
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7491
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7510
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7558
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7574
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7632
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7662
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7720
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7749
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7785
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7815
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7874
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7903
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7956
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 7973
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8028
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8104
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8142
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8171
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8205
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8308
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8338
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8375
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8394
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8973
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 8991
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9008
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9054
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9070
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9097
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9114
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9133
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 9156
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antidebug_setunhandledexceptionfilter",
      "description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
      "categories": [
        "anti-debug"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 362
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "stealth_timeout",
      "description": "Possible date expiration check, exits too soon after checking local time",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "process": "dllhost.exe, PID 3316"
        },
        {
          "type": "call",
          "pid": 3316,
          "cid": 1105
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "language_check_registry",
      "description": "Checks system language via registry key (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "mouse_movement_detect",
      "description": "Checks for mouse movement",
      "categories": [
        "anti-sandbox"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4524,
          "cid": 209
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 211
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 498
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 503
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 506
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 521
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 1201
        },
        {
          "mouse_movement": "Checks for mouse movement (mouse movement observed in sandbox during sampling)."
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antisandbox_sleep",
      "description": "A process attempted to delay the analysis task.",
      "categories": [
        "anti-sandbox"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 1110
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 4807
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5298
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5358
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5361
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5363
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5369
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5375
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5378
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5454
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5509
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5647
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5651
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5666
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5703
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5705
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5707
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5709
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5711
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5713
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5715
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5717
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5719
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5721
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5723
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5725
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5727
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5729
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5731
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5733
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5735
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5737
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5739
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5741
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5743
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5745
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5747
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5749
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5751
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5753
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5755
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5757
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5759
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5761
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5763
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5765
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5767
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5769
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5771
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5773
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5775
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5777
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5779
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5781
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5783
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5785
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5787
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5789
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5791
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5793
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5795
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5797
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5799
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5801
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5803
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5805
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5807
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5809
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5811
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5813
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5815
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5817
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5819
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5821
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5823
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5825
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5827
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5829
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5831
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5833
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5835
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5837
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5839
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5841
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5843
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5845
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5847
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5849
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5851
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5853
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5855
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5857
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5859
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5861
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5863
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5865
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5867
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5869
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5871
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5873
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5875
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5877
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5879
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5881
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5883
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5885
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5887
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5889
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5891
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5893
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5895
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5897
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5899
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5901
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5903
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5905
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5907
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5909
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5911
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5913
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5915
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5917
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5919
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5921
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5923
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5925
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5927
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5929
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5931
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5933
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5935
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5937
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5939
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5941
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5943
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5945
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5947
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5949
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5951
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5953
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5955
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5957
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5959
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5961
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5963
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5965
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5967
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5969
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5982
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5984
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5986
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5988
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5990
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5992
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5994
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5996
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 5998
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6000
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6002
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6004
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6006
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6008
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6010
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6012
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6014
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6016
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6018
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6020
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6022
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6024
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6026
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6028
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6030
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6032
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6034
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6036
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6038
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6040
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6042
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6044
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6046
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6048
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6050
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6066
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6077
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6079
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6081
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6083
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6085
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6087
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6089
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6091
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6093
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6095
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6097
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6099
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6101
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6103
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6105
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6107
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6109
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6111
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6113
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6115
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6117
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6119
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6121
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6123
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6125
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6127
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6129
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6131
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6133
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6135
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6137
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6139
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6145
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6147
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6149
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6151
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6153
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6155
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6157
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6159
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6163
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6165
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6167
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6169
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6171
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6173
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6175
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6177
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6179
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6181
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6183
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6185
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6187
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6189
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6191
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6193
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6195
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6197
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6199
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6201
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6203
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6205
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6207
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6209
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6211
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6213
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6215
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6217
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6219
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6221
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6223
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6225
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6227
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6229
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6231
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6233
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6235
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6237
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6239
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6241
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6243
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6245
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6247
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6249
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6251
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6253
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6255
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6257
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6259
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6261
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6263
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6265
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6267
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6269
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6271
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6273
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6275
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6277
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6279
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6281
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6283
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6285
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6287
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6289
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6291
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6293
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6295
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6297
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6299
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6301
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6303
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6305
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6307
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6309
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6311
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6313
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6315
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6317
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6319
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6321
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6323
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6325
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6327
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6329
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6331
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6333
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6335
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6337
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6339
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6341
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6343
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6345
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6347
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6349
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6351
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6353
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6355
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6357
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6359
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6361
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6363
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6365
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6367
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6369
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6372
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6374
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6376
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6378
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6380
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6382
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6384
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6386
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6388
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6390
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6392
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6394
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6396
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6398
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6400
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6402
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6404
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6406
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6408
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6410
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6412
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6414
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6416
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6418
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6420
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6422
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6424
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6426
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6428
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6430
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6432
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6434
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6436
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6438
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6440
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6442
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6444
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6446
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6448
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6450
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6452
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6454
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6456
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6458
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6460
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6462
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6464
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6466
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6477
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6482
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6497
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6500
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6510
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6511
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6512
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6516
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6518
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6521
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6522
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6523
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6526
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6529
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6530
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6531
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6538
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6541
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6542
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6543
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6546
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6547
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6548
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6550
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6553
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6561
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6562
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6579
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6581
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6585
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6586
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6614
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6617
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6623
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6625
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6626
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6627
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6629
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6632
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6634
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6638
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6640
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6642
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6648
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6650
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6652
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6654
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6656
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6658
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6660
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6662
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6664
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6666
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6668
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6670
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6672
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6674
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6676
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6684
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6686
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6706
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6708
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6710
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6712
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6714
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6716
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6718
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6720
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6722
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6724
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6726
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6728
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6730
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6732
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6734
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6736
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6738
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6740
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6742
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6744
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6746
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6748
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6750
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6752
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6754
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6756
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6758
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6760
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6762
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6764
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6766
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6768
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6770
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6772
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6774
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6776
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6778
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6780
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6782
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6784
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6786
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6788
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6790
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6792
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6794
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6796
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6798
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6800
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6802
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6804
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6806
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6808
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6810
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6812
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6814
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6816
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6818
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6820
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6822
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6824
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6826
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6828
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6830
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6832
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6834
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6836
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6838
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6840
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6842
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6844
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6846
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6848
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6850
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6852
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6854
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6856
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6858
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6860
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6862
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6864
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6866
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6868
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6870
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6872
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6874
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6876
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6878
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6880
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6882
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6884
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6886
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6888
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6890
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6892
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6894
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6896
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6898
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6900
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6902
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6904
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6906
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6908
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6910
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6912
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6914
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6916
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6918
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6920
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6922
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6924
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6926
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6928
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6930
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6932
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6934
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6936
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6938
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6940
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6942
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6944
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6946
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6948
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6950
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6952
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6954
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6956
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6958
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6960
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6962
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6968
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6976
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6978
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6980
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6982
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6984
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6986
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6988
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6990
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6992
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6994
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6996
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 6998
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7000
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7002
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7004
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7006
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7008
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7010
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7012
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7014
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7016
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7018
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7020
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7022
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7024
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7026
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7028
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7030
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7032
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7034
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7036
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7038
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7040
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7042
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7044
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7046
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7048
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7050
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7052
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7054
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7056
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7058
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7060
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7062
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7064
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7066
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7068
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7070
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7072
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7074
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7076
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7078
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7080
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7082
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7084
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7086
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7088
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7090
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7092
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7094
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7096
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7098
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7100
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7102
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7104
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7106
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7108
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7110
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7112
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7114
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7116
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7118
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7120
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7122
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7124
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7126
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7128
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7130
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7132
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7134
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7136
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7138
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7140
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7142
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7144
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7146
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7148
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7150
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7152
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7154
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7156
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7158
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7160
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7162
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7164
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7166
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7168
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7176
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7194
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7196
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7198
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7200
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7202
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7204
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7206
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7208
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7210
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7212
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7214
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7216
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7218
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7220
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7222
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7224
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7226
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7228
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7230
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7232
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7234
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7236
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7238
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7240
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7242
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7244
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7246
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7248
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7250
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7252
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7254
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7256
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7258
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7260
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7262
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7264
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7266
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7268
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7270
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7272
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7274
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7276
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7278
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7280
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7282
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7284
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7286
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7288
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7290
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7292
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7294
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7296
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7298
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7300
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7302
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7304
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7306
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7308
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7310
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7312
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7314
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7316
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7318
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7320
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7322
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7324
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7326
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7328
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7330
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7332
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7334
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7336
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7338
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7340
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7342
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7344
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7346
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7348
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7350
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7352
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7354
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7356
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7358
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7360
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7362
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7364
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7366
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7368
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7370
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7372
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7374
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7376
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7378
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7380
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7382
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7384
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7386
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7388
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7390
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7392
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7394
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7396
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7398
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7400
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7402
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7404
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7406
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7408
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7410
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7412
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7414
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7416
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7418
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7420
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7422
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7424
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7426
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7428
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7430
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7432
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7434
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7436
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7438
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7440
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7442
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7444
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7446
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7448
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7450
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7452
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7454
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7456
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7458
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7460
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7462
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7464
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7466
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7468
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7470
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7472
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7474
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7476
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7478
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7480
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7482
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7484
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7486
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7488
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7490
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7492
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7494
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7496
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7506
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7508
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7510
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7512
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7514
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7516
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7518
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7520
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7522
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7524
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7526
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7528
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7530
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7532
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7535
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7545
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7556
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7561
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7565
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7569
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7577
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7585
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7586
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7588
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7606
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7607
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7613
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7620
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7654
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7655
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7656
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7659
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7662
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7665
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7670
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7672
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7674
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7676
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7680
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7682
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7684
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7686
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7693
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7695
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7697
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7699
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7701
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7703
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7705
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7707
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7709
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7711
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7713
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7715
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7717
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7719
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7721
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7723
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7725
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7727
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7729
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7731
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7733
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7735
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7737
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7739
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7741
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7743
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7745
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7747
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7749
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7751
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7753
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7755
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7757
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7759
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7761
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7763
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7765
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7767
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7769
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7771
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7773
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7775
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7777
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7779
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7781
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7783
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7785
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7787
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7789
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7791
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7793
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7795
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7797
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7799
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7807
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7825
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7827
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7829
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7831
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7833
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7835
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7837
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7839
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7841
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7843
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7845
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7847
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7849
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7851
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7853
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7855
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7857
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7859
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7861
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7863
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7865
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7867
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7869
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7871
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7873
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7875
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7877
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7879
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7881
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7883
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7885
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7887
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7889
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7891
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7893
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7895
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7897
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7899
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7901
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7903
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7905
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7907
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7909
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7911
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7913
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7915
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7917
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7919
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7921
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7923
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7925
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7927
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7929
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7931
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7933
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7935
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7937
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7939
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7941
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7943
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7945
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7947
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7949
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7951
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7953
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7955
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7957
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7959
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7961
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7963
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7965
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7967
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7969
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7971
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7973
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7975
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7977
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7979
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7981
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7983
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7985
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7987
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7989
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7991
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7993
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7995
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7997
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 7999
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8001
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8003
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8005
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8007
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8009
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8035
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8037
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8039
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8041
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8043
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8045
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8047
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8049
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8051
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8053
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8055
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8057
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8059
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8061
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8063
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8065
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8067
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8069
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8071
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8073
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8075
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8077
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8079
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8081
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8083
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8085
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8087
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8089
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8091
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8093
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8095
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8097
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8099
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8101
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8103
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8105
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8107
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8109
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8111
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8113
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8115
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8117
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8119
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8121
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8123
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8125
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8127
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8129
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8131
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8133
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8135
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8137
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8139
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8141
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8143
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8145
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8147
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8149
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8151
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8153
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8155
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8157
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8159
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8161
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8163
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8165
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8167
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8169
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8171
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8173
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8175
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8177
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8179
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8181
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8183
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8185
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8187
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8189
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8191
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8193
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8195
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8197
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8199
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8201
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8203
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8205
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8207
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8209
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8211
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8213
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8215
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8217
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8219
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8221
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8223
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8225
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8227
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8229
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8231
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8233
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8235
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8237
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8239
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8241
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8243
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8245
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8247
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8249
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8251
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8253
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8255
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8257
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8259
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8261
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8263
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8265
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8267
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8269
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8271
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8273
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8275
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8277
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8279
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8281
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8283
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8285
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8287
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8289
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8291
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8293
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8295
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8297
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8299
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8301
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8303
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8305
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8307
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8309
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8311
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8313
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8315
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8317
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8325
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8338
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8346
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8348
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8350
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8352
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8354
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8356
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8358
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8360
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8362
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8364
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8366
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8368
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8370
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8372
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8374
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8376
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8378
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8380
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8382
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8384
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8386
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8388
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8390
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8392
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8394
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8396
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8398
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8400
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8402
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8404
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8406
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8408
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8410
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8412
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8414
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8416
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8418
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8420
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8422
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8424
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8426
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8428
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8430
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8432
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8434
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8436
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8438
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8440
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8442
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8444
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8446
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8448
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8450
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8452
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8454
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8456
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8458
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8460
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8462
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8464
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8466
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8468
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8470
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8472
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8474
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8476
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8478
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8480
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8482
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8484
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8486
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8488
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8490
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8492
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8494
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8496
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8498
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8500
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8502
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8504
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8506
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8508
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8510
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8512
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8514
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8516
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8518
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8520
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8522
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8524
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8526
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8528
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8530
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8532
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8534
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8536
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8538
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8540
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8542
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8544
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8546
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8548
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8550
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8552
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8554
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8556
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8558
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8560
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8562
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8564
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8566
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8568
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8570
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8572
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8574
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8576
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8578
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8580
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8582
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8584
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8586
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8588
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8590
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8592
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8594
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8596
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8598
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8600
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8602
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8605
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8615
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8620
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8621
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8638
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8641
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8656
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8657
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8659
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8661
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8663
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8664
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8666
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8668
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8669
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8672
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8675
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8677
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8690
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8697
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8698
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8702
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8703
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8705
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8707
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8722
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8732
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8734
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8739
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8742
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8743
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8744
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8747
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8751
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8753
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8755
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8759
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8761
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8763
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8765
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8771
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8773
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8775
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8777
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8779
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8781
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8783
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8785
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8787
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8789
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8791
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8793
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8795
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8797
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8799
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8801
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8803
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8805
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8807
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8809
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8811
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8813
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8815
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8817
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8819
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8821
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8823
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8825
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8827
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8829
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8831
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8833
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8835
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8837
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8849
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8851
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8853
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8855
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8857
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8859
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8861
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8863
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8865
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8867
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8869
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8871
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8873
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8875
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8877
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8879
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8881
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8883
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8885
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8887
        },
        {
          "type": "call",
          "pid": 4920,
          "cid": 8889
        },
        {
          "type": "call",
          "pid": 3316,
          "cid": 1013
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3045
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3258
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3300
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3302
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3413
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3414
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3423
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3426
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3428
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3516
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3625
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3812
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3814
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3817
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3819
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3829
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3885
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3889
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3890
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3920
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 3963
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4007
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4100
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4175
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4195
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4214
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4219
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4230
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4249
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4251
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4265
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4274
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4279
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4282
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4287
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4289
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4305
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4322
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4326
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4329
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4332
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4335
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4336
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4347
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4390
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4396
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4398
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4405
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4425
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4432
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4434
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4443
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4515
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4562
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4590
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4631
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4681
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4682
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4684
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4686
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4699
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4701
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4705
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4717
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4719
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4721
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4725
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4727
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4738
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4803
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4831
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4832
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4834
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4837
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4972
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 4973
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5049
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5058
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5061
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5062
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5071
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5149
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5154
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5168
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5170
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5174
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5195
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5201
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5203
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5267
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5392
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5402
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5413
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5462
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5464
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5476
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5485
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5508
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5511
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5519
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5523
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5532
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5551
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5558
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5588
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5647
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5802
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5808
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5811
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5925
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5927
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5934
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5939
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5941
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5955
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 5992
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6002
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6009
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6037
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6039
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6040
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6042
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6046
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6047
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6055
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6057
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6060
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6082
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6095
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6119
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6149
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6161
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6172
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6174
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6214
        },
        {
          "type": "call",
          "pid": 1872,
          "cid": 6226
        },
        {
          "type": "call",
          "pid": 1008,
          "cid": 873
        },
        {
          "type": "call",
          "pid": 4260,
          "cid": 810
        },
        {
          "type": "call",
          "pid": 6708,
          "cid": 781
        },
        {
          "note": "87053d0ad81ac3367ef5.exe tried to sleep 390.062 seconds, actually delayed analysis time by 0.0 seconds"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "creates_suspended_process",
      "description": "Creates a process in a suspended state, likely for injection",
      "categories": [
        "injection",
        "process hollowing"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 772,
          "cid": 78
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 101
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 172
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 305
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 491
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 492
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 493
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 895
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 906
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 924
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 937
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 950
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 963
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 964
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 990
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 993
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1004
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1032
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1095
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1104
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1165
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1176
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1238
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1248
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1313
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1322
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1384
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1397
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "resumethread_remote_process",
      "description": "Resumed a thread in another process",
      "categories": [
        "injection",
        "unpacking"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "thread_resumed": "Process svchost.exe with process ID 772 resumed a thread in another process with the process ID 1032"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 79
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 107
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 173
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 306
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 494
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 499
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 512
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 896
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 975
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 991
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1041
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1097
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1169
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1241
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1315
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1386
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "accesses_recyclebin",
      "description": "Manipulates data from or to the Recycle Bin",
      "categories": [
        "evasion",
        "execution"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6224,
          "cid": 11697
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 11771
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12586
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12960
        },
        {
          "file": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
        },
        {
          "file": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000\\desktop.ini"
        },
        {
          "file": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
        },
        {
          "file": "C:\\$Recycle.Bin\\S-1-5-21-3749840076-4109591986-3192690632-1000"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "terminates_remote_process",
      "description": "Terminates another process",
      "categories": [
        "persistence",
        "stealth"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 772,
          "cid": 913
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 926
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 939
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 952
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 966
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 994
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1105
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1177
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1249
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1323
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 772,
          "cid": 1401
        },
        {
          "process": "svchost.exe"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_cnc_http",
      "description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
      "categories": [
        "network",
        "c2"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_http",
      "description": "Performs some HTTP requests",
      "categories": [
        "network"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "packer_entropy",
      "description": "The binary likely contains encrypted or compressed data",
      "categories": [
        "packer"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [
        "http://www.forensickb.com/2013/03/file-entropy-explained.html",
        "http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
      ],
      "data": [
        {
          "section": {
            "name": ".text",
            "raw_address": "0x00000200",
            "virtual_address": "0x00002000",
            "virtual_size": "0x000930b4",
            "size_of_data": "0x00093200",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "7.19"
          }
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "discover_registry_mount_points",
      "description": "Queries registry mount points to identify historical or connected removable/network drives",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "injection_rwx",
      "description": "Creates RWX memory",
      "categories": [
        "injection"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4920,
          "cid": 235
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "mountpoints_volume_discovery",
      "description": "Queries the mount points and then resolves volume paths to enumerate storage devices",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6224,
          "cid": 5313
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 5318
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 5328
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 5402
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 5405
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 5410
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 11619
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 11637
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 11661
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 11672
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12539
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12551
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12569
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12580
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12913
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12925
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12943
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 12954
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 13161
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 17635
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 18073
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 18528
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 19606
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 19856
        },
        {
          "type": "call",
          "pid": 6224,
          "cid": 20221
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 0
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 13
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 19
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 25
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 31
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 37
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 43
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 49
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 55
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 61
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 67
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 73
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 348
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 365
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 371
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 377
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 383
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 389
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 395
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 401
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 407
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 413
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 419
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 809
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 1109
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 1115
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 1121
        },
        {
          "type": "call",
          "pid": 4524,
          "cid": 1127
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "binary_yara",
      "description": "Binary file triggered multiple YARA rules",
      "categories": [
        "static"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "Binary triggered YARA rule": "COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24"
        },
        {
          "Binary triggered YARA rule": "possible_includes_base64_packed_functions"
        },
        {
          "Binary triggered YARA rule": "IsPE32"
        },
        {
          "Binary triggered YARA rule": "IsNET_EXE"
        },
        {
          "Binary triggered YARA rule": "IsWindowsGUI"
        },
        {
          "Binary triggered YARA rule": "IsPacked"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_Studio_NET"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_v70_Basic_NET_additional"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_Basic_NET"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_Studio_NET_additional"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_v70_Basic_NET"
        },
        {
          "Binary triggered YARA rule": "NET_executable_"
        },
        {
          "Binary triggered YARA rule": "NET_executable"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_questionable_http_path",
      "description": "Makes a suspicious HTTP request to a commonly exploitable directory with questionable file ext",
      "categories": [
        "network"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725877&P2=404&P3=2&P4=PhyH6MKD0270apmx9UQzu%2bB4nGEHEFnaeWxPc%2bUA5AQiwNrX8A0BjsozqSZ2LAsuaL4kaEdOUIiidxmH9%2bEnBw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772725553&P2=404&P3=2&P4=f6CaFfLOFjwK177Ar7kJXvf8SkK0zogb6MVcPEX3Eq8WvCoVL9sTbvWhsNxLut%2fM0NM0KgRrSlpmhTyECD5tzg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "procmem_yara",
      "description": "Yara detections observed in process dumps, payloads or dropped files",
      "categories": [
        "malware"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "Hit": "PID 4920 triggered the Yara rule 'COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24' with data '['<PrivateImplementationDetails>{987D5E06-59D6-4C51-9ADF-C3C0AE4FC498}', '<Module>{1F4B02DF-696E-486A-8B35-F56CCA1C23C6}', '<Module>{b8bddd2a-a952-4523-8049-3c5b3829d6dc}']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'possible_includes_base64_packed_functions' with data '['btoA', 'This', 'prog', 'rogr', 'ogra', 'gram', 'cann', 'anno', 'nnot', 'mode', 'text', 'rsrc', 'relo', 'eloc', 'vlmX', 'XjXo', 'vlsH', 'neis', 'eksL', 'elsH', 'BSJB', '3031', '0319', 'Stri', 'trin', 'ring', 'ings', 'GUID', 'Blob', 'Htdz', 'tdze', 'dzey', 'CompilationRelaxationsAttrib', 'ompilationRelaxationsAttribu', 'mpilationRelaxationsAttribut', 'pilationRelaxationsAttribute', 'ilationRelaxationsAttrib', 'lationRelaxationsAttribu', 'ationRelaxationsAttribut', 'tionRelaxationsAttribute', 'ionRelaxationsAttrib', 'onRelaxationsAttribu', 'nRelaxationsAttribut', 'RelaxationsAttribute', 'elaxationsAttrib', 'laxationsAttribu', 'axationsAttribut', 'xationsAttribute', 'ationsAttrib', 'tionsAttribu', 'ionsAttribut', 'onsAttribute', 'nsAttrib', 'sAttribu', 'Attribut', 'ttribute', 'trib', 'ribu', 'ibut', 'bute', 'Syst', 'yste', 'stem', 'Runt', 'unti', 'ntim', 'time', 'CompilerServices', 'ompilerServi', 'mpilerServic', 'pilerService', 'ilerServices', 'lerServi', 'erServic', 'rService', 'Services', 'ervi', 'rvic', 'vice', 'ices', 'mscorlib', 'scor', 'corl', 'orli', 'rlib', 'ctor', 'Void', 'Int3', 'nt32', 'Bool', 'oole', 'olea', 'lean', 'RuntimeCompatibilityAttribut', 'untimeCompatibilityAttribute', 'ntimeCompatibilityAttrib', 'timeCompatibilityAttribu', 'imeCompatibilityAttribut', 'meCompatibilityAttribute', 'eCompatibilityAttrib', 'CompatibilityAttribu', 'ompatibilityAttribut', 'mpatibilityAttribute', 'patibilityAttrib', 'atibilityAttribu', 'tibilityAttribut', 'ibilityAttribute', 'bilityAttrib', 'ilityAttribu', 'lityAttribut', 'ityAttribute', 'tyAttrib', 'yAttribu', 'DebuggableAttrib', 'ebuggableAttribu', 'buggableAttribut', 'uggableAttribute', 'ggableAttrib', 'gableAttribu', 'ableAttribut', 'bleAttribute', 'leAttrib', 'eAttribu', 'Diagnost', 'iagnosti', 'agnostic', 'gnostics', 'nost', 'osti', 'stic', 'tics', 'DebuggingMod', 'ebuggingMode', 'buggingModes', 'uggingMo', 'ggingMod', 'gingMode', 'ingModes', 'ngMo', 'gMod', 'Mode', 'odes', 'AssemblyTitleAttribu', 'ssemblyTitleAttribut', 'semblyTitleAttribute', 'emblyTitleAttrib', 'mblyTitleAttribu', 'blyTitleAttribut', 'lyTitleAttribute', 'yTitleAttrib', 'TitleAttribu', 'itleAttribut', 'tleAttribute', 'Reflecti', 'eflectio', 'flection', 'lect', 'ecti', 'ctio', 'tion', 'AssemblyDescriptionAttribute', 'ssemblyDescriptionAttrib', 'semblyDescriptionAttribu', 'emblyDescriptionAttribut', 'mblyDescriptionAttribute', 'blyDescriptionAttrib', 'lyDescriptionAttribu', 'yDescriptionAttribut', 'DescriptionAttribute', 'escriptionAttrib', 'scriptionAttribu', 'criptionAttribut', 'riptionAttribute', 'iptionAttrib', 'ptionAttribu', 'tionAttribut', 'ionAttribute', 'onAttrib', 'nAttribu', 'AssemblyConfigurationAttribu', 'ssemblyConfigurationAttribut', 'semblyConfigurationAttribute', 'emblyConfigurationAttrib', 'mblyConfigurationAttribu', 'blyConfigurationAttribut', 'lyConfigurationAttribute', 'yConfigurationAttrib', 'ConfigurationAttribu', 'onfigurationAttribut', 'nfigurationAttribute', 'figurationAttrib', 'igurationAttribu', 'gurationAttribut', 'urationAttribute', 'rationAttrib', 'ationAttribu', 'AssemblyCompanyAttribute', 'ssemblyCompanyAttrib', 'semblyCompanyAttribu', 'emblyCompanyAttribut', 'mblyCompanyAttribute', 'blyCompanyAttrib', 'lyCompanyAttribu', 'yCompanyAttribut', 'CompanyAttribute', 'ompanyAttrib', 'mpanyAttribu', 'panyAttribut', 'anyAttribute', 'nyAttrib', 'AssemblyProductAttribute', 'ssemblyProductAttrib', 'semblyProductAttribu', 'emblyProductAttribut', 'mblyProductAttribute', 'blyProductAttrib', 'lyProductAttribu', 'yProductAttribut', 'ProductAttribute', 'roductAttrib', 'oductAttribu', 'ductAttribut', 'uctAttribute', 'ctAttrib', 'tAttribu', 'AssemblyCopyrightAttribu', 'ssemblyCopyrightAttribut', 'semblyCopyrightAttribute', 'emblyCopyrightAttrib', 'mblyCopyrightAttribu', 'blyCopyrightAttribut', 'lyCopyrightAttribute', 'yCopyrightAttrib', 'CopyrightAttribu', 'opyrightAttribut', 'pyrightAttribute', 'yrightAttrib', 'rightAttribu', 'ightAttribut', 'ghtAttribute', 'htAttrib', 'AssemblyTrademarkAttribu', 'ssemblyTrademarkAttribut', 'semblyTrademarkAttribute', 'emblyTrademarkAttrib', 'mblyTrademarkAttribu', 'blyTrademarkAttribut', 'lyTrademarkAttribute', 'yTrademarkAttrib', 'TrademarkAttribu', 'rademarkAttribut', 'ademarkAttribute', 'demarkAttrib', 'emarkAttribu', 'markAttribut', 'arkAttribute', 'rkAttrib', 'kAttribu', 'ComVisibleAttrib', 'omVisibleAttribu', 'mVisibleAttribut', 'VisibleAttribute', 'isibleAttrib', 'sibleAttribu', 'ibleAttribut', 'InteropServi', 'nteropServic', 'teropService', 'eropServices', 'ropServi', 'opServic', 'pService', 'GuidAttribut', 'uidAttribute', 'idAttrib', 'dAttribu', 'AssemblyFileVersionAttribute', 'ssemblyFileVersionAttrib', 'semblyFileVersionAttribu', 'emblyFileVersionAttribut', 'mblyFileVersionAttribute', 'blyFileVersionAttrib', 'lyFileVersionAttribu', 'yFileVersionAttribut', 'FileVersionAttribute', 'ileVersionAttrib', 'leVersionAttribu', 'eVersionAttribut', 'VersionAttribute', 'ersionAttrib', 'rsionAttribu', 'sionAttribut', 'TargetFrameworkAttribute', 'argetFrameworkAttrib', 'rgetFrameworkAttribu', 'getFrameworkAttribut', 'etFrameworkAttribute', 'tFrameworkAttrib', 'FrameworkAttribu', 'rameworkAttribut', 'ameworkAttribute', 'meworkAttrib', 'eworkAttribu', 'workAttribut', 'orkAttribute', 'Versioni', 'ersionin', 'rsioning', 'sion', 'ioni', 'onin', 'ning', 'Modu', 'odul', 'dule', 'EmbeddedAttribut', 'mbeddedAttribute', 'beddedAttrib', 'eddedAttribu', 'ddedAttribut', 'dedAttribute', 'edAttrib', 'Microsof', 'icrosoft', 'cros', 'roso', 'osof', 'soft', 'CodeAnalysis', 'odeAnaly', 'deAnalys', 'eAnalysi', 'Analysis', 'naly', 'alys', 'lysi', 'ysis', 'RefSafetyRulesAttrib', 'efSafetyRulesAttribu', 'fSafetyRulesAttribut', 'SafetyRulesAttribute', 'afetyRulesAttrib', 'fetyRulesAttribu', 'etyRulesAttribut', 'tyRulesAttribute', 'yRulesAttrib', 'RulesAttribu', 'ulesAttribut', 'lesAttribute', 'esAttrib', 'i0XQl9UoSkFPZs8H', '0XQl9UoSkFPZs8HT', 'XQl9UoSkFPZs8HTp', 'Ql9UoSkFPZs8', 'l9UoSkFPZs8H', '9UoSkFPZs8HT', 'UoSkFPZs8HTp', 'oSkFPZs8', 'SkFPZs8H', 'kFPZs8HT', 'FPZs8HTp', 'PZs8', 'Zs8H', 's8HT', '8HTp', 'rOjCZorAEL2T0Afb', 'OjCZorAEL2T0AfbF', 'jCZorAEL2T0AfbFR', 'CZorAEL2T0Af', 'ZorAEL2T0Afb', 'orAEL2T0AfbF', 'rAEL2T0AfbFR', 'AEL2T0Af', 'EL2T0Afb', 'L2T0AfbF', '2T0AfbFR', 'T0Af', '0Afb', 'AfbF', 'fbFR', 'Obje', 'bjec', 'ject', 'sTvnpWek2nfmDwFd', 'TvnpWek2nfmDwFdf', 'vnpWek2nfmDwFdfK', 'npWek2nfmDwF', 'pWek2nfmDwFd', 'Wek2nfmDwFdf', 'ek2nfmDwFdfK', 'k2nfmDwF', '2nfmDwFd', 'nfmDwFdf', 'fmDwFdfK', 'mDwF', 'DwFd', 'wFdf', 'FdfK', 'splZUgP4vy8SEQ4W', 'plZUgP4vy8SEQ4Wx', 'lZUgP4vy8SEQ4Wxb', 'ZUgP4vy8SEQ4', 'UgP4vy8SEQ4W', 'gP4vy8SEQ4Wx', 'P4vy8SEQ4Wxb', '4vy8SEQ4', 'vy8SEQ4W', 'y8SEQ4Wx', '8SEQ4Wxb', 'SEQ4', 'EQ4W', 'Q4Wx', '4Wxb', 'BrkJ4r57MWGuhsWs', 'rkJ4r57MWGuhsWsF', 'kJ4r57MWGuhsWsFt', 'J4r57MWGuhsW', '4r57MWGuhsWs', 'r57MWGuhsWsF', '57MWGuhsWsFt', '7MWGuhsW', 'MWGuhsWs', 'WGuhsWsF', 'GuhsWsFt', 'uhsW', 'hsWs', 'sWsF', 'WsFt', 'T0oXjDDARMKNwOLf', '0oXjDDARMKNwOLf5', 'oXjDDARMKNwOLf5O', 'XjDDARMKNwOL', 'jDDARMKNwOLf', 'DDARMKNwOLf5', 'DARMKNwOLf5O', 'ARMKNwOL', 'RMKNwOLf', 'MKNwOLf5', 'KNwOLf5O', 'NwOL', 'wOLf', 'OLf5', 'Lf5O', 'HXXkwC97v36mypeV', 'XXkwC97v36mypeVY', 'XkwC97v36mypeVYM', 'kwC97v36mype', 'wC97v36mypeV', 'C97v36mypeVY', '97v36mypeVYM', '7v36mype', 'v36mypeV', '36mypeVY', '6mypeVYM', 'mype', 'ypeV', 'peVY', 'eVYM', 'WIjj7aqHV2iiX19k', 'Ijj7aqHV2iiX19ko', 'jj7aqHV2iiX19koS', 'j7aqHV2iiX19', '7aqHV2iiX19k', 'aqHV2iiX19ko', 'qHV2iiX19koS', 'HV2iiX19', 'V2iiX19k', '2iiX19ko', 'iiX19koS', 'iX19', 'X19k', '19ko', '9koS', 'LuLZUIuxdUHc2aJ3', 'uLZUIuxdUHc2aJ3g', 'LZUIuxdUHc2aJ3gr', 'ZUIuxdUHc2aJ', 'UIuxdUHc2aJ3', 'IuxdUHc2aJ3g', 'uxdUHc2aJ3gr', 'xdUHc2aJ', 'dUHc2aJ3', 'UHc2aJ3g', 'Hc2aJ3gr', 'c2aJ', '2aJ3', 'aJ3g', 'J3gr', 'Q4m4WxwqHJLsZ0ZV', '4m4WxwqHJLsZ0ZV1', 'm4WxwqHJLsZ0ZV1p', '4WxwqHJLsZ0Z', 'WxwqHJLsZ0ZV', 'xwqHJLsZ0ZV1', 'wqHJLsZ0ZV1p', 'qHJLsZ0Z', 'HJLsZ0ZV', 'JLsZ0ZV1', 'LsZ0ZV1p', 'sZ0Z', 'Z0ZV', '0ZV1', 'ZV1p', 'dtZVs5ct0qm2aZmw', 'tZVs5ct0qm2aZmw5', 'ZVs5ct0qm2aZmw5X', 'Vs5ct0qm2aZm', 's5ct0qm2aZmw', '5ct0qm2aZmw5', 'ct0qm2aZmw5X', 't0qm2aZm', '0qm2aZmw', 'qm2aZmw5', 'm2aZmw5X', '2aZm', 'aZmw', 'Zmw5', 'mw5X', 'u4ry4fg3xj71WiHq', '4ry4fg3xj71WiHqe', 'ry4fg3xj71WiHqe8', 'y4fg3xj71WiH', '4fg3xj71WiHq', 'fg3xj71WiHqe', 'g3xj71WiHqe8', '3xj71WiH', 'xj71WiHq', 'j71WiHqe', '71WiHqe8', '1WiH', 'WiHq', 'iHqe', 'Hqe8', 'Nugnaeqe', 'ugnaeqeq', 'gnae', 'naeq', 'aeqe', 'eqeq', 'Efyf', 'fyfq', 'yfqp', 'Properti', 'ropertie', 'operties', 'pert', 'erti', 'rtie', 'ties', '1F4B02DF', 'F4B0', '4B02', 'B02D', '02DF', '696E', '486A', '8B35', 'F56CCA1C23C6', '56CCA1C2', '6CCA1C23', 'CCA1C23C', 'CA1C23C6', 'A1C2', '1C23', 'C23C', '23C6', 'UHROQNM8nJMyt7Wh', 'HROQNM8nJMyt7WhV', 'ROQNM8nJMyt7WhVU', 'OQNM8nJMyt7W', 'QNM8nJMyt7Wh', 'NM8nJMyt7WhV', 'M8nJMyt7WhVU', '8nJMyt7W', 'nJMyt7Wh', 'JMyt7WhV', 'Myt7WhVU', 'yt7W', 't7Wh', '7WhV', 'WhVU', 'eCCquBx9xKIlDNsO', 'CCquBx9xKIlDNsOc', 'CquBx9xKIlDNsOcK', 'quBx9xKIlDNs', 'uBx9xKIlDNsO', 'Bx9xKIlDNsOc', 'x9xKIlDNsOcK', '9xKIlDNs', 'xKIlDNsO', 'KIlDNsOc', 'IlDNsOcK', 'lDNs', 'DNsO', 'NsOc', 'sOcK', 'eE0XOJHVq436cEbm', 'E0XOJHVq436cEbmG', '0XOJHVq436cEbmG3', 'XOJHVq436cEbmG3S', 'OJHVq436cEbm', 'JHVq436cEbmG', 'HVq436cEbmG3', 'Vq436cEbmG3S', 'q436cEbm', '436cEbmG', '36cEbmG3', '6cEbmG3S', 'cEbm', 'EbmG', 'bmG3', 'mG3S', 'MulticastDelegat', 'ulticastDelegate', 'lticastDeleg', 'ticastDelega', 'icastDelegat', 'castDelegate', 'astDeleg', 'stDelega', 'tDelegat', 'Delegate', 'eleg', 'lega', 'egat', 'gate', 'lnpjfBHHitTcIbxk', 'npjfBHHitTcIbxkN', 'pjfBHHitTcIbxkN7', 'jfBHHitTcIbxkN7U', 'fBHHitTcIbxk', 'BHHitTcIbxkN', 'HHitTcIbxkN7', 'HitTcIbxkN7U', 'itTcIbxk', 'tTcIbxkN', 'TcIbxkN7', 'cIbxkN7U', 'Ibxk', 'bxkN', 'xkN7', 'kN7U', 'SRTESUHnMlWtoUBm', 'RTESUHnMlWtoUBml', 'TESUHnMlWtoUBmlC', 'ESUHnMlWtoUBmlCn', 'SUHnMlWtoUBm', 'UHnMlWtoUBml', 'HnMlWtoUBmlC', 'nMlWtoUBmlCn', 'MlWtoUBm', 'lWtoUBml', 'WtoUBmlC', 'toUBmlCn', 'oUBm', 'UBml', 'BmlC', 'mlCn', 'rDTgcQnXdoapjb3o', 'DTgcQnXdoapjb3or', 'TgcQnXdoapjb3orK', 'gcQnXdoapjb3orKB', 'cQnXdoapjb3o', 'QnXdoapjb3or', 'nXdoapjb3orK', 'Xdoapjb3orKB', 'doapjb3o', 'oapjb3or', 'apjb3orK', 'pjb3orKB', 'jb3o', 'b3or', '3orK', 'orKB', 'CrQ4JYn1DGJce8A2', 'rQ4JYn1DGJce8A2H', 'Q4JYn1DGJce8A2HO', '4JYn1DGJce8A2HOx', 'JYn1DGJce8A2', 'Yn1DGJce8A2H', 'n1DGJce8A2HO', '1DGJce8A2HOx', 'DGJce8A2', 'GJce8A2H', 'Jce8A2HO', 'ce8A2HOx', 'e8A2', '8A2H', 'A2HO', '2HOx', 'NCMGydn9EkFcY1lR', 'CMGydn9EkFcY1lRG', 'MGydn9EkFcY1lRG7', 'Gydn9EkFcY1lRG7A', 'ydn9EkFcY1lR', 'dn9EkFcY1lRG', 'n9EkFcY1lRG7', '9EkFcY1lRG7A', 'EkFcY1lR', 'kFcY1lRG', 'FcY1lRG7', 'cY1lRG7A', 'Y1lR', '1lRG', 'lRG7', 'RG7A', 'Acg5EHnkSubsx4il', 'cg5EHnkSubsx4ilA', 'g5EHnkSubsx4ilAD', '5EHnkSubsx4ilADa', 'EHnkSubsx4il', 'HnkSubsx4ilA', 'nkSubsx4ilAD', 'kSubsx4ilADa', 'Subsx4il', 'ubsx4ilA', 'bsx4ilAD', 'sx4ilADa', 'x4il', '4ilA', 'ilAD', 'lADa', 'YwYhton2JWdYfiYU', 'wYhton2JWdYfiYUk', 'Yhton2JWdYfiYUkp', 'hton2JWdYfiYUkpb', 'ton2JWdYfiYU', 'on2JWdYfiYUk', 'n2JWdYfiYUkp', '2JWdYfiYUkpb', 'JWdYfiYU', 'WdYfiYUk', 'dYfiYUkp', 'YfiYUkpb', 'fiYU', 'iYUk', 'YUkp', 'Ukpb', 'zfIWo4nuC0pOPpQH', 'fIWo4nuC0pOPpQHc', 'IWo4nuC0pOPpQHcd', 'Wo4nuC0pOPpQHcdU', 'o4nuC0pOPpQH', '4nuC0pOPpQHc', 'nuC0pOPpQHcd', 'uC0pOPpQHcdU', 'C0pOPpQH', '0pOPpQHc', 'pOPpQHcd', 'OPpQHcdU', 'PpQH', 'pQHc', 'QHcd', 'HcdU', 'Ehs6p1nwKvc2VUcN', 'hs6p1nwKvc2VUcNB', 's6p1nwKvc2VUcNBI', '6p1nwKvc2VUcNBI0', 'p1nwKvc2VUcN', '1nwKvc2VUcNB', 'nwKvc2VUcNBI', 'wKvc2VUcNBI0', 'Kvc2VUcN', 'vc2VUcNB', 'c2VUcNBI', '2VUcNBI0', 'VUcN', 'UcNB', 'cNBI', 'NBI0', 'ValueTyp', 'alueType', 'lueT', 'ueTy', 'eTyp', 'Type', 'DaCfjQnpytIxMfeQ', 'aCfjQnpytIxMfeQo', 'CfjQnpytIxMfeQon', 'fjQnpytIxMfeQonv', 'jQnpytIxMfeQ', 'QnpytIxMfeQo', 'npytIxMfeQon', 'pytIxMfeQonv', 'ytIxMfeQ', 'tIxMfeQo', 'IxMfeQon', 'xMfeQonv', 'MfeQ', 'feQo', 'eQon', 'Qonv', 'nfgl7KnFiyOHldD5', 'fgl7KnFiyOHldD5p', 'gl7KnFiyOHldD5pV', 'l7KnFiyOHldD5pVk', '7KnFiyOHldD5', 'KnFiyOHldD5p', 'nFiyOHldD5pV', 'FiyOHldD5pVk', 'iyOHldD5', 'yOHldD5p', 'OHldD5pV', 'HldD5pVk', 'ldD5', 'dD5p', 'D5pV', '5pVk', 'T9OHYMnaySYkJY05', '9OHYMnaySYkJY05n', 'OHYMnaySYkJY05nT', 'HYMnaySYkJY05nTu', 'YMnaySYkJY05', 'MnaySYkJY05n', 'naySYkJY05nT', 'aySYkJY05nTu', 'ySYkJY05', 'SYkJY05n', 'YkJY05nT', 'kJY05nTu', 'JY05', 'Y05n', '05nT', '5nTu', 'Jb3e19n0IDVhGdJF', 'b3e19n0IDVhGdJFP', '3e19n0IDVhGdJFPr', 'e19n0IDVhGdJFPrM', '19n0IDVhGdJF', '9n0IDVhGdJFP', 'n0IDVhGdJFPr', '0IDVhGdJFPrM', 'IDVhGdJF', 'DVhGdJFP', 'VhGdJFPr', 'hGdJFPrM', 'GdJF', 'dJFP', 'JFPr', 'FPrM', 'tDKL4enANllmAtMd', 'DKL4enANllmAtMd0', 'KL4enANllmAtMd0V', 'L4enANllmAtMd0VX', '4enANllmAtMd', 'enANllmAtMd0', 'nANllmAtMd0V', 'ANllmAtMd0VX', 'NllmAtMd', 'llmAtMd0', 'lmAtMd0V', 'mAtMd0VX', 'AtMd', 'tMd0', 'Md0V', 'd0VX', 'ov0tIjnOV1ClMWQ4', 'v0tIjnOV1ClMWQ4B', '0tIjnOV1ClMWQ4Bl', 'tIjnOV1ClMWQ4Bl4', 'IjnOV1ClMWQ4', 'jnOV1ClMWQ4B', 'nOV1ClMWQ4Bl', 'OV1ClMWQ4Bl4', 'V1ClMWQ4', '1ClMWQ4B', 'ClMWQ4Bl', 'lMWQ4Bl4', 'MWQ4', 'WQ4B', 'Q4Bl', '4Bl4', 'ESH427noWTPxXXDq', 'SH427noWTPxXXDqf', 'H427noWTPxXXDqfG', '427noWTPxXXDqfGF', '27noWTPxXXDq', '7noWTPxXXDqf', 'noWTPxXXDqfG', 'oWTPxXXDqfGF', 'WTPxXXDq', 'TPxXXDqf', 'PxXXDqfG', 'xXXDqfGF', 'XXDq', 'XDqf', 'DqfG', 'qfGF', 'y2k93xnjUjuUCBxY', '2k93xnjUjuUCBxYt', 'k93xnjUjuUCBxYtn', '93xnjUjuUCBxYtnq', '3xnjUjuUCBxY', 'xnjUjuUCBxYt', 'njUjuUCBxYtn', 'jUjuUCBxYtnq', 'UjuUCBxY', 'juUCBxYt', 'uUCBxYtn', 'UCBxYtnq', 'CBxY', 'BxYt', 'xYtn', 'Ytnq', 'Enum', 'hII3SMnbqMu9tUfG', 'II3SMnbqMu9tUfGL', 'I3SMnbqMu9tUfGLB', '3SMnbqMu9tUfGLB8', 'SMnbqMu9tUfG', 'MnbqMu9tUfGL', 'nbqMu9tUfGLB', 'bqMu9tUfGLB8', 'qMu9tUfG', 'Mu9tUfGL', 'u9tUfGLB', '9tUfGLB8', 'tUfG', 'UfGL', 'fGLB', 'GLB8', 'AyT5WCnQZ0uUPe6C', 'yT5WCnQZ0uUPe6Cs', 'T5WCnQZ0uUPe6Csp', '5WCnQZ0uUPe6CspV', 'WCnQZ0uUPe6C', 'CnQZ0uUPe6Cs', 'nQZ0uUPe6Csp', 'QZ0uUPe6CspV', 'Z0uUPe6C', '0uUPe6Cs', 'uUPe6Csp', 'UPe6CspV', 'Pe6C', 'e6Cs', '6Csp', 'CspV', 'Crf22ZEG1SWCYGxb', 'rf22ZEG1SWCYGxb5', 'f22ZEG1SWCYGxb5h', '22ZEG1SWCYGxb5hg', '2ZEG1SWCYGxb', 'ZEG1SWCYGxb5', 'EG1SWCYGxb5h', 'G1SWCYGxb5hg', '1SWCYGxb', 'SWCYGxb5', 'WCYGxb5h', 'CYGxb5hg', 'YGxb', 'Gxb5', 'xb5h', 'b5hg', 'aN2CxCElA79vSjFL', 'N2CxCElA79vSjFL3', '2CxCElA79vSjFL3E', 'CxCElA79vSjFL3ET', 'xCElA79vSjFL', 'CElA79vSjFL3', 'ElA79vSjFL3E', 'lA79vSjFL3ET', 'A79vSjFL', '79vSjFL3', '9vSjFL3E', 'vSjFL3ET', 'SjFL', 'jFL3', 'FL3E', 'L3ET', 'bILQBvECiUe2MRnX', 'ILQBvECiUe2MRnXd', 'LQBvECiUe2MRnXdv', 'QBvECiUe2MRnXdvC', 'BvECiUe2MRnX', 'vECiUe2MRnXd', 'ECiUe2MRnXdv', 'CiUe2MRnXdvC', 'iUe2MRnX', 'Ue2MRnXd', 'e2MRnXdv', '2MRnXdvC', 'MRnX', 'RnXd', 'nXdv', 'XdvC', 'eEYiepZEYQFERSI9', 'EYiepZEYQFERSI9c', 'YiepZEYQFERSI9cN', 'iepZEYQFERSI9cNe', 'epZEYQFERSI9', 'pZEYQFERSI9c', 'ZEYQFERSI9cN', 'EYQFERSI9cNe', 'YQFERSI9', 'QFERSI9c', 'FERSI9cN', 'ERSI9cNe', 'RSI9', 'SI9c', 'I9cN', '9cNe', 'sqN7NaZ6AvxHnT9q', 'qN7NaZ6AvxHnT9qC', 'N7NaZ6AvxHnT9qCB', '7NaZ6AvxHnT9qCBr', 'NaZ6AvxHnT9q', 'aZ6AvxHnT9qC', 'Z6AvxHnT9qCB', '6AvxHnT9qCBr', 'AvxHnT9q', 'vxHnT9qC', 'xHnT9qCB', 'HnT9qCBr', 'nT9q', 'T9qC', '9qCB', 'qCBr', 'nfFAF8ZGYCpLmKaA', 'fFAF8ZGYCpLmKaAg', 'FAF8ZGYCpLmKaAgg', 'AF8ZGYCpLmKaAggM', 'F8ZGYCpLmKaA', '8ZGYCpLmKaAg', 'ZGYCpLmKaAgg', 'GYCpLmKaAggM', 'YCpLmKaA', 'CpLmKaAg', 'pLmKaAgg', 'LmKaAggM', 'mKaA', 'KaAg', 'aAgg', 'AggM', 'qcdTIIZ5PkcfxwSS', 'cdTIIZ5PkcfxwSSg', 'dTIIZ5PkcfxwSSgh', 'TIIZ5PkcfxwSSghB', 'IIZ5PkcfxwSS', 'IZ5PkcfxwSSg', 'Z5PkcfxwSSgh', '5PkcfxwSSghB', 'PkcfxwSS', 'kcfxwSSg', 'cfxwSSgh', 'fxwSSghB', 'xwSS', 'wSSg', 'SSgh', 'SghB', 'm4ovJkZyiaePCH9S', '4ovJkZyiaePCH9Sa', 'ovJkZyiaePCH9Sam', 'vJkZyiaePCH9Samm', 'JkZyiaePCH9S', 'kZyiaePCH9Sa', 'ZyiaePCH9Sam', 'yiaePCH9Samm', 'iaePCH9S', 'aePCH9Sa', 'ePCH9Sam', 'PCH9Samm', 'CH9S', 'H9Sa', '9Sam', 'Samm', 'q4eR9bZppH8OXQ5m', '4eR9bZppH8OXQ5mm', 'eR9bZppH8OXQ5mmy', 'R9bZppH8OXQ5mmyJ', '9bZppH8OXQ5m', 'bZppH8OXQ5mm', 'ZppH8OXQ5mmy', 'ppH8OXQ5mmyJ', 'pH8OXQ5m', 'H8OXQ5mm', '8OXQ5mmy', 'OXQ5mmyJ', 'XQ5m', 'Q5mm', '5mmy', 'mmyJ', 'MLs45FZSTd2TiolY', 'Ls45FZSTd2TiolYQ', 's45FZSTd2TiolYQe', '45FZSTd2TiolYQe0', '5FZSTd2TiolY', 'FZSTd2TiolYQ', 'ZSTd2TiolYQe', 'STd2TiolYQe0', 'Td2TiolY', 'd2TiolYQ', '2TiolYQe', 'TiolYQe0', 'iolY', 'olYQ', 'lYQe', 'YQe0', 'AX1MdQZclsPF6Dle', 'X1MdQZclsPF6Dlec', '1MdQZclsPF6DlecJ', 'MdQZclsPF6DlecJ9', 'dQZclsPF6Dle', 'QZclsPF6Dlec', 'ZclsPF6DlecJ', 'clsPF6DlecJ9', 'lsPF6Dle', 'sPF6Dlec', 'PF6DlecJ', 'F6DlecJ9', '6Dle', 'Dlec', 'lecJ', 'ecJ9', 'PEKuIAZgrySKtMEn', 'EKuIAZgrySKtMEn5', 'KuIAZgrySKtMEn5G', 'uIAZgrySKtMEn5G6', 'IAZgrySKtMEn', 'AZgrySKtMEn5', 'ZgrySKtMEn5G', 'grySKtMEn5G6', 'rySKtMEn', 'ySKtMEn5', 'SKtMEn5G', 'KtMEn5G6', 'tMEn', 'MEn5', 'En5G', 'n5G6', 'Exceptio', 'xception', 'cept', 'epti', 'ptio', 'G0PLweZFUarMcHkd', '0PLweZFUarMcHkd2', 'PLweZFUarMcHkd2I', 'LweZFUarMcHkd2Ij', 'weZFUarMcHkd', 'eZFUarMcHkd2', 'ZFUarMcHkd2I', 'FUarMcHkd2Ij', 'UarMcHkd', 'arMcHkd2', 'rMcHkd2I', 'McHkd2Ij', 'cHkd', 'Hkd2', 'kd2I', 'd2Ij', 'UAP4vtZaVfLr8cXy', 'AP4vtZaVfLr8cXyu', 'P4vtZaVfLr8cXyuG', '4vtZaVfLr8cXyuGU', 'vtZaVfLr8cXy', 'tZaVfLr8cXyu', 'ZaVfLr8cXyuG', 'aVfLr8cXyuGU', 'VfLr8cXy', 'fLr8cXyu', 'Lr8cXyuG', 'r8cXyuGU', '8cXy', 'cXyu', 'XyuG', 'yuGU', 'mTYLjCZOmYjchmLt', 'TYLjCZOmYjchmLtA', 'YLjCZOmYjchmLtAm', 'LjCZOmYjchmLtAmE', 'jCZOmYjchmLt', 'CZOmYjchmLtA', 'ZOmYjchmLtAm', 'OmYjchmLtAmE', 'mYjchmLt', 'YjchmLtA', 'jchmLtAm', 'chmLtAmE', 'hmLt', 'mLtA', 'LtAm', 'tAmE', 'f9DRwnZouqJtBI4o', '9DRwnZouqJtBI4o3', 'DRwnZouqJtBI4o3P', 'RwnZouqJtBI4o3P3', 'wnZouqJtBI4o', 'nZouqJtBI4o3', 'ZouqJtBI4o3P', 'ouqJtBI4o3P3', 'uqJtBI4o', 'qJtBI4o3', 'JtBI4o3P', 'tBI4o3P3', 'BI4o', 'I4o3', '4o3P', 'o3P3', 'kkO1N0ZQrNkfq0Qv', 'kO1N0ZQrNkfq0Qvn', 'O1N0ZQrNkfq0Qvng', '1N0ZQrNkfq0Qvngq', 'N0ZQrNkfq0Qv', '0ZQrNkfq0Qvn', 'ZQrNkfq0Qvng', 'QrNkfq0Qvngq', 'rNkfq0Qv', 'Nkfq0Qvn', 'kfq0Qvng', 'fq0Qvngq', 'q0Qv', '0Qvn', 'Qvng', 'vngq', 'edDYLYZdyGOpcxZ2', 'dDYLYZdyGOpcxZ21', 'DYLYZdyGOpcxZ21y', 'YLYZdyGOpcxZ21y1', 'LYZdyGOpcxZ2', 'YZdyGOpcxZ21', 'ZdyGOpcxZ21y', 'dyGOpcxZ21y1', 'yGOpcxZ2', 'GOpcxZ21', 'OpcxZ21y', 'pcxZ21y1', 'cxZ2', 'xZ21', 'Z21y', '21y1', 'TSwuArZxMcJgGs7n', 'SwuArZxMcJgGs7nO', 'wuArZxMcJgGs7nO9', 'uArZxMcJgGs7nO94', 'ArZxMcJgGs7n', 'rZxMcJgGs7nO', 'ZxMcJgGs7nO9', 'xMcJgGs7nO94', 'McJgGs7n', 'cJgGs7nO', 'JgGs7nO9', 'gGs7nO94', 'Gs7n', 's7nO', '7nO9', 'nO94', 'vVGPKJ7HJILhLkXU', 'VGPKJ7HJILhLkXU7', 'GPKJ7HJILhLkXU7l', 'PKJ7HJILhLkXU7lr', 'KJ7HJILhLkXU', 'J7HJILhLkXU7', '7HJILhLkXU7l', 'HJILhLkXU7lr', 'JILhLkXU', 'ILhLkXU7', 'LhLkXU7l', 'hLkXU7lr', 'LkXU', 'kXU7', 'XU7l', 'U7lr', 'PmgkF37Z800GqTma', 'mgkF37Z800GqTmab', 'gkF37Z800GqTmab7', 'kF37Z800GqTmab72', 'F37Z800GqTma', '37Z800GqTmab', '7Z800GqTmab7', 'Z800GqTmab72', '800GqTma', '00GqTmab', '0GqTmab7', 'GqTmab72', 'qTma', 'Tmab', 'mab7', 'ab72', 'a43An57s4QboQnkD', '43An57s4QboQnkDl', '3An57s4QboQnkDlG', 'An57s4QboQnkDlGU', 'n57s4QboQnkD', '57s4QboQnkDl', '7s4QboQnkDlG', 's4QboQnkDlGU', '4QboQnkD', 'QboQnkDl', 'boQnkDlG', 'oQnkDlGU', 'QnkD', 'nkDl', 'kDlG', 'DlGU', 'KCmIX67URdY8wTxH', 'CmIX67URdY8wTxHc', 'mIX67URdY8wTxHcR', 'IX67URdY8wTxHcRk', 'X67URdY8wTxH', '67URdY8wTxHc', '7URdY8wTxHcR', 'URdY8wTxHcRk', 'RdY8wTxH', 'dY8wTxHc', 'Y8wTxHcR', '8wTxHcRk', 'wTxH', 'TxHc', 'xHcR', 'HcRk', 'jHMZUB7PSB8BFaPt', 'HMZUB7PSB8BFaPtM', 'MZUB7PSB8BFaPtMW', 'ZUB7PSB8BFaPtMWe', 'UB7PSB8BFaPt', 'B7PSB8BFaPtM', '7PSB8BFaPtMW', 'PSB8BFaPtMWe', 'SB8BFaPt', 'B8BFaPtM', '8BFaPtMW', 'BFaPtMWe', 'FaPt', 'aPtM', 'PtMW', 'tMWe', 'ts1IdQ75ae4NyEyi', 's1IdQ75ae4NyEyii', '1IdQ75ae4NyEyiit', 'IdQ75ae4NyEyiite', 'dQ75ae4NyEyi', 'Q75ae4NyEyii', '75ae4NyEyiit', '5ae4NyEyiite', 'ae4NyEyi', 'e4NyEyii', '4NyEyiit', 'NyEyiite', 'yEyi', 'Eyii', 'yiit', 'iite', 'n0VnKI71Hj1Hfvpe', '0VnKI71Hj1Hfvpe7', 'VnKI71Hj1Hfvpe72', 'nKI71Hj1Hfvpe72r', 'KI71Hj1Hfvpe', 'I71Hj1Hfvpe7', '71Hj1Hfvpe72', '1Hj1Hfvpe72r', 'Hj1Hfvpe', 'j1Hfvpe7', '1Hfvpe72', 'Hfvpe72r', 'fvpe', 'vpe7', 'pe72', 'e72r', 'zefdOA7k6NVlTE0X', 'efdOA7k6NVlTE0XM', 'fdOA7k6NVlTE0XMr', 'dOA7k6NVlTE0XMr4', 'OA7k6NVlTE0X', 'A7k6NVlTE0XM', '7k6NVlTE0XMr', 'k6NVlTE0XMr4', '6NVlTE0X', 'NVlTE0XM', 'VlTE0XMr', 'lTE0XMr4', 'TE0X', 'E0XM', '0XMr', 'XMr4', 'DwheO273r7o3I1Dr', 'wheO273r7o3I1Drm', 'heO273r7o3I1Drmn', 'eO273r7o3I1Drmny', 'O273r7o3I1Dr', '273r7o3I1Drm', '73r7o3I1Drmn', '3r7o3I1Drmny', 'r7o3I1Dr', '7o3I1Drm', 'o3I1Drmn', '3I1Drmny', 'I1Dr', '1Drm', 'Drmn', 'rmny', 'oRqAkK7ypJcSrOOS', 'RqAkK7ypJcSrOOSr', 'qAkK7ypJcSrOOSrX', 'AkK7ypJcSrOOSrXq', 'kK7ypJcSrOOS', 'K7ypJcSrOOSr', '7ypJcSrOOSrX', 'ypJcSrOOSrXq', 'pJcSrOOS', 'JcSrOOSr', 'cSrOOSrX', 'SrOOSrXq', 'rOOS', 'OOSr', 'OSrX', 'SrXq', 'gtOrT97pB7YK24CQ', 'tOrT97pB7YK24CQD', 'OrT97pB7YK24CQDX', 'rT97pB7YK24CQDXF', 'T97pB7YK24CQ', '97pB7YK24CQD', '7pB7YK24CQDX', 'pB7YK24CQDXF', 'B7YK24CQ', '7YK24CQD', 'YK24CQDX', 'K24CQDXF', '24CQ', '4CQD', 'CQDX', 'QDXF', 'YagRTL7Jna4qy3bW', 'agRTL7Jna4qy3bWE', 'gRTL7Jna4qy3bWEr', 'RTL7Jna4qy3bWErY', 'TL7Jna4qy3bW', 'L7Jna4qy3bWE', '7Jna4qy3bWEr', 'Jna4qy3bWErY', 'na4qy3bW', 'a4qy3bWE', '4qy3bWEr', 'qy3bWErY', 'y3bW', '3bWE', 'bWEr', 'WErY', 'Mt1Veh78BubfcaBL', 't1Veh78BubfcaBLG', '1Veh78BubfcaBLG1', 'Veh78BubfcaBLG1Y', 'eh78BubfcaBL', 'h78BubfcaBLG', '78BubfcaBLG1', '8BubfcaBLG1Y', 'BubfcaBL', 'ubfcaBLG', 'bfcaBLG1', 'fcaBLG1Y', 'caBL', 'aBLG', 'BLG1', 'LG1Y', 'BgTr2I7SqG3SuYLi', 'gTr2I7SqG3SuYLii', 'Tr2I7SqG3SuYLiir', 'r2I7SqG3SuYLiiru', '2I7SqG3SuYLi', 'I7SqG3SuYLii', '7SqG3SuYLiir', 'SqG3SuYLiiru', 'qG3SuYLi', 'G3SuYLii', '3SuYLiir', 'SuYLiiru', 'uYLi', 'YLii', 'Liir', 'iiru', 'L20T6L6IcLaXIrAN', '20T6L6IcLaXIrANR', '0T6L6IcLaXIrANR3', 'T6L6IcLaXIrANR3F', '6L6IcLaXIrAN', 'L6IcLaXIrANR', '6IcLaXIrANR3', 'IcLaXIrANR3F', 'cLaXIrAN', 'LaXIrANR', 'aXIrANR3', 'XIrANR3F', 'IrAN', 'rANR', 'ANR3', 'NR3F', 'FwrX5yPtqhsabjCg', 'wrX5yPtqhsabjCgR', 'rX5yPtqhsabjCgRn', 'X5yPtqhsabjCgRnP', '5yPtqhsabjCg', 'yPtqhsabjCgR', 'PtqhsabjCgRn', 'tqhsabjCgRnP', 'qhsabjCg', 'hsabjCgR', 'sabjCgRn', 'abjCgRnP', 'bjCg', 'jCgR', 'CgRn', 'gRnP', 'srf2836LgQlWsOlt', 'rf2836LgQlWsOltO', 'f2836LgQlWsOltOh', '2836LgQlWsOltOhD', '836LgQlWsOlt', '36LgQlWsOltO', '6LgQlWsOltOh', 'LgQlWsOltOhD', 'gQlWsOlt', 'QlWsOltO', 'lWsOltOh', 'WsOltOhD', 'sOlt', 'OltO', 'ltOh', 'tOhD', 'Hi8dEi6RnPKsS0aa', 'i8dEi6RnPKsS0aaO', '8dEi6RnPKsS0aaOc', 'dEi6RnPKsS0aaOc1', 'Ei6RnPKsS0aa', 'i6RnPKsS0aaO', '6RnPKsS0aaOc', 'RnPKsS0aaOc1', 'nPKsS0aa', 'PKsS0aaO', 'KsS0aaOc', 'sS0aaOc1', 'S0aa', '0aaO', 'aaOc', 'aOc1', 'mV5sgs6fOJQtReSu', 'V5sgs6fOJQtReSuV', '5sgs6fOJQtReSuV6', 'sgs6fOJQtReSuV6I', 'gs6fOJQtReSu', 's6fOJQtReSuV', '6fOJQtReSuV6', 'fOJQtReSuV6I', 'OJQtReSu', 'JQtReSuV', 'QtReSuV6', 'tReSuV6I', 'ReSu', 'eSuV', 'SuV6', 'uV6I', 'heNJpU6uwphP8kwI', 'eNJpU6uwphP8kwIS', 'NJpU6uwphP8kwISl', 'JpU6uwphP8kwISlf', 'pU6uwphP8kwI', 'U6uwphP8kwIS', '6uwphP8kwISl', 'uwphP8kwISlf', 'wphP8kwI', 'phP8kwIS', 'hP8kwISl', 'P8kwISlf', '8kwI', 'kwIS', 'wISl', 'ISlf', 'KnO4xW6yxlPT8Abt', 'nO4xW6yxlPT8Abto', 'O4xW6yxlPT8AbtoA', '4xW6yxlPT8AbtoAJ', 'xW6yxlPT8Abt', 'W6yxlPT8Abto', '6yxlPT8AbtoA', 'yxlPT8AbtoAJ', 'xlPT8Abt', 'lPT8Abto', 'PT8AbtoA', 'T8AbtoAJ', '8Abt', 'Abto', 'toAJ', 'bgb85G6Jhf589wyb', 'gb85G6Jhf589wybm', 'b85G6Jhf589wybml', '85G6Jhf589wybmlZ', '5G6Jhf589wyb', 'G6Jhf589wybm', '6Jhf589wybml', 'Jhf589wybmlZ', 'hf589wyb', 'f589wybm', '589wybml', '89wybmlZ', '9wyb', 'wybm', 'ybml', 'bmlZ', 'L1sarQ6c4x9u6QhD', '1sarQ6c4x9u6QhDS', 'sarQ6c4x9u6QhDS5', 'arQ6c4x9u6QhDS59', 'rQ6c4x9u6QhD', 'Q6c4x9u6QhDS', '6c4x9u6QhDS5', 'c4x9u6QhDS59', '4x9u6QhD', 'x9u6QhDS', '9u6QhDS5', 'u6QhDS59', '6QhD', 'QhDS', 'hDS5', 'DS59', 'YfvXSQ6FAg8ViQL9', 'fvXSQ6FAg8ViQL9M', 'vXSQ6FAg8ViQL9M2', 'XSQ6FAg8ViQL9M29', 'SQ6FAg8ViQL9', 'Q6FAg8ViQL9M', '6FAg8ViQL9M2', 'FAg8ViQL9M29', 'Ag8ViQL9', 'g8ViQL9M', '8ViQL9M2', 'ViQL9M29', 'iQL9', 'QL9M', 'L9M2', '9M29', 'CsWkun6A9Is4RyqD', 'sWkun6A9Is4RyqD9', 'Wkun6A9Is4RyqD9v', 'kun6A9Is4RyqD9vJ', 'un6A9Is4RyqD', 'n6A9Is4RyqD9', '6A9Is4RyqD9v', 'A9Is4RyqD9vJ', '9Is4RyqD', 'Is4RyqD9', 's4RyqD9v', '4RyqD9vJ', 'RyqD', 'yqD9', 'qD9v', 'D9vJ', 'S5CS3I6iRaAlKeCb', '5CS3I6iRaAlKeCbf', 'CS3I6iRaAlKeCbfk', 'S3I6iRaAlKeCbfkZ', '3I6iRaAlKeCb', 'I6iRaAlKeCbf', '6iRaAlKeCbfk', 'iRaAlKeCbfkZ', 'RaAlKeCb', 'aAlKeCbf', 'AlKeCbfk', 'lKeCbfkZ', 'KeCb', 'eCbf', 'Cbfk', 'bfkZ', 'wm5qBthe7PWiyp6Q', 'm5qBthe7PWiyp6Qw', '5qBthe7PWiyp6QwX', 'qBthe7PWiyp6QwXj', 'Bthe7PWiyp6Q', 'the7PWiyp6Qw', 'he7PWiyp6QwX', 'e7PWiyp6QwXj', '7PWiyp6Q', 'PWiyp6Qw', 'Wiyp6QwX', 'iyp6QwXj', 'yp6Q', 'p6Qw', '6QwX', 'QwXj', 'O1q2liP6LGPIEYif', '1q2liP6LGPIEYifL', 'q2liP6LGPIEYifLA', '2liP6LGPIEYifLAe', 'liP6LGPIEYif', 'iP6LGPIEYifL', 'P6LGPIEYifLA', '6LGPIEYifLAe', 'LGPIEYif', 'GPIEYifL', 'PIEYifLA', 'IEYifLAe', 'EYif', 'YifL', 'ifLA', 'fLAe', 'PrivateImplementationDetails', 'rivateImplementationDeta', 'ivateImplementationDetai', 'vateImplementationDetail', 'ateImplementationDetails', 'teImplementationDeta', 'eImplementationDetai', 'ImplementationDetail', 'mplementationDetails', 'plementationDeta', 'lementationDetai', 'ementationDetail', 'mentationDetails', 'entationDeta', 'ntationDetai', 'tationDetail', 'ationDetails', 'tionDeta', 'ionDetai', 'onDetail', 'nDetails', 'Deta', 'etai', 'tail', 'ails', '987D5E06', '87D5', '7D5E', 'D5E0', '5E06', '59D6', '4C51', '9ADF', 'C3C0AE4FC498', '3C0AE4FC', 'C0AE4FC4', '0AE4FC49', 'AE4FC498', 'E4FC', '4FC4', 'FC49', 'C498', 'StaticArrayInitTypeSize=', 'taticArrayInitTypeSi', 'aticArrayInitTypeSiz', 'ticArrayInitTypeSize', 'icArrayInitTypeSize=', 'cArrayInitTypeSi', 'ArrayInitTypeSiz', 'rrayInitTypeSize', 'rayInitTypeSize=', 'ayInitTypeSi', 'yInitTypeSiz', 'InitTypeSize', 'nitTypeSize=', 'itTypeSi', 'tTypeSiz', 'TypeSize', 'ypeSize=', 'peSi', 'eSiz', 'Size', 'ize=', 'b8bddd2a', '8bdd', 'bddd', 'ddd2', 'dd2a', 'a952', '4523', '8049', '3c5b3829d6dc', 'c5b3829d', '5b3829d6', 'b3829d6d', '3829d6dc', '829d', '29d6', '9d6d', 'd6dc', 'omOQJrKemiAP7Z2x', 'mOQJrKemiAP7Z2xy', 'OQJrKemiAP7Z2xyM', 'QJrKemiAP7Z2xyMT', 'JrKemiAP7Z2x', 'rKemiAP7Z2xy', 'KemiAP7Z2xyM', 'emiAP7Z2xyMT', 'miAP7Z2x', 'iAP7Z2xy', 'AP7Z2xyM', 'P7Z2xyMT', '7Z2x', 'Z2xy', '2xyM', 'xyMT', 'z2G8uZKG117QRUpG', '2G8uZKG117QRUpGh', 'G8uZKG117QRUpGhT', '8uZKG117QRUpGhTC', 'uZKG117QRUpG', 'ZKG117QRUpGh', 'KG117QRUpGhT', 'G117QRUpGhTC', '117QRUpG', '17QRUpGh', '7QRUpGhT', 'QRUpGhTC', 'RUpG', 'UpGh', 'pGhT', 'GhTC', 'SKJNgtKIXnVETvnX', 'KJNgtKIXnVETvnXa', 'JNgtKIXnVETvnXa6', 'NgtKIXnVETvnXa68', 'gtKIXnVETvnX', 'tKIXnVETvnXa', 'KIXnVETvnXa6', 'IXnVETvnXa68', 'XnVETvnX', 'nVETvnXa', 'VETvnXa6', 'ETvnXa68', 'TvnX', 'vnXa', 'nXa6', 'Xa68', 'EdSpWlKRhBJMWAXP', 'dSpWlKRhBJMWAXPe', 'SpWlKRhBJMWAXPeu', 'pWlKRhBJMWAXPeuC', 'WlKRhBJMWAXP', 'lKRhBJMWAXPe', 'KRhBJMWAXPeu', 'RhBJMWAXPeuC', 'hBJMWAXP', 'BJMWAXPe', 'JMWAXPeu', 'MWAXPeuC', 'WAXP', 'AXPe', 'XPeu', 'PeuC', 'xvAQZ9K5ArSQPRjf', 'vAQZ9K5ArSQPRjfS', 'AQZ9K5ArSQPRjfSC', 'QZ9K5ArSQPRjfSCC', 'Z9K5ArSQPRjf', '9K5ArSQPRjfS', 'K5ArSQPRjfSC', '5ArSQPRjfSCC', 'ArSQPRjf', 'rSQPRjfS', 'SQPRjfSC', 'QPRjfSCC', 'PRjf', 'RjfS', 'jfSC', 'fSCC', 'KsRkatKmW4f39LXK', 'sRkatKmW4f39LXKC', 'RkatKmW4f39LXKCr', 'katKmW4f39LXKCr4', 'atKmW4f39LXK', 'tKmW4f39LXKC', 'KmW4f39LXKCr', 'mW4f39LXKCr4', 'W4f39LXK', '4f39LXKC', 'f39LXKCr', '39LXKCr4', '9LXK', 'LXKC', 'XKCr', 'KCr4', 'EYZVM3K4Ltpo7YmH', 'YZVM3K4Ltpo7YmHY', 'ZVM3K4Ltpo7YmHYm', 'VM3K4Ltpo7YmHYmg', 'M3K4Ltpo7YmH', '3K4Ltpo7YmHY', 'K4Ltpo7YmHYm', '4Ltpo7YmHYmg', 'Ltpo7YmH', 'tpo7YmHY', 'po7YmHYm', 'o7YmHYmg', '7YmH', 'YmHY', 'mHYm', 'HYmg', 'aaLtLCK1KPASf3CM', 'aLtLCK1KPASf3CME', 'LtLCK1KPASf3CMEX', 'tLCK1KPASf3CMEXv', 'LCK1KPASf3CM', 'CK1KPASf3CME', 'K1KPASf3CMEX', '1KPASf3CMEXv', 'KPASf3CM', 'PASf3CME', 'ASf3CMEX', 'Sf3CMEXv', 'f3CM', '3CME', 'CMEX', 'MEXv', 'fZWrWaKqtwaBqdVF', 'ZWrWaKqtwaBqdVF0', 'WrWaKqtwaBqdVF0b', 'rWaKqtwaBqdVF0b4', 'WaKqtwaBqdVF', 'aKqtwaBqdVF0', 'KqtwaBqdVF0b', 'qtwaBqdVF0b4', 'twaBqdVF', 'waBqdVF0', 'aBqdVF0b', 'BqdVF0b4', 'qdVF', 'dVF0', 'VF0b', 'F0b4', 'jQYWXQKYAPerw4Wf', 'QYWXQKYAPerw4Wfd', 'YWXQKYAPerw4WfdC', 'WXQKYAPerw4WfdCs', 'XQKYAPerw4Wf', 'QKYAPerw4Wfd', 'KYAPerw4WfdC', 'YAPerw4WfdCs', 'APerw4Wf', 'Perw4Wfd', 'erw4WfdC', 'rw4WfdCs', 'w4Wf', '4Wfd', 'WfdC', 'fdCs', 'A4HaU4Kut45feEMP', '4HaU4Kut45feEMPE', 'HaU4Kut45feEMPEx', 'aU4Kut45feEMPExx', 'U4Kut45feEMP', '4Kut45feEMPE', 'Kut45feEMPEx', 'ut45feEMPExx', 't45feEMP', '45feEMPE', '5feEMPEx', 'feEMPExx', 'eEMP', 'EMPE', 'MPEx', 'PExx', 'neoWA0K3k6wIGyMd', 'eoWA0K3k6wIGyMdX', 'oWA0K3k6wIGyMdXf', 'WA0K3k6wIGyMdXfa', 'A0K3k6wIGyMd', '0K3k6wIGyMdX', 'K3k6wIGyMdXf', '3k6wIGyMdXfa', 'k6wIGyMd', '6wIGyMdX', 'wIGyMdXf', 'IGyMdXfa', 'GyMd', 'yMdX', 'MdXf', 'dXfa', 'sgvsLfKpUSFAHYp6', 'gvsLfKpUSFAHYp6q', 'vsLfKpUSFAHYp6q8', 'sLfKpUSFAHYp6q8Z', 'LfKpUSFAHYp6', 'fKpUSFAHYp6q', 'KpUSFAHYp6q8', 'pUSFAHYp6q8Z', 'USFAHYp6', 'SFAHYp6q', 'FAHYp6q8', 'AHYp6q8Z', 'HYp6', 'Yp6q', 'p6q8', '6q8Z', 'mAJGWwK8TArvLw8P', 'AJGWwK8TArvLw8P4', 'JGWwK8TArvLw8P4q', 'GWwK8TArvLw8P4qN', 'WwK8TArvLw8P', 'wK8TArvLw8P4', 'K8TArvLw8P4q', '8TArvLw8P4qN', 'TArvLw8P', 'ArvLw8P4', 'rvLw8P4q', 'vLw8P4qN', 'Lw8P', 'w8P4', '8P4q', 'P4qN', 'hYMKsIKc9TVB7OhC', 'YMKsIKc9TVB7OhCB', 'MKsIKc9TVB7OhCBm', 'KsIKc9TVB7OhCBmh', 'sIKc9TVB7OhC', 'IKc9TVB7OhCB', 'Kc9TVB7OhCBm', 'c9TVB7OhCBmh', '9TVB7OhC', 'TVB7OhCB', 'VB7OhCBm', 'B7OhCBmh', '7OhC', 'OhCB', 'hCBm', 'CBmh', 'V8mIk0KF0B35LNuS', '8mIk0KF0B35LNuSY', 'mIk0KF0B35LNuSY1', 'Ik0KF0B35LNuSY1K', 'k0KF0B35LNuS', '0KF0B35LNuSY', 'KF0B35LNuSY1', 'F0B35LNuSY1K', '0B35LNuS', 'B35LNuSY', '35LNuSY1', '5LNuSY1K', 'LNuS', 'NuSY', 'uSY1', 'SY1K', 'cHawEkK0OATIEU27', 'HawEkK0OATIEU27s', 'awEkK0OATIEU27so', 'wEkK0OATIEU27soM', 'EkK0OATIEU27', 'kK0OATIEU27s', 'K0OATIEU27so', '0OATIEU27soM', 'OATIEU27', 'ATIEU27s', 'TIEU27so', 'IEU27soM', 'EU27', 'U27s', '27so', '7soM', 'O5YJGXKOrMUjJNfi', '5YJGXKOrMUjJNfi7', 'YJGXKOrMUjJNfi7U', 'JGXKOrMUjJNfi7UN', 'GXKOrMUjJNfi', 'XKOrMUjJNfi7', 'KOrMUjJNfi7U', 'OrMUjJNfi7UN', 'rMUjJNfi', 'MUjJNfi7', 'UjJNfi7U', 'jJNfi7UN', 'JNfi', 'Nfi7', 'fi7U', 'i7UN', 'AEjd30Kj4CsNeWXv', 'Ejd30Kj4CsNeWXvG', 'jd30Kj4CsNeWXvGO', 'd30Kj4CsNeWXvGOU', '30Kj4CsNeWXv', '0Kj4CsNeWXvG', 'Kj4CsNeWXvGO', 'j4CsNeWXvGOU', '4CsNeWXv', 'CsNeWXvG', 'sNeWXvGO', 'NeWXvGOU', 'eWXv', 'WXvG', 'XvGO', 'vGOU', 'w8QP5wKQRuXLC69a', '8QP5wKQRuXLC69ap', 'QP5wKQRuXLC69apo', 'P5wKQRuXLC69apo5', '5wKQRuXLC69a', 'wKQRuXLC69ap', 'KQRuXLC69apo', 'QRuXLC69apo5', 'RuXLC69a', 'uXLC69ap', 'XLC69apo', 'LC69apo5', 'C69a', '69ap', '9apo', 'apo5', 'lj7eyIKt3ZTs1Vmj', 'j7eyIKt3ZTs1VmjD', '7eyIKt3ZTs1VmjDw', 'eyIKt3ZTs1VmjDww', 'yIKt3ZTs1Vmj', 'IKt3ZTs1VmjD', 'Kt3ZTs1VmjDw', 't3ZTs1VmjDww', '3ZTs1Vmj', 'ZTs1VmjD', 'Ts1VmjDw', 's1VmjDww', '1Vmj', 'VmjD', 'mjDw', 'jDww', 'MUoWTRKCaqM1BJ33', 'UoWTRKCaqM1BJ334', 'oWTRKCaqM1BJ334q', 'WTRKCaqM1BJ334qD', 'TRKCaqM1BJ33', 'RKCaqM1BJ334', 'KCaqM1BJ334q', 'CaqM1BJ334qD', 'aqM1BJ33', 'qM1BJ334', 'M1BJ334q', '1BJ334qD', 'BJ33', 'J334', '334q', '34qD', 'yK06gIKxRqHBFoeE', 'K06gIKxRqHBFoeEr', '06gIKxRqHBFoeErj', '6gIKxRqHBFoeErjs', 'gIKxRqHBFoeE', 'IKxRqHBFoeEr', 'KxRqHBFoeErj', 'xRqHBFoeErjs', 'RqHBFoeE', 'qHBFoeEr', 'HBFoeErj', 'BFoeErjs', 'FoeE', 'oeEr', 'eErj', 'Erjs', 'olaA1xUVZAC5WHf2', 'laA1xUVZAC5WHf2a', 'aA1xUVZAC5WHf2a1', 'A1xUVZAC5WHf2a1g', '1xUVZAC5WHf2', 'xUVZAC5WHf2a', 'UVZAC5WHf2a1', 'VZAC5WHf2a1g', 'ZAC5WHf2', 'AC5WHf2a', 'C5WHf2a1', '5WHf2a1g', 'WHf2', 'Hf2a', 'f2a1', '2a1g', 'Euex6WUnqFCfZEDV', 'uex6WUnqFCfZEDVk', 'ex6WUnqFCfZEDVkR', 'x6WUnqFCfZEDVkRp', '6WUnqFCfZEDV', 'WUnqFCfZEDVk', 'UnqFCfZEDVkR', 'nqFCfZEDVkRp', 'qFCfZEDV', 'FCfZEDVk', 'CfZEDVkR', 'fZEDVkRp', 'ZEDV', 'EDVk', 'DVkR', 'VkRp', 'ox12UJUZM3aWAF2t', 'x12UJUZM3aWAF2tF', '12UJUZM3aWAF2tFW', '2UJUZM3aWAF2tFW7', 'UJUZM3aWAF2t', 'JUZM3aWAF2tF', 'UZM3aWAF2tFW', 'ZM3aWAF2tFW7', 'M3aWAF2t', '3aWAF2tF', 'aWAF2tFW', 'WAF2tFW7', 'AF2t', 'F2tF', '2tFW', 'tFW7', 'M0AU4uUWNxhN671d', '0AU4uUWNxhN671dm', 'AU4uUWNxhN671dmj', 'U4uUWNxhN671dmjH', '4uUWNxhN671d', 'uUWNxhN671dm', 'UWNxhN671dmj', 'WNxhN671dmjH', 'NxhN671d', 'xhN671dm', 'hN671dmj', 'N671dmjH', '671d', '71dm', '1dmj', 'dmjH', 'cinM6yUs7DXpxV2u', 'inM6yUs7DXpxV2uw', 'nM6yUs7DXpxV2uwy', 'M6yUs7DXpxV2uwyl', '6yUs7DXpxV2u', 'yUs7DXpxV2uw', 'Us7DXpxV2uwy', 's7DXpxV2uwyl', '7DXpxV2u', 'DXpxV2uw', 'XpxV2uwy', 'pxV2uwyl', 'xV2u', 'V2uw', '2uwy', 'uwyl', 'WJ88isUhykuSdAqr', 'J88isUhykuSdAqrK', '88isUhykuSdAqrKQ', '8isUhykuSdAqrKQM', 'isUhykuSdAqr', 'sUhykuSdAqrK', 'UhykuSdAqrKQ', 'hykuSdAqrKQM', 'ykuSdAqr', 'kuSdAqrK', 'uSdAqrKQ', 'SdAqrKQM', 'dAqr', 'AqrK', 'qrKQ', 'rKQM', 'CdZpBvUKmPxZsqJr', 'dZpBvUKmPxZsqJrr', 'ZpBvUKmPxZsqJrra', 'pBvUKmPxZsqJrraj', 'BvUKmPxZsqJr', 'vUKmPxZsqJrr', 'UKmPxZsqJrra', 'KmPxZsqJrraj', 'mPxZsqJr', 'PxZsqJrr', 'xZsqJrra', 'ZsqJrraj', 'sqJr', 'qJrr', 'Jrra', 'rraj', 'Cv5RkZUrIhrNK9QI', 'v5RkZUrIhrNK9QIP', '5RkZUrIhrNK9QIPr', 'RkZUrIhrNK9QIPrw', 'kZUrIhrNK9QI', 'ZUrIhrNK9QIP', 'UrIhrNK9QIPr', 'rIhrNK9QIPrw', 'IhrNK9QI', 'hrNK9QIP', 'rNK9QIPr', 'NK9QIPrw', 'K9QI', '9QIP', 'QIPr', 'IPrw', 'O32pEpUetR7rZqcT', '32pEpUetR7rZqcTS', '2pEpUetR7rZqcTSu', 'pEpUetR7rZqcTSuh', 'EpUetR7rZqcT', 'pUetR7rZqcTS', 'UetR7rZqcTSu', 'etR7rZqcTSuh', 'tR7rZqcT', 'R7rZqcTS', '7rZqcTSu', 'rZqcTSuh', 'ZqcT', 'qcTS', 'cTSu', 'TSuh', 'IaVBMLUGU3u26AYm', 'aVBMLUGU3u26AYmp', 'VBMLUGU3u26AYmpG', 'BMLUGU3u26AYmpG8', 'MLUGU3u26AYm', 'LUGU3u26AYmp', 'UGU3u26AYmpG', 'GU3u26AYmpG8', 'U3u26AYm', '3u26AYmp', 'u26AYmpG', '26AYmpG8', '6AYm', 'AYmp', 'YmpG', 'mpG8', 'qFBhwiUIpY2WrSKd', 'FBhwiUIpY2WrSKd1', 'BhwiUIpY2WrSKd1o', 'hwiUIpY2WrSKd1o7', 'wiUIpY2WrSKd', 'iUIpY2WrSKd1', 'UIpY2WrSKd1o', 'IpY2WrSKd1o7', 'pY2WrSKd', 'Y2WrSKd1', '2WrSKd1o', 'WrSKd1o7', 'rSKd', 'SKd1', 'Kd1o', 'd1o7', 'fn0QUuURGMUER1pe', 'n0QUuURGMUER1peM', '0QUuURGMUER1peMo', 'QUuURGMUER1peMoI', 'UuURGMUER1pe', 'uURGMUER1peM', 'URGMUER1peMo', 'RGMUER1peMoI', 'GMUER1pe', 'MUER1peM', 'UER1peMo', 'ER1peMoI', 'R1pe', '1peM', 'peMo', 'eMoI', 'AOeQetU5paa7atWr', 'OeQetU5paa7atWrL', 'eQetU5paa7atWrL1', 'QetU5paa7atWrL1J', 'etU5paa7atWr', 'tU5paa7atWrL', 'U5paa7atWrL1', '5paa7atWrL1J', 'paa7atWr', 'aa7atWrL', 'a7atWrL1', '7atWrL1J', 'atWr', 'tWrL', 'WrL1', 'rL1J', 'P0YsgYUm6k73rZ2g', '0YsgYUm6k73rZ2gk', 'YsgYUm6k73rZ2gkO', 'sgYUm6k73rZ2gkOp', 'gYUm6k73rZ2g', 'YUm6k73rZ2gk', 'Um6k73rZ2gkO', 'm6k73rZ2gkOp', '6k73rZ2g', 'k73rZ2gk', '73rZ2gkO', '3rZ2gkOp', 'rZ2g', 'Z2gk', '2gkO', 'gkOp', 'neRr2IU43cQl3tIv', 'eRr2IU43cQl3tIvw', 'Rr2IU43cQl3tIvw3', 'r2IU43cQl3tIvw32', '2IU43cQl3tIv', 'IU43cQl3tIvw', 'U43cQl3tIvw3', '43cQl3tIvw32', '3cQl3tIv', 'cQl3tIvw', 'Ql3tIvw3', 'l3tIvw32', '3tIv', 'tIvw', 'Ivw3', 'vw32', 'mxyOjyU1eVaBCOKr', 'xyOjyU1eVaBCOKrs', 'yOjyU1eVaBCOKrsE', 'OjyU1eVaBCOKrsEc', 'jyU1eVaBCOKr', 'yU1eVaBCOKrs', 'U1eVaBCOKrsE', '1eVaBCOKrsEc', 'eVaBCOKr', 'VaBCOKrs', 'aBCOKrsE', 'BCOKrsEc', 'COKr', 'OKrs', 'KrsE', 'rsEc', 'gLqAwmUqVtdQPLON', 'LqAwmUqVtdQPLONg', 'qAwmUqVtdQPLONg1', 'AwmUqVtdQPLONg11', 'wmUqVtdQPLON', 'mUqVtdQPLONg', 'UqVtdQPLONg1', 'qVtdQPLONg11', 'VtdQPLON', 'tdQPLONg', 'dQPLONg1', 'QPLONg11', 'PLON', 'LONg', 'ONg1', 'Ng11', 'AIGeKAUYJMbwf7i1', 'IGeKAUYJMbwf7i1n', 'GeKAUYJMbwf7i1nb', 'eKAUYJMbwf7i1nb2', 'KAUYJMbwf7i1', 'AUYJMbwf7i1n', 'UYJMbwf7i1nb', 'YJMbwf7i1nb2', 'JMbwf7i1', 'Mbwf7i1n', 'bwf7i1nb', 'wf7i1nb2', 'f7i1', '7i1n', 'i1nb', '1nb2', 'I9YGd0UupLOvr6Pa', '9YGd0UupLOvr6Pa4', 'YGd0UupLOvr6Pa4g', 'Gd0UupLOvr6Pa4gA', 'd0UupLOvr6Pa', '0UupLOvr6Pa4', 'UupLOvr6Pa4g', 'upLOvr6Pa4gA', 'pLOvr6Pa', 'LOvr6Pa4', 'Ovr6Pa4g', 'vr6Pa4gA', 'r6Pa', '6Pa4', 'Pa4g', 'a4gA', 'JVPoERU3E474Dndo', 'VPoERU3E474DndoD', 'PoERU3E474DndoDD', 'oERU3E474DndoDDV', 'ERU3E474Dndo', 'RU3E474DndoD', 'U3E474DndoDD', '3E474DndoDDV', 'E474Dndo', '474DndoD', '74DndoDD', '4DndoDDV', 'Dndo', 'ndoD', 'doDD', 'oDDV', 'GP4KXDUp154wYrFC', 'P4KXDUp154wYrFCt', '4KXDUp154wYrFCtc', 'KXDUp154wYrFCtcJ', 'XDUp154wYrFC', 'DUp154wYrFCt', 'Up154wYrFCtc', 'p154wYrFCtcJ', '154wYrFC', '54wYrFCt', '4wYrFCtc', 'wYrFCtcJ', 'YrFC', 'rFCt', 'FCtc', 'CtcJ', 'refYt5U8I3WJrRHa', 'efYt5U8I3WJrRHaw', 'fYt5U8I3WJrRHawO', 'Yt5U8I3WJrRHawOw', 't5U8I3WJrRHa', '5U8I3WJrRHaw', 'U8I3WJrRHawO', '8I3WJrRHawOw', 'I3WJrRHa', '3WJrRHaw', 'WJrRHawO', 'JrRHawOw', 'rRHa', 'RHaw', 'HawO', 'awOw', 'qxMLGBUcJuYFUOYo', 'xMLGBUcJuYFUOYoe', 'MLGBUcJuYFUOYoeM', 'LGBUcJuYFUOYoeMo', 'GBUcJuYFUOYo', 'BUcJuYFUOYoe', 'UcJuYFUOYoeM', 'cJuYFUOYoeMo', 'JuYFUOYo', 'uYFUOYoe', 'YFUOYoeM', 'FUOYoeMo', 'UOYo', 'OYoe', 'YoeM', 'oeMo', 'AhyhHEUFryR0ueeH', 'hyhHEUFryR0ueeHf', 'yhHEUFryR0ueeHfC', 'hHEUFryR0ueeHfCw', 'HEUFryR0ueeH', 'EUFryR0ueeHf', 'UFryR0ueeHfC', 'FryR0ueeHfCw', 'ryR0ueeH', 'yR0ueeHf', 'R0ueeHfC', '0ueeHfCw', 'ueeH', 'eeHf', 'eHfC', 'HfCw', 'LE0EUmU0Io8ro13f', 'E0EUmU0Io8ro13fS', '0EUmU0Io8ro13fS4', 'EUmU0Io8ro13fS4v', 'UmU0Io8ro13f', 'mU0Io8ro13fS', 'U0Io8ro13fS4', '0Io8ro13fS4v', 'Io8ro13f', 'o8ro13fS', '8ro13fS4', 'ro13fS4v', 'o13f', '13fS', '3fS4', 'fS4v', 'ggghL4UO435ugSPh', 'gghL4UO435ugSPhL', 'ghL4UO435ugSPhLM', 'hL4UO435ugSPhLMx', 'L4UO435ugSPh', '4UO435ugSPhL', 'UO435ugSPhLM', 'O435ugSPhLMx', '435ugSPh', '35ugSPhL', '5ugSPhLM', 'ugSPhLMx', 'gSPh', 'SPhL', 'PhLM', 'hLMx', 'OfE1sLUj2HEEDN6K', 'fE1sLUj2HEEDN6KY', 'E1sLUj2HEEDN6KYl', '1sLUj2HEEDN6KYll', 'sLUj2HEEDN6K', 'LUj2HEEDN6KY', 'Uj2HEEDN6KYl', 'j2HEEDN6KYll', '2HEEDN6K', 'HEEDN6KY', 'EEDN6KYl', 'EDN6KYll', 'DN6K', 'N6KY', '6KYl', 'KYll', 'iJjG0UUQmwxMnpP7', 'JjG0UUQmwxMnpP7k', 'jG0UUQmwxMnpP7km', 'G0UUQmwxMnpP7kmf', '0UUQmwxMnpP7', 'UUQmwxMnpP7k', 'UQmwxMnpP7km', 'QmwxMnpP7kmf', 'mwxMnpP7', 'wxMnpP7k', 'xMnpP7km', 'MnpP7kmf', 'npP7', 'pP7k', 'P7km', '7kmf', 'xNRQwKUtFnYYN8ds', 'NRQwKUtFnYYN8ds6', 'RQwKUtFnYYN8ds6R', 'QwKUtFnYYN8ds6Rv', 'wKUtFnYYN8ds', 'KUtFnYYN8ds6', 'UtFnYYN8ds6R', 'tFnYYN8ds6Rv', 'FnYYN8ds', 'nYYN8ds6', 'YYN8ds6R', 'YN8ds6Rv', 'N8ds', '8ds6', 'ds6R', 's6Rv', 'rEY7iYUCJkiqFAhT', 'EY7iYUCJkiqFAhTi', 'Y7iYUCJkiqFAhTiE', '7iYUCJkiqFAhTiEU', 'iYUCJkiqFAhT', 'YUCJkiqFAhTi', 'UCJkiqFAhTiE', 'CJkiqFAhTiEU', 'JkiqFAhT', 'kiqFAhTi', 'iqFAhTiE', 'qFAhTiEU', 'FAhT', 'AhTi', 'hTiE', 'TiEU', 'yXi1UpUxlQChMtTn', 'Xi1UpUxlQChMtTnB', 'i1UpUxlQChMtTnBp', '1UpUxlQChMtTnBpN', 'UpUxlQChMtTn', 'pUxlQChMtTnB', 'UxlQChMtTnBp', 'xlQChMtTnBpN', 'lQChMtTn', 'QChMtTnB', 'ChMtTnBp', 'hMtTnBpN', 'MtTn', 'tTnB', 'TnBp', 'nBpN', 'G438qkrVcUO7yndh', '438qkrVcUO7yndhn', '38qkrVcUO7yndhnW', '8qkrVcUO7yndhnWy', 'qkrVcUO7yndh', 'krVcUO7yndhn', 'rVcUO7yndhnW', 'VcUO7yndhnWy', 'cUO7yndh', 'UO7yndhn', 'O7yndhnW', '7yndhnWy', 'yndh', 'ndhn', 'dhnW', 'hnWy', 'sYDKpernMCMqfDpR', 'YDKpernMCMqfDpRT', 'DKpernMCMqfDpRTw', 'KpernMCMqfDpRTwE', 'pernMCMqfDpR', 'ernMCMqfDpRT', 'rnMCMqfDpRTw', 'nMCMqfDpRTwE', 'MCMqfDpR', 'CMqfDpRT', 'MqfDpRTw', 'qfDpRTwE', 'fDpR', 'DpRT', 'pRTw', 'RTwE', 'o4unxurZc2gToNad', '4unxurZc2gToNadJ', 'unxurZc2gToNadJS', 'nxurZc2gToNadJSp', 'xurZc2gToNad', 'urZc2gToNadJ', 'rZc2gToNadJS', 'Zc2gToNadJSp', 'c2gToNad', '2gToNadJ', 'gToNadJS', 'ToNadJSp', 'oNad', 'NadJ', 'adJS', 'dJSp', 'v0lkGsrW6YIFE0Bb', '0lkGsrW6YIFE0BbL', 'lkGsrW6YIFE0BbLG', 'kGsrW6YIFE0BbLGy', 'GsrW6YIFE0Bb', 'srW6YIFE0BbL', 'rW6YIFE0BbLG', 'W6YIFE0BbLGy', '6YIFE0Bb', 'YIFE0BbL', 'IFE0BbLG', 'FE0BbLGy', 'E0Bb', '0BbL', 'BbLG', 'bLGy', 'V5D5djrsaThPDZj8', '5D5djrsaThPDZj8T', 'D5djrsaThPDZj8Ta', '5djrsaThPDZj8Tau', 'djrsaThPDZj8', 'jrsaThPDZj8T', 'rsaThPDZj8Ta', 'saThPDZj8Tau', 'aThPDZj8', 'ThPDZj8T', 'hPDZj8Ta', 'PDZj8Tau', 'DZj8', 'Zj8T', 'j8Ta', '8Tau', 'OUGxxQrhibuv2px9', 'UGxxQrhibuv2px9X', 'GxxQrhibuv2px9Xn', 'xxQrhibuv2px9Xn9', 'xQrhibuv2px9', 'Qrhibuv2px9X', 'rhibuv2px9Xn', 'hibuv2px9Xn9', 'ibuv2px9', 'buv2px9X', 'uv2px9Xn', 'v2px9Xn9', '2px9', 'px9X', 'x9Xn', '9Xn9', 'sOaxBdrKbf0RWYM2', 'OaxBdrKbf0RWYM2s', 'axBdrKbf0RWYM2ss', 'xBdrKbf0RWYM2ssw', 'BdrKbf0RWYM2', 'drKbf0RWYM2s', 'rKbf0RWYM2ss', 'Kbf0RWYM2ssw', 'bf0RWYM2', 'f0RWYM2s', '0RWYM2ss', 'RWYM2ssw', 'WYM2', 'YM2s', 'M2ss', '2ssw', 'NdkEIQrrFMdB5jH1', 'dkEIQrrFMdB5jH18', 'kEIQrrFMdB5jH183', 'EIQrrFMdB5jH183Q', 'IQrrFMdB5jH1', 'QrrFMdB5jH18', 'rrFMdB5jH183', 'rFMdB5jH183Q', 'FMdB5jH1', 'MdB5jH18', 'dB5jH183', 'B5jH183Q', '5jH1', 'jH18', 'H183', '183Q', 'oawGFYrem2HVnZPn', 'awGFYrem2HVnZPnU', 'wGFYrem2HVnZPnUr', 'GFYrem2HVnZPnUr9', 'FYrem2HVnZPn', 'Yrem2HVnZPnU', 'rem2HVnZPnUr', 'em2HVnZPnUr9', 'm2HVnZPn', '2HVnZPnU', 'HVnZPnUr', 'VnZPnUr9', 'nZPn', 'ZPnU', 'PnUr', 'nUr9', 'mqnyYHrG4oPf70Dg', 'qnyYHrG4oPf70Dgb', 'nyYHrG4oPf70DgbF', 'yYHrG4oPf70DgbFZ', 'YHrG4oPf70Dg', 'HrG4oPf70Dgb', 'rG4oPf70DgbF', 'G4oPf70DgbFZ', '4oPf70Dg', 'oPf70Dgb', 'Pf70DgbF', 'f70DgbFZ', '70Dg', '0Dgb', 'DgbF', 'gbFZ', 'rAmSjYrI5jfBVhyY', 'AmSjYrI5jfBVhyYv', 'mSjYrI5jfBVhyYvR', 'SjYrI5jfBVhyYvR1', 'jYrI5jfBVhyY', 'YrI5jfBVhyYv', 'rI5jfBVhyYvR', 'I5jfBVhyYvR1', '5jfBVhyY', 'jfBVhyYv', 'fBVhyYvR', 'BVhyYvR1', 'VhyY', 'hyYv', 'yYvR', 'YvR1', 'ii2YcUrRE5CcZXDV', 'i2YcUrRE5CcZXDVa', '2YcUrRE5CcZXDVaS', 'YcUrRE5CcZXDVaSy', 'cUrRE5CcZXDV', 'UrRE5CcZXDVa', 'rRE5CcZXDVaS', 'RE5CcZXDVaSy', 'E5CcZXDV', '5CcZXDVa', 'CcZXDVaS', 'cZXDVaSy', 'ZXDV', 'XDVa', 'DVaS', 'VaSy', 'qGt063r5GJBrTW4f', 'Gt063r5GJBrTW4fa', 't063r5GJBrTW4faq', '063r5GJBrTW4faq6', '63r5GJBrTW4f', '3r5GJBrTW4fa', 'r5GJBrTW4faq', '5GJBrTW4faq6', 'GJBrTW4f', 'JBrTW4fa', 'BrTW4faq', 'rTW4faq6', 'TW4f', 'W4fa', '4faq', 'faq6', 'jg7Gl1rm3VxOHZX3', 'g7Gl1rm3VxOHZX3D', '7Gl1rm3VxOHZX3D4', 'Gl1rm3VxOHZX3D4y', 'l1rm3VxOHZX3', '1rm3VxOHZX3D', 'rm3VxOHZX3D4', 'm3VxOHZX3D4y', '3VxOHZX3', 'VxOHZX3D', 'xOHZX3D4', 'OHZX3D4y', 'HZX3', 'ZX3D', 'X3D4', '3D4y', 'UV7af7r4xrZcCISZ', 'V7af7r4xrZcCISZQ', '7af7r4xrZcCISZQc', 'af7r4xrZcCISZQcN', 'f7r4xrZcCISZ', '7r4xrZcCISZQ', 'r4xrZcCISZQc', '4xrZcCISZQcN', 'xrZcCISZ', 'rZcCISZQ', 'ZcCISZQc', 'cCISZQcN', 'CISZ', 'ISZQ', 'SZQc', 'ZQcN', 'S56PIgr1MjKFkcRX', '56PIgr1MjKFkcRXd', '6PIgr1MjKFkcRXdf', 'PIgr1MjKFkcRXdfT', 'Igr1MjKFkcRX', 'gr1MjKFkcRXd', 'r1MjKFkcRXdf', '1MjKFkcRXdfT', 'MjKFkcRX', 'jKFkcRXd', 'KFkcRXdf', 'FkcRXdfT', 'kcRX', 'cRXd', 'RXdf', 'XdfT', 'kytXZjrqtCSYiYSJ', 'ytXZjrqtCSYiYSJK', 'tXZjrqtCSYiYSJKJ', 'XZjrqtCSYiYSJKJL', 'ZjrqtCSYiYSJ', 'jrqtCSYiYSJK', 'rqtCSYiYSJKJ', 'qtCSYiYSJKJL', 'tCSYiYSJ', 'CSYiYSJK', 'SYiYSJKJ', 'YiYSJKJL', 'iYSJ', 'YSJK', 'SJKJ', 'JKJL', 'U7F8A4rYqJ2ZQdh1', '7F8A4rYqJ2ZQdh1N', 'F8A4rYqJ2ZQdh1NM', '8A4rYqJ2ZQdh1NMl', 'A4rYqJ2ZQdh1', '4rYqJ2ZQdh1N', 'rYqJ2ZQdh1NM', 'YqJ2ZQdh1NMl', 'qJ2ZQdh1', 'J2ZQdh1N', '2ZQdh1NM', 'ZQdh1NMl', 'Qdh1', 'dh1N', 'h1NM', '1NMl', 'XYBnwsrukPqdYQ3K', 'YBnwsrukPqdYQ3Ks', 'BnwsrukPqdYQ3Kso', 'nwsrukPqdYQ3Kso6', 'wsrukPqdYQ3K', 'srukPqdYQ3Ks', 'rukPqdYQ3Kso', 'ukPqdYQ3Kso6', 'kPqdYQ3K', 'PqdYQ3Ks', 'qdYQ3Kso', 'dYQ3Kso6', 'YQ3K', 'Q3Ks', '3Kso', 'Kso6', 'URaq3Nr3LpFTL3if', 'Raq3Nr3LpFTL3if2', 'aq3Nr3LpFTL3if2m', 'q3Nr3LpFTL3if2mP', '3Nr3LpFTL3if', 'Nr3LpFTL3if2', 'r3LpFTL3if2m', '3LpFTL3if2mP', 'LpFTL3if', 'pFTL3if2', 'FTL3if2m', 'TL3if2mP', 'L3if', '3if2', 'if2m', 'f2mP', 'Qv2Xx5rpEZgu0621', 'v2Xx5rpEZgu0621h', '2Xx5rpEZgu0621hf', 'Xx5rpEZgu0621hfp', 'x5rpEZgu0621', '5rpEZgu0621h', 'rpEZgu0621hf', 'pEZgu0621hfp', 'EZgu0621', 'Zgu0621h', 'gu0621hf', 'u0621hfp', '0621', '621h', '21hf', '1hfp', 'XDLoffr8R4EK7XwJ', 'DLoffr8R4EK7XwJJ', 'Loffr8R4EK7XwJJp', 'offr8R4EK7XwJJpn', 'ffr8R4EK7XwJ', 'fr8R4EK7XwJJ', 'r8R4EK7XwJJp', '8R4EK7XwJJpn', 'R4EK7XwJ', '4EK7XwJJ', 'EK7XwJJp', 'K7XwJJpn', '7XwJ', 'XwJJ', 'wJJp', 'JJpn', 'E2sVHZrcUHugAlwA', '2sVHZrcUHugAlwAx', 'sVHZrcUHugAlwAxS', 'VHZrcUHugAlwAxSj', 'HZrcUHugAlwA', 'ZrcUHugAlwAx', 'rcUHugAlwAxS', 'cUHugAlwAxSj', 'UHugAlwA', 'HugAlwAx', 'ugAlwAxS', 'gAlwAxSj', 'AlwA', 'lwAx', 'wAxS', 'AxSj', 'N4GijkrF7fZCtH9Q', '4GijkrF7fZCtH9Qt', 'GijkrF7fZCtH9QtS', 'ijkrF7fZCtH9QtSi', 'jkrF7fZCtH9Q', 'krF7fZCtH9Qt', 'rF7fZCtH9QtS', 'F7fZCtH9QtSi', '7fZCtH9Q', 'fZCtH9Qt', 'ZCtH9QtS', 'CtH9QtSi', 'tH9Q', 'H9Qt', '9QtS', 'QtSi', 'bIQOJ9r0bVEdbDZ1', 'IQOJ9r0bVEdbDZ17', 'QOJ9r0bVEdbDZ17F', 'OJ9r0bVEdbDZ17Fg', 'J9r0bVEdbDZ1', '9r0bVEdbDZ17', 'r0bVEdbDZ17F', '0bVEdbDZ17Fg', 'bVEdbDZ1', 'VEdbDZ17', 'EdbDZ17F', 'dbDZ17Fg', 'bDZ1', 'DZ17', 'Z17F', '17Fg', 'cQIyjqrOy0LwdNNx', 'QIyjqrOy0LwdNNxi', 'IyjqrOy0LwdNNxim', 'yjqrOy0LwdNNximd', 'jqrOy0LwdNNx', 'qrOy0LwdNNxi', 'rOy0LwdNNxim', 'Oy0LwdNNximd', 'y0LwdNNx', '0LwdNNxi', 'LwdNNxim', 'wdNNximd', 'dNNx', 'NNxi', 'Nxim', 'ximd', 'VSy2nCrj3cmCJ131', 'Sy2nCrj3cmCJ131F', 'y2nCrj3cmCJ131Fi', '2nCrj3cmCJ131FiF', 'nCrj3cmCJ131', 'Crj3cmCJ131F', 'rj3cmCJ131Fi', 'j3cmCJ131FiF', '3cmCJ131', 'cmCJ131F', 'mCJ131Fi', 'CJ131FiF', 'J131', '131F', '31Fi', '1FiF', 'BFvNDsrQwbUCIUjV', 'FvNDsrQwbUCIUjVC', 'vNDsrQwbUCIUjVCO', 'NDsrQwbUCIUjVCO4', 'DsrQwbUCIUjV', 'srQwbUCIUjVC', 'rQwbUCIUjVCO', 'QwbUCIUjVCO4', 'wbUCIUjV', 'bUCIUjVC', 'UCIUjVCO', 'CIUjVCO4', 'IUjV', 'UjVC', 'jVCO', 'VCO4', 'WodSNrrtAbUWlXv4', 'odSNrrtAbUWlXv4f', 'dSNrrtAbUWlXv4fJ', 'SNrrtAbUWlXv4fJy', 'NrrtAbUWlXv4', 'rrtAbUWlXv4f', 'rtAbUWlXv4fJ', 'tAbUWlXv4fJy', 'AbUWlXv4', 'bUWlXv4f', 'UWlXv4fJ', 'WlXv4fJy', 'lXv4', 'Xv4f', 'v4fJ', '4fJy', 'ca4IjWrCbTOwqvLo', 'a4IjWrCbTOwqvLoQ', '4IjWrCbTOwqvLoQR', 'IjWrCbTOwqvLoQRy', 'jWrCbTOwqvLo', 'WrCbTOwqvLoQ', 'rCbTOwqvLoQR', 'CbTOwqvLoQRy', 'bTOwqvLo', 'TOwqvLoQ', 'OwqvLoQR', 'wqvLoQRy', 'qvLo', 'vLoQ', 'LoQR', 'oQRy', 'SwOhpFrxEgCFQvya', 'wOhpFrxEgCFQvyaV', 'OhpFrxEgCFQvyaVx', 'hpFrxEgCFQvyaVxN', 'pFrxEgCFQvya', 'FrxEgCFQvyaV', 'rxEgCFQvyaVx', 'xEgCFQvyaVxN', 'EgCFQvya', 'gCFQvyaV', 'CFQvyaVx', 'FQvyaVxN', 'Qvya', 'vyaV', 'yaVx', 'aVxN', 'DPPeoMTVmgG4Wbym', 'PPeoMTVmgG4WbymX', 'PeoMTVmgG4WbymXT', 'eoMTVmgG4WbymXT1', 'oMTVmgG4Wbym', 'MTVmgG4WbymX', 'TVmgG4WbymXT', 'VmgG4WbymXT1', 'mgG4Wbym', 'gG4WbymX', 'G4WbymXT', '4WbymXT1', 'Wbym', 'bymX', 'ymXT', 'mXT1', 'e27eL3TnVhQTcYvw', '27eL3TnVhQTcYvwd', '7eL3TnVhQTcYvwdI', 'eL3TnVhQTcYvwdI3', 'L3TnVhQTcYvw', '3TnVhQTcYvwd', 'TnVhQTcYvwdI', 'nVhQTcYvwdI3', 'VhQTcYvw', 'hQTcYvwd', 'QTcYvwdI', 'TcYvwdI3', 'cYvw', 'Yvwd', 'vwdI', 'wdI3', 'ssLT1kTZbHlweTgQ', 'sLT1kTZbHlweTgQU', 'LT1kTZbHlweTgQUo', 'T1kTZbHlweTgQUoY', '1kTZbHlweTgQ', 'kTZbHlweTgQU', 'TZbHlweTgQUo', 'ZbHlweTgQUoY', 'bHlweTgQ', 'HlweTgQU', 'lweTgQUo', 'weTgQUoY', 'eTgQ', 'TgQU', 'gQUo', 'QUoY', 'If0wWFTWq0OOBYHq', 'f0wWFTWq0OOBYHqU', '0wWFTWq0OOBYHqU1', 'wWFTWq0OOBYHqU1O', 'WFTWq0OOBYHq', 'FTWq0OOBYHqU', 'TWq0OOBYHqU1', 'Wq0OOBYHqU1O', 'q0OOBYHq', '0OOBYHqU', 'OOBYHqU1', 'OBYHqU1O', 'BYHq', 'YHqU', 'HqU1', 'qU1O', 'AfwAnfTshDlpXhOD', 'fwAnfTshDlpXhODV', 'wAnfTshDlpXhODVE', 'AnfTshDlpXhODVEb', 'nfTshDlpXhOD', 'fTshDlpXhODV', 'TshDlpXhODVE', 'shDlpXhODVEb', 'hDlpXhOD', 'DlpXhODV', 'lpXhODVE', 'pXhODVEb', 'XhOD', 'hODV', 'ODVE', 'DVEb', 'fypgVBThttn1bCNF', 'ypgVBThttn1bCNFq', 'pgVBThttn1bCNFqJ', 'gVBThttn1bCNFqJd', 'VBThttn1bCNF', 'BThttn1bCNFq', 'Thttn1bCNFqJ', 'httn1bCNFqJd', 'ttn1bCNF', 'tn1bCNFq', 'n1bCNFqJ', '1bCNFqJd', 'bCNF', 'CNFq', 'NFqJ', 'FqJd', 'ymlgoaTKIRoiTar9', 'mlgoaTKIRoiTar9W', 'lgoaTKIRoiTar9WQ', 'goaTKIRoiTar9WQ9', 'oaTKIRoiTar9', 'aTKIRoiTar9W', 'TKIRoiTar9WQ', 'KIRoiTar9WQ9', 'IRoiTar9', 'RoiTar9W', 'oiTar9WQ', 'iTar9WQ9', 'Tar9', 'ar9W', 'r9WQ', '9WQ9', 'TaioR7TrmL5kx47w', 'aioR7TrmL5kx47wT', 'ioR7TrmL5kx47wTI', 'oR7TrmL5kx47wTI6', 'R7TrmL5kx47w', '7TrmL5kx47wT', 'TrmL5kx47wTI', 'rmL5kx47wTI6', 'mL5kx47w', 'L5kx47wT', '5kx47wTI', 'kx47wTI6', 'x47w', '47wT', '7wTI', 'wTI6', 'yioMiiTeHwXQ0Ym4', 'ioMiiTeHwXQ0Ym4Z', 'oMiiTeHwXQ0Ym4Z7', 'MiiTeHwXQ0Ym4Z7S', 'iiTeHwXQ0Ym4', 'iTeHwXQ0Ym4Z', 'TeHwXQ0Ym4Z7', 'eHwXQ0Ym4Z7S', 'HwXQ0Ym4', 'wXQ0Ym4Z', 'XQ0Ym4Z7', 'Q0Ym4Z7S', '0Ym4', 'Ym4Z', 'm4Z7', '4Z7S', 'lf9Pa2TGtHLERbyp', 'f9Pa2TGtHLERbypK', '9Pa2TGtHLERbypKd', 'Pa2TGtHLERbypKdk', 'a2TGtHLERbyp', '2TGtHLERbypK', 'TGtHLERbypKd', 'GtHLERbypKdk', 'tHLERbyp', 'HLERbypK', 'LERbypKd', 'ERbypKdk', 'Rbyp', 'bypK', 'ypKd', 'pKdk', 'Cxxy82TIyVYRnK7j', 'xxy82TIyVYRnK7jG', 'xy82TIyVYRnK7jGe', 'y82TIyVYRnK7jGeL', '82TIyVYRnK7j', '2TIyVYRnK7jG', 'TIyVYRnK7jGe', 'IyVYRnK7jGeL', 'yVYRnK7j', 'VYRnK7jG', 'YRnK7jGe', 'RnK7jGeL', 'nK7j', 'K7jG', '7jGe', 'jGeL', 'r96fPGTRePHnhtjh', '96fPGTRePHnhtjhb', '6fPGTRePHnhtjhbM', 'fPGTRePHnhtjhbMw', 'PGTRePHnhtjh', 'GTRePHnhtjhb', 'TRePHnhtjhbM', 'RePHnhtjhbMw', 'ePHnhtjh', 'PHnhtjhb', 'HnhtjhbM', 'nhtjhbMw', 'htjh', 'tjhb', 'jhbM', 'hbMw', 'XyUFl4T5r0OsPTuq', 'yUFl4T5r0OsPTuqU', 'UFl4T5r0OsPTuqU9', 'Fl4T5r0OsPTuqU91', 'l4T5r0OsPTuq', '4T5r0OsPTuqU', 'T5r0OsPTuqU9', '5r0OsPTuqU91', 'r0OsPTuq', '0OsPTuqU', 'OsPTuqU9', 'sPTuqU91', 'PTuq', 'TuqU', 'uqU9', 'qU91', 'iJaSADTmjoNPme1y', 'JaSADTmjoNPme1yI', 'aSADTmjoNPme1yI6', 'SADTmjoNPme1yI63', 'ADTmjoNPme1y', 'DTmjoNPme1yI', 'TmjoNPme1yI6', 'mjoNPme1yI63', 'joNPme1y', 'oNPme1yI', 'NPme1yI6', 'Pme1yI63', 'me1y', 'e1yI', '1yI6', 'yI63', 'XN5BNJT4IGjydrv3', 'N5BNJT4IGjydrv3T', '5BNJT4IGjydrv3T9', 'BNJT4IGjydrv3T9n', 'NJT4IGjydrv3', 'JT4IGjydrv3T', 'T4IGjydrv3T9', '4IGjydrv3T9n', 'IGjydrv3', 'Gjydrv3T', 'jydrv3T9', 'ydrv3T9n', 'drv3', 'rv3T', 'v3T9', '3T9n', 'UiRWkuT1WRoO6qvP', 'iRWkuT1WRoO6qvPC', 'RWkuT1WRoO6qvPCe', 'WkuT1WRoO6qvPCeb', 'kuT1WRoO6qvP', 'uT1WRoO6qvPC', 'T1WRoO6qvPCe', '1WRoO6qvPCeb', 'WRoO6qvP', 'RoO6qvPC', 'oO6qvPCe', 'O6qvPCeb', '6qvP', 'qvPC', 'vPCe', 'PCeb', 'dxNXlPTqkgOYCTVw', 'xNXlPTqkgOYCTVwn', 'NXlPTqkgOYCTVwn2', 'XlPTqkgOYCTVwn2o', 'lPTqkgOYCTVw', 'PTqkgOYCTVwn', 'TqkgOYCTVwn2', 'qkgOYCTVwn2o', 'kgOYCTVw', 'gOYCTVwn', 'OYCTVwn2', 'YCTVwn2o', 'CTVw', 'TVwn', 'Vwn2', 'wn2o', 'faGmLsTYcS0iQ5eJ', 'aGmLsTYcS0iQ5eJZ', 'GmLsTYcS0iQ5eJZi', 'mLsTYcS0iQ5eJZii', 'LsTYcS0iQ5eJ', 'sTYcS0iQ5eJZ', 'TYcS0iQ5eJZi', 'YcS0iQ5eJZii', 'cS0iQ5eJ', 'S0iQ5eJZ', '0iQ5eJZi', 'iQ5eJZii', 'Q5eJ', '5eJZ', 'eJZi', 'JZii', 'pct2HeTuuji49o5E', 'ct2HeTuuji49o5Ex', 't2HeTuuji49o5Exk', '2HeTuuji49o5Exko', 'HeTuuji49o5E', 'eTuuji49o5Ex', 'Tuuji49o5Exk', 'uuji49o5Exko', 'uji49o5E', 'ji49o5Ex', 'i49o5Exk', '49o5Exko', '9o5E', 'o5Ex', '5Exk', 'Exko', 'XQoQ4NT3ih7kjOXs', 'QoQ4NT3ih7kjOXsZ', 'oQ4NT3ih7kjOXsZW', 'Q4NT3ih7kjOXsZWp', '4NT3ih7kjOXs', 'NT3ih7kjOXsZ', 'T3ih7kjOXsZW', '3ih7kjOXsZWp', 'ih7kjOXs', 'h7kjOXsZ', '7kjOXsZW', 'kjOXsZWp', 'jOXs', 'OXsZ', 'XsZW', 'sZWp', 'SU1gC5Tp0jnRwUXn', 'U1gC5Tp0jnRwUXnV', '1gC5Tp0jnRwUXnV2', 'gC5Tp0jnRwUXnV2V', 'C5Tp0jnRwUXn', '5Tp0jnRwUXnV', 'Tp0jnRwUXnV2', 'p0jnRwUXnV2V', '0jnRwUXn', 'jnRwUXnV', 'nRwUXnV2', 'RwUXnV2V', 'wUXn', 'UXnV', 'XnV2', 'nV2V', 'y8MCqVT8qUUEH6TL', '8MCqVT8qUUEH6TLb', 'MCqVT8qUUEH6TLb2', 'CqVT8qUUEH6TLb2t', 'qVT8qUUEH6TL', 'VT8qUUEH6TLb', 'T8qUUEH6TLb2', '8qUUEH6TLb2t', 'qUUEH6TL', 'UUEH6TLb', 'UEH6TLb2', 'EH6TLb2t', 'H6TL', '6TLb', 'TLb2', 'Lb2t', 'n5NrBXTcyrXpLmNo', '5NrBXTcyrXpLmNoD', 'NrBXTcyrXpLmNoDl', 'rBXTcyrXpLmNoDlP', 'BXTcyrXpLmNo', 'XTcyrXpLmNoD', 'TcyrXpLmNoDl', 'cyrXpLmNoDlP', 'yrXpLmNo', 'rXpLmNoD', 'XpLmNoDl', 'pLmNoDlP', 'LmNo', 'mNoD', 'NoDl', 'oDlP', 'GN9QpVTFScoA66S7', 'N9QpVTFScoA66S7L', '9QpVTFScoA66S7L9', 'QpVTFScoA66S7L9U', 'pVTFScoA66S7', 'VTFScoA66S7L', 'TFScoA66S7L9', 'FScoA66S7L9U', 'ScoA66S7', 'coA66S7L', 'oA66S7L9', 'A66S7L9U', '66S7', '6S7L', 'S7L9', '7L9U', 'IENXlST0s5B0UrfC', 'ENXlST0s5B0UrfCH', 'NXlST0s5B0UrfCHY', 'XlST0s5B0UrfCHYU', 'lST0s5B0UrfC', 'ST0s5B0UrfCH', 'T0s5B0UrfCHY', '0s5B0UrfCHYU', 's5B0UrfC', '5B0UrfCH', 'B0UrfCHY', '0UrfCHYU', 'UrfC', 'rfCH', 'fCHY', 'CHYU', 'YkgmEkTOSM6lHn7w', 'kgmEkTOSM6lHn7wl', 'gmEkTOSM6lHn7wlh', 'mEkTOSM6lHn7wlhh', 'EkTOSM6lHn7w', 'kTOSM6lHn7wl', 'TOSM6lHn7wlh', 'OSM6lHn7wlhh', 'SM6lHn7w', 'M6lHn7wl', '6lHn7wlh', 'lHn7wlhh', 'Hn7w', 'n7wl', '7wlh', 'wlhh', 'jLxnB7Tj4qGrU6wX', 'LxnB7Tj4qGrU6wXe', 'xnB7Tj4qGrU6wXeg', 'nB7Tj4qGrU6wXegR', 'B7Tj4qGrU6wX', '7Tj4qGrU6wXe', 'Tj4qGrU6wXeg', 'j4qGrU6wXegR', '4qGrU6wX', 'qGrU6wXe', 'GrU6wXeg', 'rU6wXegR', 'U6wX', '6wXe', 'wXeg', 'XegR', 'QjaXJUTQD3K88Qy7', 'jaXJUTQD3K88Qy7P', 'aXJUTQD3K88Qy7PM', 'XJUTQD3K88Qy7PMk', 'JUTQD3K88Qy7', 'UTQD3K88Qy7P', 'TQD3K88Qy7PM', 'QD3K88Qy7PMk', 'D3K88Qy7', '3K88Qy7P', 'K88Qy7PM', '88Qy7PMk', '8Qy7', 'Qy7P', 'y7PM', '7PMk', 'rmUY2vTtK6S8GOD7', 'mUY2vTtK6S8GOD7E', 'UY2vTtK6S8GOD7Ek', 'Y2vTtK6S8GOD7Eku', '2vTtK6S8GOD7', 'vTtK6S8GOD7E', 'TtK6S8GOD7Ek', 'tK6S8GOD7Eku', 'K6S8GOD7', '6S8GOD7E', 'S8GOD7Ek', '8GOD7Eku', 'GOD7', 'OD7E', 'D7Ek', '7Eku', 'QVdshlTCgluF8YV2', 'VdshlTCgluF8YV2I', 'dshlTCgluF8YV2Ik', 'shlTCgluF8YV2Iks', 'hlTCgluF8YV2', 'lTCgluF8YV2I', 'TCgluF8YV2Ik', 'CgluF8YV2Iks', 'gluF8YV2', 'luF8YV2I', 'uF8YV2Ik', 'F8YV2Iks', '8YV2', 'YV2I', 'V2Ik', '2Iks', 'jn8oA1Tx84gsY8YI', 'n8oA1Tx84gsY8YIY', '8oA1Tx84gsY8YIYs', 'oA1Tx84gsY8YIYsr', 'A1Tx84gsY8YI', '1Tx84gsY8YIY', 'Tx84gsY8YIYs', 'x84gsY8YIYsr', '84gsY8YI', '4gsY8YIY', 'gsY8YIYs', 'sY8YIYsr', 'Y8YI', '8YIY', 'YIYs', 'IYsr', 'WlHe7CeVLyK2Z25R', 'lHe7CeVLyK2Z25RE', 'He7CeVLyK2Z25REb', 'e7CeVLyK2Z25REb2', '7CeVLyK2Z25R', 'CeVLyK2Z25RE', 'eVLyK2Z25REb', 'VLyK2Z25REb2', 'LyK2Z25R', 'yK2Z25RE', 'K2Z25REb', '2Z25REb2', 'Z25R', '25RE', '5REb', 'REb2', 'DVYlSkenBubjFM0x', 'VYlSkenBubjFM0x0', 'YlSkenBubjFM0x0R', 'lSkenBubjFM0x0R2', 'SkenBubjFM0x', 'kenBubjFM0x0', 'enBubjFM0x0R', 'nBubjFM0x0R2', 'BubjFM0x', 'ubjFM0x0', 'bjFM0x0R', 'jFM0x0R2', 'FM0x', 'M0x0', '0x0R', 'x0R2', 's5iCBZeZv7JBKB3Z', '5iCBZeZv7JBKB3ZW', 'iCBZeZv7JBKB3ZW9', 'CBZeZv7JBKB3ZW9y', 'BZeZv7JBKB3Z', 'ZeZv7JBKB3ZW', 'eZv7JBKB3ZW9', 'Zv7JBKB3ZW9y', 'v7JBKB3Z', '7JBKB3ZW', 'JBKB3ZW9', 'BKB3ZW9y', 'KB3Z', 'B3ZW', '3ZW9', 'ZW9y', 'HrUWhteWbl0NpT7j', 'rUWhteWbl0NpT7jn', 'UWhteWbl0NpT7jnR', 'WhteWbl0NpT7jnRJ', 'hteWbl0NpT7j', 'teWbl0NpT7jn', 'eWbl0NpT7jnR', 'Wbl0NpT7jnRJ', 'bl0NpT7j', 'l0NpT7jn', '0NpT7jnR', 'NpT7jnRJ', 'pT7j', 'T7jn', '7jnR', 'jnRJ', 'EaGAeoesYA61v43d', 'aGAeoesYA61v43dK', 'GAeoesYA61v43dKo', 'AeoesYA61v43dKoY', 'eoesYA61v43d', 'oesYA61v43dK', 'esYA61v43dKo', 'sYA61v43dKoY', 'YA61v43d', 'A61v43dK', '61v43dKo', '1v43dKoY', 'v43d', '43dK', '3dKo', 'dKoY', 'PPooX7eh6TNC2EmF', 'PooX7eh6TNC2EmFU', 'ooX7eh6TNC2EmFUP', 'oX7eh6TNC2EmFUP2', 'X7eh6TNC2EmF', '7eh6TNC2EmFU', 'eh6TNC2EmFUP', 'h6TNC2EmFUP2', '6TNC2EmF', 'TNC2EmFU', 'NC2EmFUP', 'C2EmFUP2', '2EmF', 'EmFU', 'mFUP', 'FUP2', 'lnpvpoeKwkyLN3t5', 'npvpoeKwkyLN3t5W', 'pvpoeKwkyLN3t5Wo', 'vpoeKwkyLN3t5Wox', 'poeKwkyLN3t5', 'oeKwkyLN3t5W', 'eKwkyLN3t5Wo', 'KwkyLN3t5Wox', 'wkyLN3t5', 'kyLN3t5W', 'yLN3t5Wo', 'LN3t5Wox', 'N3t5', '3t5W', 't5Wo', '5Wox', 'nyJosAerrOmKAqOI', 'yJosAerrOmKAqOIp', 'JosAerrOmKAqOIpx', 'osAerrOmKAqOIpxU', 'sAerrOmKAqOI', 'AerrOmKAqOIp', 'errOmKAqOIpx', 'rrOmKAqOIpxU', 'rOmKAqOI', 'OmKAqOIp', 'mKAqOIpx', 'KAqOIpxU', 'AqOI', 'qOIp', 'OIpx', 'IpxU', 'FF60YneeLnPm01pw', 'F60YneeLnPm01pwP', '60YneeLnPm01pwPl', '0YneeLnPm01pwPlX', 'YneeLnPm01pw', 'neeLnPm01pwP', 'eeLnPm01pwPl', 'eLnPm01pwPlX', 'LnPm01pw', 'nPm01pwP', 'Pm01pwPl', 'm01pwPlX', '01pw', '1pwP', 'pwPl', 'wPlX', 'eq57rCeGLZISo9e9', 'q57rCeGLZISo9e9p', '57rCeGLZISo9e9pP', '7rCeGLZISo9e9pPd', 'rCeGLZISo9e9', 'CeGLZISo9e9p', 'eGLZISo9e9pP', 'GLZISo9e9pPd', 'LZISo9e9', 'ZISo9e9p', 'ISo9e9pP', 'So9e9pPd', 'o9e9', '9e9p', 'e9pP', '9pPd', 'FEJOEGeIrT9K7pfu', 'EJOEGeIrT9K7pfuK', 'JOEGeIrT9K7pfuK5', 'OEGeIrT9K7pfuK57', 'EGeIrT9K7pfu', 'GeIrT9K7pfuK', 'eIrT9K7pfuK5', 'IrT9K7pfuK57', 'rT9K7pfu', 'T9K7pfuK', '9K7pfuK5', 'K7pfuK57', '7pfu', 'pfuK', 'fuK5', 'uK57', 'Ng5m6WeR8nOr2Kqr', 'g5m6WeR8nOr2Kqrs', '5m6WeR8nOr2KqrsD', 'm6WeR8nOr2KqrsDI', '6WeR8nOr2Kqr', 'WeR8nOr2Kqrs', 'eR8nOr2KqrsD', 'R8nOr2KqrsDI', '8nOr2Kqr', 'nOr2Kqrs', 'Or2KqrsD', 'r2KqrsDI', '2Kqr', 'Kqrs', 'qrsD', 'rsDI', 'AKmwfje5nOjm9Tc5', 'Kmwfje5nOjm9Tc5A', 'mwfje5nOjm9Tc5Al', 'wfje5nOjm9Tc5AlY', 'fje5nOjm9Tc5', 'je5nOjm9Tc5A', 'e5nOjm9Tc5Al', '5nOjm9Tc5AlY', 'nOjm9Tc5', 'Ojm9Tc5A', 'jm9Tc5Al', 'm9Tc5AlY', '9Tc5', 'Tc5A', 'c5Al', '5AlY', 'wvCt1semMHYMxJdf', 'vCt1semMHYMxJdfr', 'Ct1semMHYMxJdfrq', 't1semMHYMxJdfrq2', '1semMHYMxJdf', 'semMHYMxJdfr', 'emMHYMxJdfrq', 'mMHYMxJdfrq2', 'MHYMxJdf', 'HYMxJdfr', 'YMxJdfrq', 'MxJdfrq2', 'xJdf', 'Jdfr', 'dfrq', 'frq2', 'GPDKfAe4CqRX7Zmk', 'PDKfAe4CqRX7ZmkR', 'DKfAe4CqRX7ZmkRi', 'KfAe4CqRX7ZmkRi6', 'fAe4CqRX7Zmk', 'Ae4CqRX7ZmkR', 'e4CqRX7ZmkRi', '4CqRX7ZmkRi6', 'CqRX7Zmk', 'qRX7ZmkR', 'RX7ZmkRi', 'X7ZmkRi6', '7Zmk', 'ZmkR', 'mkRi', 'kRi6', 'HNWxt9e1nrXkd73h', 'NWxt9e1nrXkd73hF', 'Wxt9e1nrXkd73hFL', 'xt9e1nrXkd73hFLb', 't9e1nrXkd73h', '9e1nrXkd73hF', 'e1nrXkd73hFL', '1nrXkd73hFLb', 'nrXkd73h', 'rXkd73hF', 'Xkd73hFL', 'kd73hFLb', 'd73h', '73hF', '3hFL', 'hFLb', 'mTPU8deqrh4oeEXW', 'TPU8deqrh4oeEXWP', 'PU8deqrh4oeEXWP5', 'U8deqrh4oeEXWP5q', '8deqrh4oeEXW', 'deqrh4oeEXWP', 'eqrh4oeEXWP5', 'qrh4oeEXWP5q', 'rh4oeEXW', 'h4oeEXWP', '4oeEXWP5', 'oeEXWP5q', 'eEXW', 'EXWP', 'XWP5', 'WP5q', 'FxEZiWeY0pr796hv', 'xEZiWeY0pr796hvn', 'EZiWeY0pr796hvnm', 'ZiWeY0pr796hvnmi', 'iWeY0pr796hv', 'WeY0pr796hvn', 'eY0pr796hvnm', 'Y0pr796hvnmi', '0pr796hv', 'pr796hvn', 'r796hvnm', '796hvnmi', '96hv', '6hvn', 'hvnm', 'vnmi', 'b7ZHI2euo13rvdM2', '7ZHI2euo13rvdM2k', 'ZHI2euo13rvdM2kv', 'HI2euo13rvdM2kvn', 'I2euo13rvdM2', '2euo13rvdM2k', 'euo13rvdM2kv', 'uo13rvdM2kvn', 'o13rvdM2', '13rvdM2k', '3rvdM2kv', 'rvdM2kvn', 'vdM2', 'dM2k', 'M2kv', '2kvn', 'kP3KFAe3iBWHUJ44', 'P3KFAe3iBWHUJ44K', '3KFAe3iBWHUJ44KT', 'KFAe3iBWHUJ44KTN', 'FAe3iBWHUJ44', 'Ae3iBWHUJ44K', 'e3iBWHUJ44KT', '3iBWHUJ44KTN', 'iBWHUJ44', 'BWHUJ44K', 'WHUJ44KT', 'HUJ44KTN', 'UJ44', 'J44K', '44KT', '4KTN', 'SqrpvNep4jtdgMYl', 'qrpvNep4jtdgMYli', 'rpvNep4jtdgMYlix', 'pvNep4jtdgMYlixY', 'vNep4jtdgMYl', 'Nep4jtdgMYli', 'ep4jtdgMYlix', 'p4jtdgMYlixY', '4jtdgMYl', 'jtdgMYli', 'tdgMYlix', 'dgMYlixY', 'gMYl', 'MYli', 'Ylix', 'lixY', 'gJ0A6Se8034Ok5lK', 'J0A6Se8034Ok5lKd', '0A6Se8034Ok5lKd6', 'A6Se8034Ok5lKd6w', '6Se8034Ok5lK', 'Se8034Ok5lKd', 'e8034Ok5lKd6', '8034Ok5lKd6w', '034Ok5lK', '34Ok5lKd', '4Ok5lKd6', 'Ok5lKd6w', 'k5lK', '5lKd', 'lKd6', 'Kd6w', 'PXZV8kecy9bmaFd3', 'XZV8kecy9bmaFd3y', 'ZV8kecy9bmaFd3yw', 'V8kecy9bmaFd3ywu', '8kecy9bmaFd3', 'kecy9bmaFd3y', 'ecy9bmaFd3yw', 'cy9bmaFd3ywu', 'y9bmaFd3', '9bmaFd3y', 'bmaFd3yw', 'maFd3ywu', 'aFd3', 'Fd3y', 'd3yw', '3ywu', 'oA2Fk1eFYgwisMxb', 'A2Fk1eFYgwisMxb4', '2Fk1eFYgwisMxb4P', 'Fk1eFYgwisMxb4Pi', 'k1eFYgwisMxb', '1eFYgwisMxb4', 'eFYgwisMxb4P', 'FYgwisMxb4Pi', 'YgwisMxb', 'gwisMxb4', 'wisMxb4P', 'isMxb4Pi', 'sMxb', 'Mxb4', 'xb4P', 'b4Pi', 'xGIXpoe0PPQj01VU', 'GIXpoe0PPQj01VUK', 'IXpoe0PPQj01VUK8', 'Xpoe0PPQj01VUK83', 'poe0PPQj01VU', 'oe0PPQj01VUK', 'e0PPQj01VUK8', '0PPQj01VUK83', 'PPQj01VU', 'PQj01VUK', 'Qj01VUK8', 'j01VUK83', '01VU', '1VUK', 'VUK8', 'UK83', 'g4ORuTeOEcrqgbwm', '4ORuTeOEcrqgbwmJ', 'ORuTeOEcrqgbwmJ8', 'RuTeOEcrqgbwmJ8f', 'uTeOEcrqgbwm', 'TeOEcrqgbwmJ', 'eOEcrqgbwmJ8', 'OEcrqgbwmJ8f', 'Ecrqgbwm', 'crqgbwmJ', 'rqgbwmJ8', 'qgbwmJ8f', 'gbwm', 'bwmJ', 'wmJ8', 'mJ8f', 'RP6scyejX1ere9FR', 'P6scyejX1ere9FRY', '6scyejX1ere9FRY8', 'scyejX1ere9FRY8R', 'cyejX1ere9FR', 'yejX1ere9FRY', 'ejX1ere9FRY8', 'jX1ere9FRY8R', 'X1ere9FR', '1ere9FRY', 'ere9FRY8', 're9FRY8R', 'e9FR', '9FRY', 'FRY8', 'RY8R', 'QxQkYJeQZahyQBja', 'xQkYJeQZahyQBjaI', 'QkYJeQZahyQBjaIv', 'kYJeQZahyQBjaIvS', 'YJeQZahyQBja', 'JeQZahyQBjaI', 'eQZahyQBjaIv', 'QZahyQBjaIvS', 'ZahyQBja', 'ahyQBjaI', 'hyQBjaIv', 'yQBjaIvS', 'QBja', 'BjaI', 'jaIv', 'aIvS', 'qDaefPetNZYvvwgV', 'DaefPetNZYvvwgVp', 'aefPetNZYvvwgVpC', 'efPetNZYvvwgVpCP', 'fPetNZYvvwgV', 'PetNZYvvwgVp', 'etNZYvvwgVpC', 'tNZYvvwgVpCP', 'NZYvvwgV', 'ZYvvwgVp', 'YvvwgVpC', 'vvwgVpCP', 'vwgV', 'wgVp', 'gVpC', 'VpCP', 'R7oU3AeC4iPfwq1n', '7oU3AeC4iPfwq1nn', 'oU3AeC4iPfwq1nnL', 'U3AeC4iPfwq1nnLr', '3AeC4iPfwq1n', 'AeC4iPfwq1nn', 'eC4iPfwq1nnL', 'C4iPfwq1nnLr', '4iPfwq1n', 'iPfwq1nn', 'Pfwq1nnL', 'fwq1nnLr', 'wq1n', 'q1nn', '1nnL', 'nnLr', 'ftZYkqex9qHgslRK', 'tZYkqex9qHgslRKk', 'ZYkqex9qHgslRKkU', 'Ykqex9qHgslRKkUB', 'kqex9qHgslRK', 'qex9qHgslRKk', 'ex9qHgslRKkU', 'x9qHgslRKkUB', '9qHgslRK', 'qHgslRKk', 'HgslRKkU', 'gslRKkUB', 'slRK', 'lRKk', 'RKkU', 'KkUB', 'bDENPfPVxHreHxZd', 'DENPfPVxHreHxZdo', 'ENPfPVxHreHxZdo0', 'NPfPVxHreHxZdo0E', 'PfPVxHreHxZd', 'fPVxHreHxZdo', 'PVxHreHxZdo0', 'VxHreHxZdo0E', 'xHreHxZd', 'HreHxZdo', 'reHxZdo0', 'eHxZdo0E', 'HxZd', 'xZdo', 'Zdo0', 'do0E', 'uqJTLbPnTk59Mk3Y', 'qJTLbPnTk59Mk3Y3', 'JTLbPnTk59Mk3Y3c', 'TLbPnTk59Mk3Y3cO', 'LbPnTk59Mk3Y', 'bPnTk59Mk3Y3', 'PnTk59Mk3Y3c', 'nTk59Mk3Y3cO', 'Tk59Mk3Y', 'k59Mk3Y3', '59Mk3Y3c', '9Mk3Y3cO', 'Mk3Y', 'k3Y3', '3Y3c', 'Y3cO', 'nO5W8RPZyyXMMyAp', 'O5W8RPZyyXMMyApc', '5W8RPZyyXMMyApc4', 'W8RPZyyXMMyApc4y', '8RPZyyXMMyAp', 'RPZyyXMMyApc', 'PZyyXMMyApc4', 'ZyyXMMyApc4y', 'yyXMMyAp', 'yXMMyApc', 'XMMyApc4', 'MMyApc4y', 'MyAp', 'yApc', 'Apc4', 'pc4y', 'J1u68pPW662xJcBN', '1u68pPW662xJcBNH', 'u68pPW662xJcBNHx', '68pPW662xJcBNHxc', '8pPW662xJcBN', 'pPW662xJcBNH', 'PW662xJcBNHx', 'W662xJcBNHxc', '662xJcBN', '62xJcBNH', '2xJcBNHx', 'xJcBNHxc', 'JcBN', 'cBNH', 'BNHx', 'NHxc', 'yAaWHAPs5945x8Kp', 'AaWHAPs5945x8Kpj', 'aWHAPs5945x8KpjI', 'WHAPs5945x8KpjIO', 'HAPs5945x8Kp', 'APs5945x8Kpj', 'Ps5945x8KpjI', 's5945x8KpjIO', '5945x8Kp', '945x8Kpj', '45x8KpjI', '5x8KpjIO', 'x8Kp', '8Kpj', 'KpjI', 'pjIO', 'RQUuV0PhR65FVLDN', 'QUuV0PhR65FVLDNO', 'UuV0PhR65FVLDNOH', 'uV0PhR65FVLDNOHp', 'V0PhR65FVLDN', '0PhR65FVLDNO', 'PhR65FVLDNOH', 'hR65FVLDNOHp', 'R65FVLDN', '65FVLDNO', '5FVLDNOH', 'FVLDNOHp', 'VLDN', 'LDNO', 'DNOH', 'NOHp', 'UlOfakPKb29XMN2q', 'lOfakPKb29XMN2qB', 'OfakPKb29XMN2qBn', 'fakPKb29XMN2qBnN', 'akPKb29XMN2q', 'kPKb29XMN2qB', 'PKb29XMN2qBn', 'Kb29XMN2qBnN', 'b29XMN2q', '29XMN2qB', '9XMN2qBn', 'XMN2qBnN', 'MN2q', 'N2qB', '2qBn', 'qBnN', 'Jbec75Prpe3Eo9Ug', 'bec75Prpe3Eo9Ugx', 'ec75Prpe3Eo9UgxS', 'c75Prpe3Eo9UgxSd', '75Prpe3Eo9Ug', '5Prpe3Eo9Ugx', 'Prpe3Eo9UgxS', 'rpe3Eo9UgxSd', 'pe3Eo9Ug', 'e3Eo9Ugx', '3Eo9UgxS', 'Eo9UgxSd', 'o9Ug', '9Ugx', 'UgxS', 'gxSd', 'AXjK2DPeCtjdlGyd', 'XjK2DPeCtjdlGyd4', 'jK2DPeCtjdlGyd44', 'K2DPeCtjdlGyd44C', '2DPeCtjdlGyd', 'DPeCtjdlGyd4', 'PeCtjdlGyd44', 'eCtjdlGyd44C', 'CtjdlGyd', 'tjdlGyd4', 'jdlGyd44', 'dlGyd44C', 'lGyd', 'Gyd4', 'yd44', 'd44C', 'GH9gG7PGLKFQPpIn', 'H9gG7PGLKFQPpInT', '9gG7PGLKFQPpInTT', 'gG7PGLKFQPpInTTL', 'G7PGLKFQPpIn', '7PGLKFQPpInT', 'PGLKFQPpInTT', 'GLKFQPpInTTL', 'LKFQPpIn', 'KFQPpInT', 'FQPpInTT', 'QPpInTTL', 'PpIn', 'pInT', 'InTT', 'nTTL', 'ewmu3dPI0Z9MPFd8', 'wmu3dPI0Z9MPFd8l', 'mu3dPI0Z9MPFd8ls', 'u3dPI0Z9MPFd8lsn', '3dPI0Z9MPFd8', 'dPI0Z9MPFd8l', 'PI0Z9MPFd8ls', 'I0Z9MPFd8lsn', '0Z9MPFd8', 'Z9MPFd8l', '9MPFd8ls', 'MPFd8lsn', 'PFd8', 'Fd8l', 'd8ls', '8lsn', 'HEb6RbPRSUGn76df', 'Eb6RbPRSUGn76dfT', 'b6RbPRSUGn76dfTu', '6RbPRSUGn76dfTuw', 'RbPRSUGn76df', 'bPRSUGn76dfT', 'PRSUGn76dfTu', 'RSUGn76dfTuw', 'SUGn76df', 'UGn76dfT', 'Gn76dfTu', 'n76dfTuw', '76df', '6dfT', 'dfTu', 'fTuw', 'MsQG8DP5LBX0PaaS', 'sQG8DP5LBX0PaaSx', 'QG8DP5LBX0PaaSxv', 'G8DP5LBX0PaaSxvQ', '8DP5LBX0PaaS', 'DP5LBX0PaaSx', 'P5LBX0PaaSxv', '5LBX0PaaSxvQ', 'LBX0PaaS', 'BX0PaaSx', 'X0PaaSxv', '0PaaSxvQ', 'PaaS', 'aaSx', 'aSxv', 'SxvQ', 'X1BpsBPmJJn7vO3P', '1BpsBPmJJn7vO3PB', 'BpsBPmJJn7vO3PBs', 'psBPmJJn7vO3PBsc', 'sBPmJJn7vO3P', 'BPmJJn7vO3PB', 'PmJJn7vO3PBs', 'mJJn7vO3PBsc', 'JJn7vO3P', 'Jn7vO3PB', 'n7vO3PBs', '7vO3PBsc', 'vO3P', 'O3PB', '3PBs', 'PBsc', 'Kyc7luP4MleWGXSU', 'yc7luP4MleWGXSUe', 'c7luP4MleWGXSUeb', '7luP4MleWGXSUebt', 'luP4MleWGXSU', 'uP4MleWGXSUe', 'P4MleWGXSUeb', '4MleWGXSUebt', 'MleWGXSU', 'leWGXSUe', 'eWGXSUeb', 'WGXSUebt', 'GXSU', 'XSUe', 'SUeb', 'Uebt', 'D2XTY9P1yycrVNid', '2XTY9P1yycrVNidr', 'XTY9P1yycrVNidrM', 'TY9P1yycrVNidrMG', 'Y9P1yycrVNid', '9P1yycrVNidr', 'P1yycrVNidrM', '1yycrVNidrMG', 'yycrVNid', 'ycrVNidr', 'crVNidrM', 'rVNidrMG', 'VNid', 'Nidr', 'idrM', 'drMG', 's3iMX6PqEdpucpo3', '3iMX6PqEdpucpo3k', 'iMX6PqEdpucpo3kj', 'MX6PqEdpucpo3kju', 'X6PqEdpucpo3', '6PqEdpucpo3k', 'PqEdpucpo3kj', 'qEdpucpo3kju', 'Edpucpo3', 'dpucpo3k', 'pucpo3kj', 'ucpo3kju', 'cpo3', 'po3k', 'o3kj', '3kju', 'unsUCmPYWk9J44dN', 'nsUCmPYWk9J44dNu', 'sUCmPYWk9J44dNuc', 'UCmPYWk9J44dNuch', 'CmPYWk9J44dN', 'mPYWk9J44dNu', 'PYWk9J44dNuc', 'YWk9J44dNuch', 'Wk9J44dN', 'k9J44dNu', '9J44dNuc', 'J44dNuch', '44dN', '4dNu', 'dNuc', 'Nuch', 'KkdPwXPukYfv2TcD', 'kdPwXPukYfv2TcDL', 'dPwXPukYfv2TcDLP', 'PwXPukYfv2TcDLP3', 'wXPukYfv2TcD', 'XPukYfv2TcDL', 'PukYfv2TcDLP', 'ukYfv2TcDLP3', 'kYfv2TcD', 'Yfv2TcDL', 'fv2TcDLP', 'v2TcDLP3', '2TcD', 'TcDL', 'cDLP', 'DLP3', 'kIUGVuP3UTjKmsEl', 'IUGVuP3UTjKmsEls', 'UGVuP3UTjKmsElsh', 'GVuP3UTjKmsElshE', 'VuP3UTjKmsEl', 'uP3UTjKmsEls', 'P3UTjKmsElsh', '3UTjKmsElshE', 'UTjKmsEl', 'TjKmsEls', 'jKmsElsh', 'KmsElshE', 'msEl', 'sEls', 'Elsh', 'lshE', 'JmFCPwPpD7IXqabb', 'mFCPwPpD7IXqabb1', 'FCPwPpD7IXqabb1y', 'CPwPpD7IXqabb1yN', 'PwPpD7IXqabb', 'wPpD7IXqabb1', 'PpD7IXqabb1y', 'pD7IXqabb1yN', 'D7IXqabb', '7IXqabb1', 'IXqabb1y', 'Xqabb1yN', 'qabb', 'abb1', 'bb1y', 'b1yN', 'zF2hvyP8GkVDdZG9', 'F2hvyP8GkVDdZG9k', '2hvyP8GkVDdZG9kv', 'hvyP8GkVDdZG9kvj', 'vyP8GkVDdZG9', 'yP8GkVDdZG9k', 'P8GkVDdZG9kv', '8GkVDdZG9kvj', 'GkVDdZG9', 'kVDdZG9k', 'VDdZG9kv', 'DdZG9kvj', 'dZG9', 'ZG9k', 'G9kv', '9kvj', 'i4cl1iPcJOewiCBX', '4cl1iPcJOewiCBXE', 'cl1iPcJOewiCBXEm', 'l1iPcJOewiCBXEmb', '1iPcJOewiCBX', 'iPcJOewiCBXE', 'PcJOewiCBXEm', 'cJOewiCBXEmb', 'JOewiCBX', 'OewiCBXE', 'ewiCBXEm', 'wiCBXEmb', 'iCBX', 'CBXE', 'BXEm', 'XEmb', 'wVSHaqPFXWFq3not', 'VSHaqPFXWFq3notQ', 'SHaqPFXWFq3notQ9', 'HaqPFXWFq3notQ9F', 'aqPFXWFq3not', 'qPFXWFq3notQ', 'PFXWFq3notQ9', 'FXWFq3notQ9F', 'XWFq3not', 'WFq3notQ', 'Fq3notQ9', 'q3notQ9F', '3not', 'notQ', 'otQ9', 'tQ9F', 'n9q3DSP0BPr7BAvq', '9q3DSP0BPr7BAvqd', 'q3DSP0BPr7BAvqdn', '3DSP0BPr7BAvqdnm', 'DSP0BPr7BAvq', 'SP0BPr7BAvqd', 'P0BPr7BAvqdn', '0BPr7BAvqdnm', 'BPr7BAvq', 'Pr7BAvqd', 'r7BAvqdn', '7BAvqdnm', 'BAvq', 'Avqd', 'vqdn', 'qdnm', 'geFyeTPOxoA61re6', 'eFyeTPOxoA61re6Q', 'FyeTPOxoA61re6Qa', 'yeTPOxoA61re6QaR', 'eTPOxoA61re6', 'TPOxoA61re6Q', 'POxoA61re6Qa', 'OxoA61re6QaR', 'xoA61re6', 'oA61re6Q', 'A61re6Qa', '61re6QaR', '1re6', 're6Q', 'e6Qa', '6QaR', 'B5vQMnPjZfcLE4HQ', '5vQMnPjZfcLE4HQM', 'vQMnPjZfcLE4HQM8', 'QMnPjZfcLE4HQM8V', 'MnPjZfcLE4HQ', 'nPjZfcLE4HQM', 'PjZfcLE4HQM8', 'jZfcLE4HQM8V', 'ZfcLE4HQ', 'fcLE4HQM', 'cLE4HQM8', 'LE4HQM8V', 'E4HQ', '4HQM', 'HQM8', 'QM8V', 'CLICrcPQpuoOCxjD', 'LICrcPQpuoOCxjDC', 'ICrcPQpuoOCxjDCL', 'CrcPQpuoOCxjDCLy', 'rcPQpuoOCxjD', 'cPQpuoOCxjDC', 'PQpuoOCxjDCL', 'QpuoOCxjDCLy', 'puoOCxjD', 'uoOCxjDC', 'oOCxjDCL', 'OCxjDCLy', 'CxjD', 'xjDC', 'jDCL', 'DCLy', 'jCJ3M2PtN61gdiVF', 'CJ3M2PtN61gdiVFP', 'J3M2PtN61gdiVFPM', '3M2PtN61gdiVFPMn', 'M2PtN61gdiVF', '2PtN61gdiVFP', 'PtN61gdiVFPM', 'tN61gdiVFPMn', 'N61gdiVF', '61gdiVFP', '1gdiVFPM', 'gdiVFPMn', 'diVF', 'iVFP', 'VFPM', 'FPMn', 'N8qgDAPCkMR6kecL', '8qgDAPCkMR6kecLF', 'qgDAPCkMR6kecLFQ', 'gDAPCkMR6kecLFQX', 'DAPCkMR6kecL', 'APCkMR6kecLF', 'PCkMR6kecLFQ', 'CkMR6kecLFQX', 'kMR6kecL', 'MR6kecLF', 'R6kecLFQ', '6kecLFQX', 'kecL', 'ecLF', 'cLFQ', 'LFQX', 'snntaJPxmwMkW8lv', 'nntaJPxmwMkW8lvC', 'ntaJPxmwMkW8lvC2', 'taJPxmwMkW8lvC2e', 'aJPxmwMkW8lv', 'JPxmwMkW8lvC', 'PxmwMkW8lvC2', 'xmwMkW8lvC2e', 'mwMkW8lv', 'wMkW8lvC', 'MkW8lvC2', 'kW8lvC2e', 'W8lv', '8lvC', 'lvC2', 'vC2e', 'UwkItgGV0VG6GHV3', 'wkItgGV0VG6GHV3Y', 'kItgGV0VG6GHV3Ym', 'ItgGV0VG6GHV3YmW', 'tgGV0VG6GHV3', 'gGV0VG6GHV3Y', 'GV0VG6GHV3Ym', 'V0VG6GHV3YmW', '0VG6GHV3', 'VG6GHV3Y', 'G6GHV3Ym', '6GHV3YmW', 'GHV3', 'HV3Y', 'V3Ym', '3YmW', 'aYfE7JGnaqa8C6xE', 'YfE7JGnaqa8C6xE6', 'fE7JGnaqa8C6xE6C', 'E7JGnaqa8C6xE6C9', '7JGnaqa8C6xE', 'JGnaqa8C6xE6', 'Gnaqa8C6xE6C', 'naqa8C6xE6C9', 'aqa8C6xE', 'qa8C6xE6', 'a8C6xE6C', '8C6xE6C9', 'C6xE', '6xE6', 'xE6C', 'E6C9', 'M5jXTAGZ1CKe4rPO', '5jXTAGZ1CKe4rPOh', 'jXTAGZ1CKe4rPOhZ', 'XTAGZ1CKe4rPOhZ6', 'TAGZ1CKe4rPO', 'AGZ1CKe4rPOh', 'GZ1CKe4rPOhZ', 'Z1CKe4rPOhZ6', '1CKe4rPO', 'CKe4rPOh', 'Ke4rPOhZ', 'e4rPOhZ6', '4rPO', 'rPOh', 'POhZ', 'OhZ6', 'IXsCIgGWaVa0OLyD', 'XsCIgGWaVa0OLyDQ', 'sCIgGWaVa0OLyDQ7', 'CIgGWaVa0OLyDQ7A', 'IgGWaVa0OLyD', 'gGWaVa0OLyDQ', 'GWaVa0OLyDQ7', 'WaVa0OLyDQ7A', 'aVa0OLyD', 'Va0OLyDQ', 'a0OLyDQ7', '0OLyDQ7A', 'OLyD', 'LyDQ', 'yDQ7', 'DQ7A', 'AVubQcGskkT78yRf', 'VubQcGskkT78yRfs', 'ubQcGskkT78yRfsc', 'bQcGskkT78yRfscQ', 'QcGskkT78yRf', 'cGskkT78yRfs', 'GskkT78yRfsc', 'skkT78yRfscQ', 'kkT78yRf', 'kT78yRfs', 'T78yRfsc', '78yRfscQ', '8yRf', 'yRfs', 'Rfsc', 'fscQ', 'CcQiZEGhKA0KusZN', 'cQiZEGhKA0KusZN3', 'QiZEGhKA0KusZN3o', 'iZEGhKA0KusZN3oi', 'ZEGhKA0KusZN', 'EGhKA0KusZN3', 'GhKA0KusZN3o', 'hKA0KusZN3oi', 'KA0KusZN', 'A0KusZN3', '0KusZN3o', 'KusZN3oi', 'usZN', 'sZN3', 'ZN3o', 'N3oi', 'PVV4LRGKkvJ9P1cA', 'VV4LRGKkvJ9P1cAp', 'V4LRGKkvJ9P1cApv', '4LRGKkvJ9P1cApvr', 'LRGKkvJ9P1cA', 'RGKkvJ9P1cAp', 'GKkvJ9P1cApv', 'KkvJ9P1cApvr', 'kvJ9P1cA', 'vJ9P1cAp', 'J9P1cApv', '9P1cApvr', 'P1cA', '1cAp', 'cApv', 'Apvr', 'DbJM2EGrhNfPjSpx', 'bJM2EGrhNfPjSpxj', 'JM2EGrhNfPjSpxjq', 'M2EGrhNfPjSpxjqd', '2EGrhNfPjSpx', 'EGrhNfPjSpxj', 'GrhNfPjSpxjq', 'rhNfPjSpxjqd', 'hNfPjSpx', 'NfPjSpxj', 'fPjSpxjq', 'PjSpxjqd', 'jSpx', 'Spxj', 'pxjq', 'xjqd', 'cXp9cRGeZP9Vhq5F', 'Xp9cRGeZP9Vhq5FF', 'p9cRGeZP9Vhq5FFk', '9cRGeZP9Vhq5FFkZ', 'cRGeZP9Vhq5F', 'RGeZP9Vhq5FF', 'GeZP9Vhq5FFk', 'eZP9Vhq5FFkZ', 'ZP9Vhq5F', 'P9Vhq5FF', '9Vhq5FFk', 'Vhq5FFkZ', 'hq5F', 'q5FF', '5FFk', 'FFkZ', 'OfJPyYGGrEo3YWI7', 'fJPyYGGrEo3YWI76', 'JPyYGGrEo3YWI763', 'PyYGGrEo3YWI763P', 'yYGGrEo3YWI7', 'YGGrEo3YWI76', 'GGrEo3YWI763', 'GrEo3YWI763P', 'rEo3YWI7', 'Eo3YWI76', 'o3YWI763', '3YWI763P', 'YWI7', 'WI76', 'I763', '763P', 'B8EIqjGIQdIdklFW', '8EIqjGIQdIdklFWg', 'EIqjGIQdIdklFWgW', 'IqjGIQdIdklFWgWm', 'qjGIQdIdklFW', 'jGIQdIdklFWg', 'GIQdIdklFWgW', 'IQdIdklFWgWm', 'QdIdklFW', 'dIdklFWg', 'IdklFWgW', 'dklFWgWm', 'klFW', 'lFWg', 'FWgW', 'WgWm', 'vvMZlMGRfHGUoMwL', 'vMZlMGRfHGUoMwLq', 'MZlMGRfHGUoMwLqg', 'ZlMGRfHGUoMwLqgd', 'lMGRfHGUoMwL', 'MGRfHGUoMwLq', 'GRfHGUoMwLqg', 'RfHGUoMwLqgd', 'fHGUoMwL', 'HGUoMwLq', 'GUoMwLqg', 'UoMwLqgd', 'oMwL', 'MwLq', 'wLqg', 'Lqgd', 'EPcRDIG5jwsv4KSu', 'PcRDIG5jwsv4KSuX', 'cRDIG5jwsv4KSuX7', 'RDIG5jwsv4KSuX7X', 'DIG5jwsv4KSu', 'IG5jwsv4KSuX', 'G5jwsv4KSuX7', '5jwsv4KSuX7X', 'jwsv4KSu', 'wsv4KSuX', 'sv4KSuX7', 'v4KSuX7X', '4KSu', 'KSuX', 'SuX7', 'uX7X', 'FQ7pjNGmuGi3bJO5', 'Q7pjNGmuGi3bJO5l', '7pjNGmuGi3bJO5lD', 'pjNGmuGi3bJO5lDc', 'jNGmuGi3bJO5', 'NGmuGi3bJO5l', 'GmuGi3bJO5lD', 'muGi3bJO5lDc', 'uGi3bJO5', 'Gi3bJO5l', 'i3bJO5lD', '3bJO5lDc', 'bJO5', 'JO5l', 'O5lD', '5lDc', 'tNADkJG4oxgDiHCI', 'NADkJG4oxgDiHCIN', 'ADkJG4oxgDiHCIN3', 'DkJG4oxgDiHCIN35', 'kJG4oxgDiHCI', 'JG4oxgDiHCIN', 'G4oxgDiHCIN3', '4oxgDiHCIN35', 'oxgDiHCI', 'xgDiHCIN', 'gDiHCIN3', 'DiHCIN35', 'iHCI', 'HCIN', 'CIN3', 'IN35', 'pSVgTnG1gcQV8MWt', 'SVgTnG1gcQV8MWtc', 'VgTnG1gcQV8MWtc8', 'gTnG1gcQV8MWtc8V', 'TnG1gcQV8MWt', 'nG1gcQV8MWtc', 'G1gcQV8MWtc8', '1gcQV8MWtc8V', 'gcQV8MWt', 'cQV8MWtc', 'QV8MWtc8', 'V8MWtc8V', '8MWt', 'MWtc', 'Wtc8', 'tc8V', 'HBFpu2Gq03TxRIS4', 'BFpu2Gq03TxRIS4b', 'Fpu2Gq03TxRIS4bx', 'pu2Gq03TxRIS4bxt', 'u2Gq03TxRIS4', '2Gq03TxRIS4b', 'Gq03TxRIS4bx', 'q03TxRIS4bxt', '03TxRIS4', '3TxRIS4b', 'TxRIS4bx', 'xRIS4bxt', 'RIS4', 'IS4b', 'S4bx', '4bxt', 'j9f1IGGYUVFCg4S9', '9f1IGGYUVFCg4S9G', 'f1IGGYUVFCg4S9GS', '1IGGYUVFCg4S9GSp', 'IGGYUVFCg4S9', 'GGYUVFCg4S9G', 'GYUVFCg4S9GS', 'YUVFCg4S9GSp', 'UVFCg4S9', 'VFCg4S9G', 'FCg4S9GS', 'Cg4S9GSp', 'g4S9', '4S9G', 'S9GS', '9GSp', 'sIwALYGul5cr8lUy', 'IwALYGul5cr8lUyc', 'wALYGul5cr8lUycv', 'ALYGul5cr8lUycv2', 'LYGul5cr8lUy', 'YGul5cr8lUyc', 'Gul5cr8lUycv', 'ul5cr8lUycv2', 'l5cr8lUy', '5cr8lUyc', 'cr8lUycv', 'r8lUycv2', '8lUy', 'lUyc', 'Uycv', 'ycv2', 'KSArKIG3UhgndsSl', 'SArKIG3UhgndsSlq', 'ArKIG3UhgndsSlqR', 'rKIG3UhgndsSlqRC', 'KIG3UhgndsSl', 'IG3UhgndsSlq', 'G3UhgndsSlqR', '3UhgndsSlqRC', 'UhgndsSl', 'hgndsSlq', 'gndsSlqR', 'ndsSlqRC', 'dsSl', 'sSlq', 'SlqR', 'lqRC', 'UuxKndGpUBFnrfYi', 'uxKndGpUBFnrfYiT', 'xKndGpUBFnrfYiT1', 'KndGpUBFnrfYiT1H', 'ndGpUBFnrfYi', 'dGpUBFnrfYiT', 'GpUBFnrfYiT1', 'pUBFnrfYiT1H', 'UBFnrfYi', 'BFnrfYiT', 'FnrfYiT1', 'nrfYiT1H', 'rfYi', 'fYiT', 'YiT1', 'iT1H', 'oDfhe0G82DZFEbPJ', 'Dfhe0G82DZFEbPJh', 'fhe0G82DZFEbPJh6', 'he0G82DZFEbPJh6l', 'e0G82DZFEbPJ', '0G82DZFEbPJh', 'G82DZFEbPJh6', '82DZFEbPJh6l', '2DZFEbPJ', 'DZFEbPJh', 'ZFEbPJh6', 'FEbPJh6l', 'EbPJ', 'bPJh', 'PJh6', 'Jh6l', 'djulbdGcbroIlHx8', 'julbdGcbroIlHx8o', 'ulbdGcbroIlHx8oQ', 'lbdGcbroIlHx8oQ6', 'bdGcbroIlHx8', 'dGcbroIlHx8o', 'GcbroIlHx8oQ', 'cbroIlHx8oQ6', 'broIlHx8', 'roIlHx8o', 'oIlHx8oQ', 'IlHx8oQ6', 'lHx8', 'Hx8o', 'x8oQ', '8oQ6', 'bJelTmGFPRNlLmnE', 'JelTmGFPRNlLmnEm', 'elTmGFPRNlLmnEm9', 'lTmGFPRNlLmnEm92', 'TmGFPRNlLmnE', 'mGFPRNlLmnEm', 'GFPRNlLmnEm9', 'FPRNlLmnEm92', 'PRNlLmnE', 'RNlLmnEm', 'NlLmnEm9', 'lLmnEm92', 'LmnE', 'mnEm', 'nEm9', 'Em92', 'BDL78LG0of0B29ht', 'DL78LG0of0B29htw', 'L78LG0of0B29htwR', '78LG0of0B29htwRd', '8LG0of0B29ht', 'LG0of0B29htw', 'G0of0B29htwR', '0of0B29htwRd', 'of0B29ht', 'f0B29htw', '0B29htwR', 'B29htwRd', '29ht', '9htw', 'htwR', 'twRd', 'idXdi7GOMKmnSq6M', 'dXdi7GOMKmnSq6MR', 'Xdi7GOMKmnSq6MRZ', 'di7GOMKmnSq6MRZn', 'i7GOMKmnSq6M', '7GOMKmnSq6MR', 'GOMKmnSq6MRZ', 'OMKmnSq6MRZn', 'MKmnSq6M', 'KmnSq6MR', 'mnSq6MRZ', 'nSq6MRZn', 'Sq6M', 'q6MR', '6MRZ', 'MRZn', 'IsbCYAGjWjB0hqJh', 'sbCYAGjWjB0hqJhX', 'bCYAGjWjB0hqJhXD', 'CYAGjWjB0hqJhXDM', 'YAGjWjB0hqJh', 'AGjWjB0hqJhX', 'GjWjB0hqJhXD', 'jWjB0hqJhXDM', 'WjB0hqJh', 'jB0hqJhX', 'B0hqJhXD', '0hqJhXDM', 'hqJh', 'qJhX', 'JhXD', 'hXDM', 'Hw8qiGGQU58JxMnu', 'w8qiGGQU58JxMnuS', '8qiGGQU58JxMnuST', 'qiGGQU58JxMnuSTj', 'iGGQU58JxMnu', 'GGQU58JxMnuS', 'GQU58JxMnuST', 'QU58JxMnuSTj', 'U58JxMnu', '58JxMnuS', '8JxMnuST', 'JxMnuSTj', 'xMnu', 'MnuS', 'nuST', 'uSTj', 'P2umuYGt6ReeNetb', '2umuYGt6ReeNetbX', 'umuYGt6ReeNetbX8', 'muYGt6ReeNetbX8i', 'uYGt6ReeNetb', 'YGt6ReeNetbX', 'Gt6ReeNetbX8', 't6ReeNetbX8i', '6ReeNetb', 'ReeNetbX', 'eeNetbX8', 'eNetbX8i', 'Netb', 'etbX', 'tbX8', 'bX8i', 'DLfg5xGCda1seJdh', 'Lfg5xGCda1seJdhN', 'fg5xGCda1seJdhNx', 'g5xGCda1seJdhNxd', '5xGCda1seJdh', 'xGCda1seJdhN', 'GCda1seJdhNx', 'Cda1seJdhNxd', 'da1seJdh', 'a1seJdhN', '1seJdhNx', 'seJdhNxd', 'eJdh', 'JdhN', 'dhNx', 'hNxd', 'd9qAAwGxM3GTCU8l', '9qAAwGxM3GTCU8lf', 'qAAwGxM3GTCU8lf2', 'AAwGxM3GTCU8lf2X', 'AwGxM3GTCU8l', 'wGxM3GTCU8lf', 'GxM3GTCU8lf2', 'xM3GTCU8lf2X', 'M3GTCU8l', '3GTCU8lf', 'GTCU8lf2', 'TCU8lf2X', 'CU8l', 'U8lf', '8lf2', 'lf2X', 'dwD5BFlVSbcEVTZJ', 'wD5BFlVSbcEVTZJm', 'D5BFlVSbcEVTZJmY', '5BFlVSbcEVTZJmYb', 'BFlVSbcEVTZJ', 'FlVSbcEVTZJm', 'lVSbcEVTZJmY', 'VSbcEVTZJmYb', 'SbcEVTZJ', 'bcEVTZJm', 'cEVTZJmY', 'EVTZJmYb', 'VTZJ', 'TZJm', 'ZJmY', 'JmYb', 'qb9UbhlnMajOf4na', 'b9UbhlnMajOf4naE', '9UbhlnMajOf4naEm', 'UbhlnMajOf4naEms', 'bhlnMajOf4na', 'hlnMajOf4naE', 'lnMajOf4naEm', 'nMajOf4naEms', 'MajOf4na', 'ajOf4naE', 'jOf4naEm', 'Of4naEms', 'f4na', '4naE', 'naEm', 'aEms', 'tkEP9AlZBnRnCBiR', 'kEP9AlZBnRnCBiRa', 'EP9AlZBnRnCBiRaP', 'P9AlZBnRnCBiRaPv', '9AlZBnRnCBiR', 'AlZBnRnCBiRa', 'lZBnRnCBiRaP', 'ZBnRnCBiRaPv', 'BnRnCBiR', 'nRnCBiRa', 'RnCBiRaP', 'nCBiRaPv', 'CBiR', 'BiRa', 'iRaP', 'RaPv', 'RAq0UolWatajXeQC', 'Aq0UolWatajXeQCg', 'q0UolWatajXeQCgx', '0UolWatajXeQCgxx', 'UolWatajXeQC', 'olWatajXeQCg', 'lWatajXeQCgx', 'WatajXeQCgxx', 'atajXeQC', 'tajXeQCg', 'ajXeQCgx', 'jXeQCgxx', 'XeQC', 'eQCg', 'QCgx', 'Cgxx', 'vqx3TflsRqkvooLS', 'qx3TflsRqkvooLSp', 'x3TflsRqkvooLSpG', '3TflsRqkvooLSpGA', 'TflsRqkvooLS', 'flsRqkvooLSp', 'lsRqkvooLSpG', 'sRqkvooLSpGA', 'RqkvooLS', 'qkvooLSp', 'kvooLSpG', 'vooLSpGA', 'ooLS', 'oLSp', 'LSpG', 'SpGA', 'GEJkIQlhvkOsLULk', 'EJkIQlhvkOsLULky', 'JkIQlhvkOsLULkyM', 'kIQlhvkOsLULkyM1', 'IQlhvkOsLULk', 'QlhvkOsLULky', 'lhvkOsLULkyM', 'hvkOsLULkyM1', 'vkOsLULk', 'kOsLULky', 'OsLULkyM', 'sLULkyM1', 'LULk', 'ULky', 'LkyM', 'kyM1', 'beDwP3lKXmAFqmYw', 'eDwP3lKXmAFqmYwS', 'DwP3lKXmAFqmYwSM', 'wP3lKXmAFqmYwSMk', 'P3lKXmAFqmYw', '3lKXmAFqmYwS', 'lKXmAFqmYwSM', 'KXmAFqmYwSMk', 'XmAFqmYw', 'mAFqmYwS', 'AFqmYwSM', 'FqmYwSMk', 'qmYw', 'mYwS', 'YwSM', 'wSMk', 'Bi5mGYlr07gqnsiE', 'i5mGYlr07gqnsiE5', '5mGYlr07gqnsiE53', 'mGYlr07gqnsiE53i', 'GYlr07gqnsiE', 'Ylr07gqnsiE5', 'lr07gqnsiE53', 'r07gqnsiE53i', '07gqnsiE', '7gqnsiE5', 'gqnsiE53', 'qnsiE53i', 'nsiE', 'siE5', 'iE53', 'E53i', 'lNd5sJleolUwKn7b', 'Nd5sJleolUwKn7bn', 'd5sJleolUwKn7bnw', '5sJleolUwKn7bnw3', 'sJleolUwKn7b', 'JleolUwKn7bn', 'leolUwKn7bnw', 'eolUwKn7bnw3', 'olUwKn7b', 'lUwKn7bn', 'UwKn7bnw', 'wKn7bnw3', 'Kn7b', 'n7bn', '7bnw', 'bnw3', 'H0JEVJlGodu0emAC', '0JEVJlGodu0emACv', 'JEVJlGodu0emACvy', 'EVJlGodu0emACvyW', 'VJlGodu0emAC', 'JlGodu0emACv', 'lGodu0emACvy', 'Godu0emACvyW', 'odu0emAC', 'du0emACv', 'u0emACvy', '0emACvyW', 'emAC', 'mACv', 'ACvy', 'CvyW', 'wpfYGDlIeTMVrcQe', 'pfYGDlIeTMVrcQeE', 'fYGDlIeTMVrcQeEQ', 'YGDlIeTMVrcQeEQX', 'GDlIeTMVrcQe', 'DlIeTMVrcQeE', 'lIeTMVrcQeEQ', 'IeTMVrcQeEQX', 'eTMVrcQe', 'TMVrcQeE', 'MVrcQeEQ', 'VrcQeEQX', 'rcQe', 'cQeE', 'QeEQ', 'eEQX', 'XngvpjlRNdh7QtUB', 'ngvpjlRNdh7QtUBI', 'gvpjlRNdh7QtUBIN', 'vpjlRNdh7QtUBINZ', 'pjlRNdh7QtUB', 'jlRNdh7QtUBI', 'lRNdh7QtUBIN', 'RNdh7QtUBINZ', 'Ndh7QtUB', 'dh7QtUBI', 'h7QtUBIN', '7QtUBINZ', 'QtUB', 'tUBI', 'UBIN', 'BINZ', 'iuEEPwl5teTI37uF', 'uEEPwl5teTI37uFq', 'EEPwl5teTI37uFq9', 'EPwl5teTI37uFq9f', 'Pwl5teTI37uF', 'wl5teTI37uFq', 'l5teTI37uFq9', '5teTI37uFq9f', 'teTI37uF', 'eTI37uFq', 'TI37uFq9', 'I37uFq9f', '37uF', '7uFq', 'uFq9', 'Fq9f', 'VMTmrElmIvEjhC5F', 'MTmrElmIvEjhC5Fu', 'TmrElmIvEjhC5FuT', 'mrElmIvEjhC5FuTB', 'rElmIvEjhC5F', 'ElmIvEjhC5Fu', 'lmIvEjhC5FuT', 'mIvEjhC5FuTB', 'IvEjhC5F', 'vEjhC5Fu', 'EjhC5FuT', 'jhC5FuTB', 'hC5F', 'C5Fu', '5FuT', 'FuTB', 'bu60Qkl4Ya3sLo7F', 'u60Qkl4Ya3sLo7FK', '60Qkl4Ya3sLo7FKe', '0Qkl4Ya3sLo7FKeY', 'Qkl4Ya3sLo7F', 'kl4Ya3sLo7FK', 'l4Ya3sLo7FKe', '4Ya3sLo7FKeY', 'Ya3sLo7F', 'a3sLo7FK', '3sLo7FKe', 'sLo7FKeY', 'Lo7F', 'o7FK', '7FKe', 'FKeY', 'EeKPRjl1pYCAALtq', 'eKPRjl1pYCAALtqN', 'KPRjl1pYCAALtqNl', 'PRjl1pYCAALtqNll', 'Rjl1pYCAALtq', 'jl1pYCAALtqN', 'l1pYCAALtqNl', '1pYCAALtqNll', 'pYCAALtq', 'YCAALtqN', 'CAALtqNl', 'AALtqNll', 'ALtq', 'LtqN', 'tqNl', 'qNll', 'BjJUDAlq2JGIDsvc', 'jJUDAlq2JGIDsvc7', 'JUDAlq2JGIDsvc72', 'UDAlq2JGIDsvc72g', 'DAlq2JGIDsvc', 'Alq2JGIDsvc7', 'lq2JGIDsvc72', 'q2JGIDsvc72g', '2JGIDsvc', 'JGIDsvc7', 'GIDsvc72', 'IDsvc72g', 'Dsvc', 'svc7', 'vc72', 'c72g', 'mi7VRtlYALtt23nv', 'i7VRtlYALtt23nva', '7VRtlYALtt23nvaw', 'VRtlYALtt23nvaw3', 'RtlYALtt23nv', 'tlYALtt23nva', 'lYALtt23nvaw', 'YALtt23nvaw3', 'ALtt23nv', 'Ltt23nva', 'tt23nvaw', 't23nvaw3', '23nv', '3nva', 'nvaw', 'vaw3', 'PbT7LWlucWjBsHBR', 'bT7LWlucWjBsHBRc', 'T7LWlucWjBsHBRcg', '7LWlucWjBsHBRcgg', 'LWlucWjBsHBR', 'WlucWjBsHBRc', 'lucWjBsHBRcg', 'ucWjBsHBRcgg', 'cWjBsHBR', 'WjBsHBRc', 'jBsHBRcg', 'BsHBRcgg', 'sHBR', 'HBRc', 'BRcg', 'Rcgg', 'yQwEDGl3FBkoNK7Y', 'QwEDGl3FBkoNK7Yx', 'wEDGl3FBkoNK7YxV', 'EDGl3FBkoNK7YxVV', 'DGl3FBkoNK7Y', 'Gl3FBkoNK7Yx', 'l3FBkoNK7YxV', '3FBkoNK7YxVV', 'FBkoNK7Y', 'BkoNK7Yx', 'koNK7YxV', 'oNK7YxVV', 'NK7Y', 'K7Yx', '7YxV', 'YxVV', 'MXMN61lpbcTboB84', 'XMN61lpbcTboB84a', 'MN61lpbcTboB84aa', 'N61lpbcTboB84aa5', '61lpbcTboB84', '1lpbcTboB84a', 'lpbcTboB84aa', 'pbcTboB84aa5', 'bcTboB84', 'cTboB84a', 'TboB84aa', 'boB84aa5', 'oB84', 'B84a', '84aa', '4aa5', 'IUvfMWl8lDbtFWrF', 'UvfMWl8lDbtFWrFx', 'vfMWl8lDbtFWrFxp', 'fMWl8lDbtFWrFxpG', 'MWl8lDbtFWrF', 'Wl8lDbtFWrFx', 'l8lDbtFWrFxp', '8lDbtFWrFxpG', 'lDbtFWrF', 'DbtFWrFx', 'btFWrFxp', 'tFWrFxpG', 'FWrF', 'WrFx', 'rFxp', 'FxpG', 'nL7D4glc6yKQOfVj', 'L7D4glc6yKQOfVjq', '7D4glc6yKQOfVjqm', 'D4glc6yKQOfVjqmI', '4glc6yKQOfVj', 'glc6yKQOfVjq', 'lc6yKQOfVjqm', 'c6yKQOfVjqmI', '6yKQOfVj', 'yKQOfVjq', 'KQOfVjqm', 'QOfVjqmI', 'OfVj', 'fVjq', 'Vjqm', 'jqmI', 'iINn56lFFgdWRQoJ', 'INn56lFFgdWRQoJq', 'Nn56lFFgdWRQoJqS', 'n56lFFgdWRQoJqSk', '56lFFgdWRQoJ', '6lFFgdWRQoJq', 'lFFgdWRQoJqS', 'FFgdWRQoJqSk', 'FgdWRQoJ', 'gdWRQoJq', 'dWRQoJqS', 'WRQoJqSk', 'RQoJ', 'QoJq', 'oJqS', 'JqSk', 'Vd82gml0O47Dy4Is', 'd82gml0O47Dy4Isv', '82gml0O47Dy4Isvo', '2gml0O47Dy4IsvoH', 'gml0O47Dy4Is', 'ml0O47Dy4Isv', 'l0O47Dy4Isvo', '0O47Dy4IsvoH', 'O47Dy4Is', '47Dy4Isv', '7Dy4Isvo', 'Dy4IsvoH', 'y4Is', '4Isv', 'Isvo', 'svoH', 'dErCUhlOnPf5DaX2', 'ErCUhlOnPf5DaX2M', 'rCUhlOnPf5DaX2Mh', 'CUhlOnPf5DaX2MhQ', 'UhlOnPf5DaX2', 'hlOnPf5DaX2M', 'lOnPf5DaX2Mh', 'OnPf5DaX2MhQ', 'nPf5DaX2', 'Pf5DaX2M', 'f5DaX2Mh', '5DaX2MhQ', 'DaX2', 'aX2M', 'X2Mh', '2MhQ', 'RV1ruxlj87A58hy4', 'V1ruxlj87A58hy4W', '1ruxlj87A58hy4W1', 'ruxlj87A58hy4W1p', 'uxlj87A58hy4', 'xlj87A58hy4W', 'lj87A58hy4W1', 'j87A58hy4W1p', '87A58hy4', '7A58hy4W', 'A58hy4W1', '58hy4W1p', '8hy4', 'hy4W', 'y4W1', '4W1p', 'ysCBgulQLVV3QIye', 'sCBgulQLVV3QIyev', 'CBgulQLVV3QIyevR', 'BgulQLVV3QIyevRs', 'gulQLVV3QIye', 'ulQLVV3QIyev', 'lQLVV3QIyevR', 'QLVV3QIyevRs', 'LVV3QIye', 'VV3QIyev', 'V3QIyevR', '3QIyevRs', 'QIye', 'Iyev', 'yevR', 'evRs', 'D8cnT3ltIB3GCJ9D', '8cnT3ltIB3GCJ9Dm', 'cnT3ltIB3GCJ9DmG', 'nT3ltIB3GCJ9DmGV', 'T3ltIB3GCJ9D', '3ltIB3GCJ9Dm', 'ltIB3GCJ9DmG', 'tIB3GCJ9DmGV', 'IB3GCJ9D', 'B3GCJ9Dm', '3GCJ9DmG', 'GCJ9DmGV', 'CJ9D', 'J9Dm', '9DmG', 'DmGV', 'o9QbZ6lCGHIYeQI6', '9QbZ6lCGHIYeQI66', 'QbZ6lCGHIYeQI66S', 'bZ6lCGHIYeQI66Sf', 'Z6lCGHIYeQI6', '6lCGHIYeQI66', 'lCGHIYeQI66S', 'CGHIYeQI66Sf', 'GHIYeQI6', 'HIYeQI66', 'IYeQI66S', 'YeQI66Sf', 'eQI6', 'QI66', 'I66S', '66Sf', 'HmyY5OlxVgfsu2kS', 'myY5OlxVgfsu2kS2', 'yY5OlxVgfsu2kS2C', 'Y5OlxVgfsu2kS2CL', '5OlxVgfsu2kS', 'OlxVgfsu2kS2', 'lxVgfsu2kS2C', 'xVgfsu2kS2CL', 'Vgfsu2kS', 'gfsu2kS2', 'fsu2kS2C', 'su2kS2CL', 'u2kS', '2kS2', 'kS2C', 'S2CL', 'xB0SDlIVE8M2TYqc', 'B0SDlIVE8M2TYqcs', '0SDlIVE8M2TYqcsL', 'SDlIVE8M2TYqcsLX', 'DlIVE8M2TYqc', 'lIVE8M2TYqcs', 'IVE8M2TYqcsL', 'VE8M2TYqcsLX', 'E8M2TYqc', '8M2TYqcs', 'M2TYqcsL', '2TYqcsLX', 'TYqc', 'Yqcs', 'qcsL', 'csLX', 'kFhsUiInpNdcDrob', 'FhsUiInpNdcDrobB', 'hsUiInpNdcDrobBf', 'sUiInpNdcDrobBfi', 'UiInpNdcDrob', 'iInpNdcDrobB', 'InpNdcDrobBf', 'npNdcDrobBfi', 'pNdcDrob', 'NdcDrobB', 'dcDrobBf', 'cDrobBfi', 'Drob', 'robB', 'obBf', 'bBfi', 'jjtomNIZ57cv4IuV', 'jtomNIZ57cv4IuVi', 'tomNIZ57cv4IuVid', 'omNIZ57cv4IuVidb', 'mNIZ57cv4IuV', 'NIZ57cv4IuVi', 'IZ57cv4IuVid', 'Z57cv4IuVidb', '57cv4IuV', '7cv4IuVi', 'cv4IuVid', 'v4IuVidb', '4IuV', 'IuVi', 'uVid', 'Vidb', 'Gj8VpfIW09A9aX7h', 'j8VpfIW09A9aX7h4', '8VpfIW09A9aX7h4V', 'VpfIW09A9aX7h4VI', 'pfIW09A9aX7h', 'fIW09A9aX7h4', 'IW09A9aX7h4V', 'W09A9aX7h4VI', '09A9aX7h', '9A9aX7h4', 'A9aX7h4V', '9aX7h4VI', 'aX7h', 'X7h4', '7h4V', 'h4VI', 'cPqEG7IsYReEGbm4', 'PqEG7IsYReEGbm4A', 'qEG7IsYReEGbm4AH', 'EG7IsYReEGbm4AHL', 'G7IsYReEGbm4', '7IsYReEGbm4A', 'IsYReEGbm4AH', 'sYReEGbm4AHL', 'YReEGbm4', 'ReEGbm4A', 'eEGbm4AH', 'EGbm4AHL', 'Gbm4', 'bm4A', 'm4AH', '4AHL', 'n0qdBOIhGIuEqvpU', '0qdBOIhGIuEqvpUr', 'qdBOIhGIuEqvpUrZ', 'dBOIhGIuEqvpUrZC', 'BOIhGIuEqvpU', 'OIhGIuEqvpUr', 'IhGIuEqvpUrZ', 'hGIuEqvpUrZC', 'GIuEqvpU', 'IuEqvpUr', 'uEqvpUrZ', 'EqvpUrZC', 'qvpU', 'vpUr', 'pUrZ', 'UrZC', 'vyeAVIIKBRitfYnF', 'yeAVIIKBRitfYnFm', 'eAVIIKBRitfYnFmg', 'AVIIKBRitfYnFmgd', 'VIIKBRitfYnF', 'IIKBRitfYnFm', 'IKBRitfYnFmg', 'KBRitfYnFmgd', 'BRitfYnF', 'RitfYnFm', 'itfYnFmg', 'tfYnFmgd', 'fYnF', 'YnFm', 'nFmg', 'Fmgd', 'OHWs1cIrF8VORxxd', 'HWs1cIrF8VORxxd9', 'Ws1cIrF8VORxxd92', 's1cIrF8VORxxd92c', '1cIrF8VORxxd', 'cIrF8VORxxd9', 'IrF8VORxxd92', 'rF8VORxxd92c', 'F8VORxxd', '8VORxxd9', 'VORxxd92', 'ORxxd92c', 'Rxxd', 'xxd9', 'xd92', 'd92c', 'L5crm3IeNcRWUAXj', '5crm3IeNcRWUAXjK', 'crm3IeNcRWUAXjKd', 'rm3IeNcRWUAXjKdy', 'm3IeNcRWUAXj', '3IeNcRWUAXjK', 'IeNcRWUAXjKd', 'eNcRWUAXjKdy', 'NcRWUAXj', 'cRWUAXjK', 'RWUAXjKd', 'WUAXjKdy', 'UAXj', 'AXjK', 'XjKd', 'jKdy', 't8x7usIGdRAoo5mQ', '8x7usIGdRAoo5mQp', 'x7usIGdRAoo5mQpm', '7usIGdRAoo5mQpmp', 'usIGdRAoo5mQ', 'sIGdRAoo5mQp', 'IGdRAoo5mQpm', 'GdRAoo5mQpmp', 'dRAoo5mQ', 'RAoo5mQp', 'Aoo5mQpm', 'oo5mQpmp', 'o5mQ', '5mQp', 'mQpm', 'Qpmp', 'OFDNmpIIJoZAJTvW', 'FDNmpIIJoZAJTvWd', 'DNmpIIJoZAJTvWdR', 'NmpIIJoZAJTvWdRl', 'mpIIJoZAJTvW', 'pIIJoZAJTvWd', 'IIJoZAJTvWdR', 'IJoZAJTvWdRl', 'JoZAJTvW', 'oZAJTvWd', 'ZAJTvWdR', 'AJTvWdRl', 'JTvW', 'TvWd', 'vWdR', 'WdRl', 'g5CxwOIRP8Ijn7K4', '5CxwOIRP8Ijn7K4x', 'CxwOIRP8Ijn7K4xC', 'xwOIRP8Ijn7K4xC7', 'wOIRP8Ijn7K4', 'OIRP8Ijn7K4x', 'IRP8Ijn7K4xC', 'RP8Ijn7K4xC7', 'P8Ijn7K4', '8Ijn7K4x', 'Ijn7K4xC', 'jn7K4xC7', 'n7K4', '7K4x', 'K4xC', '4xC7', 'nxIdXJI5hrcSKZ39', 'xIdXJI5hrcSKZ39O', 'IdXJI5hrcSKZ39OD', 'dXJI5hrcSKZ39ODq', 'XJI5hrcSKZ39', 'JI5hrcSKZ39O', 'I5hrcSKZ39OD', '5hrcSKZ39ODq', 'hrcSKZ39', 'rcSKZ39O', 'cSKZ39OD', 'SKZ39ODq', 'KZ39', 'Z39O', '39OD', '9ODq', 'BDond8Imd8OgN3Ky', 'Dond8Imd8OgN3KyZ', 'ond8Imd8OgN3KyZW', 'nd8Imd8OgN3KyZWh', 'd8Imd8OgN3Ky', '8Imd8OgN3KyZ', 'Imd8OgN3KyZW', 'md8OgN3KyZWh', 'd8OgN3Ky', '8OgN3KyZ', 'OgN3KyZW', 'gN3KyZWh', 'N3Ky', '3KyZ', 'KyZW', 'yZWh', 'HNRi13I4pEK8xLZJ', 'NRi13I4pEK8xLZJe', 'Ri13I4pEK8xLZJeG', 'i13I4pEK8xLZJeGP', '13I4pEK8xLZJ', '3I4pEK8xLZJe', 'I4pEK8xLZJeG', '4pEK8xLZJeGP', 'pEK8xLZJ', 'EK8xLZJe', 'K8xLZJeG', '8xLZJeGP', 'xLZJ', 'LZJe', 'ZJeG', 'JeGP', 'RhsJSoI1EVdnAeAS', 'hsJSoI1EVdnAeASc', 'sJSoI1EVdnAeAScn', 'JSoI1EVdnAeAScnx', 'SoI1EVdnAeAS', 'oI1EVdnAeASc', 'I1EVdnAeAScn', '1EVdnAeAScnx', 'EVdnAeAS', 'VdnAeASc', 'dnAeAScn', 'nAeAScnx', 'AeAS', 'eASc', 'AScn', 'Scnx', 'GaKtxXIqMOGG7EiD', 'aKtxXIqMOGG7EiDT', 'KtxXIqMOGG7EiDT2', 'txXIqMOGG7EiDT2i', 'xXIqMOGG7EiD', 'XIqMOGG7EiDT', 'IqMOGG7EiDT2', 'qMOGG7EiDT2i', 'MOGG7EiD', 'OGG7EiDT', 'GG7EiDT2', 'G7EiDT2i', '7EiD', 'EiDT', 'iDT2', 'DT2i', 'STPEKkIYbBrs8sKw', 'TPEKkIYbBrs8sKw0', 'PEKkIYbBrs8sKw0w', 'EKkIYbBrs8sKw0ws', 'KkIYbBrs8sKw', 'kIYbBrs8sKw0', 'IYbBrs8sKw0w', 'YbBrs8sKw0ws', 'bBrs8sKw', 'Brs8sKw0', 'rs8sKw0w', 's8sKw0ws', '8sKw', 'sKw0', 'Kw0w', 'w0ws', 'jetMm3IuCme2GmBP', 'etMm3IuCme2GmBPi', 'tMm3IuCme2GmBPiX', 'Mm3IuCme2GmBPiXS', 'm3IuCme2GmBP', '3IuCme2GmBPi', 'IuCme2GmBPiX', 'uCme2GmBPiXS', 'Cme2GmBP', 'me2GmBPi', 'e2GmBPiX', '2GmBPiXS', 'GmBP', 'mBPi', 'BPiX', 'PiXS', 'siCDZoI3RQ7xrHgj', 'iCDZoI3RQ7xrHgj0', 'CDZoI3RQ7xrHgj0n', 'DZoI3RQ7xrHgj0nZ', 'ZoI3RQ7xrHgj', 'oI3RQ7xrHgj0', 'I3RQ7xrHgj0n', '3RQ7xrHgj0nZ', 'RQ7xrHgj', 'Q7xrHgj0', '7xrHgj0n', 'xrHgj0nZ', 'rHgj', 'Hgj0', 'gj0n', 'j0nZ', 'm4OymgIp6ttwtu4b', '4OymgIp6ttwtu4be', 'OymgIp6ttwtu4beZ', 'ymgIp6ttwtu4beZa', 'mgIp6ttwtu4b', 'gIp6ttwtu4be', 'Ip6ttwtu4beZ', 'p6ttwtu4beZa', '6ttwtu4b', 'ttwtu4be', 'twtu4beZ', 'wtu4beZa', 'tu4b', 'u4be', '4beZ', 'beZa', 'TPu0LOI8S2oC0Llg', 'Pu0LOI8S2oC0LlgU', 'u0LOI8S2oC0LlgUf', '0LOI8S2oC0LlgUfd', 'LOI8S2oC0Llg', 'OI8S2oC0LlgU', 'I8S2oC0LlgUf', '8S2oC0LlgUfd', 'S2oC0Llg', '2oC0LlgU', 'oC0LlgUf', 'C0LlgUfd', '0Llg', 'LlgU', 'lgUf', 'gUfd', 'zCj3NhIcSpm63hKK', 'Cj3NhIcSpm63hKKG', 'j3NhIcSpm63hKKGH', '3NhIcSpm63hKKGHP', 'NhIcSpm63hKK', 'hIcSpm63hKKG', 'IcSpm63hKKGH', 'cSpm63hKKGHP', 'Spm63hKK', 'pm63hKKG', 'm63hKKGH', '63hKKGHP', '3hKK', 'hKKG', 'KKGH', 'KGHP', 'xh8cGIIFxILlC8ZL', 'h8cGIIFxILlC8ZLX', '8cGIIFxILlC8ZLXg', 'cGIIFxILlC8ZLXgE', 'GIIFxILlC8ZL', 'IIFxILlC8ZLX', 'IFxILlC8ZLXg', 'FxILlC8ZLXgE', 'xILlC8ZL', 'ILlC8ZLX', 'LlC8ZLXg', 'lC8ZLXgE', 'C8ZL', '8ZLX', 'ZLXg', 'LXgE', 'LrXB1GI0QWLv9kLg', 'rXB1GI0QWLv9kLgH', 'XB1GI0QWLv9kLgH7', 'B1GI0QWLv9kLgH7Y', '1GI0QWLv9kLg', 'GI0QWLv9kLgH', 'I0QWLv9kLgH7', '0QWLv9kLgH7Y', 'QWLv9kLg', 'WLv9kLgH', 'Lv9kLgH7', 'v9kLgH7Y', '9kLg', 'kLgH', 'LgH7', 'gH7Y', 'cxBRXyIOWoB8S8j0', 'xBRXyIOWoB8S8j0b', 'BRXyIOWoB8S8j0bK', 'RXyIOWoB8S8j0bKC', 'XyIOWoB8S8j0', 'yIOWoB8S8j0b', 'IOWoB8S8j0bK', 'OWoB8S8j0bKC', 'WoB8S8j0', 'oB8S8j0b', 'B8S8j0bK', '8S8j0bKC', 'S8j0', '8j0b', 'j0bK', '0bKC', 'jdYAy3IjjXrJE8Sl', 'dYAy3IjjXrJE8Slx', 'YAy3IjjXrJE8SlxT', 'Ay3IjjXrJE8SlxTY', 'y3IjjXrJE8Sl', '3IjjXrJE8Slx', 'IjjXrJE8SlxT', 'jjXrJE8SlxTY', 'jXrJE8Sl', 'XrJE8Slx', 'rJE8SlxT', 'JE8SlxTY', 'E8Sl', '8Slx', 'SlxT', 'lxTY', 'kXc7DLIQKMlO07BR', 'Xc7DLIQKMlO07BR7', 'c7DLIQKMlO07BR7J', '7DLIQKMlO07BR7Jw', 'DLIQKMlO07BR', 'LIQKMlO07BR7', 'IQKMlO07BR7J', 'QKMlO07BR7Jw', 'KMlO07BR', 'MlO07BR7', 'lO07BR7J', 'O07BR7Jw', '07BR', '7BR7', 'BR7J', 'R7Jw', 'OngmyOItRKm97bXZ', 'ngmyOItRKm97bXZH', 'gmyOItRKm97bXZHg', 'myOItRKm97bXZHgZ', 'yOItRKm97bXZ', 'OItRKm97bXZH', 'ItRKm97bXZHg', 'tRKm97bXZHgZ', 'RKm97bXZ', 'Km97bXZH', 'm97bXZHg', '97bXZHgZ', '7bXZ', 'bXZH', 'XZHg', 'ZHgZ', 'loIVacIC5ap44CAM', 'oIVacIC5ap44CAMa', 'IVacIC5ap44CAMaS', 'VacIC5ap44CAMaSA', 'acIC5ap44CAM', 'cIC5ap44CAMa', 'IC5ap44CAMaS', 'C5ap44CAMaSA', '5ap44CAM', 'ap44CAMa', 'p44CAMaS', '44CAMaSA', '4CAM', 'CAMa', 'AMaS', 'MaSA', 'OwdNTvIxTfNWQ0X1', 'wdNTvIxTfNWQ0X1Q', 'dNTvIxTfNWQ0X1QM', 'NTvIxTfNWQ0X1QMa', 'TvIxTfNWQ0X1', 'vIxTfNWQ0X1Q', 'IxTfNWQ0X1QM', 'xTfNWQ0X1QMa', 'TfNWQ0X1', 'fNWQ0X1Q', 'NWQ0X1QM', 'WQ0X1QMa', 'Q0X1', '0X1Q', 'X1QM', '1QMa', 'km4DQ5LVCSDvKgHw', 'm4DQ5LVCSDvKgHw1', '4DQ5LVCSDvKgHw19', 'DQ5LVCSDvKgHw19h', 'Q5LVCSDvKgHw', '5LVCSDvKgHw1', 'LVCSDvKgHw19', 'VCSDvKgHw19h', 'CSDvKgHw', 'SDvKgHw1', 'DvKgHw19', 'vKgHw19h', 'KgHw', 'gHw1', 'Hw19', 'w19h', 'm8DE78A63BFBEA70', '8DE78A63BFBE', 'DE78A63BFBEA', 'E78A63BFBEA7', '78A63BFBEA70', '8A63BFBE', 'A63BFBEA', '63BFBEA7', '3BFBEA70', 'BFBE', 'FBEA', 'BEA7', 'EA70', 'ccto', 'QG3SIDL72Z0LWjLs', 'G3SIDL72Z0LWjLsw', '3SIDL72Z0LWjLswB', 'SIDL72Z0LWjLswBe', 'IDL72Z0LWjLs', 'DL72Z0LWjLsw', 'L72Z0LWjLswB', '72Z0LWjLswBe', '2Z0LWjLs', 'Z0LWjLsw', '0LWjLswB', 'LWjLswBe', 'WjLs', 'jLsw', 'LswB', 'swBe', 'Ghwgc4LW7yD5E7ln', 'hwgc4LW7yD5E7lnk', 'wgc4LW7yD5E7lnkh', 'gc4LW7yD5E7lnkhj', 'c4LW7yD5E7ln', '4LW7yD5E7lnk', 'LW7yD5E7lnkh', 'W7yD5E7lnkhj', '7yD5E7ln', 'yD5E7lnk', 'D5E7lnkh', '5E7lnkhj', 'E7ln', '7lnk', 'lnkh', 'nkhj', 'w21fV5LNgjFfcjOL', '21fV5LNgjFfcjOLH', '1fV5LNgjFfcjOLH5', 'fV5LNgjFfcjOLH5X', 'V5LNgjFfcjOL', '5LNgjFfcjOLH', 'LNgjFfcjOLH5', 'NgjFfcjOLH5X', 'gjFfcjOL', 'jFfcjOLH', 'FfcjOLH5', 'fcjOLH5X', 'cjOL', 'jOLH', 'OLH5', 'LH5X', 'Vers', 'ersi', 'rsio', 'dnSjoeLsUv7PHNPW', 'nSjoeLsUv7PHNPWD', 'SjoeLsUv7PHNPWDZ', 'joeLsUv7PHNPWDZY', 'oeLsUv7PHNPW', 'eLsUv7PHNPWD', 'LsUv7PHNPWDZ', 'sUv7PHNPWDZY', 'Uv7PHNPW', 'v7PHNPWD', '7PHNPWDZ', 'PHNPWDZY', 'HNPW', 'NPWD', 'PWDZ', 'WDZY', 'eZXK6pL6FSAUKMnJ', 'ZXK6pL6FSAUKMnJi', 'XK6pL6FSAUKMnJiO', 'K6pL6FSAUKMnJiOQ', '6pL6FSAUKMnJ', 'pL6FSAUKMnJi', 'L6FSAUKMnJiO', '6FSAUKMnJiOQ', 'FSAUKMnJ', 'SAUKMnJi', 'AUKMnJiO', 'UKMnJiOQ', 'KMnJ', 'MnJi', 'nJiO', 'JiOQ', 'qgVXSPLhIl5ci7ZH', 'gVXSPLhIl5ci7ZHZ', 'VXSPLhIl5ci7ZHZA', 'XSPLhIl5ci7ZHZAB', 'SPLhIl5ci7ZH', 'PLhIl5ci7ZHZ', 'LhIl5ci7ZHZA', 'hIl5ci7ZHZAB', 'Il5ci7ZH', 'l5ci7ZHZ', '5ci7ZHZA', 'ci7ZHZAB', 'i7ZH', '7ZHZ', 'ZHZA', 'HZAB', 'A1wRc4LBZ9ynMaRv', '1wRc4LBZ9ynMaRvH', 'wRc4LBZ9ynMaRvHC', 'Rc4LBZ9ynMaRvHC4', 'c4LBZ9ynMaRv', '4LBZ9ynMaRvH', 'LBZ9ynMaRvHC', 'BZ9ynMaRvHC4', 'Z9ynMaRv', '9ynMaRvH', 'ynMaRvHC', 'nMaRvHC4', 'MaRv', 'aRvH', 'RvHC', 'vHC4', 'KedTgyFC', 'edTgyFC3', 'dTgy', 'TgyF', 'gyFC', 'yFC3', 'InvalidOperationExceptio', 'nvalidOperationException', 'validOperationExcept', 'alidOperationExcepti', 'lidOperationExceptio', 'idOperationException', 'dOperationExcept', 'OperationExcepti', 'perationExceptio', 'erationException', 'rationExcept', 'ationExcepti', 'tionExceptio', 'ionException', 'onExcept', 'nExcepti', 'IuSCx5LKPmw8UyqW', 'uSCx5LKPmw8UyqWa', 'SCx5LKPmw8UyqWat', 'Cx5LKPmw8UyqWatm', 'x5LKPmw8UyqW', '5LKPmw8UyqWa', 'LKPmw8UyqWat', 'KPmw8UyqWatm', 'Pmw8UyqW', 'mw8UyqWa', 'w8UyqWat', '8UyqWatm', 'UyqW', 'yqWa', 'qWat', 'Watm', 'd8t9gOLUQmJjnhk5', '8t9gOLUQmJjnhk5h', 't9gOLUQmJjnhk5h6', '9gOLUQmJjnhk5h6F', 'gOLUQmJjnhk5', 'OLUQmJjnhk5h', 'LUQmJjnhk5h6', 'UQmJjnhk5h6F', 'QmJjnhk5', 'mJjnhk5h', 'Jjnhk5h6', 'jnhk5h6F', 'nhk5', 'hk5h', 'k5h6', '5h6F', 'MObfuAEx', 'ObfuAExT', 'bfuA', 'fuAE', 'uAEx', 'AExT', 'qx4TvRLroRiXFfNs', 'x4TvRLroRiXFfNsG', '4TvRLroRiXFfNsGW', 'TvRLroRiXFfNsGWe', 'vRLroRiXFfNs', 'RLroRiXFfNsG', 'LroRiXFfNsGW', 'roRiXFfNsGWe', 'oRiXFfNs', 'RiXFfNsG', 'iXFfNsGW', 'XFfNsGWe', 'FfNs', 'fNsG', 'NsGW', 'sGWe', 'RZTI4UOp', 'ZTI4UOpm', 'TI4U', 'I4UO', '4UOp', 'UOpm', 'OHJLigBR', 'HJLigBRe', 'JLig', 'LigB', 'igBR', 'gBRe', 'APTGwrQu', 'PTGwrQuf', 'TGwr', 'GwrQ', 'wrQu', 'rQuf', 'Byte', 'MemoryStream', 'emoryStr', 'moryStre', 'oryStrea', 'ryStream', 'yStr', 'Stre', 'trea', 'ream', 'GZipStre', 'ZipStrea', 'ipStream', 'pStr', 'Compress', 'ompressi', 'mpressio', 'pression', 'ress', 'essi', 'ssio', 'CompressionM', 'ompressionMo', 'mpressionMod', 'pressionMode', 'ressionM', 'essionMo', 'ssionMod', 'sionMode', 'ionM', 'onMo', 'nMod', 'jfRlcSJN', 'fRlcSJNU', 'RlcS', 'lcSJ', 'cSJN', 'SJNU', 'BZunCuLTO55KqLQP', 'ZunCuLTO55KqLQPc', 'unCuLTO55KqLQPc8', 'nCuLTO55KqLQPc8v', 'CuLTO55KqLQP', 'uLTO55KqLQPc', 'LTO55KqLQPc8', 'TO55KqLQPc8v', 'O55KqLQP', '55KqLQPc', '5KqLQPc8', 'KqLQPc8v', 'qLQP', 'LQPc', 'QPc8', 'Pc8v', 'wgqN7OLem4FLQAnh', 'gqN7OLem4FLQAnhJ', 'qN7OLem4FLQAnhJU', 'N7OLem4FLQAnhJU8', '7OLem4FLQAnh', 'OLem4FLQAnhJ', 'Lem4FLQAnhJU', 'em4FLQAnhJU8', 'm4FLQAnh', '4FLQAnhJ', 'FLQAnhJU', 'LQAnhJU8', 'QAnh', 'AnhJ', 'nhJU', 'hJU8', 'WbV1PATm', 'bV1PATmN', 'V1PA', '1PAT', 'PATm', 'ATmN', 'TnyXn6LPMbe3JXo0', 'nyXn6LPMbe3JXo01', 'yXn6LPMbe3JXo01P', 'Xn6LPMbe3JXo01P9', 'n6LPMbe3JXo0', '6LPMbe3JXo01', 'LPMbe3JXo01P', 'PMbe3JXo01P9', 'Mbe3JXo0', 'be3JXo01', 'e3JXo01P', '3JXo01P9', 'JXo0', 'Xo01', 'o01P', '01P9', 'NOSvdaP6', 'OSvdaP6M', 'Svda', 'vdaP', 'daP6', 'aP6M', 'qxk4p1aR', 'xk4p1aRp', 'k4p1', '4p1a', 'p1aR', '1aRp', 'Xl5mwNmf', 'l5mwNmfl', '5mwN', 'mwNm', 'wNmf', 'Nmfl', 'TripleDE', 'ripleDES', 'iple', 'pleD', 'leDE', 'eDES', 'Security', 'ecur', 'curi', 'urit', 'rity', 'Cryptography', 'ryptogra', 'yptograp', 'ptograph', 'tography', 'grap', 'raph', 'aphy', 'CryptoStream', 'ryptoStr', 'yptoStre', 'ptoStrea', 'toStream', 'oStr', 'ArgumentExceptio', 'rgumentException', 'gumentExcept', 'umentExcepti', 'mentExceptio', 'entException', 'ntExcept', 'tExcepti', 'ICryptoTransform', 'CryptoTransf', 'ryptoTransfo', 'yptoTransfor', 'ptoTransform', 'toTransf', 'oTransfo', 'Transfor', 'ransform', 'ansf', 'nsfo', 'sfor', 'form', 'CryptoStreamMode', 'ryptoStreamM', 'yptoStreamMo', 'ptoStreamMod', 'toStreamMode', 'oStreamM', 'StreamMo', 'treamMod', 'reamMode', 'eamM', 'amMo', 'mMod', 'bJ3sjvLGYtJ2swQw', 'J3sjvLGYtJ2swQwo', '3sjvLGYtJ2swQwob', 'sjvLGYtJ2swQwob1', 'jvLGYtJ2swQw', 'vLGYtJ2swQwo', 'LGYtJ2swQwob', 'GYtJ2swQwob1', 'YtJ2swQw', 'tJ2swQwo', 'J2swQwob', '2swQwob1', 'swQw', 'wQwo', 'Qwob', 'wob1', 'YBBhxGLlpEnafpQk', 'BBhxGLlpEnafpQkS', 'BhxGLlpEnafpQkST', 'hxGLlpEnafpQkSTU', 'xGLlpEnafpQk', 'GLlpEnafpQkS', 'LlpEnafpQkST', 'lpEnafpQkSTU', 'pEnafpQk', 'EnafpQkS', 'nafpQkST', 'afpQkSTU', 'fpQk', 'pQkS', 'QkST', 'kSTU', 'i1v2PZm0', '1v2PZm0J', 'v2PZ', '2PZm', 'PZm0', 'Zm0J', 'mED3msLIoCOXmqNH', 'ED3msLIoCOXmqNHj', 'D3msLIoCOXmqNHjy', '3msLIoCOXmqNHjyV', 'msLIoCOXmqNH', 'sLIoCOXmqNHj', 'LIoCOXmqNHjy', 'IoCOXmqNHjyV', 'oCOXmqNH', 'COXmqNHj', 'OXmqNHjy', 'XmqNHjyV', 'mqNH', 'qNHj', 'NHjy', 'HjyV', 'sDikMOWK', 'DikMOWKE', 'ikMO', 'kMOW', 'MOWK', 'OWKE', 'HxyYwdy1', 'xyYwdy1J', 'yYwd', 'Ywdy', 'wdy1', 'dy1J', 'SdiMiHLLOak1HqlL', 'diMiHLLOak1HqlLT', 'iMiHLLOak1HqlLTt', 'MiHLLOak1HqlLTtt', 'iHLLOak1HqlL', 'HLLOak1HqlLT', 'LLOak1HqlLTt', 'LOak1HqlLTtt', 'Oak1HqlL', 'ak1HqlLT', 'k1HqlLTt', '1HqlLTtt', 'HqlL', 'qlLT', 'lLTt', 'LTtt', 'tvwltuLR9IuBHEKR', 'vwltuLR9IuBHEKRL', 'wltuLR9IuBHEKRLk', 'ltuLR9IuBHEKRLk7', 'tuLR9IuBHEKR', 'uLR9IuBHEKRL', 'LR9IuBHEKRLk', 'R9IuBHEKRLk7', '9IuBHEKR', 'IuBHEKRL', 'uBHEKRLk', 'BHEKRLk7', 'HEKR', 'EKRL', 'KRLk', 'RLk7', 'VaWSoBey', 'aWSoBeyS', 'WSoB', 'SoBe', 'oBey', 'BeyS', 'enFThnLfcve3i3iN', 'nFThnLfcve3i3iN7', 'FThnLfcve3i3iN7m', 'ThnLfcve3i3iN7mZ', 'hnLfcve3i3iN', 'nLfcve3i3iN7', 'Lfcve3i3iN7m', 'fcve3i3iN7mZ', 'cve3i3iN', 've3i3iN7', 'e3i3iN7m', '3i3iN7mZ', 'i3iN', '3iN7', 'iN7m', 'N7mZ', 'BrtpQQan', 'rtpQQanV', 'tpQQ', 'pQQa', 'QQan', 'QanV', 'bYgJ0a5j', 'YgJ0a5jH', 'gJ0a', 'J0a5', '0a5j', 'a5jH', 'yqZ3kdLA', 'qZ3kdLAi', 'Z3kd', '3kdL', 'kdLA', 'dLAi', 'Assembly', 'ssem', 'semb', 'embl', 'mbly', 'wiFyHgwr', 'iFyHgwrh', 'FyHg', 'yHgw', 'Hgwr', 'gwrh', 'r9upeGL5Tgy331CT', '9upeGL5Tgy331CTC', 'upeGL5Tgy331CTCl', 'peGL5Tgy331CTClf', 'eGL5Tgy331CT', 'GL5Tgy331CTC', 'L5Tgy331CTCl', '5Tgy331CTClf', 'Tgy331CT', 'gy331CTC', 'y331CTCl', '331CTClf', '31CT', '1CTC', 'CTCl', 'TClf', 'iuuvmeLDJVN4Sa8f', 'uuvmeLDJVN4Sa8fX', 'uvmeLDJVN4Sa8fXI', 'vmeLDJVN4Sa8fXIT', 'meLDJVN4Sa8f', 'eLDJVN4Sa8fX', 'LDJVN4Sa8fXI', 'DJVN4Sa8fXIT', 'JVN4Sa8f', 'VN4Sa8fX', 'N4Sa8fXI', '4Sa8fXIT', 'Sa8f', 'a8fX', '8fXI', 'fXIT', 'CFUiBYhP', 'FUiBYhPp', 'UiBY', 'iBYh', 'BYhP', 'YhPp', 'cCOtsJX1', 'COtsJX1l', 'OtsJ', 'tsJX', 'sJX1', 'JX1l', 'L6TLLrLmbFjyDpar', '6TLLrLmbFjyDparS', 'TLLrLmbFjyDparSv', 'LLrLmbFjyDparSvM', 'LrLmbFjyDpar', 'rLmbFjyDparS', 'LmbFjyDparSv', 'mbFjyDparSvM', 'bFjyDpar', 'FjyDparS', 'jyDparSv', 'yDparSvM', 'Dpar', 'parS', 'arSv', 'rSvM', 'LVXAsVt2', 'VXAsVt2Q', 'XAsV', 'AsVt', 'sVt2', 'Vt2Q', 'bFEOiGWl', 'FEOiGWlx', 'EOiG', 'OiGW', 'iGWl', 'GWlx', 'vn0jxqy3', 'n0jxqy33', '0jxq', 'jxqy', 'xqy3', 'qy33', 'fH0bPqiq', 'H0bPqiqZ', '0bPq', 'bPqi', 'Pqiq', 'qiqZ', 'pb6Fry1g', 'b6Fry1gR', '6Fry', 'Fry1', 'ry1g', 'y1gR', 'Fw1a1wIr', 'w1a1wIrn', '1a1w', 'a1wI', '1wIr', 'wIrn', 'q810l36u', '810l36us', '10l3', '0l36', 'l36u', '36us', 'MethodIn', 'ethodInf', 'thodInfo', 'hodI', 'odIn', 'dInf', 'Info', 'MethodBa', 'ethodBas', 'thodBase', 'hodB', 'odBa', 'dBas', 'Base', 'Invo', 'nvok', 'voke', 'Oil5WELv2NkrlEnY', 'il5WELv2NkrlEnYW', 'l5WELv2NkrlEnYWo', '5WELv2NkrlEnYWol', 'WELv2NkrlEnY', 'ELv2NkrlEnYW', 'Lv2NkrlEnYWo', 'v2NkrlEnYWol', '2NkrlEnY', 'NkrlEnYW', 'krlEnYWo', 'rlEnYWol', 'lEnY', 'EnYW', 'nYWo', 'YWol', 'bJyANdL4JXOj8CDZ', 'JyANdL4JXOj8CDZ4', 'yANdL4JXOj8CDZ4v', 'ANdL4JXOj8CDZ4vq', 'NdL4JXOj8CDZ', 'dL4JXOj8CDZ4', 'L4JXOj8CDZ4v', '4JXOj8CDZ4vq', 'JXOj8CDZ', 'XOj8CDZ4', 'Oj8CDZ4v', 'j8CDZ4vq', '8CDZ', 'CDZ4', 'DZ4v', 'Z4vq', 'uEAdobon', 'EAdobonp', 'Adob', 'dobo', 'obon', 'bonp', 'ResourceMana', 'esourceManag', 'sourceManage', 'ourceManager', 'urceMana', 'rceManag', 'ceManage', 'eManager', 'Mana', 'anag', 'nage', 'ager', 'Resource', 'esources', 'sour', 'ourc', 'urce', 'rces', 'stuCEPhC', 'tuCEPhCA', 'uCEP', 'CEPh', 'EPhC', 'PhCA', 'CultureI', 'ultureIn', 'ltureInf', 'tureInfo', 'ureI', 'reIn', 'eInf', 'Globalizatio', 'lobalization', 'obalizat', 'balizati', 'alizatio', 'lization', 'izat', 'zati', 'atio', 'h0bUwqLXt3dCfBCs', '0bUwqLXt3dCfBCsV', 'bUwqLXt3dCfBCsVF', 'UwqLXt3dCfBCsVFy', 'wqLXt3dCfBCs', 'qLXt3dCfBCsV', 'LXt3dCfBCsVF', 'Xt3dCfBCsVFy', 't3dCfBCs', '3dCfBCsV', 'dCfBCsVF', 'CfBCsVFy', 'fBCs', 'BCsV', 'CsVF', 'sVFy', 'Cult', 'ultu', 'ltur', 'ture', 'Uivddewb', 'ivddewbi', 'vddewbij', 'ddewbijc', 'dewb', 'ewbi', 'wbij', 'bijc', 'Omit', 'mitp', 'itpg', 'gyMas2L12R17UtFQ', 'yMas2L12R17UtFQf', 'Mas2L12R17UtFQfs', 'as2L12R17UtFQfsJ', 's2L12R17UtFQ', '2L12R17UtFQf', 'L12R17UtFQfs', '12R17UtFQfsJ', '2R17UtFQ', 'R17UtFQf', '17UtFQfs', '7UtFQfsJ', 'UtFQ', 'tFQf', 'FQfs', 'QfsJ', 's0j50xL9rMfdMgto', '0j50xL9rMfdMgtoD', 'j50xL9rMfdMgtoDS', '50xL9rMfdMgtoDS3', '0xL9rMfdMgto', 'xL9rMfdMgtoD', 'L9rMfdMgtoDS', '9rMfdMgtoDS3', 'rMfdMgto', 'MfdMgtoD', 'fdMgtoDS', 'dMgtoDS3', 'Mgto', 'gtoD', 'toDS', 'oDS3', 'Hhyb', 'hybt', 'Cljdkwhz', 'ljdkwhzk', 'jdkwhzks', 'dkwh', 'kwhz', 'whzk', 'hzks', 'Pork', 'orkb', 'Ra8zcVqH', 'a8zcVqHc', '8zcV', 'zcVq', 'cVqH', 'VqHc', 'QDev67L2YLdXVO5o', 'Dev67L2YLdXVO5oK', 'ev67L2YLdXVO5oKH', 'v67L2YLdXVO5oKHX', '67L2YLdXVO5o', '7L2YLdXVO5oK', 'L2YLdXVO5oKH', '2YLdXVO5oKHX', 'YLdXVO5o', 'LdXVO5oK', 'dXVO5oKH', 'XVO5oKHX', 'VO5o', 'O5oK', '5oKH', 'oKHX', 'Xiq52tbU', 'iq52tbU0', 'q52tbU0K', '52tb', '2tbU', 'tbU0', 'bU0K', 'type', 'ypem', 'pemd', 'emdt', 'FieldInf', 'ieldInfo', 'eldI', 'ldIn', 'sScvjfLuJw12gB6q', 'ScvjfLuJw12gB6qP', 'cvjfLuJw12gB6qPc', 'vjfLuJw12gB6qPcj', 'jfLuJw12gB6q', 'fLuJw12gB6qP', 'LuJw12gB6qPc', 'uJw12gB6qPcj', 'Jw12gB6q', 'w12gB6qP', '12gB6qPc', '2gB6qPcj', 'gB6q', 'B6qP', '6qPc', 'qPcj', 'EsyClrLwFvPXZ9Rc', 'syClrLwFvPXZ9RcZ', 'yClrLwFvPXZ9RcZg', 'ClrLwFvPXZ9RcZgC', 'lrLwFvPXZ9Rc', 'rLwFvPXZ9RcZ', 'LwFvPXZ9RcZg', 'wFvPXZ9RcZgC', 'FvPXZ9Rc', 'vPXZ9RcZ', 'PXZ9RcZg', 'XZ9RcZgC', 'Z9Rc', '9RcZ', 'RcZg', 'cZgC', 'IntP', 'ntPt', 'tPtr', 'BeginInv', 'eginInvo', 'ginInvok', 'inInvoke', 'nInv', 'IAsyncResult', 'AsyncRes', 'syncResu', 'yncResul', 'ncResult', 'cRes', 'Resu', 'esul', 'sult', 'AsyncCallbac', 'syncCallback', 'yncCallb', 'ncCallba', 'cCallbac', 'Callback', 'allb', 'llba', 'lbac', 'back', 'callback', 'obje', 'EndInvok', 'ndInvoke', 'dInv', 'resu', 'WLKHoQEM', 'LKHoQEM3', 'KHoQEM3N', 'HoQE', 'oQEM', 'QEM3', 'EM3N', 'ASiHQYZ2', 'SiHQYZ2g', 'iHQYZ2gf', 'HQYZ', 'QYZ2', 'YZ2g', 'Z2gf', 'jSQHtyjM', 'SQHtyjMP', 'QHtyjMPQ', 'Htyj', 'tyjM', 'yjMP', 'jMPQ', 'sHNnVFfr', 'HNnVFfrg', 'NnVFfrgq', 'nVFf', 'VFfr', 'Ffrg', 'frgq', 'List', 'Collecti', 'ollectio', 'llection', 'lections', 'ions', 'Gene', 'ener', 'neri', 'eric', 'BjRnEgf4', 'jRnEgf49', 'RnEgf49u', 'nEgf', 'Egf4', 'gf49', 'f49u', 'vhqn7ygb', 'hqn7ygbU', 'qn7ygbUg', 'n7yg', '7ygb', 'ygbU', 'gbUg', 'ct5nWAij', 't5nWAijp', '5nWAijpG', 'nWAi', 'WAij', 'Aijp', 'ijpG', 'IAJnrSjX', 'AJnrSjXX', 'JnrSjXXP', 'nrSj', 'rSjX', 'SjXX', 'jXXP', 'Int6', 'nt64', 'gXcnTPfY', 'XcnTPfYj', 'cnTPfYjj', 'nTPf', 'TPfY', 'PfYj', 'fYjj', 'LNwnl0wT', 'Nwnl0wTG', 'wnl0wTGA', 'nl0w', 'l0wT', '0wTG', 'wTGA', 'Mx1nLpOO', 'x1nLpOOy', '1nLpOOyX', 'nLpO', 'LpOO', 'pOOy', 'OOyX', 'tMWn59TX', 'MWn59TXk', 'Wn59TXkN', 'n59T', '59TX', '9TXk', 'TXkN', 'hObnmDtX', 'ObnmDtXb', 'bnmDtXbI', 'nmDt', 'mDtX', 'DtXb', 'tXbI', 'N34n4fCn', '34n4fCne', '4n4fCneO', 'n4fC', '4fCn', 'fCne', 'CneO', 'tjPn6KrM', 'jPn6KrMB', 'Pn6KrMBE', 'n6Kr', '6KrM', 'KrMB', 'rMBE', 'hgMHd2o4', 'gMHd2o4c', 'MHd2o4ca', 'Hd2o', 'd2o4', '2o4c', 'o4ca', 'Dictiona', 'ictionar', 'ctionary', 'iona', 'onar', 'nary', 'LoynDEMw', 'oynDEMwD', 'ynDEMwDo', 'nDEM', 'DEMw', 'EMwD', 'MwDo', 'tJYnUqlZ', 'JYnUqlZj', 'YnUqlZju', 'nUql', 'UqlZ', 'qlZj', 'lZju', 'KqxnfEMd', 'qxnfEMdS', 'xnfEMdST', 'nfEM', 'fEMd', 'EMdS', 'MdST', 'nwjHzAiq', 'wjHzAiqB', 'jHzAiqBL', 'HzAi', 'zAiq', 'AiqB', 'iqBL', 'YwRHxgSn', 'wRHxgSn6', 'RHxgSn6O', 'HxgS', 'xgSn', 'gSn6', 'Sn6O', 'WcoHMZvx', 'coHMZvxI', 'oHMZvxIU', 'HMZv', 'MZvx', 'ZvxI', 'vxIU', 'PPvnHZNL', 'PvnHZNLv', 'vnHZNLvB', 'nHZN', 'HZNL', 'ZNLv', 'NLvB', 'p40nKo8N', '40nKo8NC', '0nKo8NC6', 'nKo8', 'Ko8N', 'o8NC', '8NC6', 'M4NnsRQq', '4NnsRQqm', 'NnsRQqmh', 'nsRQ', 'sRQq', 'RQqm', 'Qqmh', 'rhsnPNJK', 'hsnPNJKu', 'snPNJKuP', 'nPNJ', 'PNJK', 'NJKu', 'JKuP', 'wEOnBBf5', 'EOnBBf5w', 'OnBBf5wl', 'nBBf', 'BBf5', 'Bf5w', 'f5wl', 'AC3Hj7Qd', 'C3Hj7QdX', '3Hj7QdXb', 'Hj7Q', 'j7Qd', '7QdX', 'QdXb', 'dmDnN8YW', 'mDnN8YWj', 'DnN8YWjS', 'nN8Y', 'N8YW', '8YWj', 'YWjS', 'TmwnGV6H', 'mwnGV6HM', 'wnGV6HMm', 'nGV6', 'GV6H', 'V6HM', '6HMm', 'mFLHbjlK', 'FLHbjlKY', 'LHbjlKYn', 'Hbjl', 'bjlK', 'jlKY', 'lKYn', 'mNFneJqG', 'NFneJqGS', 'FneJqGSM', 'neJq', 'eJqG', 'JqGS', 'qGSM', 'IjVnv013', 'jVnv013e', 'Vnv013ev', 'nv01', 'v013', '013e', '13ev', 'EIrnZN0m', 'IrnZN0mH', 'rnZN0mHB', 'nZN0', 'ZN0m', 'N0mH', '0mHB', 'uNMnnK2M', 'NMnnK2Ml', 'MnnK2Mlt', 'nnK2', 'nK2M', 'K2Ml', '2Mlt', 'QTsnRpOc', 'TsnRpOcj', 'snRpOcjM', 'nRpO', 'RpOc', 'pOcj', 'OcjM', 'EfhnhGaB', 'fhnhGaBQ', 'hnhGaBQq', 'nhGa', 'hGaB', 'GaBQ', 'aBQq', 'PJ4HiQKu', 'J4HiQKuh', '4HiQKuhW', 'HiQK', 'iQKu', 'QKuh', 'KuhW', 'DDZnIGmG', 'DZnIGmGC', 'ZnIGmGCs', 'nIGm', 'IGmG', 'GmGC', 'mGCs', 'kTfHCFJW', 'TfHCFJWY', 'fHCFJWYa', 'HCFJ', 'CFJW', 'FJWY', 'JWYa', 'GetTypeFromHandl', 'etTypeFromHandle', 'tTypeFromHan', 'TypeFromHand', 'ypeFromHandl', 'peFromHandle', 'eFromHan', 'FromHand', 'romHandl', 'omHandle', 'mHan', 'Hand', 'andl', 'ndle', 'RuntimeTypeHandl', 'untimeTypeHandle', 'ntimeTypeHan', 'timeTypeHand', 'imeTypeHandl', 'meTypeHandle', 'eTypeHan', 'TypeHand', 'ypeHandl', 'peHandle', 'eHan', 'UInt', 'RuntimeHelpe', 'untimeHelper', 'ntimeHelpers', 'timeHelp', 'imeHelpe', 'meHelper', 'eHelpers', 'Help', 'elpe', 'lper', 'pers', 'InitializeAr', 'nitializeArr', 'itializeArra', 'tializeArray', 'ializeAr', 'alizeArr', 'lizeArra', 'izeArray', 'zeAr', 'eArr', 'Arra', 'rray', 'RuntimeFieldHand', 'untimeFieldHandl', 'ntimeFieldHandle', 'timeFieldHan', 'imeFieldHand', 'meFieldHandl', 'eFieldHandle', 'FieldHan', 'ieldHand', 'eldHandl', 'ldHandle', 'dHan', 'Zero', 'SortedLi', 'ortedLis', 'rtedList', 'tedL', 'edLi', 'dLis', 'Hashtabl', 'ashtable', 'shta', 'htab', 'tabl', 'able', 'RSACryptoServiceProvider', 'SACryptoServiceProvi', 'ACryptoServiceProvid', 'CryptoServiceProvide', 'ryptoServiceProvider', 'yptoServiceProvi', 'ptoServiceProvid', 'toServiceProvide', 'oServiceProvider', 'ServiceProvi', 'erviceProvid', 'rviceProvide', 'viceProvider', 'iceProvi', 'ceProvid', 'eProvide', 'Provider', 'rovi', 'ovid', 'vide', 'ider', 'UseMachineKeySto', 'seMachineKeyStor', 'eMachineKeyStore', 'MachineKeySt', 'achineKeySto', 'chineKeyStor', 'hineKeyStore', 'ineKeySt', 'neKeySto', 'eKeyStor', 'KeyStore', 'eySt', 'ySto', 'Stor', 'tore', 'BMj5uUm6', 'Mj5uUm6e', 'j5uUm6e7', '5uUm', 'uUm6', 'Um6e', 'm6e7', 'CJ4HEjQV', 'J4HEjQV7', '4HEjQV77', 'HEjQ', 'EjQV', 'jQV7', 'QV77', 'BitConverter', 'itConver', 'tConvert', 'Converte', 'onverter', 'nver', 'vert', 'erte', 'rter', 'GetBytes', 'etBy', 'tByt', 'ytes', 'Copy', 'pdjHZAAw', 'djHZAAwr', 'jHZAAwrH', 'HZAA', 'ZAAw', 'AAwr', 'AwrH', 'Int1', 'nt16', 'kgTH7kXO', 'gTH7kXOj', 'TH7kXOjo', 'H7kX', '7kXO', 'kXOj', 'XOjo', 'jUqHWer1', 'UqHWer1g', 'qHWer1gE', 'HWer', 'Wer1', 'er1g', 'r1gE', 'j3cHN6JM', '3cHN6JMu', 'cHN6JMun', 'HN6J', 'N6JM', '6JMu', 'JMun', 'ALvHsFHm', 'LvHsFHml', 'vHsFHmlO', 'HsFH', 'sFHm', 'FHml', 'HmlO', 'KG4H67ar', 'G4H67arI', '4H67arIH', 'H67a', '67ar', '7arI', 'arIH', 'WdnHhygS', 'dnHhygSf', 'nHhygSfN', 'Hhyg', 'hygS', 'ygSf', 'gSfN', 'SNbHB5n5', 'NbHB5n5h', 'bHB5n5hx', 'HB5n', 'B5n5', '5n5h', 'n5hx', 'SymmetricAlgorit', 'ymmetricAlgorith', 'mmetricAlgorithm', 'metricAlgori', 'etricAlgorit', 'tricAlgorith', 'ricAlgorithm', 'icAlgori', 'cAlgorit', 'Algorith', 'lgorithm', 'gori', 'orit', 'rith', 'ithm', 'AesCryptoServiceProvider', 'esCryptoServiceProvi', 'sCryptoServiceProvid', 'Core', 'RijndaelMana', 'ijndaelManag', 'jndaelManage', 'ndaelManaged', 'daelMana', 'aelManag', 'elManage', 'lManaged', 'aged', 'Activato', 'ctivator', 'tiva', 'ivat', 'vato', 'ator', 'CreateInstan', 'reateInstanc', 'eateInstance', 'ateInsta', 'teInstan', 'eInstanc', 'Instance', 'nsta', 'stan', 'tanc', 'ance', 'ObjectHandle', 'bjectHan', 'jectHand', 'ectHandl', 'ctHandle', 'tHan', 'Remoting', 'emot', 'moti', 'otin', 'ting', 'Unwr', 'nwra', 'wrap', 'tFWHKlMJ', 'FWHKlMJC', 'WHKlMJC2', 'HKlM', 'KlMJ', 'lMJC', 'MJC2', 'MD5CryptoServiceProvider', 'D5CryptoServiceProvi', '5CryptoServiceProvid', 'CryptoConfig', 'ryptoCon', 'yptoConf', 'ptoConfi', 'toConfig', 'oCon', 'Conf', 'onfi', 'nfig', 'AllowOnlyFipsAlgorit', 'llowOnlyFipsAlgorith', 'lowOnlyFipsAlgorithm', 'owOnlyFipsAlgorithms', 'wOnlyFipsAlgorit', 'OnlyFipsAlgorith', 'nlyFipsAlgorithm', 'lyFipsAlgorithms', 'yFipsAlgorit', 'FipsAlgorith', 'ipsAlgorithm', 'psAlgorithms', 'sAlgorit', 'gorithms', 'thms', 'aA0HUYSu', 'A0HUYSuR', '0HUYSuRT', 'HUYS', 'UYSu', 'YSuR', 'SuRT', 'HashAlgorith', 'ashAlgorithm', 'shAlgori', 'hAlgorit', 'ComputeH', 'omputeHa', 'mputeHas', 'puteHash', 'uteH', 'teHa', 'eHas', 'Hash', 'y0fHrL9S', '0fHrL9SO', 'fHrL9SOV', 'HrL9', 'rL9S', 'L9SO', '9SOV', 'Read', 'TTTHTNb0', 'TTHTNb0Q', 'THTNb0Qc', 'HTNb', 'TNb0', 'Nb0Q', 'b0Qc', 'TransformBlo', 'ransformBloc', 'ansformBlock', 'nsformBl', 'sformBlo', 'formBloc', 'ormBlock', 'rmBl', 'mBlo', 'Bloc', 'lock', 'fVVHe7v0', 'VVHe7v0F', 'VHe7v0FW', 'He7v', 'e7v0', '7v0F', 'v0FW', 'BinaryReader', 'inaryRea', 'naryRead', 'aryReade', 'ryReader', 'yRea', 'eade', 'ader', 'BaseStre', 'aseStrea', 'seStream', 'eStr', 'Position', 'osit', 'siti', 'itio', 'ReadUInt', 'eadUInt3', 'adUInt32', 'dUIn', 'oJOHP2wc', 'JOHP2wcR', 'OHP2wcRw', 'HP2w', 'P2wc', '2wcR', 'wcRw', 'ParameterInf', 'arameterInfo', 'rameterI', 'ameterIn', 'meterInf', 'eterInfo', 'terI', 'erIn', 'rInf', 'DynamicMetho', 'ynamicMethod', 'namicMet', 'amicMeth', 'micMetho', 'icMethod', 'cMet', 'Meth', 'etho', 'thod', 'Emit', 'ILGenera', 'LGenerat', 'Generato', 'enerator', 'nera', 'erat', 'rato', 'Moni', 'onit', 'nito', 'itor', 'Threadin', 'hreading', 'read', 'eadi', 'adin', 'ding', 'Ente', 'nter', 'GetManifestResourceStrea', 'etManifestResourceStream', 'tManifestResourceStr', 'ManifestResourceStre', 'anifestResourceStrea', 'nifestResourceStream', 'ifestResourceStr', 'festResourceStre', 'estResourceStrea', 'stResourceStream', 'tResourceStr', 'ResourceStre', 'esourceStrea', 'sourceStream', 'ourceStr', 'urceStre', 'rceStrea', 'ceStream', 'Leng', 'engt', 'ngth', 'ReadByte', 'eadBytes', 'adBy', 'dByt', 'Clos', 'lose', 'Exit', 'GetField', 'etFields', 'tFie', 'Fiel', 'ield', 'elds', 'BindingFlags', 'indingFl', 'ndingFla', 'dingFlag', 'ingFlags', 'ngFl', 'gFla', 'Flag', 'lags', 'MemberIn', 'emberInf', 'mberInfo', 'berI', 'MetadataToke', 'etadataToken', 'tadataTo', 'adataTok', 'dataToke', 'ataToken', 'taTo', 'aTok', 'Toke', 'oken', 'Item', 'GetGenericArgume', 'etGenericArgumen', 'tGenericArgument', 'GenericArguments', 'enericArgume', 'nericArgumen', 'ericArgument', 'ricArguments', 'icArgume', 'cArgumen', 'Argument', 'rguments', 'gume', 'umen', 'ment', 'ents', 'ResolveMetho', 'esolveMethod', 'solveMet', 'olveMeth', 'lveMetho', 'veMethod', 'eMet', 'IsStatic', 'sSta', 'Stat', 'tati', 'atic', 'FieldTyp', 'ieldType', 'eldT', 'ldTy', 'dTyp', 'CreateDelega', 'reateDelegat', 'eateDelegate', 'ateDeleg', 'teDelega', 'eDelegat', 'SetValue', 'etVa', 'tVal', 'Valu', 'alue', 'GetParameter', 'etParameters', 'tParamet', 'Paramete', 'arameter', 'rameters', 'amet', 'mete', 'eter', 'ters', 'DeclaringTyp', 'eclaringType', 'claringT', 'laringTy', 'aringTyp', 'ringType', 'ingT', 'ngTy', 'gTyp', 'IsValueT', 'sValueTy', 'MakeByRefTyp', 'akeByRefType', 'keByRefT', 'eByRefTy', 'ByRefTyp', 'yRefType', 'RefT', 'efTy', 'fTyp', 'ParameterTyp', 'arameterType', 'rameterT', 'ameterTy', 'meterTyp', 'eterType', 'terT', 'erTy', 'rTyp', 'Empt', 'mpty', 'ReturnTy', 'eturnTyp', 'turnType', 'urnT', 'rnTy', 'nTyp', 'GetILGenerat', 'etILGenerato', 'tILGenerator', 'OpCo', 'pCod', 'Code', 'Ldar', 'darg', 'Tailcall', 'ailc', 'ilca', 'lcal', 'call', 'Call', 'Callvirt', 'allv', 'llvi', 'lvir', 'virt', 'KCGHlhtQ', 'CGHlhtQF', 'GHlhtQFi', 'Hlht', 'lhtQ', 'htQF', 'tQFi', 'FEwHLwOR', 'EwHLwORs', 'wHLwORsI', 'HLwO', 'LwOR', 'wORs', 'ORsI', 'hU1HREL8', 'U1HREL8f', '1HREL8fC', 'HREL', 'REL8', 'EL8f', 'L8fC', 'eZ7HfWmj', 'Z7HfWmjw', '7HfWmjwO', 'HfWm', 'fWmj', 'Wmjw', 'mjwO', 'AssemblyName', 'ssemblyN', 'semblyNa', 'emblyNam', 'mblyName', 'blyN', 'lyNa', 'yNam', 'Name', 'StackFra', 'tackFram', 'ackFrame', 'ckFr', 'kFra', 'Fram', 'rame', 'GetMetho', 'etMethod', 'tMet', 'Inequali', 'nequalit', 'equality', 'qual', 'uali', 'alit', 'lity', 'GetN', 'etNa', 'tNam', 'GetReferencedAssembl', 'etReferencedAssembli', 'tReferencedAssemblie', 'ReferencedAssemblies', 'eferencedAssembl', 'ferencedAssembli', 'erencedAssemblie', 'rencedAssemblies', 'encedAssembl', 'ncedAssembli', 'cedAssemblie', 'edAssemblies', 'dAssembl', 'Assembli', 'ssemblie', 'semblies', 'mbli', 'blie', 'lies', 'Equality', 'ToIn', 'oInt', 'Coun', 'ount', 'Encoding', 'ncod', 'codi', 'odin', 'Text', 'Unic', 'nico', 'icod', 'code', 'GetStrin', 'etString', 'tStr', 'ae4H5bup', 'e4H5bupe', '4H5bupex', 'H5bu', '5bup', 'bupe', 'upex', 'Trim', 'Conv', 'onve', 'FromBase64String', 'romBase64Str', 'omBase64Stri', 'mBase64Strin', 'Base64String', 'ase64Str', 'se64Stri', 'e64Strin', '64String', '4Str', 'ayMHD9QE', 'yMHD9QEg', 'MHD9QEgo', 'HD9Q', 'D9QE', '9QEg', 'QEgo', 'CP2HmQ3M', 'P2HmQ3MH', '2HmQ3MH6', 'HmQ3', 'mQ3M', 'Q3MH', '3MH6', 'LtWHvWZd', 'tWHvWZde', 'WHvWZdeP', 'HvWZ', 'vWZd', 'WZde', 'ZdeP', 'Mars', 'arsh', 'rsha', 'shal', 'yC3H4Nww', 'C3H4NwwI', '3H4NwwIj', 'H4Nw', '4Nww', 'NwwI', 'wwIj', 'Location', 'ocat', 'cati', 'File', 'Exis', 'xist', 'ists', 'CodeBase', 'odeB', 'deBa', 'eBas', 'ToString', 'Repl', 'epla', 'plac', 'lace', 'GetT', 'etTy', 'tTyp', 'GetPrope', 'etProper', 'tPropert', 'Property', 'rope', 'oper', 'erty', 'PropertyInfo', 'ropertyI', 'opertyIn', 'pertyInf', 'ertyInfo', 'rtyI', 'tyIn', 'yInf', 'GetValue', 'dTWHXgNN', 'TWHXgNNW', 'WHXgNNWQ', 'HXgN', 'XgNN', 'gNNW', 'NNWQ', 'LoadLibr', 'oadLibra', 'adLibrar', 'dLibrary', 'Libr', 'ibra', 'brar', 'rary', 'kernel32', 'erne', 'rnel', 'nel3', 'el32', 'kIiH1IDC', 'IiH1IDCp', 'iH1IDCpe', 'H1ID', '1IDC', 'IDCp', 'DCpe', 'GetProcAddre', 'etProcAddres', 'tProcAddress', 'ProcAddr', 'rocAddre', 'ocAddres', 'cAddress', 'Addr', 'ddre', 'dres', 'IB4H9OS8', 'B4H9OS8e', '4H9OS8e0', 'H9OS', '9OS8', 'OS8e', 'S8e0', 'Conc', 'onca', 'ncat', 'GetDelegateForFunctionPointe', 'etDelegateForFunctionPointer', 'tDelegateForFunctionPoin', 'DelegateForFunctionPoint', 'elegateForFunctionPointe', 'legateForFunctionPointer', 'egateForFunctionPoin', 'gateForFunctionPoint', 'ateForFunctionPointe', 'teForFunctionPointer', 'eForFunctionPoin', 'ForFunctionPoint', 'orFunctionPointe', 'rFunctionPointer', 'FunctionPoin', 'unctionPoint', 'nctionPointe', 'ctionPointer', 'tionPoin', 'ionPoint', 'onPointe', 'nPointer', 'Poin', 'oint', 'inte', 'uOXHqyhI', 'OXHqyhIa', 'XHqyhIaS', 'Hqyh', 'qyhI', 'yhIa', 'hIaS', 'l71HkhvE', '71HkhvEG', '1HkhvEGF', 'Hkhv', 'khvE', 'hvEG', 'vEGF', 'tggHYhTg', 'ggHYhTg7', 'gHYhTg7s', 'HYhT', 'YhTg', 'hTg7', 'Tg7s', 'U72H2Jkf', '72H2JkfI', '2H2JkfIP', 'H2Jk', '2Jkf', 'JkfI', 'kfIP', 'Y0pHusBn', '0pHusBnt', 'pHusBnt0', 'HusB', 'usBn', 'sBnt', 'Bnt0', 'gEHrfEJa', 'EHrfEJaJ', 'HrfE', 'rfEJ', 'fEJa', 'EJaJ', 'wWBHw78R', 'WBHw78Rp', 'BHw78RpX', 'Hw78', 'w78R', '78Rp', '8RpX', 'FileStre', 'ileStrea', 'leStream', 'FileMode', 'ileM', 'leMo', 'eMod', 'FileAcce', 'ileAcces', 'leAccess', 'eAcc', 'Acce', 'cces', 'cess', 'FileShar', 'ileShare', 'leSh', 'eSha', 'Shar', 'hare', 'IDisposa', 'Disposab', 'isposabl', 'sposable', 'posa', 'osab', 'sabl', 'Disp', 'ispo', 'spos', 'pose', 'amqH33Tn', 'mqH33Tnr', 'qH33Tnrd', 'H33T', '33Tn', '3Tnr', 'Tnrd', 'lbUHysDL', 'bUHysDLt', 'UHysDLtM', 'HysD', 'ysDL', 'sDLt', 'DLtM', 'ToAr', 'oArr', 'A6WHpW5l', '6WHpW5ls', 'WHpW5lsW', 'HpW5', 'pW5l', 'W5ls', '5lsW', 'CreateDecryp', 'reateDecrypt', 'eateDecrypto', 'ateDecryptor', 'teDecryp', 'eDecrypt', 'Decrypto', 'ecryptor', 'cryp', 'rypt', 'ypto', 'ptor', 'Writ', 'rite', 'RhQHJAls', 'hQHJAlsH', 'QHJAlsHJ', 'HJAl', 'JAls', 'AlsH', 'lsHJ', 'S1AH8NJW', '1AH8NJWT', 'AH8NJWTY', 'H8NJ', '8NJW', 'NJWT', 'JWTY', 'DUqHSrIZ', 'UqHSrIZh', 'qHSrIZhB', 'HSrI', 'SrIZ', 'rIZh', 'IZhB', 'F4xHcRwo', '4xHcRwoa', 'xHcRwoaQ', 'HcRw', 'cRwo', 'Rwoa', 'woaQ', 'R6vHgpxK', '6vHgpxKx', 'vHgpxKxw', 'Hgpx', 'gpxK', 'pxKx', 'xKxw', 'gudHFgNW', 'udHFgNWA', 'dHFgNWAS', 'HFgN', 'FgNW', 'gNWA', 'NWAS', 'cWpHaXn8', 'WpHaXn81', 'pHaXn810', 'HaXn', 'aXn8', 'Xn81', 'n810', 'k6dH0Cgv', '6dH0Cgvn', 'dH0Cgvnf', 'H0Cg', '0Cgv', 'Cgvn', 'gvnf', 'VqeHAClj', 'qeHACljL', 'eHACljLH', 'HACl', 'AClj', 'CljL', 'ljLH', 'IQjHORJY', 'QjHORJY1', 'jHORJY1k', 'HORJ', 'ORJY', 'RJY1', 'JY1k', 'fWHKHCBMk8RmiVZU', 'WHKHCBMk8RmiVZU7', 'HKHCBMk8RmiVZU7K', 'KHCBMk8RmiVZU7K3', 'HCBMk8RmiVZU', 'CBMk8RmiVZU7', 'BMk8RmiVZU7K', 'Mk8RmiVZU7K3', 'k8RmiVZU', '8RmiVZU7', 'RmiVZU7K', 'miVZU7K3', 'iVZU', 'VZU7', 'ZU7K', 'U7K3', 'aNrno9BxSZ9C94I9', 'Nrno9BxSZ9C94I99', 'rno9BxSZ9C94I99V', 'no9BxSZ9C94I99VC', 'o9BxSZ9C94I9', '9BxSZ9C94I99', 'BxSZ9C94I99V', 'xSZ9C94I99VC', 'SZ9C94I9', 'Z9C94I99', '9C94I99V', 'C94I99VC', '94I9', '4I99', 'I99V', '99VC', 'YoEAByBzxC0wcOeT', 'oEAByBzxC0wcOeTM', 'EAByBzxC0wcOeTM5', 'AByBzxC0wcOeTM5A', 'ByBzxC0wcOeT', 'yBzxC0wcOeTM', 'BzxC0wcOeTM5', 'zxC0wcOeTM5A', 'xC0wcOeT', 'C0wcOeTM', '0wcOeTM5', 'wcOeTM5A', 'cOeT', 'OeTM', 'eTM5', 'TM5A', 'lETua8KVGFTFNnui', 'ETua8KVGFTFNnuiE', 'Tua8KVGFTFNnuiEw', 'ua8KVGFTFNnuiEw4', 'a8KVGFTFNnui', '8KVGFTFNnuiE', 'KVGFTFNnuiEw', 'VGFTFNnuiEw4', 'GFTFNnui', 'FTFNnuiE', 'TFNnuiEw', 'FNnuiEw4', 'Nnui', 'nuiE', 'uiEw', 'iEw4', 'AGx73NKHt2bss6Lf', 'Gx73NKHt2bss6LfA', 'x73NKHt2bss6LfAS', '73NKHt2bss6LfASM', '3NKHt2bss6Lf', 'NKHt2bss6LfA', 'KHt2bss6LfAS', 'Ht2bss6LfASM', 't2bss6Lf', '2bss6LfA', 'bss6LfAS', 'ss6LfASM', 's6Lf', '6LfA', 'LfAS', 'fASM', 'C8GwpUKninAGEBNS', '8GwpUKninAGEBNSL', 'GwpUKninAGEBNSL8', 'wpUKninAGEBNSL8V', 'pUKninAGEBNS', 'UKninAGEBNSL', 'KninAGEBNSL8', 'ninAGEBNSL8V', 'inAGEBNS', 'nAGEBNSL', 'AGEBNSL8', 'GEBNSL8V', 'EBNS', 'BNSL', 'NSL8', 'SL8V', 'Reve', 'ever', 'vers', 'erse', 'lqN2G0KExuMfavIZ', 'qN2G0KExuMfavIZH', 'N2G0KExuMfavIZHC', '2G0KExuMfavIZHCA', 'G0KExuMfavIZ', '0KExuMfavIZH', 'KExuMfavIZHC', 'ExuMfavIZHCA', 'xuMfavIZ', 'uMfavIZH', 'MfavIZHC', 'favIZHCA', 'avIZ', 'vIZH', 'IZHC', 'ZHCA', 'ccAyUVKZOeYYLG2l', 'cAyUVKZOeYYLG2ln', 'AyUVKZOeYYLG2lnD', 'yUVKZOeYYLG2lnDX', 'UVKZOeYYLG2l', 'VKZOeYYLG2ln', 'KZOeYYLG2lnD', 'ZOeYYLG2lnDX', 'OeYYLG2l', 'eYYLG2ln', 'YYLG2lnD', 'YLG2lnDX', 'LG2l', 'G2ln', '2lnD', 'lnDX', 'GetPublicKeyToke', 'etPublicKeyToken', 'tPublicKeyTo', 'PublicKeyTok', 'ublicKeyToke', 'blicKeyToken', 'licKeyTo', 'icKeyTok', 'cKeyToke', 'KeyToken', 'eyTo', 'yTok', 'Q0ywkXK70Gc3cl8X', '0ywkXK70Gc3cl8X6', 'ywkXK70Gc3cl8X68', 'wkXK70Gc3cl8X68X', 'kXK70Gc3cl8X', 'XK70Gc3cl8X6', 'K70Gc3cl8X68', '70Gc3cl8X68X', '0Gc3cl8X', 'Gc3cl8X6', 'c3cl8X68', '3cl8X68X', 'cl8X', 'l8X6', '8X68', 'X68X', 'xJXEMLKWNieklTtV', 'JXEMLKWNieklTtVr', 'XEMLKWNieklTtVre', 'EMLKWNieklTtVreD', 'MLKWNieklTtV', 'LKWNieklTtVr', 'KWNieklTtVre', 'WNieklTtVreD', 'NieklTtV', 'ieklTtVr', 'eklTtVre', 'klTtVreD', 'lTtV', 'TtVr', 'tVre', 'VreD', 'CipherMo', 'ipherMod', 'pherMode', 'herM', 'erMo', 'rMod', 'qhflmHKNKhLXQsnM', 'hflmHKNKhLXQsnMM', 'flmHKNKhLXQsnMMM', 'lmHKNKhLXQsnMMMV', 'mHKNKhLXQsnM', 'HKNKhLXQsnMM', 'KNKhLXQsnMMM', 'NKhLXQsnMMMV', 'KhLXQsnM', 'hLXQsnMM', 'LXQsnMMM', 'XQsnMMMV', 'QsnM', 'snMM', 'nMMM', 'MMMV', 'RAECwXKsB5PKXan6', 'AECwXKsB5PKXan6H', 'ECwXKsB5PKXan6HH', 'CwXKsB5PKXan6HHG', 'wXKsB5PKXan6', 'XKsB5PKXan6H', 'KsB5PKXan6HH', 'sB5PKXan6HHG', 'B5PKXan6', '5PKXan6H', 'PKXan6HH', 'KXan6HHG', 'Xan6', 'an6H', 'n6HH', '6HHG', 'TYMBMAK68Q9Tq6wW', 'YMBMAK68Q9Tq6wWS', 'MBMAK68Q9Tq6wWS7', 'BMAK68Q9Tq6wWS7y', 'MAK68Q9Tq6wW', 'AK68Q9Tq6wWS', 'K68Q9Tq6wWS7', '68Q9Tq6wWS7y', '8Q9Tq6wW', 'Q9Tq6wWS', '9Tq6wWS7', 'Tq6wWS7y', 'q6wW', '6wWS', 'wWS7', 'WS7y', 'XQpm33KhUJadrxqZ', 'Qpm33KhUJadrxqZS', 'pm33KhUJadrxqZSI', 'm33KhUJadrxqZSIm', '33KhUJadrxqZ', '3KhUJadrxqZS', 'KhUJadrxqZSI', 'hUJadrxqZSIm', 'UJadrxqZ', 'JadrxqZS', 'adrxqZSI', 'drxqZSIm', 'rxqZ', 'xqZS', 'qZSI', 'ZSIm', 'FlushFinalBl', 'lushFinalBlo', 'ushFinalBloc', 'shFinalBlock', 'hFinalBl', 'FinalBlo', 'inalBloc', 'nalBlock', 'alBl', 'lBlo', 'bfFCfXKBIs1QCilS', 'fFCfXKBIs1QCilSt', 'FCfXKBIs1QCilSt3', 'CfXKBIs1QCilSt37', 'fXKBIs1QCilS', 'XKBIs1QCilSt', 'KBIs1QCilSt3', 'BIs1QCilSt37', 'Is1QCilS', 's1QCilSt', '1QCilSt3', 'QCilSt37', 'CilS', 'ilSt', 'lSt3', 'St37', 'Vn4PLCKKlgZ3yAnV', 'n4PLCKKlgZ3yAnV0', '4PLCKKlgZ3yAnV01', 'PLCKKlgZ3yAnV01U', 'LCKKlgZ3yAnV', 'CKKlgZ3yAnV0', 'KKlgZ3yAnV01', 'KlgZ3yAnV01U', 'lgZ3yAnV', 'gZ3yAnV0', 'Z3yAnV01', '3yAnV01U', 'yAnV', 'AnV0', 'nV01', 'V01U', 'hJrTdRKUCJfQy5ih', 'JrTdRKUCJfQy5ih3', 'rTdRKUCJfQy5ih3w', 'TdRKUCJfQy5ih3wd', 'dRKUCJfQy5ih', 'RKUCJfQy5ih3', 'KUCJfQy5ih3w', 'UCJfQy5ih3wd', 'CJfQy5ih', 'JfQy5ih3', 'fQy5ih3w', 'Qy5ih3wd', 'y5ih', '5ih3', 'ih3w', 'h3wd', 'EntryPoi', 'ntryPoin', 'tryPoint', 'ryPo', 'yPoi', 'zTCSeZKrw5PThQ9k', 'TCSeZKrw5PThQ9ku', 'CSeZKrw5PThQ9kux', 'SeZKrw5PThQ9kuxF', 'eZKrw5PThQ9k', 'ZKrw5PThQ9ku', 'Krw5PThQ9kux', 'rw5PThQ9kuxF', 'w5PThQ9k', '5PThQ9ku', 'PThQ9kux', 'ThQ9kuxF', 'hQ9k', 'Q9ku', '9kux', 'kuxF', 'SFObT7BdNQx3OBmw', 'FObT7BdNQx3OBmwr', 'ObT7BdNQx3OBmwrf', 'bT7BdNQx3OBmwrfj', 'T7BdNQx3OBmw', '7BdNQx3OBmwr', 'BdNQx3OBmwrf', 'dNQx3OBmwrfj', 'NQx3OBmw', 'Qx3OBmwr', 'x3OBmwrf', '3OBmwrfj', 'OBmw', 'Bmwr', 'mwrf', 'wrfj', 'd2wIUbBCeWqr2Nlb', '2wIUbBCeWqr2Nlb5', 'wIUbBCeWqr2Nlb5K', 'IUbBCeWqr2Nlb5Kj', 'UbBCeWqr2Nlb', 'bBCeWqr2Nlb5', 'BCeWqr2Nlb5K', 'CeWqr2Nlb5Kj', 'eWqr2Nlb', 'Wqr2Nlb5', 'qr2Nlb5K', 'r2Nlb5Kj', '2Nlb', 'Nlb5', 'lb5K', 'b5Kj', 'WyFsCTLJ5QqUnPiI', 'yFsCTLJ5QqUnPiIY', 'FsCTLJ5QqUnPiIYf', 'sCTLJ5QqUnPiIYfI', 'CTLJ5QqUnPiI', 'TLJ5QqUnPiIY', 'LJ5QqUnPiIYf', 'J5QqUnPiIYfI', '5QqUnPiI', 'QqUnPiIY', 'qUnPiIYf', 'UnPiIYfI', 'nPiI', 'PiIY', 'iIYf', 'IYfI', 'du9curL8hdgUrEbG', 'u9curL8hdgUrEbGZ', '9curL8hdgUrEbGZU', 'curL8hdgUrEbGZUr', 'urL8hdgUrEbG', 'rL8hdgUrEbGZ', 'L8hdgUrEbGZU', '8hdgUrEbGZUr', 'hdgUrEbG', 'dgUrEbGZ', 'gUrEbGZU', 'UrEbGZUr', 'rEbG', 'EbGZ', 'bGZU', 'GZUr', 'j2IhntLStUmqMX05', '2IhntLStUmqMX05e', 'IhntLStUmqMX05eH', 'hntLStUmqMX05eHp', 'ntLStUmqMX05', 'tLStUmqMX05e', 'LStUmqMX05eH', 'StUmqMX05eHp', 'tUmqMX05', 'UmqMX05e', 'mqMX05eH', 'qMX05eHp', 'MX05', 'X05e', '05eH', '5eHp', 'UOsYX6nqjBtcgwV3', 'OsYX6nqjBtcgwV3o', 'sYX6nqjBtcgwV3oI', 'YX6nqjBtcgwV3oIb', 'X6nqjBtcgwV3', '6nqjBtcgwV3o', 'nqjBtcgwV3oI', 'qjBtcgwV3oIb', 'jBtcgwV3', 'BtcgwV3o', 'tcgwV3oI', 'cgwV3oIb', 'gwV3', 'wV3o', 'V3oI', '3oIb', 'yIanYXFt', 'IanYXFt9', 'anYXFt9g', 'nYXF', 'YXFt', 'XFt9', 'Ft9g', 'CreateEncryp', 'reateEncrypt', 'eateEncrypto', 'ateEncryptor', 'teEncryp', 'eEncrypt', 'Encrypto', 'ncryptor', 'ToBase64Stri', 'oBase64Strin', 'classthi', 'lassthis', 'asst', 'ssth', 'sthi', 'this', 'comp', 'info', 'flag', 'nativeEn', 'ativeEnt', 'tiveEntr', 'iveEntry', 'veEn', 'eEnt', 'Entr', 'ntry', 'nativeSizeOfCode', 'ativeSizeOfC', 'tiveSizeOfCo', 'iveSizeOfCod', 'veSizeOfCode', 'eSizeOfC', 'SizeOfCo', 'izeOfCod', 'zeOfCode', 'eOfC', 'OfCo', 'fCod', 'tnAn34G0', 'nAn34G0A', 'An34G0AN', 'n34G', '34G0', '4G0A', 'G0AN', 'nb3nyl2p', 'b3nyl2pu', '3nyl2puH', 'nyl2', 'yl2p', 'l2pu', '2puH', 'AGJngIyr', 'GJngIyrb', 'JngIyrbt', 'ngIy', 'gIyr', 'Iyrb', 'yrbt', 'KCFlcDdR', 'CFlcDdR6', 'FlcDdR6L', 'lcDd', 'cDdR', 'DdR6', 'dR6L', 'EANnJx5j', 'ANnJx5j0', 'NnJx5j0h', 'nJx5', 'Jx5j', 'x5j0', '5j0h', 'rrCn8HJ5', 'rCn8HJ5O', 'Cn8HJ5Ox', 'n8HJ', '8HJ5', 'HJ5O', 'J5Ox', 'G3mnSLIk', '3mnSLIku', 'mnSLIkus', 'nSLI', 'SLIk', 'LIku', 'Ikus', 'ReadInt3', 'eadInt32', 'adIn', 'dInt', 'cvBncy6o', 'vBncy6oE', 'Bncy6oEJ', 'ncy6', 'cy6o', 'y6oE', '6oEJ', 'hMod', 'lpNa', 'pNam', 'lpTy', 'pTyp', 'lpAddres', 'pAddress', 'dwSi', 'wSiz', 'flAllocationType', 'lAllocationT', 'AllocationTy', 'llocationTyp', 'locationType', 'ocationT', 'cationTy', 'ationTyp', 'tionType', 'ionT', 'onTy', 'flProtec', 'lProtect', 'Prot', 'rote', 'otec', 'tect', 'hProcess', 'Proc', 'roce', 'oces', 'lpBaseAddres', 'pBaseAddress', 'BaseAddr', 'aseAddre', 'seAddres', 'eAddress', 'buff', 'uffe', 'ffer', 'size', 'lpNumberOfBytesWritt', 'pNumberOfBytesWritte', 'NumberOfBytesWritten', 'umberOfBytesWrit', 'mberOfBytesWritt', 'berOfBytesWritte', 'erOfBytesWritten', 'rOfBytesWrit', 'OfBytesWritt', 'fBytesWritte', 'BytesWritten', 'ytesWrit', 'tesWritt', 'esWritte', 'sWritten', 'ritt', 'itte', 'tten', 'flNewProtect', 'lNewProt', 'NewProte', 'ewProtec', 'wProtect', 'lpflOldProte', 'pflOldProtec', 'flOldProtect', 'lOldProt', 'OldProte', 'ldProtec', 'dProtect', 'dwDesiredAcc', 'wDesiredAcce', 'DesiredAcces', 'esiredAccess', 'siredAcc', 'iredAcce', 'redAcces', 'edAccess', 'dAcc', 'bInheritHand', 'InheritHandl', 'nheritHandle', 'heritHan', 'eritHand', 'ritHandl', 'itHandle', 'dwProces', 'wProcess', 'ProcessI', 'rocessId', 'essI', 'ssId', 'valu', 'CwrnicIa', 'wrnicIa9', 'rnicIa9T', 'nicI', 'icIa', 'cIa9', 'Ia9T', 'HEy5wMGu', 'Ey5wMGuJ', 'y5wMGuJY', '5wMG', 'wMGu', 'MGuJ', 'GuJY', 'phFESeB4', 'hFESeB4L', 'FESeB4L3', 'ESeB', 'SeB4', 'eB4L', 'B4L3', 'D6iEcs6w', '6iEcs6wq', 'iEcs6wqH', 'Ecs6', 'cs6w', 's6wq', '6wqH', 'gq1EgOyX', 'q1EgOyXl', '1EgOyXl2', 'EgOy', 'gOyX', 'OyXl', 'yXl2', 'Qa3EFsRx', 'a3EFsRxn', '3EFsRxnc', 'EFsR', 'FsRx', 'sRxn', 'Rxnc', 'yI7EaD7c', 'I7EaD7ci', '7EaD7ci6', 'EaD7', 'aD7c', 'D7ci', '7ci6', 'Im8E0cL5', 'm8E0cL5B', '8E0cL5BO', 'E0cL', '0cL5', 'cL5B', 'L5BO', 'hqcEA8lt', 'qcEA8ltn', 'cEA8ltn2', 'EA8l', 'A8lt', '8ltn', 'ltn2', 'BRgEOiGc', 'RgEOiGcw', 'gEOiGcwI', 'OiGc', 'iGcw', 'GcwI', 'ijkEoThw', 'jkEoThw7', 'kEoThw7F', 'EoTh', 'oThw', 'Thw7', 'hw7F', 'mbiEj4eq', 'biEj4eqr', 'iEj4eqrO', 'Ej4e', 'j4eq', '4eqr', 'eqrO', 'i69EbM53', '69EbM53O', '9EbM53Og', 'EbM5', 'bM53', 'M53O', '53Og', 'hFPEQ07X', 'FPEQ07XS', 'PEQ07XSj', 'EQ07', 'Q07X', '07XS', '7XSj', 'wpQEiiYl', 'pQEiiYlq', 'QEiiYlqT', 'EiiY', 'iiYl', 'iYlq', 'YlqT', 'N4xEtEjM', '4xEtEjM3', 'xEtEjM3I', 'EtEj', 'tEjM', 'EjM3', 'jM3I', 'UXgEdxr6', 'XgEdxr6J', 'gEdxr6Jl', 'Edxr', 'dxr6', 'xr6J', 'r6Jl', 'MCYdB9RVO7JM1IMc', 'CYdB9RVO7JM1IMcC', 'YdB9RVO7JM1IMcCP', 'dB9RVO7JM1IMcCPc', 'B9RVO7JM1IMc', '9RVO7JM1IMcC', 'RVO7JM1IMcCP', 'VO7JM1IMcCPc', 'O7JM1IMc', '7JM1IMcC', 'JM1IMcCP', 'M1IMcCPc', '1IMc', 'IMcC', 'McCP', 'cCPc', 'yEKEIT9i', 'EKEIT9iw', 'KEIT9iwd', 'EIT9', 'IT9i', 'T9iw', '9iwd', 'YdBELiOT', 'dBELiOTB', 'BELiOTBx', 'ELiO', 'LiOT', 'iOTB', 'OTBx', 'P7nER3EM', '7nER3EMB', 'nER3EMBI', 'ER3E', 'R3EM', '3EMB', 'EMBI', 'HMrEfTTD', 'MrEfTTD1', 'rEfTTD1e', 'EfTT', 'fTTD', 'TTD1', 'TD1e', 'KvAE5FBi', 'vAE5FBi7', 'AE5FBi7A', 'E5FB', '5FBi', 'FBi7', 'Bi7A', 'bIfEDVRv', 'IfEDVRvL', 'fEDVRvLp', 'EDVR', 'DVRv', 'VRvL', 'RvLp', 'B1SEmhH1', '1SEmhH1X', 'SEmhH1X9', 'EmhH', 'mhH1', 'hH1X', 'H1X9', 'IiBEvZKm', 'iBEvZKmG', 'BEvZKmGD', 'EvZK', 'vZKm', 'ZKmG', 'KmGD', 'pq6E4dNi', 'q6E4dNib', '6E4dNibH', 'E4dN', '4dNi', 'dNib', 'NibH', 'eTuEXb5i', 'TuEXb5iy', 'uEXb5iy9', 'EXb5', 'Xb5i', 'b5iy', '5iy9', 'RuntimeMethodHan', 'untimeMethodHand', 'ntimeMethodHandl', 'timeMethodHandle', 'imeMethodHan', 'meMethodHand', 'eMethodHandl', 'MethodHandle', 'ethodHan', 'thodHand', 'hodHandl', 'odHandle', 'wsaE1Ibs', 'saE1Ibsq', 'aE1IbsqY', 'E1Ib', '1Ibs', 'Ibsq', 'bsqY', 'ThoE9v6o', 'hoE9v6oq', 'oE9v6oqu', 'E9v6', '9v6o', 'v6oq', '6oqu', 'NotSupportedExceptio', 'otSupportedException', 'tSupportedExcept', 'SupportedExcepti', 'upportedExceptio', 'pportedException', 'portedExcept', 'ortedExcepti', 'rtedExceptio', 'tedException', 'edExcept', 'dExcepti', 's8PEqMWu', '8PEqMWuI', 'PEqMWuIp', 'EqMW', 'qMWu', 'MWuI', 'WuIp', 'E2KEkM7P', '2KEkM7PJ', 'KEkM7PJI', 'EkM7', 'kM7P', 'M7PJ', '7PJI', 'mN1EYt05', 'N1EYt05p', '1EYt05pb', 'EYt0', 'Yt05', 't05p', '05pb', 'YZxE2QwF', 'ZxE2QwFu', 'xE2QwFuG', 'E2Qw', '2QwF', 'QwFu', 'wFuG', 'wvUfIFEu29WgjAMb', 'vUfIFEu29WgjAMb7', 'UfIFEu29WgjAMb7E', 'fIFEu29WgjAMb7Eb', 'IFEu29WgjAMb', 'FEu29WgjAMb7', 'Eu29WgjAMb7E', 'u29WgjAMb7Eb', '29WgjAMb', '9WgjAMb7', 'WgjAMb7E', 'gjAMb7Eb', 'jAMb', 'AMb7', 'Mb7E', 'b7Eb', 'SByt', 'Sing', 'ingl', 'ngle', 'Doub', 'oubl', 'uble', 'Char', 'Comparis', 'ompariso', 'mparison', 'pari', 'aris', 'riso', 'ison', 'aO83AL6F', 'O83AL6Fa', '83AL6Fau', '3AL6', 'AL6F', 'L6Fa', '6Fau', 'Sort', 'KxqEwUvg', 'xqEwUvgs', 'qEwUvgsI', 'EwUv', 'wUvg', 'Uvgs', 'vgsI', 'licE3V4O', 'icE3V4OM', 'cE3V4OMe', 'E3V4', '3V4O', 'V4OM', '4OMe', 'wVfqVNEyRMnxw8G9', 'VfqVNEyRMnxw8G9k', 'fqVNEyRMnxw8G9kM', 'qVNEyRMnxw8G9kM4', 'VNEyRMnxw8G9', 'NEyRMnxw8G9k', 'EyRMnxw8G9kM', 'yRMnxw8G9kM4', 'RMnxw8G9', 'Mnxw8G9k', 'nxw8G9kM', 'xw8G9kM4', 'w8G9', '8G9k', 'G9kM', '9kM4', 'wPuEp6SG', 'PuEp6SG2', 'uEp6SG26', 'Ep6S', 'p6SG', '6SG2', 'SG26', 'VkDEJGwi', 'kDEJGwi0', 'DEJGwi0O', 'EJGw', 'JGwi', 'Gwi0', 'wi0O', 'pjSE86wv', 'jSE86wvv', 'SE86wvvN', 'E86w', '86wv', '6wvv', 'wvvN', 'lVx1hTRHxIewqobb', 'Vx1hTRHxIewqobb3', 'x1hTRHxIewqobb3G', '1hTRHxIewqobb3GJ', 'hTRHxIewqobb', 'TRHxIewqobb3', 'RHxIewqobb3G', 'HxIewqobb3GJ', 'xIewqobb', 'Iewqobb3', 'ewqobb3G', 'wqobb3GJ', 'qobb', 'obb3', 'bb3G', 'b3GJ', 'Yf9fvaRnbKHZkv3J', 'f9fvaRnbKHZkv3J7', '9fvaRnbKHZkv3J7C', 'fvaRnbKHZkv3J7C0', 'vaRnbKHZkv3J', 'aRnbKHZkv3J7', 'RnbKHZkv3J7C', 'nbKHZkv3J7C0', 'bKHZkv3J', 'KHZkv3J7', 'HZkv3J7C', 'Zkv3J7C0', 'kv3J', 'v3J7', '3J7C', 'J7C0', 'kXpEMRiv', 'XpEMRivi', 'pEMRiviV', 'EMRi', 'MRiv', 'Rivi', 'iviV', 'MaEExkZN', 'aEExkZNQ', 'EExkZNQc', 'ExkZ', 'xkZN', 'kZNQ', 'ZNQc', 'TFxEzOYU', 'FxEzOYU9', 'xEzOYU99', 'EzOY', 'zOYU', 'OYU9', 'YU99', 'heWZVe2E', 'eWZVe2ET', 'WZVe2ETX', 'ZVe2', 'Ve2E', 'e2ET', '2ETX', 'iEaZH5v9', 'EaZH5v9A', 'aZH5v9AX', 'ZH5v', 'H5v9', '5v9A', 'v9AX', 'aoIZn8Fy', 'oIZn8Fyj', 'IZn8Fyjy', 'Zn8F', 'n8Fy', '8Fyj', 'Fyjy', 'DkVZN0Y5', 'kVZN0Y5H', 'VZN0Y5Hv', 'ZN0Y', 'N0Y5', '0Y5H', 'Y5Hv', 'LGhZs1a9', 'GhZs1a9F', 'hZs1a9FW', 'Zs1a', 's1a9', '1a9F', 'a9FW', 'VDlyUjRWJVtYu98a', 'DlyUjRWJVtYu98aS', 'lyUjRWJVtYu98aSP', 'yUjRWJVtYu98aSP4', 'UjRWJVtYu98a', 'jRWJVtYu98aS', 'RWJVtYu98aSP', 'WJVtYu98aSP4', 'JVtYu98a', 'VtYu98aS', 'tYu98aSP', 'Yu98aSP4', 'u98a', '98aS', '8aSP', 'aSP4', 'T7MhRDMc', '7MhRDMcv', 'MhRDMcvi', 'hRDM', 'RDMc', 'DMcv', 'Mcvi', 'rHvhfZTj', 'HvhfZTjp', 'vhfZTjpD', 'hfZT', 'fZTj', 'ZTjp', 'TjpD', 'PQch5BK6', 'Qch5BK6b', 'ch5BK6bF', 'h5BK', '5BK6', 'BK6b', 'K6bF', 'I7YhDMQr', '7YhDMQrH', 'YhDMQrHp', 'hDMQ', 'DMQr', 'MQrH', 'QrHp', 'uqxhmmb8', 'qxhmmb8H', 'xhmmb8H3', 'hmmb', 'mmb8', 'mb8H', 'b8H3', 'HymhvB9M', 'ymhvB9Mu', 'mhvB9Mu7', 'hvB9', 'vB9M', 'B9Mu', '9Mu7', 'VTvh44Vk', 'Tvh44VkN', 'vh44VkNE', 'h44V', '44Vk', '4VkN', 'VkNE', 'GX8ZZZW9', 'X8ZZZW9O', '8ZZZW9Ou', 'ZZZW', 'ZZW9', 'ZW9O', 'W9Ou', 'JI6hXc6S', 'I6hXc6SZ', '6hXc6SZU', 'hXc6', 'Xc6S', 'c6SZ', '6SZU', 'JQDh1ZSg', 'QDh1ZSgi', 'Dh1ZSgiw', 'h1ZS', '1ZSg', 'ZSgi', 'Sgiw', 'xG2h9dJc', 'G2h9dJcH', '2h9dJcHa', 'h9dJ', '9dJc', 'dJcH', 'JcHa', 'Y4rZ7NJC', '4rZ7NJCy', 'rZ7NJCyW', 'Z7NJ', '7NJC', 'NJCy', 'JCyW', 'LUPhqJEm', 'UPhqJEmh', 'PhqJEmhw', 'hqJE', 'qJEm', 'JEmh', 'Emhw', 'Ms1hkNwy', 's1hkNwyv', '1hkNwyvm', 'hkNw', 'kNwy', 'Nwyv', 'wyvm', 'BGLhYJO1', 'GLhYJO1b', 'LhYJO1b0', 'hYJO', 'YJO1', 'JO1b', 'O1b0', 'iNCh2Oil', 'NCh2OilS', 'Ch2OilSm', 'h2Oi', '2Oil', 'OilS', 'ilSm', 't9ahuiBh', '9ahuiBh1', 'ahuiBh1J', 'huiB', 'uiBh', 'iBh1', 'Bh1J', 'YoNhwU3w', 'oNhwU3wp', 'NhwU3wpo', 'hwU3', 'wU3w', 'U3wp', '3wpo', 'uDLh3unY', 'DLh3unYb', 'Lh3unYbe', 'h3un', '3unY', 'unYb', 'nYbe', 'esLhyDoW', 'sLhyDoWN', 'LhyDoWNv', 'hyDo', 'yDoW', 'DoWN', 'oWNv', 'clNhp3Xc', 'lNhp3XcJ', 'Nhp3XcJE', 'hp3X', 'p3Xc', '3XcJ', 'XcJE', 'UrehJHGD', 'rehJHGDD', 'ehJHGDDd', 'hJHG', 'JHGD', 'HGDD', 'GDDd', 'QObh8ANB', 'Obh8ANBt', 'bh8ANBtU', 'h8AN', '8ANB', 'ANBt', 'NBtU', 'QTKhS2t6', 'TKhS2t6r', 'KhS2t6rA', 'hS2t', 'S2t6', '2t6r', 't6rA', 'Tw7hcUoa', 'w7hcUoa7', '7hcUoa7j', 'hcUo', 'cUoa', 'Uoa7', 'oa7j', 'UBAhgc9f', 'BAhgc9f7', 'Ahgc9f77', 'hgc9', 'gc9f', 'c9f7', '9f77', 'MTKhFJDd', 'TKhFJDdj', 'KhFJDdj4', 'hFJD', 'FJDd', 'JDdj', 'Ddj4', 'yeShaO43', 'eShaO43N', 'ShaO43Nb', 'haO4', 'aO43', 'O43N', '43Nb', 'nC3h0gFn', 'C3h0gFnc', '3h0gFnc2', 'h0gF', '0gFn', 'gFnc', 'Fnc2', 'k0ghA5dX', '0ghA5dXh', 'ghA5dXha', 'hA5d', 'A5dX', '5dXh', 'dXha', 'dwahOq06', 'wahOq06J', 'ahOq06JD', 'hOq0', 'Oq06', 'q06J', '06JD', 'Xephoqhd', 'ephoqhdF', 'phoqhdFO', 'hoqh', 'oqhd', 'qhdF', 'hdFO', 'QBEhjhne', 'BEhjhneC', 'EhjhneCg', 'hjhn', 'jhne', 'hneC', 'neCg', 'slwhbguM', 'lwhbguM8', 'whbguM8j', 'hbgu', 'bguM', 'guM8', 'uM8j', 'I8chQAHs', '8chQAHsa', 'chQAHsa4', 'hQAH', 'QAHs', 'AHsa', 'Hsa4', 'DQ2hiqeF', 'Q2hiqeFg', '2hiqeFgI', 'hiqe', 'iqeF', 'qeFg', 'eFgI', 'SZoht2am', 'Zoht2amg', 'oht2amg7', 'ht2a', 't2am', '2amg', 'amg7', 'pFDhdFQG', 'FDhdFQG2', 'DhdFQG2f', 'hdFQ', 'dFQG', 'FQG2', 'QG2f', 'bQDhCp9J', 'QDhCp9J3', 'DhCp9J3N', 'hCp9', 'Cp9J', 'p9J3', '9J3N', 'H3QhMGjs', '3QhMGjsa', 'QhMGjsan', 'hMGj', 'MGjs', 'Gjsa', 'jsan', 'cQhhxhKA', 'QhhxhKAB', 'hhxhKABq', 'hxhK', 'xhKA', 'hKAB', 'KABq', 'z4JhzgW1', '4JhzgW1W', 'JhzgW1Wd', 'hzgW', 'zgW1', 'gW1W', 'W1Wd', 'VbQBVFV0', 'bQBVFV0e', 'QBVFV0ep', 'BVFV', 'VFV0', 'FV0e', 'V0ep', 'SvqBH78a', 'vqBH78aJ', 'qBH78aJq', 'BH78', 'H78a', '78aJ', '8aJq', 'YxEBnOxU', 'xEBnOxUt', 'EBnOxUtY', 'BnOx', 'nOxU', 'OxUt', 'xUtY', 'XDbBE6I0', 'DbBE6I08', 'bBE6I08m', 'BE6I', 'E6I0', '6I08', 'I08m', 'KcTBZtUP', 'cTBZtUP5', 'TBZtUP5P', 'BZtU', 'ZtUP', 'tUP5', 'UP5P', 'cAcB74eG', 'AcB74eGt', 'cB74eGtY', 'B74e', '74eG', '4eGt', 'eGtY', 'g47BWrCW', '47BWrCWL', '7BWrCWLV', 'BWrC', 'WrCW', 'rCWL', 'CWLV', 'MhDBNAux', 'hDBNAuxe', 'DBNAuxeb', 'BNAu', 'NAux', 'Auxe', 'uxeb', 'aVfBstI6', 'VfBstI61', 'fBstI61o', 'BstI', 'stI6', 'tI61', 'I61o', 'lTVB6Vgh', 'TVB6VghP', 'VB6VghP8', 'B6Vg', '6Vgh', 'VghP', 'ghP8', 'LNPBhmgr', 'NPBhmgr1', 'PBhmgr1m', 'Bhmg', 'hmgr', 'mgr1', 'gr1m', 'pg5BBDVW', 'g5BBDVWT', '5BBDVWTr', 'BBDV', 'BDVW', 'DVWT', 'VWTr', 'UNDBKvWk', 'NDBKvWky', 'DBKvWkyn', 'BKvW', 'KvWk', 'vWky', 'Wkyn', 'cqsBUclt', 'qsBUcltj', 'sBUcltjJ', 'BUcl', 'Uclt', 'cltj', 'ltjJ', 'djdBreD2', 'jdBreD2n', 'dBreD2nB', 'BreD', 'reD2', 'eD2n', 'D2nB', 'AZLBTSq3', 'ZLBTSq3V', 'LBTSq3Vl', 'BTSq', 'TSq3', 'Sq3V', 'q3Vl', 'VTXBeTND', 'TXBeTND2', 'XBeTND2P', 'BeTN', 'eTND', 'TND2', 'ND2P', 'lx0BPJp2', 'x0BPJp2O', '0BPJp2On', 'BPJp', 'PJp2', 'Jp2O', 'p2On', 'xQRBGtrf', 'QRBGtrfv', 'RBGtrfvf', 'BGtr', 'Gtrf', 'trfv', 'rfvf', 'BSDBlxe8', 'SDBlxe8c', 'DBlxe8cU', 'Blxe', 'lxe8', 'xe8c', 'e8cU', 'DbpBI6Nx', 'bpBI6NxE', 'pBI6NxEp', 'BI6N', 'I6Nx', '6NxE', 'NxEp', 'UjrBLSDj', 'jrBLSDjZ', 'rBLSDjZb', 'BLSD', 'LSDj', 'SDjZ', 'DjZb', 'tyXBRPk2', 'yXBRPk22', 'XBRPk22r', 'BRPk', 'RPk2', 'Pk22', 'k22r', 'nwFBfCVm', 'wFBfCVmo', 'FBfCVmok', 'BfCV', 'fCVm', 'CVmo', 'Vmok', 'mSSB53fP', 'SSB53fPw', 'SB53fPwo', 'B53f', '53fP', '3fPw', 'fPwo', 'xCOBDubO', 'COBDubOP', 'OBDubOPV', 'BDub', 'DubO', 'ubOP', 'bOPV', 'M1IBmvpe', '1IBmvpeL', 'IBmvpeLt', 'Bmvp', 'mvpe', 'vpeL', 'peLt', 'T5RBv2ai', '5RBv2ai1', 'RBv2ai19', 'Bv2a', 'v2ai', '2ai1', 'ai19', 'iGGB4SVB', 'GGB4SVBV', 'GB4SVBVT', 'B4SV', '4SVB', 'SVBV', 'VBVT', 'lfIBXkFa', 'fIBXkFaT', 'IBXkFaTA', 'BXkF', 'XkFa', 'kFaT', 'FaTA', 'q6jB1p1x', '6jB1p1xd', 'jB1p1xdK', 'B1p1', '1p1x', 'p1xd', '1xdK', 'YnRBqZa3', 'nRBqZa3h', 'RBqZa3he', 'BqZa', 'qZa3', 'Za3h', 'a3he', 'JPRBkZ3X', 'PRBkZ3Xi', 'RBkZ3Xiq', 'BkZ3', 'kZ3X', 'Z3Xi', '3Xiq', 'iadBYjR0', 'adBYjR0i', 'dBYjR0io', 'BYjR', 'YjR0', 'jR0i', 'R0io', 'SZNZW5LI', 'ZNZW5LId', 'NZW5LIdc', 'ZW5L', 'W5LI', '5LId', 'LIdc', 'tPqB2CUZ', 'PqB2CUZt', 'qB2CUZtI', 'B2CU', '2CUZ', 'CUZt', 'UZtI', 'PFYBuqfI', 'FYBuqfIs', 'YBuqfIsR', 'Buqf', 'uqfI', 'qfIs', 'fIsR', 'BtiBwAxn', 'tiBwAxn3', 'iBwAxn3L', 'BwAx', 'wAxn', 'Axn3', 'xn3L', 'CuFB35NG', 'uFB35NGP', 'FB35NGPq', 'B35N', '35NG', '5NGP', 'NGPq', 'uXmBySeI', 'XmBySeIv', 'mBySeIvF', 'BySe', 'ySeI', 'SeIv', 'eIvF', 'O4UBp22y', '4UBp22yb', 'UBp22ybk', 'Bp22', 'p22y', '22yb', '2ybk', 'DU2BJK3o', 'U2BJK3or', '2BJK3orI', 'BJK3', 'JK3o', 'K3or', '3orI', 'lgYB8MHO', 'gYB8MHOo', 'YB8MHOo2', 'B8MH', '8MHO', 'MHOo', 'HOo2', 'veHBSOQQ', 'eHBSOQQS', 'HBSOQQSU', 'BSOQ', 'SOQQ', 'OQQS', 'QQSU', 'k87bpRRNCEDLpvU4', '87bpRRNCEDLpvU4p', '7bpRRNCEDLpvU4pO', 'bpRRNCEDLpvU4pOT', 'pRRNCEDLpvU4', 'RRNCEDLpvU4p', 'RNCEDLpvU4pO', 'NCEDLpvU4pOT', 'CEDLpvU4', 'EDLpvU4p', 'DLpvU4pO', 'LpvU4pOT', 'pvU4', 'vU4p', 'U4pO', '4pOT', 'M7JsoiRsXv6SGMtT', '7JsoiRsXv6SGMtTX', 'JsoiRsXv6SGMtTXC', 'soiRsXv6SGMtTXCd', 'oiRsXv6SGMtT', 'iRsXv6SGMtTX', 'RsXv6SGMtTXC', 'sXv6SGMtTXCd', 'Xv6SGMtT', 'v6SGMtTX', '6SGMtTXC', 'SGMtTXCd', 'GMtT', 'MtTX', 'tTXC', 'TXCd', 'VByZhnuM', 'ByZhnuMn', 'yZhnuMnS', 'Zhnu', 'hnuM', 'nuMn', 'uMnS', 'rufZBX3s', 'ufZBX3sP', 'fZBX3sPp', 'ZBX3', 'BX3s', 'X3sP', '3sPp', 'lo9ZK5ns', 'o9ZK5nsr', '9ZK5nsrH', 'ZK5n', 'K5ns', '5nsr', 'nsrH', 'cHaZUFMj', 'HaZUFMjt', 'aZUFMjtx', 'ZUFM', 'UFMj', 'FMjt', 'Mjtx', 'lerZreo2', 'erZreo2u', 'rZreo2uB', 'Zreo', 'reo2', 'eo2u', 'o2uB', 'mbqZTFZT', 'bqZTFZTS', 'qZTFZTS3', 'ZTFZ', 'TFZT', 'FZTS', 'ZTS3', 'QnkZewau', 'nkZewauU', 'kZewauUA', 'Zewa', 'ewau', 'wauU', 'auUA', 'dUrZP3wk', 'UrZP3wk7', 'rZP3wk7E', 'ZP3w', 'P3wk', '3wk7', 'wk7E', 'i7GZRmlB', '7GZRmlBm', 'GZRmlBmN', 'ZRml', 'RmlB', 'mlBm', 'lBmN', 'RISZfVfp', 'ISZfVfpm', 'SZfVfpm9', 'ZfVf', 'fVfp', 'Vfpm', 'fpm9', 'JuiOVhRKbrpT5boa', 'uiOVhRKbrpT5boaJ', 'iOVhRKbrpT5boaJx', 'OVhRKbrpT5boaJx2', 'VhRKbrpT5boa', 'hRKbrpT5boaJ', 'RKbrpT5boaJx', 'KbrpT5boaJx2', 'brpT5boa', 'rpT5boaJ', 'pT5boaJx', 'T5boaJx2', '5boa', 'boaJ', 'oaJx', 'aJx2', 'nA0Zl5nx', 'A0Zl5nxq', '0Zl5nxqK', 'Zl5n', 'l5nx', '5nxq', 'nxqK', 'aANZIXAJ', 'ANZIXAJ3', 'NZIXAJ3V', 'ZIXA', 'IXAJ', 'XAJ3', 'AJ3V', 'mLyZL9lD', 'LyZL9lD8', 'yZL9lD8I', 'ZL9l', 'L9lD', '9lD8', 'lD8I', 'grjFKrRUpMTbGmDK', 'rjFKrRUpMTbGmDKC', 'jFKrRUpMTbGmDKCQ', 'FKrRUpMTbGmDKCQM', 'KrRUpMTbGmDK', 'rRUpMTbGmDKC', 'RUpMTbGmDKCQ', 'UpMTbGmDKCQM', 'pMTbGmDK', 'MTbGmDKC', 'TbGmDKCQ', 'bGmDKCQM', 'GmDK', 'mDKC', 'DKCQ', 'KCQM', 'DIuyfJRr0SJmN9lS', 'IuyfJRr0SJmN9lSs', 'uyfJRr0SJmN9lSsg', 'yfJRr0SJmN9lSsg0', 'fJRr0SJmN9lS', 'JRr0SJmN9lSs', 'Rr0SJmN9lSsg', 'r0SJmN9lSsg0', '0SJmN9lS', 'SJmN9lSs', 'JmN9lSsg', 'mN9lSsg0', 'N9lS', '9lSs', 'lSsg', 'Ssg0', 'RnNZwTyw', 'nNZwTywD', 'NZwTywDV', 'ZwTy', 'wTyw', 'TywD', 'ywDV', 'kv7Z3FA0', 'v7Z3FA0m', '7Z3FA0m4', 'Z3FA', '3FA0', 'FA0m', 'A0m4', 'sZeO0iRT9upBM1q6', 'ZeO0iRT9upBM1q67', 'eO0iRT9upBM1q67R', 'O0iRT9upBM1q67RS', '0iRT9upBM1q6', 'iRT9upBM1q67', 'RT9upBM1q67R', 'T9upBM1q67RS', '9upBM1q6', 'upBM1q67', 'pBM1q67R', 'BM1q67RS', 'M1q6', '1q67', 'q67R', '67RS', 'GaVZDTAR', 'aVZDTARi', 'VZDTARiX', 'ZDTA', 'DTAR', 'TARi', 'ARiX', 'CUKBcwvy', 'UKBcwvyK', 'KBcwvyKi', 'Bcwv', 'cwvy', 'wvyK', 'vyKi', 'eb1ZmpRK', 'b1ZmpRK4', '1ZmpRK4W', 'ZmpR', 'mpRK', 'pRK4', 'RK4W', 'LDlZvh9q', 'DlZvh9qG', 'lZvh9qGQ', 'Zvh9', 'vh9q', 'h9qG', '9qGQ', 'qTIZ4Myk', 'TIZ4Myks', 'IZ4MyksM', 'Z4My', '4Myk', 'Myks', 'yksM', 'EZmZXI2a', 'ZmZXI2aS', 'mZXI2aSN', 'ZXI2', 'XI2a', 'I2aS', '2aSN', 'zJFZ1PvO', 'JFZ1PvO9', 'FZ1PvO9v', 'Z1Pv', '1PvO', 'PvO9', 'vO9v', 'LoiZ9D2p', 'oiZ9D2pZ', 'iZ9D2pZk', 'Z9D2', '9D2p', 'D2pZ', '2pZk', 'QvDZqlfG', 'vDZqlfG5', 'DZqlfG52', 'Zqlf', 'qlfG', 'lfG5', 'fG52', 'ajZZkZ3N', 'jZZkZ3NS', 'ZZkZ3NSZ', 'ZkZ3', 'kZ3N', 'Z3NS', '3NSZ', 'OGhZY2CY', 'GhZY2CYb', 'hZY2CYb5', 'ZY2C', 'Y2CY', '2CYb', 'CYb5', 'ra1Z2SSq', 'a1Z2SSq3', '1Z2SSq3u', 'Z2SS', '2SSq', 'SSq3', 'Sq3u', 'PeQZu0uM', 'eQZu0uMY', 'QZu0uMYb', 'Zu0u', 'u0uM', '0uMY', 'uMYb', 'LADLQYReYsFOfSIW', 'ADLQYReYsFOfSIW9', 'DLQYReYsFOfSIW9f', 'LQYReYsFOfSIW9fb', 'QYReYsFOfSIW', 'YReYsFOfSIW9', 'ReYsFOfSIW9f', 'eYsFOfSIW9fb', 'YsFOfSIW', 'sFOfSIW9', 'FOfSIW9f', 'OfSIW9fb', 'fSIW', 'SIW9', 'IW9f', 'W9fb', 'SuGi1JRPyecpelLF', 'uGi1JRPyecpelLFI', 'Gi1JRPyecpelLFIL', 'i1JRPyecpelLFILJ', '1JRPyecpelLF', 'JRPyecpelLFI', 'RPyecpelLFIL', 'PyecpelLFILJ', 'yecpelLF', 'ecpelLFI', 'cpelLFIL', 'pelLFILJ', 'elLF', 'lLFI', 'LFIL', 'FILJ', 'M53iVSRGDot6Bf2v', '53iVSRGDot6Bf2vw', '3iVSRGDot6Bf2vwP', 'iVSRGDot6Bf2vwPp', 'VSRGDot6Bf2v', 'SRGDot6Bf2vw', 'RGDot6Bf2vwP', 'GDot6Bf2vwPp', 'Dot6Bf2v', 'ot6Bf2vw', 't6Bf2vwP', '6Bf2vwPp', 'Bf2v', 'f2vw', '2vwP', 'vwPp', 'leYBgoeq', 'eYBgoeqM', 'YBgoeqMB', 'Bgoe', 'goeq', 'oeqM', 'eqMB', 'wxdKhURl9m6q2oNl', 'xdKhURl9m6q2oNlw', 'dKhURl9m6q2oNlwD', 'KhURl9m6q2oNlwDT', 'hURl9m6q2oNl', 'URl9m6q2oNlw', 'Rl9m6q2oNlwD', 'l9m6q2oNlwDT', '9m6q2oNl', 'm6q2oNlw', '6q2oNlwD', 'q2oNlwDT', '2oNl', 'oNlw', 'NlwD', 'lwDT', 'WDtdbmRI7UkcjQja', 'DtdbmRI7UkcjQja7', 'tdbmRI7UkcjQja7a', 'dbmRI7UkcjQja7ax', 'bmRI7UkcjQja', 'mRI7UkcjQja7', 'RI7UkcjQja7a', 'I7UkcjQja7ax', '7UkcjQja', 'UkcjQja7', 'kcjQja7a', 'cjQja7ax', 'jQja', 'Qja7', 'ja7a', 'a7ax', 'XmOZJhvt', 'mOZJhvtB', 'OZJhvtB0', 'ZJhv', 'Jhvt', 'hvtB', 'vtB0', 'WWEZ82AZ', 'WEZ82AZF', 'EZ82AZFO', 'Z82A', '82AZ', '2AZF', 'AZFO', 'e0llrHRLD8SAj5dl', '0llrHRLD8SAj5dla', 'llrHRLD8SAj5dlaN', 'lrHRLD8SAj5dlaN6', 'rHRLD8SAj5dl', 'HRLD8SAj5dla', 'RLD8SAj5dlaN', 'LD8SAj5dlaN6', 'D8SAj5dl', '8SAj5dla', 'SAj5dlaN', 'Aj5dlaN6', 'j5dl', '5dla', 'dlaN', 'laN6', 'XBRkn5RRtBrxOhp6', 'BRkn5RRtBrxOhp6H', 'Rkn5RRtBrxOhp6HQ', 'kn5RRtBrxOhp6HQB', 'n5RRtBrxOhp6', '5RRtBrxOhp6H', 'RRtBrxOhp6HQ', 'RtBrxOhp6HQB', 'tBrxOhp6', 'BrxOhp6H', 'rxOhp6HQ', 'xOhp6HQB', 'Ohp6', 'hp6H', 'p6HQ', '6HQB', 'K98BgbRfXjXuTgso', '98BgbRfXjXuTgsoJ', '8BgbRfXjXuTgsoJy', 'BgbRfXjXuTgsoJyQ', 'gbRfXjXuTgso', 'bRfXjXuTgsoJ', 'RfXjXuTgsoJy', 'fXjXuTgsoJyQ', 'XjXuTgso', 'jXuTgsoJ', 'XuTgsoJy', 'uTgsoJyQ', 'Tgso', 'gsoJ', 'soJy', 'oJyQ', 'eKTKftR1erKf0Ocm', 'KTKftR1erKf0Ocm7', 'TKftR1erKf0Ocm7y', 'KftR1erKf0Ocm7yJ', 'ftR1erKf0Ocm', 'tR1erKf0Ocm7', 'R1erKf0Ocm7y', '1erKf0Ocm7yJ', 'erKf0Ocm', 'rKf0Ocm7', 'Kf0Ocm7y', 'f0Ocm7yJ', '0Ocm', 'Ocm7', 'cm7y', 'm7yJ', 'hmWhN8R9gAtgqyLG', 'mWhN8R9gAtgqyLGJ', 'WhN8R9gAtgqyLGJu', 'hN8R9gAtgqyLGJuX', 'N8R9gAtgqyLG', '8R9gAtgqyLGJ', 'R9gAtgqyLGJu', '9gAtgqyLGJuX', 'gAtgqyLG', 'AtgqyLGJ', 'tgqyLGJu', 'gqyLGJuX', 'qyLG', 'yLGJ', 'LGJu', 'GJuX', 'Ur5OdQRqPDlO3G6d', 'r5OdQRqPDlO3G6de', '5OdQRqPDlO3G6deH', 'OdQRqPDlO3G6deHZ', 'dQRqPDlO3G6d', 'QRqPDlO3G6de', 'RqPDlO3G6deH', 'qPDlO3G6deHZ', 'PDlO3G6d', 'DlO3G6de', 'lO3G6deH', 'O3G6deHZ', '3G6d', 'G6de', '6deH', 'deHZ', 'GftkiPRkXI4pTxK7', 'ftkiPRkXI4pTxK7R', 'tkiPRkXI4pTxK7Rh', 'kiPRkXI4pTxK7RhO', 'iPRkXI4pTxK7', 'PRkXI4pTxK7R', 'RkXI4pTxK7Rh', 'kXI4pTxK7RhO', 'XI4pTxK7', 'I4pTxK7R', '4pTxK7Rh', 'pTxK7RhO', 'TxK7', 'xK7R', 'K7Rh', '7RhO', 'NyGrs0RYV89gQQZ0', 'yGrs0RYV89gQQZ0x', 'Grs0RYV89gQQZ0x9', 'rs0RYV89gQQZ0x9D', 's0RYV89gQQZ0', '0RYV89gQQZ0x', 'RYV89gQQZ0x9', 'YV89gQQZ0x9D', 'V89gQQZ0', '89gQQZ0x', '9gQQZ0x9', 'gQQZ0x9D', 'QQZ0', 'QZ0x', 'Z0x9', '0x9D', 'pirkC5R2jl50EedK', 'irkC5R2jl50EedKO', 'rkC5R2jl50EedKOn', 'kC5R2jl50EedKOnQ', 'C5R2jl50EedK', '5R2jl50EedKO', 'R2jl50EedKOn', '2jl50EedKOnQ', 'jl50EedK', 'l50EedKO', '50EedKOn', '0EedKOnQ', 'EedK', 'edKO', 'dKOn', 'KOnQ', 'nIMZ0PNc', 'IMZ0PNc0', 'MZ0PNc0D', 'Z0PN', '0PNc', 'PNc0', 'Nc0D', 'XFCZAARa', 'FCZAARaO', 'CZAARaOx', 'ZAAR', 'AARa', 'ARaO', 'RaOx', 'DJLEibRuXugTK14p', 'JLEibRuXugTK14pF', 'LEibRuXugTK14pFF', 'EibRuXugTK14pFFN', 'ibRuXugTK14p', 'bRuXugTK14pF', 'RuXugTK14pFF', 'uXugTK14pFFN', 'XugTK14p', 'ugTK14pF', 'gTK14pFF', 'TK14pFFN', 'K14p', '14pF', '4pFF', 'pFFN', 'KKQmlLRwrFICLfdC', 'KQmlLRwrFICLfdCM', 'QmlLRwrFICLfdCMK', 'mlLRwrFICLfdCMK2', 'lLRwrFICLfdC', 'LRwrFICLfdCM', 'RwrFICLfdCMK', 'wrFICLfdCMK2', 'rFICLfdC', 'FICLfdCM', 'ICLfdCMK', 'CLfdCMK2', 'LfdC', 'fdCM', 'dCMK', 'CMK2', 'xwo04vR3s5BGjVT9', 'wo04vR3s5BGjVT9o', 'o04vR3s5BGjVT9oH', '04vR3s5BGjVT9oHe', '4vR3s5BGjVT9', 'vR3s5BGjVT9o', 'R3s5BGjVT9oH', '3s5BGjVT9oHe', 's5BGjVT9', '5BGjVT9o', 'BGjVT9oH', 'GjVT9oHe', 'jVT9', 'VT9o', 'T9oH', '9oHe', 'GbW68qRytHwLwsOh', 'bW68qRytHwLwsOhW', 'W68qRytHwLwsOhW6', '68qRytHwLwsOhW60', '8qRytHwLwsOh', 'qRytHwLwsOhW', 'RytHwLwsOhW6', 'ytHwLwsOhW60', 'tHwLwsOh', 'HwLwsOhW', 'wLwsOhW6', 'LwsOhW60', 'wsOh', 'sOhW', 'OhW6', 'hW60', 'qr4BF91B', 'r4BF91Bi', '4BF91BiI', 'BF91', 'F91B', '91Bi', '1BiI', 'INaBag4E', 'NaBag4Ej', 'aBag4EjB', 'Bag4', 'ag4E', 'g4Ej', '4EjB', 'bowB0X2f', 'owB0X2fZ', 'wB0X2fZ8', 'B0X2', '0X2f', 'X2fZ', '2fZ8', 'WhS4AhRpa4R0v7cJ', 'hS4AhRpa4R0v7cJV', 'S4AhRpa4R0v7cJV6', '4AhRpa4R0v7cJV6G', 'AhRpa4R0v7cJ', 'hRpa4R0v7cJV', 'Rpa4R0v7cJV6', 'pa4R0v7cJV6G', 'a4R0v7cJ', '4R0v7cJV', 'R0v7cJV6', '0v7cJV6G', 'v7cJ', '7cJV', 'cJV6', 'JV6G', 'TUvWurRJB28x4ZfS', 'UvWurRJB28x4ZfS2', 'vWurRJB28x4ZfS27', 'WurRJB28x4ZfS27A', 'urRJB28x4ZfS', 'rRJB28x4ZfS2', 'RJB28x4ZfS27', 'JB28x4ZfS27A', 'B28x4ZfS', '28x4ZfS2', '8x4ZfS27', 'x4ZfS27A', '4ZfS', 'ZfS2', 'fS27', 'S27A', 'YDZZjH0t', 'DZZjH0tu', 'ZZjH0tut', 'ZjH0', 'jH0t', 'H0tu', '0tut', 'wtZZbHti', 'tZZbHtif', 'ZZbHtifZ', 'ZbHt', 'bHti', 'Htif', 'tifZ', 'VgEQt3R8AxmmssoW', 'gEQt3R8AxmmssoW9', 'EQt3R8AxmmssoW9l', 'Qt3R8AxmmssoW9lA', 't3R8AxmmssoW', '3R8AxmmssoW9', 'R8AxmmssoW9l', '8AxmmssoW9lA', 'AxmmssoW', 'xmmssoW9', 'mmssoW9l', 'mssoW9lA', 'ssoW', 'soW9', 'oW9l', 'W9lA', 'NotImplementedExcept', 'otImplementedExcepti', 'tImplementedExceptio', 'ImplementedException', 'mplementedExcept', 'plementedExcepti', 'lementedExceptio', 'ementedException', 'mentedExcept', 'entedExcepti', 'ntedExceptio', 'anatkoRSCX9syrsb', 'natkoRSCX9syrsbh', 'atkoRSCX9syrsbhk', 'tkoRSCX9syrsbhkB', 'koRSCX9syrsb', 'oRSCX9syrsbh', 'RSCX9syrsbhk', 'SCX9syrsbhkB', 'CX9syrsb', 'X9syrsbh', '9syrsbhk', 'syrsbhkB', 'yrsb', 'rsbh', 'sbhk', 'bhkB', 'x02p2kRciWX33ZUc', '02p2kRciWX33ZUcP', '2p2kRciWX33ZUcPS', 'p2kRciWX33ZUcPSG', '2kRciWX33ZUc', 'kRciWX33ZUcP', 'RciWX33ZUcPS', 'ciWX33ZUcPSG', 'iWX33ZUc', 'WX33ZUcP', 'X33ZUcPS', '33ZUcPSG', '3ZUc', 'ZUcP', 'UcPS', 'cPSG', 'vmgZirA7', 'mgZirA7Y', 'gZirA7Yw', 'ZirA', 'irA7', 'rA7Y', 'A7Yw', 'GE8ZtClS', 'E8ZtClSp', '8ZtClSpD', 'ZtCl', 'tClS', 'ClSp', 'lSpD', 'x87OP8RgSwaEOmlS', '87OP8RgSwaEOmlSO', '7OP8RgSwaEOmlSOx', 'OP8RgSwaEOmlSOxK', 'P8RgSwaEOmlS', '8RgSwaEOmlSO', 'RgSwaEOmlSOx', 'gSwaEOmlSOxK', 'SwaEOmlS', 'waEOmlSO', 'aEOmlSOx', 'EOmlSOxK', 'OmlS', 'mlSO', 'lSOx', 'SOxK', 'rvOOPCRFTAD8gsFq', 'vOOPCRFTAD8gsFqF', 'OOPCRFTAD8gsFqFO', 'OPCRFTAD8gsFqFOa', 'PCRFTAD8gsFq', 'CRFTAD8gsFqF', 'RFTAD8gsFqFO', 'FTAD8gsFqFOa', 'TAD8gsFq', 'AD8gsFqF', 'D8gsFqFO', '8gsFqFOa', 'gsFq', 'sFqF', 'FqFO', 'qFOa', 'NaDHe8RaFfe1PqDC', 'aDHe8RaFfe1PqDCS', 'DHe8RaFfe1PqDCSQ', 'He8RaFfe1PqDCSQk', 'e8RaFfe1PqDC', '8RaFfe1PqDCS', 'RaFfe1PqDCSQ', 'aFfe1PqDCSQk', 'Ffe1PqDC', 'fe1PqDCS', 'e1PqDCSQ', '1PqDCSQk', 'PqDC', 'qDCS', 'DCSQ', 'CSQk', 'phkZCOMt', 'hkZCOMtH', 'kZCOMtHg', 'ZCOM', 'COMt', 'OMtH', 'MtHg', 'GXVZMTfb', 'XVZMTfbe', 'VZMTfbeF', 'ZMTf', 'MTfb', 'Tfbe', 'fbeF', 'MsnSRlR0keyCJpfg', 'snSRlR0keyCJpfgu', 'nSRlR0keyCJpfgus', 'SRlR0keyCJpfgus1', 'RlR0keyCJpfg', 'lR0keyCJpfgu', 'R0keyCJpfgus', '0keyCJpfgus1', 'keyCJpfg', 'eyCJpfgu', 'yCJpfgus', 'CJpfgus1', 'Jpfg', 'pfgu', 'fgus', 'gus1', 'rpDt8NRApEWJxLBW', 'pDt8NRApEWJxLBWu', 'Dt8NRApEWJxLBWuL', 't8NRApEWJxLBWuLX', '8NRApEWJxLBW', 'NRApEWJxLBWu', 'RApEWJxLBWuL', 'ApEWJxLBWuLX', 'pEWJxLBW', 'EWJxLBWu', 'WJxLBWuL', 'JxLBWuLX', 'xLBW', 'LBWu', 'BWuL', 'WuLX', 'R2prmkROheqS2uM9', '2prmkROheqS2uM99', 'prmkROheqS2uM99Y', 'rmkROheqS2uM99YC', 'mkROheqS2uM9', 'kROheqS2uM99', 'ROheqS2uM99Y', 'OheqS2uM99YC', 'heqS2uM9', 'eqS2uM99', 'qS2uM99Y', 'S2uM99YC', '2uM9', 'uM99', 'M99Y', '99YC', 'FvkZzI2g', 'vkZzI2gU', 'kZzI2gUJ', 'ZzI2', 'zI2g', 'I2gU', '2gUJ', 'mwa7VWeE', 'wa7VWeEM', 'a7VWeEMW', '7VWe', 'VWeE', 'WeEM', 'eEMW', 'oHcJNARoFTZEF2KB', 'HcJNARoFTZEF2KBd', 'cJNARoFTZEF2KBdH', 'JNARoFTZEF2KBdHo', 'NARoFTZEF2KB', 'ARoFTZEF2KBd', 'RoFTZEF2KBdH', 'oFTZEF2KBdHo', 'FTZEF2KB', 'TZEF2KBd', 'ZEF2KBdH', 'EF2KBdHo', 'F2KB', '2KBd', 'KBdH', 'BdHo', 'GLhQduRj1hfPl829', 'LhQduRj1hfPl829f', 'hQduRj1hfPl829fQ', 'QduRj1hfPl829fQk', 'duRj1hfPl829', 'uRj1hfPl829f', 'Rj1hfPl829fQ', 'j1hfPl829fQk', '1hfPl829', 'hfPl829f', 'fPl829fQ', 'Pl829fQk', 'l829', '829f', '29fQ', '9fQk', 'u6cYu0Rb0XOr5tkG', '6cYu0Rb0XOr5tkG7', 'cYu0Rb0XOr5tkG74', 'Yu0Rb0XOr5tkG74G', 'u0Rb0XOr5tkG', '0Rb0XOr5tkG7', 'Rb0XOr5tkG74', 'b0XOr5tkG74G', '0XOr5tkG', 'XOr5tkG7', 'Or5tkG74', 'r5tkG74G', '5tkG', 'tkG7', 'kG74', 'G74G', 'Q3V7nGW3', '3V7nGW3F', 'V7nGW3Fp', '7nGW', 'nGW3', 'GW3F', 'W3Fp', 'K3N7El22', '3N7El22F', 'N7El22Fk', '7El2', 'El22', 'l22F', '22Fk', 'Vr2g8sRQO29gutCx', 'r2g8sRQO29gutCxa', '2g8sRQO29gutCxap', 'g8sRQO29gutCxapB', '8sRQO29gutCx', 'sRQO29gutCxa', 'RQO29gutCxap', 'QO29gutCxapB', 'O29gutCx', '29gutCxa', '9gutCxap', 'gutCxapB', 'utCx', 'tCxa', 'Cxap', 'xapB', 'rFRnruRitXWSO9BH', 'FRnruRitXWSO9BHQ', 'RnruRitXWSO9BHQA', 'nruRitXWSO9BHQA1', 'ruRitXWSO9BH', 'uRitXWSO9BHQ', 'RitXWSO9BHQA', 'itXWSO9BHQA1', 'tXWSO9BH', 'XWSO9BHQ', 'WSO9BHQA', 'SO9BHQA1', 'O9BH', '9BHQ', 'BHQA', 'HQA1', 'KpfnyiRtrsFp8WC0', 'pfnyiRtrsFp8WC0F', 'fnyiRtrsFp8WC0FX', 'nyiRtrsFp8WC0FXA', 'yiRtrsFp8WC0', 'iRtrsFp8WC0F', 'RtrsFp8WC0FX', 'trsFp8WC0FXA', 'rsFp8WC0', 'sFp8WC0F', 'Fp8WC0FX', 'p8WC0FXA', '8WC0', 'WC0F', 'C0FX', '0FXA', 'SZk77awE', 'Zk77awEa', 'k77awEaC', '77aw', '7awE', 'awEa', 'wEaC', 'Raf7W2D3', 'af7W2D3h', 'f7W2D3hB', '7W2D', 'W2D3', '2D3h', 'D3hB', 'usD7NY16', 'sD7NY16c', 'D7NY16cp', '7NY1', 'NY16', 'Y16c', '16cp', 'IlphE0RdBsfEaejt', 'lphE0RdBsfEaejtb', 'phE0RdBsfEaejtbN', 'hE0RdBsfEaejtbN5', 'E0RdBsfEaejt', '0RdBsfEaejtb', 'RdBsfEaejtbN', 'dBsfEaejtbN5', 'BsfEaejt', 'sfEaejtb', 'fEaejtbN', 'EaejtbN5', 'aejt', 'ejtb', 'jtbN', 'tbN5', 'yeSSUMRC2gLxa8gJ', 'eSSUMRC2gLxa8gJ7', 'SSUMRC2gLxa8gJ7V', 'SUMRC2gLxa8gJ7Vs', 'UMRC2gLxa8gJ', 'MRC2gLxa8gJ7', 'RC2gLxa8gJ7V', 'C2gLxa8gJ7Vs', '2gLxa8gJ', 'gLxa8gJ7', 'Lxa8gJ7V', 'xa8gJ7Vs', 'a8gJ', '8gJ7', 'gJ7V', 'J7Vs', 'ImrC1SRMY0YOHZ9n', 'mrC1SRMY0YOHZ9na', 'rC1SRMY0YOHZ9naW', 'C1SRMY0YOHZ9naWw', '1SRMY0YOHZ9n', 'SRMY0YOHZ9na', 'RMY0YOHZ9naW', 'MY0YOHZ9naWw', 'Y0YOHZ9n', '0YOHZ9na', 'YOHZ9naW', 'OHZ9naWw', 'HZ9n', 'Z9na', '9naW', 'naWw', 'YLm76ERv', 'Lm76ERvQ', 'm76ERvQR', '76ER', '6ERv', 'ERvQ', 'RvQR', 'N337h3nj', '337h3njP', '37h3njPh', '7h3n', 'h3nj', '3njP', 'njPh', 'f4u7BoF1', '4u7BoF1D', 'u7BoF1Db', '7BoF', 'BoF1', 'oF1D', 'F1Db', 'Ux67KNyb', 'x67KNybr', '67KNybrS', '7KNy', 'KNyb', 'Nybr', 'ybrS', 'sNnYPeRxaRBL8h2s', 'NnYPeRxaRBL8h2st', 'nYPeRxaRBL8h2std', 'YPeRxaRBL8h2stdp', 'PeRxaRBL8h2s', 'eRxaRBL8h2st', 'RxaRBL8h2std', 'xaRBL8h2stdp', 'aRBL8h2s', 'RBL8h2st', 'BL8h2std', 'L8h2stdp', '8h2s', 'h2st', '2std', 'stdp', 'tctyWiRzQVUZN2pY', 'ctyWiRzQVUZN2pYn', 'tyWiRzQVUZN2pYnX', 'yWiRzQVUZN2pYnX7', 'WiRzQVUZN2pY', 'iRzQVUZN2pYn', 'RzQVUZN2pYnX', 'zQVUZN2pYnX7', 'QVUZN2pY', 'VUZN2pYn', 'UZN2pYnX', 'ZN2pYnX7', 'N2pY', '2pYn', 'pYnX', 'YnX7', 'zaJLmWfVI73pdmBS', 'aJLmWfVI73pdmBSr', 'JLmWfVI73pdmBSrt', 'LmWfVI73pdmBSrtP', 'mWfVI73pdmBS', 'WfVI73pdmBSr', 'fVI73pdmBSrt', 'VI73pdmBSrtP', 'I73pdmBS', '73pdmBSr', '3pdmBSrt', 'pdmBSrtP', 'dmBS', 'mBSr', 'BSrt', 'SrtP', 'Auk7ritv', 'uk7ritvh', 'k7ritvh5', '7rit', 'ritv', 'itvh', 'tvh5', 'rvd7TY9I', 'vd7TY9If', 'd7TY9IfL', '7TY9', 'TY9I', 'Y9If', '9IfL', 'hCm7eHqo', 'Cm7eHqoi', 'm7eHqoiE', '7eHq', 'eHqo', 'Hqoi', 'qoiE', 'GRwleQfHRSYMHjXE', 'RwleQfHRSYMHjXEW', 'wleQfHRSYMHjXEWs', 'leQfHRSYMHjXEWs7', 'eQfHRSYMHjXE', 'QfHRSYMHjXEW', 'fHRSYMHjXEWs', 'HRSYMHjXEWs7', 'RSYMHjXE', 'SYMHjXEW', 'YMHjXEWs', 'MHjXEWs7', 'HjXE', 'jXEW', 'XEWs', 'EWs7', 'aoqbZJfnq7ir5nPJ', 'oqbZJfnq7ir5nPJA', 'qbZJfnq7ir5nPJAw', 'bZJfnq7ir5nPJAwW', 'ZJfnq7ir5nPJ', 'Jfnq7ir5nPJA', 'fnq7ir5nPJAw', 'nq7ir5nPJAwW', 'q7ir5nPJ', '7ir5nPJA', 'ir5nPJAw', 'r5nPJAwW', '5nPJ', 'nPJA', 'PJAw', 'JAwW', 'mIFd86fEgt2W73h2', 'IFd86fEgt2W73h2B', 'Fd86fEgt2W73h2BC', 'd86fEgt2W73h2BCV', '86fEgt2W73h2', '6fEgt2W73h2B', 'fEgt2W73h2BC', 'Egt2W73h2BCV', 'gt2W73h2', 't2W73h2B', '2W73h2BC', 'W73h2BCV', '73h2', '3h2B', 'h2BC', '2BCV', 'qJI7GnC1', 'JI7GnC10', 'I7GnC10n', '7GnC', 'GnC1', 'nC10', 'C10n', 'YI37l5uB', 'I37l5uBR', '37l5uBR4', '7l5u', 'l5uB', '5uBR', 'uBR4', 'VVK7IMB5', 'VK7IMB5J', 'K7IMB5JY', '7IMB', 'IMB5', 'MB5J', 'B5JY', 'YxD7Lmiw', 'xD7LmiwF', 'D7LmiwFh', '7Lmi', 'Lmiw', 'miwF', 'iwFh', 'DCG7RyqX', 'CG7RyqXE', 'G7RyqXEF', '7Ryq', 'RyqX', 'yqXE', 'qXEF', 'th17fCEJ', 'h17fCEJ0', '17fCEJ0X', '7fCE', 'fCEJ', 'CEJ0', 'EJ0X', 'Dn4KyefZE1WYxQHo', 'n4KyefZE1WYxQHob', '4KyefZE1WYxQHobv', 'KyefZE1WYxQHobvT', 'yefZE1WYxQHo', 'efZE1WYxQHob', 'fZE1WYxQHobv', 'ZE1WYxQHobvT', 'E1WYxQHo', '1WYxQHob', 'WYxQHobv', 'YxQHobvT', 'xQHo', 'QHob', 'Hobv', 'obvT', 'PhrsCNf7UU5DC3Q6', 'hrsCNf7UU5DC3Q6c', 'rsCNf7UU5DC3Q6cy', 'sCNf7UU5DC3Q6cy0', 'CNf7UU5DC3Q6', 'Nf7UU5DC3Q6c', 'f7UU5DC3Q6cy', '7UU5DC3Q6cy0', 'UU5DC3Q6', 'U5DC3Q6c', '5DC3Q6cy', 'DC3Q6cy0', 'C3Q6', '3Q6c', 'Q6cy', '6cy0', 'R2ql6MfWLd0sQ8QW', '2ql6MfWLd0sQ8QWK', 'ql6MfWLd0sQ8QWKN', 'l6MfWLd0sQ8QWKNs', '6MfWLd0sQ8QW', 'MfWLd0sQ8QWK', 'fWLd0sQ8QWKN', 'WLd0sQ8QWKNs', 'Ld0sQ8QW', 'd0sQ8QWK', '0sQ8QWKN', 'sQ8QWKNs', 'Q8QW', '8QWK', 'QWKN', 'WKNs', 'afV7Dbki', 'fV7Dbkib', 'V7DbkibE', '7Dbk', 'Dbki', 'bkib', 'kibE', 'HAG7mg48', 'AG7mg48T', 'G7mg48T1', '7mg4', 'mg48', 'g48T', '48T1', 'dbF7vHQD', 'bF7vHQDk', 'F7vHQDkw', '7vHQ', 'vHQD', 'HQDk', 'QDkw', 'IDw74Xy5', 'Dw74Xy5P', 'w74Xy5Pe', '74Xy', '4Xy5', 'Xy5P', 'y5Pe', 'vp97XCnj', 'p97XCnjg', '97XCnjgR', '7XCn', 'XCnj', 'Cnjg', 'njgR', 'GL3MMPfNg6Z4IX4A', 'L3MMPfNg6Z4IX4Ab', '3MMPfNg6Z4IX4Aba', 'MMPfNg6Z4IX4Aban', 'MPfNg6Z4IX4A', 'PfNg6Z4IX4Ab', 'fNg6Z4IX4Aba', 'Ng6Z4IX4Aban', 'g6Z4IX4A', '6Z4IX4Ab', 'Z4IX4Aba', '4IX4Aban', 'IX4A', 'X4Ab', '4Aba', 'Aban', 'gZm6WvfsFF5a2BuX', 'Zm6WvfsFF5a2BuXF', 'm6WvfsFF5a2BuXFD', '6WvfsFF5a2BuXFDR', 'WvfsFF5a2BuX', 'vfsFF5a2BuXF', 'fsFF5a2BuXFD', 'sFF5a2BuXFDR', 'FF5a2BuX', 'F5a2BuXF', '5a2BuXFD', 'a2BuXFDR', '2BuX', 'BuXF', 'uXFD', 'XFDR', 'EGTlr4f6cbuXAPUX', 'GTlr4f6cbuXAPUXc', 'Tlr4f6cbuXAPUXc8', 'lr4f6cbuXAPUXc8s', 'r4f6cbuXAPUX', '4f6cbuXAPUXc', 'f6cbuXAPUXc8', '6cbuXAPUXc8s', 'cbuXAPUX', 'buXAPUXc', 'uXAPUXc8', 'XAPUXc8s', 'APUX', 'PUXc', 'UXc8', 'Xc8s', 'qs379u1o', 's379u1oS', '379u1oS7', '79u1', '9u1o', 'u1oS', '1oS7', 'GJ97qXw2', 'J97qXw25', '97qXw25C', '7qXw', 'qXw2', 'Xw25', 'w25C', 'P1vbF7fhcIGmMK0u', '1vbF7fhcIGmMK0uj', 'vbF7fhcIGmMK0ujG', 'bF7fhcIGmMK0ujGg', 'F7fhcIGmMK0u', '7fhcIGmMK0uj', 'fhcIGmMK0ujG', 'hcIGmMK0ujGg', 'cIGmMK0u', 'IGmMK0uj', 'GmMK0ujG', 'mMK0ujGg', 'MK0u', 'K0uj', '0ujG', 'ujGg', 'TDQRQvfBqqGmbpaH', 'DQRQvfBqqGmbpaHq', 'QRQvfBqqGmbpaHqW', 'RQvfBqqGmbpaHqWQ', 'QvfBqqGmbpaH', 'vfBqqGmbpaHq', 'fBqqGmbpaHqW', 'BqqGmbpaHqWQ', 'qqGmbpaH', 'qGmbpaHq', 'GmbpaHqW', 'mbpaHqWQ', 'bpaH', 'paHq', 'aHqW', 'HqWQ', 'bymMwAfK5E6akKNQ', 'ymMwAfK5E6akKNQL', 'mMwAfK5E6akKNQLR', 'MwAfK5E6akKNQLRT', 'wAfK5E6akKNQ', 'AfK5E6akKNQL', 'fK5E6akKNQLR', 'K5E6akKNQLRT', '5E6akKNQ', 'E6akKNQL', '6akKNQLR', 'akKNQLRT', 'kKNQ', 'KNQL', 'NQLR', 'QLRT', 'X7T7u5bR', '7T7u5bRh', 'T7u5bRhC', '7u5b', 'u5bR', '5bRh', 'bRhC', 'cCG7wYqf', 'CG7wYqfq', 'G7wYqfqk', '7wYq', 'wYqf', 'Yqfq', 'qfqk', 'LO4JCjfUTOcfy6YJ', 'O4JCjfUTOcfy6YJK', '4JCjfUTOcfy6YJKX', 'JCjfUTOcfy6YJKXX', 'CjfUTOcfy6YJ', 'jfUTOcfy6YJK', 'fUTOcfy6YJKX', 'UTOcfy6YJKXX', 'TOcfy6YJ', 'Ocfy6YJK', 'cfy6YJKX', 'fy6YJKXX', 'y6YJ', '6YJK', 'YJKX', 'JKXX', 'AddRange', 'ddRa', 'dRan', 'Rang', 'ange', 'IEnumera', 'Enumerab', 'numerabl', 'umerable', 'mera', 'erab', 'rabl', 'Equa', 'uals', 'GetHashC', 'etHashCo', 'tHashCod', 'HashCode', 'ashC', 'shCo', 'hCod', 'Enumerat', 'numerato', 'umerator', 'Curr', 'urre', 'rren', 'rent', 'MoveNext', 'oveN', 'veNe', 'eNex', 'Next', 'GetEnumerato', 'etEnumerator', 'tEnumera', 'oa07YFxQ', 'a07YFxQ8', '07YFxQ8V', '7YFx', 'YFxQ', 'FxQ8', 'xQ8V', 'asj72wZe', 'sj72wZeE', 'j72wZeEA', '72wZ', '2wZe', 'wZeE', 'ZeEA', 'pjjWgofru8HbBCo4', 'jjWgofru8HbBCo4u', 'jWgofru8HbBCo4ul', 'Wgofru8HbBCo4ulZ', 'gofru8HbBCo4', 'ofru8HbBCo4u', 'fru8HbBCo4ul', 'ru8HbBCo4ulZ', 'u8HbBCo4', '8HbBCo4u', 'HbBCo4ul', 'bBCo4ulZ', 'BCo4', 'Co4u', 'o4ul', '4ulZ', 'Phvd14fT3x6nDuvb', 'hvd14fT3x6nDuvbS', 'vd14fT3x6nDuvbSy', 'd14fT3x6nDuvbSyi', '14fT3x6nDuvb', '4fT3x6nDuvbS', 'fT3x6nDuvbSy', 'T3x6nDuvbSyi', '3x6nDuvb', 'x6nDuvbS', '6nDuvbSy', 'nDuvbSyi', 'Duvb', 'uvbS', 'vbSy', 'bSyi', 'targ', 'arge', 'rget', 'paramter', 'aramters', 'ramt', 'amte', 'mter', 'GINs83id', 'INs83idw', 'Ns83idwj', 's83i', '83id', '3idw', 'idwj', 'E5IsSaV6', '5IsSaV6I', 'IsSaV6IQ', 'sSaV', 'SaV6', 'aV6I', 'V6IQ', 'jX9scqBA', 'X9scqBAf', '9scqBAfQ', 'scqB', 'cqBA', 'qBAf', 'BAfQ', 'sb8sgtcI', 'b8sgtcIu', '8sgtcIuI', 'sgtc', 'gtcI', 'tcIu', 'cIuI', 'S6dsFUvg', '6dsFUvgQ', 'dsFUvgQT', 'sFUv', 'FUvg', 'UvgQ', 'vgQT', 'xVvsaQXw', 'VvsaQXwH', 'vsaQXwHc', 'saQX', 'aQXw', 'QXwH', 'XwHc', 'Gr0s0jcp', 'r0s0jcpV', '0s0jcpV9', 's0jc', '0jcp', 'jcpV', 'cpV9', 'zMVsAseQ', 'MVsAseQ9', 'VsAseQ9X', 'sAse', 'AseQ', 'seQ9', 'eQ9X', 'e9wsOQsG', '9wsOQsG6', 'wsOQsG6r', 'sOQs', 'OQsG', 'QsG6', 'sG6r', 'E9Pso3Up', '9Pso3Upy', 'Pso3Upyl', 'so3U', 'o3Up', '3Upy', 'Upyl', 'riMsjsJA', 'iMsjsJAS', 'MsjsJASg', 'sjsJ', 'jsJA', 'sJAS', 'JASg', 'DOHsbuiQ', 'OHsbuiQL', 'HsbuiQLT', 'sbui', 'buiQ', 'uiQL', 'iQLT', 'hXssQo5V', 'XssQo5Vw', 'ssQo5Vw6', 'sQo5', 'Qo5V', 'o5Vw', '5Vw6', 'rkksivkd', 'kksivkdJ', 'ksivkdJg', 'sivk', 'ivkd', 'vkdJ', 'kdJg', 'NUGstKq9', 'UGstKq96', 'GstKq96L', 'stKq', 'tKq9', 'Kq96', 'q96L', 'wQRsdbQP', 'QRsdbQPV', 'RsdbQPV0', 'sdbQ', 'dbQP', 'bQPV', 'QPV0', 'nc1sCSnv', 'c1sCSnvT', '1sCSnvTC', 'sCSn', 'CSnv', 'SnvT', 'nvTC', 'WWPsMcPP', 'WPsMcPPe', 'PsMcPPeh', 'sMcP', 'McPP', 'cPPe', 'PPeh', 'n3ysxsmH', '3ysxsmH7', 'ysxsmH7M', 'sxsm', 'xsmH', 'smH7', 'mH7M', 'mMCszqJ5', 'MCszqJ5t', 'CszqJ5tC', 'szqJ', 'zqJ5', 'qJ5t', 'J5tC', 'eCg6VLWH', 'Cg6VLWHT', 'g6VLWHTB', '6VLW', 'VLWH', 'LWHT', 'WHTB', 'GZc6HkOr', 'Zc6HkOrb', 'c6HkOrbL', '6HkO', 'HkOr', 'kOrb', 'OrbL', 'BZF6nr8Y', 'ZF6nr8Yx', 'F6nr8Yxv', '6nr8', 'nr8Y', 'r8Yx', '8Yxv', 'x3s6Eqs8', '3s6Eqs8u', 's6Eqs8uY', '6Eqs', 'Eqs8', 'qs8u', 's8uY', 'FGU6ZQRu', 'GU6ZQRuZ', 'U6ZQRuZe', '6ZQR', 'ZQRu', 'QRuZ', 'RuZe', 'HNp67RpZ', 'Np67RpZL', 'p67RpZLA', '67Rp', '7RpZ', 'RpZL', 'pZLA', 'vor6WVyl', 'or6WVyls', 'r6WVylsr', '6WVy', 'WVyl', 'Vyls', 'ylsr', 'jWj6Nkcu', 'Wj6NkcuG', 'j6NkcuGN', '6Nkc', 'Nkcu', 'kcuG', 'cuGN', 'jMB6sDUq', 'MB6sDUqe', 'B6sDUqea', '6sDU', 'sDUq', 'DUqe', 'Uqea', 'EuY66BxL', 'uY66BxL5', 'Y66BxL5n', '66Bx', '6BxL', 'BxL5', 'xL5n', 'gqH6hyhE', 'qH6hyhEC', 'H6hyhEC5', '6hyh', 'hyhE', 'yhEC', 'hEC5', 'cS96BjCI', 'S96BjCIZ', '96BjCIZ6', '6BjC', 'BjCI', 'jCIZ', 'CIZ6', 'ops6KpLd', 'ps6KpLds', 's6KpLds2', '6KpL', 'KpLd', 'pLds', 'Lds2', 'hEX6UxUA', 'EX6UxUAD', 'X6UxUADL', '6UxU', 'UxUA', 'xUAD', 'UADL', 'L3M6rc0P', '3M6rc0Pc', 'M6rc0PcQ', '6rc0', 'rc0P', 'c0Pc', '0PcQ', 'bmM6T56u', 'mM6T56ud', 'M6T56ud9', '6T56', 'T56u', '56ud', '6ud9', 'BrM6eKbg', 'rM6eKbgb', 'M6eKbgbx', '6eKb', 'eKbg', 'Kbgb', 'bgbx', 'SP06PQSf', 'P06PQSfA', '06PQSfAZ', '6PQS', 'PQSf', 'QSfA', 'SfAZ', 'bKQ6GvoS', 'KQ6GvoSY', 'Q6GvoSYH', '6Gvo', 'GvoS', 'voSY', 'oSYH', 's4p6lFH4', '4p6lFH45', 'p6lFH45E', '6lFH', 'lFH4', 'FH45', 'H45E', 'kp0pmofeErPQbEGM', 'p0pmofeErPQbEGMe', '0pmofeErPQbEGMeI', 'pmofeErPQbEGMeIu', 'mofeErPQbEGM', 'ofeErPQbEGMe', 'feErPQbEGMeI', 'eErPQbEGMeIu', 'ErPQbEGM', 'rPQbEGMe', 'PQbEGMeI', 'QbEGMeIu', 'bEGM', 'EGMe', 'GMeI', 'MeIu', 'L4Y7c5dJ', '4Y7c5dJR', 'Y7c5dJRb', '7c5d', 'c5dJ', '5dJR', 'dJRb', 'RMC7gT9J', 'MC7gT9JD', 'C7gT9JDL', '7gT9', 'gT9J', 'T9JD', '9JDL', 'Clea', 'lear', 'iul7F0IE', 'ul7F0IEk', 'l7F0IEkG', '7F0I', 'F0IE', '0IEk', 'IEkG', 'TargetInvocationExceptio', 'argetInvocationException', 'rgetInvocationExcept', 'getInvocationExcepti', 'etInvocationExceptio', 'tInvocationException', 'InvocationExcept', 'nvocationExcepti', 'vocationExceptio', 'ocationException', 'cationExcept', 'YXQ7aQDY', 'XQ7aQDY0', 'Q7aQDY0r', '7aQD', 'aQDY', 'QDY0', 'DY0r', 'osO70miF', 'sO70miFS', 'O70miFS3', '70mi', '0miF', 'miFS', 'iFS3', 'byv7AMsX', 'yv7AMsX9', 'v7AMsX9u', '7AMs', 'AMsX', 'MsX9', 'sX9u', 'tG07OUxh', 'G07OUxhE', '07OUxhEl', '7OUx', 'OUxh', 'UxhE', 'xhEl', 'aQm7owUq', 'Qm7owUqe', 'm7owUqeP', '7owU', 'owUq', 'wUqe', 'UqeP', 'ConstructorI', 'onstructorIn', 'nstructorInf', 'structorInfo', 'tructorI', 'ructorIn', 'uctorInf', 'ctorInfo', 'torI', 'orIn', 'TryGetVa', 'ryGetVal', 'yGetValu', 'OverflowExceptio', 'verflowException', 'erflowExcept', 'rflowExcepti', 'flowExceptio', 'lowException', 'owExcept', 'wExcepti', 'NullReferenceExcepti', 'ullReferenceExceptio', 'llReferenceException', 'lReferenceExcept', 'ReferenceExcepti', 'eferenceExceptio', 'ferenceException', 'erenceExcept', 'renceExcepti', 'enceExceptio', 'nceException', 'ceExcept', 'eExcepti', 'ArithmeticExcept', 'rithmeticExcepti', 'ithmeticExceptio', 'thmeticException', 'hmeticExcept', 'meticExcepti', 'eticExceptio', 'ticException', 'icExcept', 'cExcepti', 'bWM7bsLC', 'WM7bsLCP', 'M7bsLCP7', '7bsL', 'bsLC', 'sLCP', 'LCP7', 'MhTNhe2e', 'hTNhe2e5', 'TNhe2e58', 'Nhe2', 'he2e', 'e2e5', '2e58', 'wuRNBUfK', 'uRNBUfKU', 'RNBUfKU2', 'NBUf', 'BUfK', 'UfKU', 'fKU2', 'DnSsNGFb', 'nSsNGFbs', 'SsNGFbsF', 'sNGF', 'NGFb', 'GFbs', 'FbsF', 'EmptyTyp', 'mptyType', 'ptyTypes', 'tyTy', 'yTyp', 'ypes', 'izeo', 'zeof', 'HIZsI9SZ', 'IZsI9SZ5', 'ZsI9SZ52', 'sI9S', 'I9SZ', '9SZ5', 'SZ52', 'ePVsLTta', 'PVsLTtaI', 'VsLTtaIp', 'sLTt', 'LTta', 'TtaI', 'taIp', 'JLos1Dho', 'Los1Dhor', 'os1Dhorl', 's1Dh', '1Dho', 'Dhor', 'horl', 'sJEs9xmI', 'JEs9xmIw', 'Es9xmIwE', 's9xm', '9xmI', 'xmIw', 'mIwE', 'LocalBuilder', 'ocalBuil', 'calBuild', 'alBuilde', 'lBuilder', 'Buil', 'uild', 'ilde', 'lder', 'Ldob', 'dobj', 'Stlo', 'tloc', 'Ldlo', 'dloc', 'Castclas', 'astclass', 'stcl', 'tcla', 'clas', 'lass', 'Stel', 'tele', 'elem', 'Unbo', 'nbox', 'Ldel', 'dele', 'Ldnu', 'dnul', 'null', 'loca', 'Ldin', 'dind', 'nJssqXHR', 'JssqXHRX', 'ssqXHRXp', 'sqXH', 'qXHR', 'XHRX', 'HRXp', 'Ldfl', 'dfld', 'flda', 'Ldsf', 'dsfl', 'sfld', 'rBXskrqs', 'BXskrqsX', 'XskrqsXq', 'skrq', 'krqs', 'rqsX', 'qsXq', 'Newo', 'ewob', 'wobj', 'ICesYN0i', 'CesYN0ib', 'esYN0ibX', 'sYN0', 'YN0i', 'N0ib', '0ibX', 'YfLs2e7J', 'fLs2e7Jc', 'Ls2e7Jcm', 's2e7', '2e7J', 'e7Jc', '7Jcm', 'Stin', 'tind', 'J7AsuoIM', '7AsuoIM2', 'AsuoIM2x', 'suoI', 'uoIM', 'oIM2', 'IM2x', 'fxXswTVa', 'xXswTVar', 'XswTVar3', 'swTV', 'wTVa', 'TVar', 'Var3', 'eoLs3W8g', 'oLs3W8gk', 'Ls3W8gkm', 's3W8', '3W8g', 'W8gk', '8gkm', 'Vh5syBVE', 'h5syBVEZ', '5syBVEZf', 'syBV', 'yBVE', 'BVEZ', 'VEZf', 'XwTspJKE', 'wTspJKEd', 'TspJKEdZ', 'spJK', 'pJKE', 'JKEd', 'KEdZ', 'Ht5sJUqe', 't5sJUqeN', '5sJUqeNm', 'sJUq', 'JUqe', 'UqeN', 'qeNm', 'D19VvtfPW7AhNYOq', '19VvtfPW7AhNYOqV', '9VvtfPW7AhNYOqV2', 'VvtfPW7AhNYOqV2k', 'vtfPW7AhNYOq', 'tfPW7AhNYOqV', 'fPW7AhNYOqV2', 'PW7AhNYOqV2k', 'W7AhNYOq', '7AhNYOqV', 'AhNYOqV2', 'hNYOqV2k', 'NYOq', 'YOqV', 'OqV2', 'qV2k', 'm08R8ifGeSPJJ2Vn', '08R8ifGeSPJJ2Vn5', '8R8ifGeSPJJ2Vn5L', 'R8ifGeSPJJ2Vn5Lc', '8ifGeSPJJ2Vn', 'ifGeSPJJ2Vn5', 'fGeSPJJ2Vn5L', 'GeSPJJ2Vn5Lc', 'eSPJJ2Vn', 'SPJJ2Vn5', 'PJJ2Vn5L', 'JJ2Vn5Lc', 'J2Vn', '2Vn5', 'Vn5L', 'n5Lc', 'RnoySOfl0uahvQxy', 'noySOfl0uahvQxy9', 'oySOfl0uahvQxy98', 'ySOfl0uahvQxy988', 'SOfl0uahvQxy', 'Ofl0uahvQxy9', 'fl0uahvQxy98', 'l0uahvQxy988', '0uahvQxy', 'uahvQxy9', 'ahvQxy98', 'hvQxy988', 'vQxy', 'Qxy9', 'xy98', 'y988', 'lWa3HO70', 'Wa3HO70q', 'a3HO70qA', '3HO7', 'HO70', 'O70q', '70qA', 'abYAC8fI7T7gBvo2', 'bYAC8fI7T7gBvo2b', 'YAC8fI7T7gBvo2b9', 'AC8fI7T7gBvo2b9Y', 'C8fI7T7gBvo2', '8fI7T7gBvo2b', 'fI7T7gBvo2b9', 'I7T7gBvo2b9Y', '7T7gBvo2', 'T7gBvo2b', '7gBvo2b9', 'gBvo2b9Y', 'Bvo2', 'vo2b', 'o2b9', '2b9Y', 'MekYHmfL0ucHoWo5', 'ekYHmfL0ucHoWo58', 'kYHmfL0ucHoWo58N', 'YHmfL0ucHoWo58Ns', 'HmfL0ucHoWo5', 'mfL0ucHoWo58', 'fL0ucHoWo58N', 'L0ucHoWo58Ns', '0ucHoWo5', 'ucHoWo58', 'cHoWo58N', 'HoWo58Ns', 'oWo5', 'Wo58', 'o58N', '58Ns', 'g5862uKr', '5862uKrZ', '862uKrZU', '62uK', '2uKr', 'uKrZ', 'KrZU', 'LPvUcef4WnCZklKm', 'PvUcef4WnCZklKmy', 'vUcef4WnCZklKmyA', 'Ucef4WnCZklKmyAY', 'cef4WnCZklKm', 'ef4WnCZklKmy', 'f4WnCZklKmyA', '4WnCZklKmyAY', 'WnCZklKm', 'nCZklKmy', 'CZklKmyA', 'ZklKmyAY', 'klKm', 'lKmy', 'KmyA', 'myAY', 'IF865HO2', 'F865HO2C', '865HO2C9', '65HO', '5HO2', 'HO2C', 'O2C9', 'pUd6Du5m', 'Ud6Du5ms', 'd6Du5msl', '6Du5', 'Du5m', 'u5ms', '5msl', 'vdR6mpgj', 'dR6mpgjM', 'R6mpgjMP', '6mpg', 'mpgj', 'pgjM', 'gjMP', 'Py86vwY8', 'y86vwY8G', '86vwY8GI', '6vwY', 'vwY8', 'wY8G', 'Y8GI', 'TJP64ilI', 'JP64ilIk', 'P64ilIkG', '64il', '4ilI', 'ilIk', 'lIkG', 'lDQ6XUdU', 'DQ6XUdUq', 'Q6XUdUqd', '6XUd', 'XUdU', 'UdUq', 'dUqd', 'VBC61esX', 'BC61esXN', 'C61esXNp', '61es', '1esX', 'esXN', 'sXNp', 'wcA69wyj', 'cA69wyjt', 'A69wyjtp', '69wy', '9wyj', 'wyjt', 'yjtp', 'fKl6q01c', 'Kl6q01cN', 'l6q01cNL', '6q01', 'q01c', '01cN', '1cNL', 'InvalidCastException', 'nvalidCastExcept', 'validCastExcepti', 'alidCastExceptio', 'lidCastException', 'idCastExcept', 'dCastExcepti', 'CastExceptio', 'astException', 'stExcept', 'bRw6k0oN', 'Rw6k0oNX', 'w6k0oNXo', '6k0o', 'k0oN', '0oNX', 'oNXo', 'qve6YiFZ', 've6YiFZr', 'e6YiFZru', '6YiF', 'YiFZ', 'iFZr', 'FZru', 'B1RsZufXixBEOhsf', '1RsZufXixBEOhsfg', 'RsZufXixBEOhsfgv', 'sZufXixBEOhsfgvL', 'ZufXixBEOhsf', 'ufXixBEOhsfg', 'fXixBEOhsfgv', 'XixBEOhsfgvL', 'ixBEOhsf', 'xBEOhsfg', 'BEOhsfgv', 'EOhsfgvL', 'Ohsf', 'hsfg', 'sfgv', 'fgvL', 'QQbv9Tf1oQWJwyPn', 'Qbv9Tf1oQWJwyPnw', 'bv9Tf1oQWJwyPnwh', 'v9Tf1oQWJwyPnwh8', '9Tf1oQWJwyPn', 'Tf1oQWJwyPnw', 'f1oQWJwyPnwh', '1oQWJwyPnwh8', 'oQWJwyPn', 'QWJwyPnw', 'WJwyPnwh', 'JwyPnwh8', 'wyPn', 'yPnw', 'Pnwh', 'nwh8', 'ihA6wVTQ', 'hA6wVTQD', 'A6wVTQD1', '6wVT', 'wVTQ', 'VTQD', 'TQD1', 'Kju633fV', 'ju633fVa', 'u633fVaA', '633f', '33fV', '3fVa', 'fVaA', 'CdvAc0f9Bs7xio6N', 'dvAc0f9Bs7xio6NY', 'vAc0f9Bs7xio6NYm', 'Ac0f9Bs7xio6NYm4', 'c0f9Bs7xio6N', '0f9Bs7xio6NY', 'f9Bs7xio6NYm', '9Bs7xio6NYm4', 'Bs7xio6N', 's7xio6NY', '7xio6NYm', 'xio6NYm4', 'io6N', 'o6NY', '6NYm', 'NYm4', 'YUVyRYfqWhxeFGos', 'UVyRYfqWhxeFGosD', 'VyRYfqWhxeFGosDP', 'yRYfqWhxeFGosDPl', 'RYfqWhxeFGos', 'YfqWhxeFGosD', 'fqWhxeFGosDP', 'qWhxeFGosDPl', 'WhxeFGos', 'hxeFGosD', 'xeFGosDP', 'eFGosDPl', 'FGos', 'GosD', 'osDP', 'sDPl', 'LLIO3xfkL54xFuh0', 'LIO3xfkL54xFuh0p', 'IO3xfkL54xFuh0pV', 'O3xfkL54xFuh0pVg', '3xfkL54xFuh0', 'xfkL54xFuh0p', 'fkL54xFuh0pV', 'kL54xFuh0pVg', 'L54xFuh0', '54xFuh0p', '4xFuh0pV', 'xFuh0pVg', 'Fuh0', 'uh0p', 'h0pV', '0pVg', 'FHT6p2X8', 'HT6p2X8u', 'T6p2X8uq', '6p2X', 'p2X8', '2X8u', 'X8uq', 'T6tMbZfYnCORrPnm', '6tMbZfYnCORrPnmv', 'tMbZfYnCORrPnmvK', 'MbZfYnCORrPnmvKM', 'bZfYnCORrPnm', 'ZfYnCORrPnmv', 'fYnCORrPnmvK', 'YnCORrPnmvKM', 'nCORrPnm', 'CORrPnmv', 'ORrPnmvK', 'RrPnmvKM', 'rPnm', 'Pnmv', 'nmvK', 'mvKM', 'Upln4Zf2uWmJ2tgB', 'pln4Zf2uWmJ2tgBY', 'ln4Zf2uWmJ2tgBYG', 'n4Zf2uWmJ2tgBYGA', '4Zf2uWmJ2tgB', 'Zf2uWmJ2tgBY', 'f2uWmJ2tgBYG', '2uWmJ2tgBYGA', 'uWmJ2tgB', 'WmJ2tgBY', 'mJ2tgBYG', 'J2tgBYGA', '2tgB', 'tgBY', 'gBYG', 'BYGA', 'c7jEJDfueeGxILg6', '7jEJDfueeGxILg6c', 'jEJDfueeGxILg6cH', 'EJDfueeGxILg6cHG', 'JDfueeGxILg6', 'DfueeGxILg6c', 'fueeGxILg6cH', 'ueeGxILg6cHG', 'eeGxILg6', 'eGxILg6c', 'GxILg6cH', 'xILg6cHG', 'ILg6', 'Lg6c', 'g6cH', '6cHG', 'kbW68RAR', 'bW68RARg', 'W68RARgr', '68RA', '8RAR', 'RARg', 'ARgr', 'ksp6SUFX', 'sp6SUFXk', 'p6SUFXkx', '6SUF', 'SUFX', 'UFXk', 'FXkx', 'eyu8ygfwydFLBRBG', 'yu8ygfwydFLBRBGX', 'u8ygfwydFLBRBGXb', '8ygfwydFLBRBGXbt', 'ygfwydFLBRBG', 'gfwydFLBRBGX', 'fwydFLBRBGXb', 'wydFLBRBGXbt', 'ydFLBRBG', 'dFLBRBGX', 'FLBRBGXb', 'LBRBGXbt', 'BRBG', 'RBGX', 'BGXb', 'GXbt', 'yQ6Y3Mf3NEDaVijV', 'Q6Y3Mf3NEDaVijVd', '6Y3Mf3NEDaVijVdc', 'Y3Mf3NEDaVijVdc7', '3Mf3NEDaVijV', 'Mf3NEDaVijVd', 'f3NEDaVijVdc', '3NEDaVijVdc7', 'NEDaVijV', 'EDaVijVd', 'DaVijVdc', 'aVijVdc7', 'VijV', 'ijVd', 'jVdc', 'Vdc7', 'nlhBMRfyBAHEwlTw', 'lhBMRfyBAHEwlTwV', 'hBMRfyBAHEwlTwV6', 'BMRfyBAHEwlTwV6s', 'MRfyBAHEwlTw', 'RfyBAHEwlTwV', 'fyBAHEwlTwV6', 'yBAHEwlTwV6s', 'BAHEwlTw', 'AHEwlTwV', 'HEwlTwV6', 'EwlTwV6s', 'wlTw', 'lTwV', 'TwV6', 'wV6s', 'm39UMWfp4sd384et', '39UMWfp4sd384et0', '9UMWfp4sd384et0S', 'UMWfp4sd384et0SF', 'MWfp4sd384et', 'Wfp4sd384et0', 'fp4sd384et0S', 'p4sd384et0SF', '4sd384et', 'sd384et0', 'd384et0S', '384et0SF', '84et', '4et0', 'et0S', 't0SF', 'Ly7BoqAO', 'y7BoqAOk', '7BoqAOkf', 'BoqA', 'oqAO', 'qAOk', 'AOkf', 'idWBjJDC', 'dWBjJDCF', 'WBjJDCF2', 'BjJD', 'jJDC', 'JDCF', 'DCF2', 'tMXBbPjC', 'MXBbPjCt', 'XBbPjCts', 'BbPj', 'bPjC', 'PjCt', 'jCts', 'Bs3BQwG1', 's3BQwG1E', '3BQwG1EQ', 'BQwG', 'QwG1', 'wG1E', 'G1EQ', 'UPrBiy1c', 'PrBiy1cO', 'rBiy1cOZ', 'Biy1', 'iy1c', 'y1cO', '1cOZ', 'eIeBtnya', 'IeBtnyaQ', 'eBtnyaQU', 'Btny', 'tnya', 'nyaQ', 'yaQU', 'gML6gjTQ', 'ML6gjTQT', 'L6gjTQTC', '6gjT', 'gjTQ', 'jTQT', 'TQTC', 'yBwoGGfJSKtgSNXw', 'BwoGGfJSKtgSNXwD', 'woGGfJSKtgSNXwDI', 'oGGfJSKtgSNXwDIi', 'GGfJSKtgSNXw', 'GfJSKtgSNXwD', 'fJSKtgSNXwDI', 'JSKtgSNXwDIi', 'SKtgSNXw', 'KtgSNXwD', 'tgSNXwDI', 'gSNXwDIi', 'SNXw', 'NXwD', 'XwDI', 'wDIi', 'c9oUswf8SMtC3unm', '9oUswf8SMtC3unmy', 'oUswf8SMtC3unmyA', 'Uswf8SMtC3unmyAM', 'swf8SMtC3unm', 'wf8SMtC3unmy', 'f8SMtC3unmyA', '8SMtC3unmyAM', 'SMtC3unm', 'MtC3unmy', 'tC3unmyA', 'C3unmyAM', '3unm', 'unmy', 'nmyA', 'myAM', 'n5P60kE8', '5P60kE8p', 'P60kE8pO', '60kE', '0kE8', 'kE8p', 'E8pO', 'Nullable', 'ulla', 'llab', 'labl', 'b8vZbufSroJXELW4', '8vZbufSroJXELW4R', 'vZbufSroJXELW4RY', 'ZbufSroJXELW4RY7', 'bufSroJXELW4', 'ufSroJXELW4R', 'fSroJXELW4RY', 'SroJXELW4RY7', 'roJXELW4', 'oJXELW4R', 'JXELW4RY', 'XELW4RY7', 'ELW4', 'LW4R', 'W4RY', '4RY7', 'HasValue', 'asVa', 'sVal', 'GetValueOrDefaul', 'etValueOrDefault', 'tValueOrDefa', 'ValueOrDefau', 'alueOrDefaul', 'lueOrDefault', 'ueOrDefa', 'eOrDefau', 'OrDefaul', 'rDefault', 'Defa', 'efau', 'faul', 'ault', 'H4B64Afcp0XZA5SW', '4B64Afcp0XZA5SWG', 'B64Afcp0XZA5SWGv', '64Afcp0XZA5SWGvn', '4Afcp0XZA5SW', 'Afcp0XZA5SWG', 'fcp0XZA5SWGv', 'cp0XZA5SWGvn', 'p0XZA5SW', '0XZA5SWG', 'XZA5SWGv', 'ZA5SWGvn', 'A5SW', '5SWG', 'SWGv', 'WGvn', 'Tg8aMofgCCGdyI8p', 'g8aMofgCCGdyI8pN', '8aMofgCCGdyI8pNl', 'aMofgCCGdyI8pNlK', 'MofgCCGdyI8p', 'ofgCCGdyI8pN', 'fgCCGdyI8pNl', 'gCCGdyI8pNlK', 'CCGdyI8p', 'CGdyI8pN', 'GdyI8pNl', 'dyI8pNlK', 'yI8p', 'I8pN', '8pNl', 'pNlK', 'Qx637W6ah8UZQlaY', 'x637W6ah8UZQlaYE', '637W6ah8UZQlaYEL', '37W6ah8UZQlaYELv', '7W6ah8UZQlaY', 'W6ah8UZQlaYE', '6ah8UZQlaYEL', 'ah8UZQlaYELv', 'h8UZQlaY', '8UZQlaYE', 'UZQlaYEL', 'ZQlaYELv', 'QlaY', 'laYE', 'aYEL', 'YELv', 'Bd06QiJe', 'd06QiJeo', '06QiJeo7', '6QiJ', 'QiJe', 'iJeo', 'Jeo7', 'ySxIiOfFdrQJxGkd', 'SxIiOfFdrQJxGkdy', 'xIiOfFdrQJxGkdyG', 'IiOfFdrQJxGkdyGk', 'iOfFdrQJxGkd', 'OfFdrQJxGkdy', 'fFdrQJxGkdyG', 'FdrQJxGkdyGk', 'drQJxGkd', 'rQJxGkdy', 'QJxGkdyG', 'JxGkdyGk', 'xGkd', 'Gkdy', 'kdyG', 'dyGk', 'Y9V3X8qi', '9V3X8qiT', 'V3X8qiTW', '3X8q', 'X8qi', '8qiT', 'qiTW', 'N8V6O1X4', '8V6O1X4y', 'V6O1X4yx', '6O1X', 'O1X4', '1X4y', 'X4yx', 'kMU6oBdY', 'MU6oBdYn', 'U6oBdYns', '6oBd', 'oBdY', 'BdYn', 'dYns', 'tt66jR72', 't66jR72o', '66jR72oJ', '6jR7', 'jR72', 'R72o', '72oJ', 'QY86bPQ0', 'Y86bPQ0c', '86bPQ0cv', '6bPQ', 'bPQ0', 'PQ0c', 'Q0cv', 'RemoveAt', 'emov', 'move', 'oveA', 'veAt', 'fvwhuEfaVNKY1dkL', 'vwhuEfaVNKY1dkLY', 'whuEfaVNKY1dkLYC', 'huEfaVNKY1dkLYCu', 'uEfaVNKY1dkL', 'EfaVNKY1dkLY', 'faVNKY1dkLYC', 'aVNKY1dkLYCu', 'VNKY1dkL', 'NKY1dkLY', 'KY1dkLYC', 'Y1dkLYCu', '1dkL', 'dkLY', 'kLYC', 'LYCu', 'sydFPef0ZCZNIcmh', 'ydFPef0ZCZNIcmhJ', 'dFPef0ZCZNIcmhJV', 'FPef0ZCZNIcmhJVf', 'Pef0ZCZNIcmh', 'ef0ZCZNIcmhJ', 'f0ZCZNIcmhJV', '0ZCZNIcmhJVf', 'ZCZNIcmh', 'CZNIcmhJ', 'ZNIcmhJV', 'NIcmhJVf', 'Icmh', 'cmhJ', 'mhJV', 'hJVf', 'te3hTD4B', 'e3hTD4B7', '3hTD4B7F', 'hTD4', 'TD4B', 'D4B7', '4B7F', 'StringBuilde', 'tringBuilder', 'ringBuil', 'ingBuild', 'ngBuilde', 'gBuilder', 'gm0KLlfAjjF630L2', 'm0KLlfAjjF630L2b', '0KLlfAjjF630L2b8', 'KLlfAjjF630L2b82', 'LlfAjjF630L2', 'lfAjjF630L2b', 'fAjjF630L2b8', 'AjjF630L2b82', 'jjF630L2', 'jF630L2b', 'F630L2b8', '630L2b82', '30L2', '0L2b', 'L2b8', '2b82', 'IFormatProvi', 'FormatProvid', 'ormatProvide', 'rmatProvider', 'matProvi', 'atProvid', 'tProvide', 'lfP6tUgv', 'fP6tUgvX', 'P6tUgvXg', '6tUg', 'tUgv', 'UgvX', 'gvXg', 'L4L6Ck62', '4L6Ck62Z', 'L6Ck62Zh', '6Ck6', 'Ck62', 'k62Z', '62Zh', 'nbJ5186MtH3CYq0E', 'bJ5186MtH3CYq0E0', 'J5186MtH3CYq0E07', '5186MtH3CYq0E07W', '186MtH3CYq0E', '86MtH3CYq0E0', '6MtH3CYq0E07', 'MtH3CYq0E07W', 'tH3CYq0E', 'H3CYq0E0', '3CYq0E07', 'CYq0E07W', 'Yq0E', 'q0E0', '0E07', 'E07W', 'x5v4fA6xpPhpJ8vX', '5v4fA6xpPhpJ8vXm', 'v4fA6xpPhpJ8vXmp', '4fA6xpPhpJ8vXmpS', 'fA6xpPhpJ8vX', 'A6xpPhpJ8vXm', '6xpPhpJ8vXmp', 'xpPhpJ8vXmpS', 'pPhpJ8vX', 'PhpJ8vXm', 'hpJ8vXmp', 'pJ8vXmpS', 'J8vX', '8vXm', 'vXmp', 'XmpS', 'QnNhV435', 'nNhV435K', 'NhV435K3', 'hV43', 'V435', '435K', '35K3', 'koNpHqhHLE9NHTRI', 'oNpHqhHLE9NHTRIu', 'NpHqhHLE9NHTRIug', 'pHqhHLE9NHTRIugd', 'HqhHLE9NHTRI', 'qhHLE9NHTRIu', 'hHLE9NHTRIug', 'HLE9NHTRIugd', 'LE9NHTRI', 'E9NHTRIu', '9NHTRIug', 'NHTRIugd', 'HTRI', 'TRIu', 'RIug', 'Iugd', 'geImdmhnnVeAf1JO', 'eImdmhnnVeAf1JOW', 'ImdmhnnVeAf1JOWi', 'mdmhnnVeAf1JOWiO', 'dmhnnVeAf1JO', 'mhnnVeAf1JOW', 'hnnVeAf1JOWi', 'nnVeAf1JOWiO', 'nVeAf1JO', 'VeAf1JOW', 'eAf1JOWi', 'Af1JOWiO', 'f1JO', '1JOW', 'JOWi', 'OWiO', 'sjqhZjJj', 'jqhZjJjU', 'qhZjJjU0', 'hZjJ', 'ZjJj', 'jJjU', 'JjU0', 'hp4DYyh7viWR6qKn', 'p4DYyh7viWR6qKno', '4DYyh7viWR6qKnoh', 'DYyh7viWR6qKnohl', 'Yyh7viWR6qKn', 'yh7viWR6qKno', 'h7viWR6qKnoh', '7viWR6qKnohl', 'viWR6qKn', 'iWR6qKno', 'WR6qKnoh', 'R6qKnohl', '6qKn', 'qKno', 'Knoh', 'nohl', 'FnliVyhWbQ3uQ7d3', 'nliVyhWbQ3uQ7d3A', 'liVyhWbQ3uQ7d3Ag', 'iVyhWbQ3uQ7d3AgS', 'VyhWbQ3uQ7d3', 'yhWbQ3uQ7d3A', 'hWbQ3uQ7d3Ag', 'WbQ3uQ7d3AgS', 'bQ3uQ7d3', 'Q3uQ7d3A', '3uQ7d3Ag', 'uQ7d3AgS', 'Q7d3', '7d3A', 'd3Ag', '3AgS', 'sUIhsvMV', 'UIhsvMVc', 'IhsvMVcG', 'hsvM', 'svMV', 'vMVc', 'MVcG', 'K83Qmlh6gtXVsgJN', '83Qmlh6gtXVsgJN9', '3Qmlh6gtXVsgJN91', 'Qmlh6gtXVsgJN91x', 'mlh6gtXVsgJN', 'lh6gtXVsgJN9', 'h6gtXVsgJN91', '6gtXVsgJN91x', 'gtXVsgJN', 'tXVsgJN9', 'XVsgJN91', 'VsgJN91x', 'sgJN', 'gJN9', 'JN91', 'N91x', 'qG50RmhhqnDRufSq', 'G50RmhhqnDRufSqk', '50RmhhqnDRufSqkK', '0RmhhqnDRufSqkKj', 'RmhhqnDRufSq', 'mhhqnDRufSqk', 'hhqnDRufSqkK', 'hqnDRufSqkKj', 'qnDRufSq', 'nDRufSqk', 'DRufSqkK', 'RufSqkKj', 'ufSq', 'fSqk', 'SqkK', 'qkKj', 'yBNhBOxc', 'BNhBOxco', 'NhBOxcof', 'hBOx', 'BOxc', 'Oxco', 'xcof', 'kNhhKC2n', 'NhhKC2n6', 'hhKC2n6L', 'hKC2', 'KC2n', 'C2n6', '2n6L', 'unQhUhSG', 'nQhUhSGi', 'QhUhSGiG', 'hUhS', 'UhSG', 'hSGi', 'SGiG', 'S1Ohraoy', '1OhraoyV', 'OhraoyV6', 'hrao', 'raoy', 'aoyV', 'oyV6', 'Aw9fCUfOLiRLKUT7', 'w9fCUfOLiRLKUT7H', '9fCUfOLiRLKUT7Hg', 'fCUfOLiRLKUT7HgC', 'CUfOLiRLKUT7', 'UfOLiRLKUT7H', 'fOLiRLKUT7Hg', 'OLiRLKUT7HgC', 'LiRLKUT7', 'iRLKUT7H', 'RLKUT7Hg', 'LKUT7HgC', 'KUT7', 'UT7H', 'T7Hg', '7HgC', 'WRA48bfoT7rXhMhs', 'RA48bfoT7rXhMhs9', 'A48bfoT7rXhMhs9C', '48bfoT7rXhMhs9Cc', '8bfoT7rXhMhs', 'bfoT7rXhMhs9', 'foT7rXhMhs9C', 'oT7rXhMhs9Cc', 'T7rXhMhs', '7rXhMhs9', 'rXhMhs9C', 'XhMhs9Cc', 'hMhs', 'Mhs9', 'hs9C', 's9Cc', 'y5PjCFfiA5UAgJgf', '5PjCFfiA5UAgJgff', 'PjCFfiA5UAgJgffR', 'jCFfiA5UAgJgffR7', 'CFfiA5UAgJgf', 'FfiA5UAgJgff', 'fiA5UAgJgffR', 'iA5UAgJgffR7', 'A5UAgJgf', '5UAgJgff', 'UAgJgffR', 'AgJgffR7', 'gJgf', 'Jgff', 'gffR', 'ffR7', 'BCDUvLftRQp4Z7dw', 'CDUvLftRQp4Z7dwh', 'DUvLftRQp4Z7dwhO', 'UvLftRQp4Z7dwhOD', 'vLftRQp4Z7dw', 'LftRQp4Z7dwh', 'ftRQp4Z7dwhO', 'tRQp4Z7dwhOD', 'RQp4Z7dw', 'Qp4Z7dwh', 'p4Z7dwhO', '4Z7dwhOD', 'Z7dw', '7dwh', 'dwhO', 'whOD', 'v0GXg0fd88pPxr0u', '0GXg0fd88pPxr0u6', 'GXg0fd88pPxr0u6E', 'Xg0fd88pPxr0u6Er', 'g0fd88pPxr0u', '0fd88pPxr0u6', 'fd88pPxr0u6E', 'd88pPxr0u6Er', '88pPxr0u', '8pPxr0u6', 'pPxr0u6E', 'Pxr0u6Er', 'xr0u', 'r0u6', '0u6E', 'u6Er', '03DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7', '3DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372', 'DCEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B', 'CEB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC', 'EB56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7', 'B56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372', '56B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B', '6B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC', 'B5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7', '5842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372', '842C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B', '42C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC', '2C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7', 'C722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372', '722DE2821DA9906CD70AB73267EAB1A3947BFD894D19372B', '22DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC', '2DE2821DA9906CD70AB73267EAB1A3947BFD894D19372BC7', 'DE2821DA9906CD70AB73267EAB1A3947BFD894D19372', 'E2821DA9906CD70AB73267EAB1A3947BFD894D19372B', '2821DA9906CD70AB73267EAB1A3947BFD894D19372BC', '821DA9906CD70AB73267EAB1A3947BFD894D19372BC7', '21DA9906CD70AB73267EAB1A3947BFD894D19372', '1DA9906CD70AB73267EAB1A3947BFD894D19372B', 'DA9906CD70AB73267EAB1A3947BFD894D19372BC', 'A9906CD70AB73267EAB1A3947BFD894D19372BC7', '9906CD70AB73267EAB1A3947BFD894D19372', '906CD70AB73267EAB1A3947BFD894D19372B', '06CD70AB73267EAB1A3947BFD894D19372BC', '6CD70AB73267EAB1A3947BFD894D19372BC7', 'CD70AB73267EAB1A3947BFD894D19372', 'D70AB73267EAB1A3947BFD894D19372B', '70AB73267EAB1A3947BFD894D19372BC', '0AB73267EAB1A3947BFD894D19372BC7', 'AB73267EAB1A3947BFD894D19372', 'B73267EAB1A3947BFD894D19372B', '73267EAB1A3947BFD894D19372BC', '3267EAB1A3947BFD894D19372BC7', '267EAB1A3947BFD894D19372', '67EAB1A3947BFD894D19372B', '7EAB1A3947BFD894D19372BC', 'EAB1A3947BFD894D19372BC7', 'AB1A3947BFD894D19372', 'B1A3947BFD894D19372B', '1A3947BFD894D19372BC', 'A3947BFD894D19372BC7', '3947BFD894D19372', '947BFD894D19372B', '47BFD894D19372BC', '7BFD894D19372BC7', 'BFD894D19372', 'FD894D19372B', 'D894D19372BC', '894D19372BC7', '94D19372', '4D19372B', 'D19372BC', '19372BC7', '9372', '372B', '72BC', '2BC7', '0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A', 'E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8', '448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85', '48EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857', '8EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A', 'EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8', 'F5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85', '5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857', 'E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A', '5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8', 'E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85', '60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857', '0630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A', '630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8', '30BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85', '0BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857', 'BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A', 'DDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD8', 'DB19388CB6378436E3C65D03DD66DA7C6EBFF563BD85', 'B19388CB6378436E3C65D03DD66DA7C6EBFF563BD857', '19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A', '9388CB6378436E3C65D03DD66DA7C6EBFF563BD8', '388CB6378436E3C65D03DD66DA7C6EBFF563BD85', '88CB6378436E3C65D03DD66DA7C6EBFF563BD857', '8CB6378436E3C65D03DD66DA7C6EBFF563BD857A', 'CB6378436E3C65D03DD66DA7C6EBFF563BD8', 'B6378436E3C65D03DD66DA7C6EBFF563BD85', '6378436E3C65D03DD66DA7C6EBFF563BD857', '378436E3C65D03DD66DA7C6EBFF563BD857A', '78436E3C65D03DD66DA7C6EBFF563BD8', '8436E3C65D03DD66DA7C6EBFF563BD85', '436E3C65D03DD66DA7C6EBFF563BD857', '36E3C65D03DD66DA7C6EBFF563BD857A', '6E3C65D03DD66DA7C6EBFF563BD8', 'E3C65D03DD66DA7C6EBFF563BD85', '3C65D03DD66DA7C6EBFF563BD857', 'C65D03DD66DA7C6EBFF563BD857A', '65D03DD66DA7C6EBFF563BD8', '5D03DD66DA7C6EBFF563BD85', 'D03DD66DA7C6EBFF563BD857', '03DD66DA7C6EBFF563BD857A', '3DD66DA7C6EBFF563BD8', 'DD66DA7C6EBFF563BD85', 'D66DA7C6EBFF563BD857', '66DA7C6EBFF563BD857A', '6DA7C6EBFF563BD8', 'DA7C6EBFF563BD85', 'A7C6EBFF563BD857', '7C6EBFF563BD857A', 'C6EBFF563BD8', '6EBFF563BD85', 'EBFF563BD857', 'BFF563BD857A', 'FF563BD8', 'F563BD85', '563BD857', '63BD857A', '3BD8', 'BD85', 'D857', '857A', '128605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83', '28605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7', '8605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B', '605DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8', '05DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83', '5DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7', 'DD5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B', 'D5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8', '5EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83', 'EC3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7', 'C3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B', '3F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8', 'F87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83', '87EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7', '7EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B', 'EB915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8', 'B915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83', '915E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7', '15E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B', '5E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B8', 'E0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B83', '0EDA22D0F52C595C0CF7986D911ED2CA1C403FB7', 'EDA22D0F52C595C0CF7986D911ED2CA1C403FB7B', 'DA22D0F52C595C0CF7986D911ED2CA1C403FB7B8', 'A22D0F52C595C0CF7986D911ED2CA1C403FB7B83', '22D0F52C595C0CF7986D911ED2CA1C403FB7', '2D0F52C595C0CF7986D911ED2CA1C403FB7B', 'D0F52C595C0CF7986D911ED2CA1C403FB7B8', '0F52C595C0CF7986D911ED2CA1C403FB7B83', 'F52C595C0CF7986D911ED2CA1C403FB7', '52C595C0CF7986D911ED2CA1C403FB7B', '2C595C0CF7986D911ED2CA1C403FB7B8', 'C595C0CF7986D911ED2CA1C403FB7B83', '595C0CF7986D911ED2CA1C403FB7', '95C0CF7986D911ED2CA1C403FB7B', '5C0CF7986D911ED2CA1C403FB7B8', 'C0CF7986D911ED2CA1C403FB7B83', '0CF7986D911ED2CA1C403FB7', 'CF7986D911ED2CA1C403FB7B', 'F7986D911ED2CA1C403FB7B8', '7986D911ED2CA1C403FB7B83', '986D911ED2CA1C403FB7', '86D911ED2CA1C403FB7B', '6D911ED2CA1C403FB7B8', 'D911ED2CA1C403FB7B83', '911ED2CA1C403FB7', '11ED2CA1C403FB7B', '1ED2CA1C403FB7B8', 'ED2CA1C403FB7B83', 'D2CA1C403FB7', '2CA1C403FB7B', 'CA1C403FB7B8', 'A1C403FB7B83', '1C403FB7', 'C403FB7B', '403FB7B8', '03FB7B83', '3FB7', 'FB7B', 'B7B8', '7B83', '4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B', 'BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324', 'ED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A', 'D3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7', '3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B', 'ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324', 'DC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A', 'C52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7', '52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B', '2D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324', 'D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A', '4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7', '904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B', '04075F6BBF279EC4ACEDE079533B95E229A29809542EA324', '4075F6BBF279EC4ACEDE079533B95E229A29809542EA324A', '075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7', '75F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B', '5F6BBF279EC4ACEDE079533B95E229A29809542EA324', 'F6BBF279EC4ACEDE079533B95E229A29809542EA324A', '6BBF279EC4ACEDE079533B95E229A29809542EA324A7', 'BBF279EC4ACEDE079533B95E229A29809542EA324A7B', 'BF279EC4ACEDE079533B95E229A29809542EA324', 'F279EC4ACEDE079533B95E229A29809542EA324A', '279EC4ACEDE079533B95E229A29809542EA324A7', '79EC4ACEDE079533B95E229A29809542EA324A7B', '9EC4ACEDE079533B95E229A29809542EA324', 'EC4ACEDE079533B95E229A29809542EA324A', 'C4ACEDE079533B95E229A29809542EA324A7', '4ACEDE079533B95E229A29809542EA324A7B', 'ACEDE079533B95E229A29809542EA324', 'CEDE079533B95E229A29809542EA324A', 'EDE079533B95E229A29809542EA324A7', 'DE079533B95E229A29809542EA324A7B', 'E079533B95E229A29809542EA324', '079533B95E229A29809542EA324A', '79533B95E229A29809542EA324A7', '9533B95E229A29809542EA324A7B', '533B95E229A29809542EA324', '33B95E229A29809542EA324A', '3B95E229A29809542EA324A7', 'B95E229A29809542EA324A7B', '95E229A29809542EA324', '5E229A29809542EA324A', 'E229A29809542EA324A7', '229A29809542EA324A7B', '29A29809542EA324', '9A29809542EA324A', 'A29809542EA324A7', '29809542EA324A7B', '9809542EA324', '809542EA324A', '09542EA324A7', '9542EA324A7B', '542EA324', '42EA324A', '2EA324A7', 'EA324A7B', 'A324', '324A', '24A7', '4A7B', '59058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', '9058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', '058FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', '58FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', '8FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', 'FDDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', 'DDE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', 'DE6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', 'E6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', '6089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', '089BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', '89BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', '9BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', 'BCA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', 'CA6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', 'A6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', '6236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', '236FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', '36FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', '6FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', 'FD2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', 'D2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', '2AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', 'AE2D98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', 'E2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247074', '2D98B3ABB38A7BC80D8DD4C75CEFD7A5D247', 'D98B3ABB38A7BC80D8DD4C75CEFD7A5D2470', '98B3ABB38A7BC80D8DD4C75CEFD7A5D24707', '8B3ABB38A7BC80D8DD4C75CEFD7A5D247074', 'B3ABB38A7BC80D8DD4C75CEFD7A5D247', '3ABB38A7BC80D8DD4C75CEFD7A5D2470', 'ABB38A7BC80D8DD4C75CEFD7A5D24707', 'BB38A7BC80D8DD4C75CEFD7A5D247074', 'B38A7BC80D8DD4C75CEFD7A5D247', '38A7BC80D8DD4C75CEFD7A5D2470', '8A7BC80D8DD4C75CEFD7A5D24707', 'A7BC80D8DD4C75CEFD7A5D247074', '7BC80D8DD4C75CEFD7A5D247', 'BC80D8DD4C75CEFD7A5D2470', 'C80D8DD4C75CEFD7A5D24707', '80D8DD4C75CEFD7A5D247074', '0D8DD4C75CEFD7A5D247', 'D8DD4C75CEFD7A5D2470', '8DD4C75CEFD7A5D24707', 'DD4C75CEFD7A5D247074', 'D4C75CEFD7A5D247', '4C75CEFD7A5D2470', 'C75CEFD7A5D24707', '75CEFD7A5D247074', '5CEFD7A5D247', 'CEFD7A5D2470', 'EFD7A5D24707', 'FD7A5D247074', 'D7A5D247', '7A5D2470', 'A5D24707', '5D247074', 'D247', '2470', '4707', '7074', '62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9', '2E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32', 'E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324', '6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C', 'F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9', '13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32', '3B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324', 'B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C', '53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9', '3D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32', 'D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324', '67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C', '7FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9', 'FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32', 'DD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324', 'D780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C', '780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9', '80E20D89A6E8EE503B197AC16AC3F1D2571C147FDD32', '0E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324', 'E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C', '20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9', '0D89A6E8EE503B197AC16AC3F1D2571C147FDD32', 'D89A6E8EE503B197AC16AC3F1D2571C147FDD324', '89A6E8EE503B197AC16AC3F1D2571C147FDD324C', '9A6E8EE503B197AC16AC3F1D2571C147FDD324C9', 'A6E8EE503B197AC16AC3F1D2571C147FDD32', '6E8EE503B197AC16AC3F1D2571C147FDD324', 'E8EE503B197AC16AC3F1D2571C147FDD324C', '8EE503B197AC16AC3F1D2571C147FDD324C9', 'EE503B197AC16AC3F1D2571C147FDD32', 'E503B197AC16AC3F1D2571C147FDD324', '503B197AC16AC3F1D2571C147FDD324C', '03B197AC16AC3F1D2571C147FDD324C9', '3B197AC16AC3F1D2571C147FDD32', 'B197AC16AC3F1D2571C147FDD324', '197AC16AC3F1D2571C147FDD324C', '97AC16AC3F1D2571C147FDD324C9', '7AC16AC3F1D2571C147FDD32', 'AC16AC3F1D2571C147FDD324', 'C16AC3F1D2571C147FDD324C', '16AC3F1D2571C147FDD324C9', '6AC3F1D2571C147FDD32', 'AC3F1D2571C147FDD324', 'C3F1D2571C147FDD324C', '3F1D2571C147FDD324C9', 'F1D2571C147FDD32', '1D2571C147FDD324', 'D2571C147FDD324C', '2571C147FDD324C9', '571C147FDD32', '71C147FDD324', '1C147FDD324C', 'C147FDD324C9', '147FDD32', '47FDD324', '7FDD324C', 'FDD324C9', 'DD32', 'D324', '324C', '24C9', '742EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', '42EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5', '2EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D', 'EB14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1', 'B14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', '14EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5', '4EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D', 'EC82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1', 'C82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', '82FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5', '2FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D', 'FD7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1', 'D7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', '7DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5', 'DCE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D', 'CE8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1', 'E8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', '8A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5', 'A8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D', '8B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1', 'B8165C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', '8165C5AE7AABD3935C69B50E82F066C4890BD7C5', '165C5AE7AABD3935C69B50E82F066C4890BD7C5D', '65C5AE7AABD3935C69B50E82F066C4890BD7C5D1', '5C5AE7AABD3935C69B50E82F066C4890BD7C5D1F', 'C5AE7AABD3935C69B50E82F066C4890BD7C5', '5AE7AABD3935C69B50E82F066C4890BD7C5D', 'AE7AABD3935C69B50E82F066C4890BD7C5D1', 'E7AABD3935C69B50E82F066C4890BD7C5D1F', '7AABD3935C69B50E82F066C4890BD7C5', 'AABD3935C69B50E82F066C4890BD7C5D', 'ABD3935C69B50E82F066C4890BD7C5D1', 'BD3935C69B50E82F066C4890BD7C5D1F', 'D3935C69B50E82F066C4890BD7C5', '3935C69B50E82F066C4890BD7C5D', '935C69B50E82F066C4890BD7C5D1', '35C69B50E82F066C4890BD7C5D1F', '5C69B50E82F066C4890BD7C5', 'C69B50E82F066C4890BD7C5D', '69B50E82F066C4890BD7C5D1', '9B50E82F066C4890BD7C5D1F', 'B50E82F066C4890BD7C5', '50E82F066C4890BD7C5D', '0E82F066C4890BD7C5D1', 'E82F066C4890BD7C5D1F', '82F066C4890BD7C5', '2F066C4890BD7C5D', 'F066C4890BD7C5D1', '066C4890BD7C5D1F', '66C4890BD7C5', '6C4890BD7C5D', 'C4890BD7C5D1', '4890BD7C5D1F', '890BD7C5', '90BD7C5D', '0BD7C5D1', 'BD7C5D1F', 'D7C5', '7C5D', 'C5D1', '5D1F', '7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', 'F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8', '535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83', '35673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837', '5673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', '673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8', '73D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83', '3D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837', 'D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', '836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8', '36D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83', '6D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837', 'D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', '3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8', 'D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83', '77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837', '7A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', 'A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8', '97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB83', '7DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB837', 'DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', 'B03EB3D71EA780F44372F5AEBECEBEDD696AAEB8', '03EB3D71EA780F44372F5AEBECEBEDD696AAEB83', '3EB3D71EA780F44372F5AEBECEBEDD696AAEB837', 'EB3D71EA780F44372F5AEBECEBEDD696AAEB8378', 'B3D71EA780F44372F5AEBECEBEDD696AAEB8', '3D71EA780F44372F5AEBECEBEDD696AAEB83', 'D71EA780F44372F5AEBECEBEDD696AAEB837', '71EA780F44372F5AEBECEBEDD696AAEB8378', '1EA780F44372F5AEBECEBEDD696AAEB8', 'EA780F44372F5AEBECEBEDD696AAEB83', 'A780F44372F5AEBECEBEDD696AAEB837', '780F44372F5AEBECEBEDD696AAEB8378', '80F44372F5AEBECEBEDD696AAEB8', '0F44372F5AEBECEBEDD696AAEB83', 'F44372F5AEBECEBEDD696AAEB837', '44372F5AEBECEBEDD696AAEB8378', '4372F5AEBECEBEDD696AAEB8', '372F5AEBECEBEDD696AAEB83', '72F5AEBECEBEDD696AAEB837', '2F5AEBECEBEDD696AAEB8378', 'F5AEBECEBEDD696AAEB8', '5AEBECEBEDD696AAEB83', 'AEBECEBEDD696AAEB837', 'EBECEBEDD696AAEB8378', 'BECEBEDD696AAEB8', 'ECEBEDD696AAEB83', 'CEBEDD696AAEB837', 'EBEDD696AAEB8378', 'BEDD696AAEB8', 'EDD696AAEB83', 'DD696AAEB837', 'D696AAEB8378', '696AAEB8', '96AAEB83', '6AAEB837', 'AAEB8378', 'AEB8', 'EB83', 'B837', '8378', '841F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C', '41F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC1', '1F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC16', 'F6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164', '6FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C', 'FF48991C286754FBA5647CA30986070C8F457C22D30959D113010CC1', 'F48991C286754FBA5647CA30986070C8F457C22D30959D113010CC16', '48991C286754FBA5647CA30986070C8F457C22D30959D113010CC164', '8991C286754FBA5647CA30986070C8F457C22D30959D113010CC164C', '991C286754FBA5647CA30986070C8F457C22D30959D113010CC1', '91C286754FBA5647CA30986070C8F457C22D30959D113010CC16', '1C286754FBA5647CA30986070C8F457C22D30959D113010CC164', 'C286754FBA5647CA30986070C8F457C22D30959D113010CC164C', '286754FBA5647CA30986070C8F457C22D30959D113010CC1', '86754FBA5647CA30986070C8F457C22D30959D113010CC16', '6754FBA5647CA30986070C8F457C22D30959D113010CC164', '754FBA5647CA30986070C8F457C22D30959D113010CC164C', '54FBA5647CA30986070C8F457C22D30959D113010CC1', '4FBA5647CA30986070C8F457C22D30959D113010CC16', 'FBA5647CA30986070C8F457C22D30959D113010CC164', 'BA5647CA30986070C8F457C22D30959D113010CC164C', 'A5647CA30986070C8F457C22D30959D113010CC1', '5647CA30986070C8F457C22D30959D113010CC16', '647CA30986070C8F457C22D30959D113010CC164', '47CA30986070C8F457C22D30959D113010CC164C', '7CA30986070C8F457C22D30959D113010CC1', 'CA30986070C8F457C22D30959D113010CC16', 'A30986070C8F457C22D30959D113010CC164', '30986070C8F457C22D30959D113010CC164C', '0986070C8F457C22D30959D113010CC1', '986070C8F457C22D30959D113010CC16', '86070C8F457C22D30959D113010CC164', '6070C8F457C22D30959D113010CC164C', '070C8F457C22D30959D113010CC1', '70C8F457C22D30959D113010CC16', '0C8F457C22D30959D113010CC164', 'C8F457C22D30959D113010CC164C', '8F457C22D30959D113010CC1', 'F457C22D30959D113010CC16', '457C22D30959D113010CC164', '57C22D30959D113010CC164C', '7C22D30959D113010CC1', 'C22D30959D113010CC16', '22D30959D113010CC164', '2D30959D113010CC164C', 'D30959D113010CC1', '30959D113010CC16', '0959D113010CC164', '959D113010CC164C', '59D113010CC1', '9D113010CC16', 'D113010CC164', '113010CC164C', '13010CC1', '3010CC16', '010CC164', '10CC164C', '0CC1', 'CC16', 'C164', '164C', '97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A', '7E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8', 'E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A', '613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4', '13E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A', '3E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8', 'E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A', '5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4', 'A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A', '3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8', 'A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A', '47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4', '7DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A', 'DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8', 'EC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A', 'C76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4', '76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A', '6B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8', 'B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A', '7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4', 'E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A', '50D47644B35EA4322F00D594D80D2F1C1F3644F8', '0D47644B35EA4322F00D594D80D2F1C1F3644F8A', 'D47644B35EA4322F00D594D80D2F1C1F3644F8A4', '47644B35EA4322F00D594D80D2F1C1F3644F8A4A', '7644B35EA4322F00D594D80D2F1C1F3644F8', '644B35EA4322F00D594D80D2F1C1F3644F8A', '44B35EA4322F00D594D80D2F1C1F3644F8A4', '4B35EA4322F00D594D80D2F1C1F3644F8A4A', 'B35EA4322F00D594D80D2F1C1F3644F8', '35EA4322F00D594D80D2F1C1F3644F8A', '5EA4322F00D594D80D2F1C1F3644F8A4', 'EA4322F00D594D80D2F1C1F3644F8A4A', 'A4322F00D594D80D2F1C1F3644F8', '4322F00D594D80D2F1C1F3644F8A', '322F00D594D80D2F1C1F3644F8A4', '22F00D594D80D2F1C1F3644F8A4A', '2F00D594D80D2F1C1F3644F8', 'F00D594D80D2F1C1F3644F8A', '00D594D80D2F1C1F3644F8A4', '0D594D80D2F1C1F3644F8A4A', 'D594D80D2F1C1F3644F8', '594D80D2F1C1F3644F8A', '94D80D2F1C1F3644F8A4', '4D80D2F1C1F3644F8A4A', 'D80D2F1C1F3644F8', '80D2F1C1F3644F8A', '0D2F1C1F3644F8A4', 'D2F1C1F3644F8A4A', '2F1C1F3644F8', 'F1C1F3644F8A', '1C1F3644F8A4', 'C1F3644F8A4A', '1F3644F8', 'F3644F8A', '3644F8A4', '644F8A4A', '44F8', '4F8A', 'F8A4', '8A4A', 'C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18', '356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8', '56AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C', '6AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1', 'AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18', 'FF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8', 'F1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C', '1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1', 'A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18', '01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8', '1C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C', 'C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1', '2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18', 'B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8', '0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C', 'DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C1', 'A472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18', '472E584C8E3C8F875B9A24280435D42836A77B19F5A8', '72E584C8E3C8F875B9A24280435D42836A77B19F5A8C', '2E584C8E3C8F875B9A24280435D42836A77B19F5A8C1', 'E584C8E3C8F875B9A24280435D42836A77B19F5A8C18', '584C8E3C8F875B9A24280435D42836A77B19F5A8', '84C8E3C8F875B9A24280435D42836A77B19F5A8C', '4C8E3C8F875B9A24280435D42836A77B19F5A8C1', 'C8E3C8F875B9A24280435D42836A77B19F5A8C18', '8E3C8F875B9A24280435D42836A77B19F5A8', 'E3C8F875B9A24280435D42836A77B19F5A8C', '3C8F875B9A24280435D42836A77B19F5A8C1', 'C8F875B9A24280435D42836A77B19F5A8C18', '8F875B9A24280435D42836A77B19F5A8', 'F875B9A24280435D42836A77B19F5A8C', '875B9A24280435D42836A77B19F5A8C1', '75B9A24280435D42836A77B19F5A8C18', '5B9A24280435D42836A77B19F5A8', 'B9A24280435D42836A77B19F5A8C', '9A24280435D42836A77B19F5A8C1', 'A24280435D42836A77B19F5A8C18', '24280435D42836A77B19F5A8', '4280435D42836A77B19F5A8C', '280435D42836A77B19F5A8C1', '80435D42836A77B19F5A8C18', '0435D42836A77B19F5A8', '435D42836A77B19F5A8C', '35D42836A77B19F5A8C1', '5D42836A77B19F5A8C18', 'D42836A77B19F5A8', '42836A77B19F5A8C', '2836A77B19F5A8C1', '836A77B19F5A8C18', '36A77B19F5A8', '6A77B19F5A8C', 'A77B19F5A8C1', '77B19F5A8C18', '7B19F5A8', 'B19F5A8C', '19F5A8C1', '9F5A8C18', 'F5A8', '5A8C', 'A8C1', '8C18', 'C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6', '61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB0', '1B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01', 'B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A', '1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6', '941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB0', '41CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01', '1CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A', 'CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6', 'F756EB7551F7C661743802362728B785ADC22E860D269713DFB0', '756EB7551F7C661743802362728B785ADC22E860D269713DFB01', '56EB7551F7C661743802362728B785ADC22E860D269713DFB01A', '6EB7551F7C661743802362728B785ADC22E860D269713DFB01A6', 'EB7551F7C661743802362728B785ADC22E860D269713DFB0', 'B7551F7C661743802362728B785ADC22E860D269713DFB01', '7551F7C661743802362728B785ADC22E860D269713DFB01A', '551F7C661743802362728B785ADC22E860D269713DFB01A6', '51F7C661743802362728B785ADC22E860D269713DFB0', '1F7C661743802362728B785ADC22E860D269713DFB01', 'F7C661743802362728B785ADC22E860D269713DFB01A', '7C661743802362728B785ADC22E860D269713DFB01A6', 'C661743802362728B785ADC22E860D269713DFB0', '661743802362728B785ADC22E860D269713DFB01', '61743802362728B785ADC22E860D269713DFB01A', '1743802362728B785ADC22E860D269713DFB01A6', '743802362728B785ADC22E860D269713DFB0', '43802362728B785ADC22E860D269713DFB01', '3802362728B785ADC22E860D269713DFB01A', '802362728B785ADC22E860D269713DFB01A6', '02362728B785ADC22E860D269713DFB0', '2362728B785ADC22E860D269713DFB01', '362728B785ADC22E860D269713DFB01A', '62728B785ADC22E860D269713DFB01A6', '2728B785ADC22E860D269713DFB0', '728B785ADC22E860D269713DFB01', '28B785ADC22E860D269713DFB01A', '8B785ADC22E860D269713DFB01A6', 'B785ADC22E860D269713DFB0', '785ADC22E860D269713DFB01', '85ADC22E860D269713DFB01A', '5ADC22E860D269713DFB01A6', 'ADC22E860D269713DFB0', 'DC22E860D269713DFB01', 'C22E860D269713DFB01A', '22E860D269713DFB01A6', '2E860D269713DFB0', 'E860D269713DFB01', '860D269713DFB01A', '60D269713DFB01A6', '0D269713DFB0', 'D269713DFB01', '269713DFB01A', '69713DFB01A6', '9713DFB0', '713DFB01', '13DFB01A', '3DFB01A6', 'DFB0', 'FB01', 'B01A', '01A6', 'D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5', '5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475', 'B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759', '7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B', '247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5', '47C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475', '7C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759', 'C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B', '497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5', '97788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475', '7788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759', '788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B', '88CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5', '8CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D6475', 'CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759', 'F0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B', '0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5', '031CEB06E3DF77A45FEF59F1E49633DC7159816D6475', '31CEB06E3DF77A45FEF59F1E49633DC7159816D64759', '1CEB06E3DF77A45FEF59F1E49633DC7159816D64759B', 'CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5', 'EB06E3DF77A45FEF59F1E49633DC7159816D6475', 'B06E3DF77A45FEF59F1E49633DC7159816D64759', '06E3DF77A45FEF59F1E49633DC7159816D64759B', '6E3DF77A45FEF59F1E49633DC7159816D64759B5', 'E3DF77A45FEF59F1E49633DC7159816D6475', '3DF77A45FEF59F1E49633DC7159816D64759', 'DF77A45FEF59F1E49633DC7159816D64759B', 'F77A45FEF59F1E49633DC7159816D64759B5', '77A45FEF59F1E49633DC7159816D6475', '7A45FEF59F1E49633DC7159816D64759', 'A45FEF59F1E49633DC7159816D64759B', '45FEF59F1E49633DC7159816D64759B5', '5FEF59F1E49633DC7159816D6475', 'FEF59F1E49633DC7159816D64759', 'EF59F1E49633DC7159816D64759B', 'F59F1E49633DC7159816D64759B5', '59F1E49633DC7159816D6475', '9F1E49633DC7159816D64759', 'F1E49633DC7159816D64759B', '1E49633DC7159816D64759B5', 'E49633DC7159816D6475', '49633DC7159816D64759', '9633DC7159816D64759B', '633DC7159816D64759B5', '33DC7159816D6475', '3DC7159816D64759', 'DC7159816D64759B', 'C7159816D64759B5', '7159816D6475', '159816D64759', '59816D64759B', '9816D64759B5', '816D6475', '16D64759', '6D64759B', 'D64759B5', '6475', '4759', '759B', '59B5', 'F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348', '1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5', 'C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53', '3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534', 'EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348', 'BE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5', 'E78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53', '78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534', '8BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348', 'BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5', 'D8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53', '8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534', 'C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348', '38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5', '8559BF3CFCC9A9FA37D221E31780774A3787E26160A61F53', '559BF3CFCC9A9FA37D221E31780774A3787E26160A61F534', '59BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348', '9BF3CFCC9A9FA37D221E31780774A3787E26160A61F5', 'BF3CFCC9A9FA37D221E31780774A3787E26160A61F53', 'F3CFCC9A9FA37D221E31780774A3787E26160A61F534', '3CFCC9A9FA37D221E31780774A3787E26160A61F5348', 'CFCC9A9FA37D221E31780774A3787E26160A61F5', 'FCC9A9FA37D221E31780774A3787E26160A61F53', 'CC9A9FA37D221E31780774A3787E26160A61F534', 'C9A9FA37D221E31780774A3787E26160A61F5348', '9A9FA37D221E31780774A3787E26160A61F5', 'A9FA37D221E31780774A3787E26160A61F53', '9FA37D221E31780774A3787E26160A61F534', 'FA37D221E31780774A3787E26160A61F5348', 'A37D221E31780774A3787E26160A61F5', '37D221E31780774A3787E26160A61F53', '7D221E31780774A3787E26160A61F534', 'D221E31780774A3787E26160A61F5348', '221E31780774A3787E26160A61F5', '21E31780774A3787E26160A61F53', '1E31780774A3787E26160A61F534', 'E31780774A3787E26160A61F5348', '31780774A3787E26160A61F5', '1780774A3787E26160A61F53', '780774A3787E26160A61F534', '80774A3787E26160A61F5348', '0774A3787E26160A61F5', '774A3787E26160A61F53', '74A3787E26160A61F534', '4A3787E26160A61F5348', 'A3787E26160A61F5', '3787E26160A61F53', '787E26160A61F534', '87E26160A61F5348', '7E26160A61F5', 'E26160A61F53', '26160A61F534', '6160A61F5348', '160A61F5', '60A61F53', '0A61F534', 'A61F5348', '61F5', '1F53', 'F534', '5348', '22eafa4717564f83b8fd543fa8bd19a6', '2eafa4717564f83b8fd543fa8bd1', 'eafa4717564f83b8fd543fa8bd19', 'afa4717564f83b8fd543fa8bd19a', 'fa4717564f83b8fd543fa8bd19a6', 'a4717564f83b8fd543fa8bd1', '4717564f83b8fd543fa8bd19', '717564f83b8fd543fa8bd19a', '17564f83b8fd543fa8bd19a6', '7564f83b8fd543fa8bd1', '564f83b8fd543fa8bd19', '64f83b8fd543fa8bd19a', '4f83b8fd543fa8bd19a6', 'f83b8fd543fa8bd1', '83b8fd543fa8bd19', '3b8fd543fa8bd19a', 'b8fd543fa8bd19a6', '8fd543fa8bd1', 'fd543fa8bd19', 'd543fa8bd19a', '543fa8bd19a6', '43fa8bd1', '3fa8bd19', 'fa8bd19a', 'a8bd19a6', '8bd1', 'bd19', 'd19a', '19a6', '61d9bc5401d34f5690dfcde994cb91f2', '1d9bc5401d34f5690dfcde994cb9', 'd9bc5401d34f5690dfcde994cb91', '9bc5401d34f5690dfcde994cb91f', 'bc5401d34f5690dfcde994cb91f2', 'c5401d34f5690dfcde994cb9', '5401d34f5690dfcde994cb91', '401d34f5690dfcde994cb91f', '01d34f5690dfcde994cb91f2', '1d34f5690dfcde994cb9', 'd34f5690dfcde994cb91', '34f5690dfcde994cb91f', '4f5690dfcde994cb91f2', 'f5690dfcde994cb9', '5690dfcde994cb91', '690dfcde994cb91f', '90dfcde994cb91f2', '0dfcde994cb9', 'dfcde994cb91', 'fcde994cb91f', 'cde994cb91f2', 'de994cb9', 'e994cb91', '994cb91f', '94cb91f2', '4cb9', 'cb91', 'b91f', '91f2', '3c5a944466c44077b7e1a6ac6f30b03f', 'c5a944466c44077b7e1a6ac6f30b', '5a944466c44077b7e1a6ac6f30b0', 'a944466c44077b7e1a6ac6f30b03', '944466c44077b7e1a6ac6f30b03f', '44466c44077b7e1a6ac6f30b', '4466c44077b7e1a6ac6f30b0', '466c44077b7e1a6ac6f30b03', '66c44077b7e1a6ac6f30b03f', '6c44077b7e1a6ac6f30b', 'c44077b7e1a6ac6f30b0', '44077b7e1a6ac6f30b03', '4077b7e1a6ac6f30b03f', '077b7e1a6ac6f30b', '77b7e1a6ac6f30b0', '7b7e1a6ac6f30b03', 'b7e1a6ac6f30b03f', '7e1a6ac6f30b', 'e1a6ac6f30b0', '1a6ac6f30b03', 'a6ac6f30b03f', '6ac6f30b', 'ac6f30b0', 'c6f30b03', '6f30b03f', 'f30b', '30b0', '0b03', 'b03f', 'e50d96f218d84613ba5bd9a617b3f4f0', '50d96f218d84613ba5bd9a617b3f', '0d96f218d84613ba5bd9a617b3f4', 'd96f218d84613ba5bd9a617b3f4f', '96f218d84613ba5bd9a617b3f4f0', '6f218d84613ba5bd9a617b3f', 'f218d84613ba5bd9a617b3f4', '218d84613ba5bd9a617b3f4f', '18d84613ba5bd9a617b3f4f0', '8d84613ba5bd9a617b3f', 'd84613ba5bd9a617b3f4', '84613ba5bd9a617b3f4f', '4613ba5bd9a617b3f4f0', '613ba5bd9a617b3f', '13ba5bd9a617b3f4', '3ba5bd9a617b3f4f', 'ba5bd9a617b3f4f0', 'a5bd9a617b3f', '5bd9a617b3f4', 'bd9a617b3f4f', 'd9a617b3f4f0', '9a617b3f', 'a617b3f4', '617b3f4f', '17b3f4f0', '7b3f', 'b3f4', '3f4f', 'f4f0', '4ff35862067841adab04b1bfccbb1f34', 'ff35862067841adab04b1bfccbb1', 'f35862067841adab04b1bfccbb1f', '35862067841adab04b1bfccbb1f3', '5862067841adab04b1bfccbb1f34', '862067841adab04b1bfccbb1', '62067841adab04b1bfccbb1f', '2067841adab04b1bfccbb1f3', '067841adab04b1bfccbb1f34', '67841adab04b1bfccbb1', '7841adab04b1bfccbb1f', '841adab04b1bfccbb1f3', '41adab04b1bfccbb1f34', '1adab04b1bfccbb1', 'adab04b1bfccbb1f', 'dab04b1bfccbb1f3', 'ab04b1bfccbb1f34', 'b04b1bfccbb1', '04b1bfccbb1f', '4b1bfccbb1f3', 'b1bfccbb1f34', '1bfccbb1', 'bfccbb1f', 'fccbb1f3', 'ccbb1f34', 'cbb1', 'bb1f', 'b1f3', '1f34', '68e4f24cfb8147c289ec646a0a7a0834', '8e4f24cfb8147c289ec646a0a7a0', 'e4f24cfb8147c289ec646a0a7a08', '4f24cfb8147c289ec646a0a7a083', 'f24cfb8147c289ec646a0a7a0834', '24cfb8147c289ec646a0a7a0', '4cfb8147c289ec646a0a7a08', 'cfb8147c289ec646a0a7a083', 'fb8147c289ec646a0a7a0834', 'b8147c289ec646a0a7a0', '8147c289ec646a0a7a08', '147c289ec646a0a7a083', '47c289ec646a0a7a0834', '7c289ec646a0a7a0', 'c289ec646a0a7a08', '289ec646a0a7a083', '89ec646a0a7a0834', '9ec646a0a7a0', 'ec646a0a7a08', 'c646a0a7a083', '646a0a7a0834', '46a0a7a0', '6a0a7a08', 'a0a7a083', '0a7a0834', 'a7a0', '7a08', 'a083', '0834', '96c496e3c3a54fbb848ee060f8c4f355', '6c496e3c3a54fbb848ee060f8c4f', 'c496e3c3a54fbb848ee060f8c4f3', '496e3c3a54fbb848ee060f8c4f35', '96e3c3a54fbb848ee060f8c4f355', '6e3c3a54fbb848ee060f8c4f', 'e3c3a54fbb848ee060f8c4f3', '3c3a54fbb848ee060f8c4f35', 'c3a54fbb848ee060f8c4f355', '3a54fbb848ee060f8c4f', 'a54fbb848ee060f8c4f3', '54fbb848ee060f8c4f35', '4fbb848ee060f8c4f355', 'fbb848ee060f8c4f', 'bb848ee060f8c4f3', 'b848ee060f8c4f35', '848ee060f8c4f355', '48ee060f8c4f', '8ee060f8c4f3', 'ee060f8c4f35', 'e060f8c4f355', '060f8c4f', '60f8c4f3', '0f8c4f35', 'f8c4f355', '8c4f', 'c4f3', '4f35', 'f355', '4a614a8b163d4f0ea438914f5a28ce51', 'a614a8b163d4f0ea438914f5a28c', '614a8b163d4f0ea438914f5a28ce', '14a8b163d4f0ea438914f5a28ce5', '4a8b163d4f0ea438914f5a28ce51', 'a8b163d4f0ea438914f5a28c', '8b163d4f0ea438914f5a28ce', 'b163d4f0ea438914f5a28ce5', '163d4f0ea438914f5a28ce51', '63d4f0ea438914f5a28c', '3d4f0ea438914f5a28ce', 'd4f0ea438914f5a28ce5', '4f0ea438914f5a28ce51', 'f0ea438914f5a28c', '0ea438914f5a28ce', 'ea438914f5a28ce5', 'a438914f5a28ce51', '438914f5a28c', '38914f5a28ce', '8914f5a28ce5', '914f5a28ce51', '14f5a28c', '4f5a28ce', 'f5a28ce5', '5a28ce51', 'a28c', '28ce', '8ce5', 'ce51', '901a84b0d1e143deb562fd17ceebf571', '01a84b0d1e143deb562fd17ceebf', '1a84b0d1e143deb562fd17ceebf5', 'a84b0d1e143deb562fd17ceebf57', '84b0d1e143deb562fd17ceebf571', '4b0d1e143deb562fd17ceebf', 'b0d1e143deb562fd17ceebf5', '0d1e143deb562fd17ceebf57', 'd1e143deb562fd17ceebf571', '1e143deb562fd17ceebf', 'e143deb562fd17ceebf5', '143deb562fd17ceebf57', '43deb562fd17ceebf571', '3deb562fd17ceebf', 'deb562fd17ceebf5', 'eb562fd17ceebf57', 'b562fd17ceebf571', '562fd17ceebf', '62fd17ceebf5', '2fd17ceebf57', 'fd17ceebf571', 'd17ceebf', '17ceebf5', '7ceebf57', 'ceebf571', 'eebf', 'ebf5', 'bf57', 'f571', '6eb9e478e2194f1aa7429f8b122121f4', 'eb9e478e2194f1aa7429f8b12212', 'b9e478e2194f1aa7429f8b122121', '9e478e2194f1aa7429f8b122121f', 'e478e2194f1aa7429f8b122121f4', '478e2194f1aa7429f8b12212', '78e2194f1aa7429f8b122121', '8e2194f1aa7429f8b122121f', 'e2194f1aa7429f8b122121f4', '2194f1aa7429f8b12212', '194f1aa7429f8b122121', '94f1aa7429f8b122121f', '4f1aa7429f8b122121f4', 'f1aa7429f8b12212', '1aa7429f8b122121', 'aa7429f8b122121f', 'a7429f8b122121f4', '7429f8b12212', '429f8b122121', '29f8b122121f', '9f8b122121f4', 'f8b12212', '8b122121', 'b122121f', '122121f4', '2212', '2121', '121f', '21f4', 'a08cf5257c9540ffacf5c7f96fb6bf31', '08cf5257c9540ffacf5c7f96fb6b', '8cf5257c9540ffacf5c7f96fb6bf', 'cf5257c9540ffacf5c7f96fb6bf3', 'f5257c9540ffacf5c7f96fb6bf31', '5257c9540ffacf5c7f96fb6b', '257c9540ffacf5c7f96fb6bf', '57c9540ffacf5c7f96fb6bf3', '7c9540ffacf5c7f96fb6bf31', 'c9540ffacf5c7f96fb6b', '9540ffacf5c7f96fb6bf', '540ffacf5c7f96fb6bf3', '40ffacf5c7f96fb6bf31', '0ffacf5c7f96fb6b', 'ffacf5c7f96fb6bf', 'facf5c7f96fb6bf3', 'acf5c7f96fb6bf31', 'cf5c7f96fb6b', 'f5c7f96fb6bf', '5c7f96fb6bf3', 'c7f96fb6bf31', '7f96fb6b', 'f96fb6bf', '96fb6bf3', '6fb6bf31', 'fb6b', 'b6bf', '6bf3', 'bf31', 'fd438ea62820497088a0fcb4a7f1a581', 'd438ea62820497088a0fcb4a7f1a', '438ea62820497088a0fcb4a7f1a5', '38ea62820497088a0fcb4a7f1a58', '8ea62820497088a0fcb4a7f1a581', 'ea62820497088a0fcb4a7f1a', 'a62820497088a0fcb4a7f1a5', '62820497088a0fcb4a7f1a58', '2820497088a0fcb4a7f1a581', '820497088a0fcb4a7f1a', '20497088a0fcb4a7f1a5', '0497088a0fcb4a7f1a58', '497088a0fcb4a7f1a581', '97088a0fcb4a7f1a', '7088a0fcb4a7f1a5', '088a0fcb4a7f1a58', '88a0fcb4a7f1a581', '8a0fcb4a7f1a', 'a0fcb4a7f1a5', '0fcb4a7f1a58', 'fcb4a7f1a581', 'cb4a7f1a', 'b4a7f1a5', '4a7f1a58', 'a7f1a581', '7f1a', 'f1a5', '1a58', 'a581', 'b6f22ed232a2441da1350ead2b5b7d97', '6f22ed232a2441da1350ead2b5b7', 'f22ed232a2441da1350ead2b5b7d', '22ed232a2441da1350ead2b5b7d9', '2ed232a2441da1350ead2b5b7d97', 'ed232a2441da1350ead2b5b7', 'd232a2441da1350ead2b5b7d', '232a2441da1350ead2b5b7d9', '32a2441da1350ead2b5b7d97', '2a2441da1350ead2b5b7', 'a2441da1350ead2b5b7d', '2441da1350ead2b5b7d9', '441da1350ead2b5b7d97', '41da1350ead2b5b7', '1da1350ead2b5b7d', 'da1350ead2b5b7d9', 'a1350ead2b5b7d97', '1350ead2b5b7', '350ead2b5b7d', '50ead2b5b7d9', '0ead2b5b7d97', 'ead2b5b7', 'ad2b5b7d', 'd2b5b7d9', '2b5b7d97', 'b5b7', '5b7d', 'b7d9', '7d97', '93e2abdd886c49d3aa4ce224317dbf55', '3e2abdd886c49d3aa4ce224317db', 'e2abdd886c49d3aa4ce224317dbf', '2abdd886c49d3aa4ce224317dbf5', 'abdd886c49d3aa4ce224317dbf55', 'bdd886c49d3aa4ce224317db', 'dd886c49d3aa4ce224317dbf', 'd886c49d3aa4ce224317dbf5', '886c49d3aa4ce224317dbf55', '86c49d3aa4ce224317db', '6c49d3aa4ce224317dbf', 'c49d3aa4ce224317dbf5', '49d3aa4ce224317dbf55', '9d3aa4ce224317db', 'd3aa4ce224317dbf', '3aa4ce224317dbf5', 'aa4ce224317dbf55', 'a4ce224317db', '4ce224317dbf', 'ce224317dbf5', 'e224317dbf55', '224317db', '24317dbf', '4317dbf5', '317dbf55', '17db', '7dbf', 'dbf5', 'bf55', 'e30b53871c1043af98ae565556077eb7', '30b53871c1043af98ae565556077', '0b53871c1043af98ae565556077e', 'b53871c1043af98ae565556077eb', '53871c1043af98ae565556077eb7', '3871c1043af98ae565556077', '871c1043af98ae565556077e', '71c1043af98ae565556077eb', '1c1043af98ae565556077eb7', 'c1043af98ae565556077', '1043af98ae565556077e', '043af98ae565556077eb', '43af98ae565556077eb7', '3af98ae565556077', 'af98ae565556077e', 'f98ae565556077eb', '98ae565556077eb7', '8ae565556077', 'ae565556077e', 'e565556077eb', '565556077eb7', '65556077', '5556077e', '556077eb', '56077eb7', '6077', '077e', '77eb', '7eb7', '02de2f24483e4f9381a5b4c4ff288a4c', '2de2f24483e4f9381a5b4c4ff288', 'de2f24483e4f9381a5b4c4ff288a', 'e2f24483e4f9381a5b4c4ff288a4', '2f24483e4f9381a5b4c4ff288a4c', 'f24483e4f9381a5b4c4ff288', '24483e4f9381a5b4c4ff288a', '4483e4f9381a5b4c4ff288a4', '483e4f9381a5b4c4ff288a4c', '83e4f9381a5b4c4ff288', '3e4f9381a5b4c4ff288a', 'e4f9381a5b4c4ff288a4', '4f9381a5b4c4ff288a4c', 'f9381a5b4c4ff288', '9381a5b4c4ff288a', '381a5b4c4ff288a4', '81a5b4c4ff288a4c', '1a5b4c4ff288', 'a5b4c4ff288a', '5b4c4ff288a4', 'b4c4ff288a4c', '4c4ff288', 'c4ff288a', '4ff288a4', 'ff288a4c', 'f288', '288a', '88a4', '8a4c', '5589baeb081d49aaaed217379920801b', '589baeb081d49aaaed2173799208', '89baeb081d49aaaed21737992080', '9baeb081d49aaaed217379920801', 'baeb081d49aaaed217379920801b', 'aeb081d49aaaed2173799208', 'eb081d49aaaed21737992080', 'b081d49aaaed217379920801', '081d49aaaed217379920801b', '81d49aaaed2173799208', '1d49aaaed21737992080', 'd49aaaed217379920801', '49aaaed217379920801b', '9aaaed2173799208', 'aaaed21737992080', 'aaed217379920801', 'aed217379920801b', 'ed2173799208', 'd21737992080', '217379920801', '17379920801b', '73799208', '37992080', '79920801', '9920801b', '9208', '2080', '0801', '801b', '1d05a4eb01b941bf99f91100acaa2e4c', 'd05a4eb01b941bf99f91100acaa2', '05a4eb01b941bf99f91100acaa2e', '5a4eb01b941bf99f91100acaa2e4', 'a4eb01b941bf99f91100acaa2e4c', '4eb01b941bf99f91100acaa2', 'eb01b941bf99f91100acaa2e', 'b01b941bf99f91100acaa2e4', '01b941bf99f91100acaa2e4c', '1b941bf99f91100acaa2', 'b941bf99f91100acaa2e', '941bf99f91100acaa2e4', '41bf99f91100acaa2e4c', '1bf99f91100acaa2', 'bf99f91100acaa2e', 'f99f91100acaa2e4', '99f91100acaa2e4c', '9f91100acaa2', 'f91100acaa2e', '91100acaa2e4', '1100acaa2e4c', '100acaa2', '00acaa2e', '0acaa2e4', 'acaa2e4c', 'caa2', 'aa2e', 'a2e4', '2e4c', 'd7d5e8a982a44cc59856a41cf2422189', '7d5e8a982a44cc59856a41cf2422', 'd5e8a982a44cc59856a41cf24221', '5e8a982a44cc59856a41cf242218', 'e8a982a44cc59856a41cf2422189', '8a982a44cc59856a41cf2422', 'a982a44cc59856a41cf24221', '982a44cc59856a41cf242218', '82a44cc59856a41cf2422189', '2a44cc59856a41cf2422', 'a44cc59856a41cf24221', '44cc59856a41cf242218', '4cc59856a41cf2422189', 'cc59856a41cf2422', 'c59856a41cf24221', '59856a41cf242218', '9856a41cf2422189', '856a41cf2422', '56a41cf24221', '6a41cf242218', 'a41cf2422189', '41cf2422', '1cf24221', 'cf242218', 'f2422189', '2422', '4221', '2218', '2189', 'a56e3e5bd8c84978a7ca398598673f64', '56e3e5bd8c84978a7ca398598673', '6e3e5bd8c84978a7ca398598673f', 'e3e5bd8c84978a7ca398598673f6', '3e5bd8c84978a7ca398598673f64', 'e5bd8c84978a7ca398598673', '5bd8c84978a7ca398598673f', 'bd8c84978a7ca398598673f6', 'd8c84978a7ca398598673f64', '8c84978a7ca398598673', 'c84978a7ca398598673f', '84978a7ca398598673f6', '4978a7ca398598673f64', '978a7ca398598673', '78a7ca398598673f', '8a7ca398598673f6', 'a7ca398598673f64', '7ca398598673', 'ca398598673f', 'a398598673f6', '398598673f64', '98598673', '8598673f', '598673f6', '98673f64', '8673', '673f', '73f6', '3f64', '9e19f153f45d46198b1c97ed081d980d', 'e19f153f45d46198b1c97ed081d9', '19f153f45d46198b1c97ed081d98', '9f153f45d46198b1c97ed081d980', 'f153f45d46198b1c97ed081d980d', '153f45d46198b1c97ed081d9', '53f45d46198b1c97ed081d98', '3f45d46198b1c97ed081d980', 'f45d46198b1c97ed081d980d', '45d46198b1c97ed081d9', '5d46198b1c97ed081d98', 'd46198b1c97ed081d980', '46198b1c97ed081d980d', '6198b1c97ed081d9', '198b1c97ed081d98', '98b1c97ed081d980', '8b1c97ed081d980d', 'b1c97ed081d9', '1c97ed081d98', 'c97ed081d980', '97ed081d980d', '7ed081d9', 'ed081d98', 'd081d980', '081d980d', '81d9', '1d98', 'd980', '980d', 'bd6c5065737c42c99bc694464bf154ae', 'd6c5065737c42c99bc694464bf15', '6c5065737c42c99bc694464bf154', 'c5065737c42c99bc694464bf154a', '5065737c42c99bc694464bf154ae', '065737c42c99bc694464bf15', '65737c42c99bc694464bf154', '5737c42c99bc694464bf154a', '737c42c99bc694464bf154ae', '37c42c99bc694464bf15', '7c42c99bc694464bf154', 'c42c99bc694464bf154a', '42c99bc694464bf154ae', '2c99bc694464bf15', 'c99bc694464bf154', '99bc694464bf154a', '9bc694464bf154ae', 'bc694464bf15', 'c694464bf154', '694464bf154a', '94464bf154ae', '4464bf15', '464bf154', '64bf154a', '4bf154ae', 'bf15', 'f154', '154a', '54ae', 'e0734db648774bd89db6758c0cce08c7', '0734db648774bd89db6758c0cce0', '734db648774bd89db6758c0cce08', '34db648774bd89db6758c0cce08c', '4db648774bd89db6758c0cce08c7', 'db648774bd89db6758c0cce0', 'b648774bd89db6758c0cce08', '648774bd89db6758c0cce08c', '48774bd89db6758c0cce08c7', '8774bd89db6758c0cce0', '774bd89db6758c0cce08', '74bd89db6758c0cce08c', '4bd89db6758c0cce08c7', 'bd89db6758c0cce0', 'd89db6758c0cce08', '89db6758c0cce08c', '9db6758c0cce08c7', 'db6758c0cce0', 'b6758c0cce08', '6758c0cce08c', '758c0cce08c7', '58c0cce0', '8c0cce08', 'c0cce08c', '0cce08c7', 'cce0', 'ce08', 'e08c', '08c7', '6aef7c42e7964a5fab0b05b79f5a8a5c', 'aef7c42e7964a5fab0b05b79f5a8', 'ef7c42e7964a5fab0b05b79f5a8a', 'f7c42e7964a5fab0b05b79f5a8a5', '7c42e7964a5fab0b05b79f5a8a5c', 'c42e7964a5fab0b05b79f5a8', '42e7964a5fab0b05b79f5a8a', '2e7964a5fab0b05b79f5a8a5', 'e7964a5fab0b05b79f5a8a5c', '7964a5fab0b05b79f5a8', '964a5fab0b05b79f5a8a', '64a5fab0b05b79f5a8a5', '4a5fab0b05b79f5a8a5c', 'a5fab0b05b79f5a8', '5fab0b05b79f5a8a', 'fab0b05b79f5a8a5', 'ab0b05b79f5a8a5c', 'b0b05b79f5a8', '0b05b79f5a8a', 'b05b79f5a8a5', '05b79f5a8a5c', '5b79f5a8', 'b79f5a8a', '79f5a8a5', '9f5a8a5c', 'f5a8', '5a8a', 'a8a5', '8a5c', 'fc96d90fd49d415e848087ac55c4557f', 'c96d90fd49d415e848087ac55c45', '96d90fd49d415e848087ac55c455', '6d90fd49d415e848087ac55c4557', 'd90fd49d415e848087ac55c4557f', '90fd49d415e848087ac55c45', '0fd49d415e848087ac55c455', 'fd49d415e848087ac55c4557', 'd49d415e848087ac55c4557f', '49d415e848087ac55c45', '9d415e848087ac55c455', 'd415e848087ac55c4557', '415e848087ac55c4557f', '15e848087ac55c45', '5e848087ac55c455', 'e848087ac55c4557', '848087ac55c4557f', '48087ac55c45', '8087ac55c455', '087ac55c4557', '87ac55c4557f', '7ac55c45', 'ac55c455', 'c55c4557', '55c4557f', '5c45', 'c455', '4557', '557f', '9bee1f78b8d148829ce9836e6aa0ec09', 'bee1f78b8d148829ce9836e6aa0e', 'ee1f78b8d148829ce9836e6aa0ec', 'e1f78b8d148829ce9836e6aa0ec0', '1f78b8d148829ce9836e6aa0ec09', 'f78b8d148829ce9836e6aa0e', '78b8d148829ce9836e6aa0ec', '8b8d148829ce9836e6aa0ec0', 'b8d148829ce9836e6aa0ec09', '8d148829ce9836e6aa0e', 'd148829ce9836e6aa0ec', '148829ce9836e6aa0ec0', '48829ce9836e6aa0ec09', '8829ce9836e6aa0e', '829ce9836e6aa0ec', '29ce9836e6aa0ec0', '9ce9836e6aa0ec09', 'ce9836e6aa0e', 'e9836e6aa0ec', '9836e6aa0ec0', '836e6aa0ec09', '36e6aa0e', '6e6aa0ec', 'e6aa0ec0', '6aa0ec09', 'aa0e', 'a0ec', '0ec0', 'ec09', '072bfb4db7c24767846180ed9891d74a', '72bfb4db7c24767846180ed9891d', '2bfb4db7c24767846180ed9891d7', 'bfb4db7c24767846180ed9891d74', 'fb4db7c24767846180ed9891d74a', 'b4db7c24767846180ed9891d', '4db7c24767846180ed9891d7', 'db7c24767846180ed9891d74', 'b7c24767846180ed9891d74a', '7c24767846180ed9891d', 'c24767846180ed9891d7', '24767846180ed9891d74', '4767846180ed9891d74a', '767846180ed9891d', '67846180ed9891d7', '7846180ed9891d74', '846180ed9891d74a', '46180ed9891d', '6180ed9891d7', '180ed9891d74', '80ed9891d74a', '0ed9891d', 'ed9891d7', 'd9891d74', '9891d74a', '891d', '91d7', '1d74', 'd74a', 'ad102987b2a34a21928edb663ee9cdc6', 'd102987b2a34a21928edb663ee9c', '102987b2a34a21928edb663ee9cd', '02987b2a34a21928edb663ee9cdc', '2987b2a34a21928edb663ee9cdc6', '987b2a34a21928edb663ee9c', '87b2a34a21928edb663ee9cd', '7b2a34a21928edb663ee9cdc', 'b2a34a21928edb663ee9cdc6', '2a34a21928edb663ee9c', 'a34a21928edb663ee9cd', '34a21928edb663ee9cdc', '4a21928edb663ee9cdc6', 'a21928edb663ee9c', '21928edb663ee9cd', '1928edb663ee9cdc', '928edb663ee9cdc6', '28edb663ee9c', '8edb663ee9cd', 'edb663ee9cdc', 'db663ee9cdc6', 'b663ee9c', '663ee9cd', '63ee9cdc', '3ee9cdc6', 'ee9c', 'e9cd', '9cdc', 'cdc6', '41436c7bab6e414e8e9fc07a40cf1cc3', '1436c7bab6e414e8e9fc07a40cf1', '436c7bab6e414e8e9fc07a40cf1c', '36c7bab6e414e8e9fc07a40cf1cc', '6c7bab6e414e8e9fc07a40cf1cc3', 'c7bab6e414e8e9fc07a40cf1', '7bab6e414e8e9fc07a40cf1c', 'bab6e414e8e9fc07a40cf1cc', 'ab6e414e8e9fc07a40cf1cc3', 'b6e414e8e9fc07a40cf1', '6e414e8e9fc07a40cf1c', 'e414e8e9fc07a40cf1cc', '414e8e9fc07a40cf1cc3', '14e8e9fc07a40cf1', '4e8e9fc07a40cf1c', 'e8e9fc07a40cf1cc', '8e9fc07a40cf1cc3', 'e9fc07a40cf1', '9fc07a40cf1c', 'fc07a40cf1cc', 'c07a40cf1cc3', '07a40cf1', '7a40cf1c', 'a40cf1cc', '40cf1cc3', '0cf1', 'cf1c', 'f1cc', '1cc3', '99917951f7534bbe81016c5d053fec11', '9917951f7534bbe81016c5d053fe', '917951f7534bbe81016c5d053fec', '17951f7534bbe81016c5d053fec1', '7951f7534bbe81016c5d053fec11', '951f7534bbe81016c5d053fe', '51f7534bbe81016c5d053fec', '1f7534bbe81016c5d053fec1', 'f7534bbe81016c5d053fec11', '7534bbe81016c5d053fe', '534bbe81016c5d053fec', '34bbe81016c5d053fec1', '4bbe81016c5d053fec11', 'bbe81016c5d053fe', 'be81016c5d053fec', 'e81016c5d053fec1', '81016c5d053fec11', '1016c5d053fe', '016c5d053fec', '16c5d053fec1', '6c5d053fec11', 'c5d053fe', '5d053fec', 'd053fec1', '053fec11', '53fe', '3fec', 'fec1', 'ec11', '5539c661ad0f4e7e99066094d4533489', '539c661ad0f4e7e99066094d4533', '39c661ad0f4e7e99066094d45334', '9c661ad0f4e7e99066094d453348', 'c661ad0f4e7e99066094d4533489', '661ad0f4e7e99066094d4533', '61ad0f4e7e99066094d45334', '1ad0f4e7e99066094d453348', 'ad0f4e7e99066094d4533489', 'd0f4e7e99066094d4533', '0f4e7e99066094d45334', 'f4e7e99066094d453348', '4e7e99066094d4533489', 'e7e99066094d4533', '7e99066094d45334', 'e99066094d453348', '99066094d4533489', '9066094d4533', '066094d45334', '66094d453348', '6094d4533489', '094d4533', '94d45334', '4d453348', 'd4533489', '4533', '5334', '3348', '3489', '5358c8960e734a34a38df267da584b15', '358c8960e734a34a38df267da584', '58c8960e734a34a38df267da584b', '8c8960e734a34a38df267da584b1', 'c8960e734a34a38df267da584b15', '8960e734a34a38df267da584', '960e734a34a38df267da584b', '60e734a34a38df267da584b1', '0e734a34a38df267da584b15', 'e734a34a38df267da584', '734a34a38df267da584b', '34a34a38df267da584b1', '4a34a38df267da584b15', 'a34a38df267da584', '34a38df267da584b', '4a38df267da584b1', 'a38df267da584b15', '38df267da584', '8df267da584b', 'df267da584b1', 'f267da584b15', '267da584', '67da584b', '7da584b1', 'da584b15', 'a584', '584b', '84b1', '4b15', '76262de4fa2248c8a143c5df3d18b02c', '6262de4fa2248c8a143c5df3d18b', '262de4fa2248c8a143c5df3d18b0', '62de4fa2248c8a143c5df3d18b02', '2de4fa2248c8a143c5df3d18b02c', 'de4fa2248c8a143c5df3d18b', 'e4fa2248c8a143c5df3d18b0', '4fa2248c8a143c5df3d18b02', 'fa2248c8a143c5df3d18b02c', 'a2248c8a143c5df3d18b', '2248c8a143c5df3d18b0', '248c8a143c5df3d18b02', '48c8a143c5df3d18b02c', '8c8a143c5df3d18b', 'c8a143c5df3d18b0', '8a143c5df3d18b02', 'a143c5df3d18b02c', '143c5df3d18b', '43c5df3d18b0', '3c5df3d18b02', 'c5df3d18b02c', '5df3d18b', 'df3d18b0', 'f3d18b02', '3d18b02c', 'd18b', '18b0', '8b02', 'b02c', '37ed1789cdf1452e91f3b74b6a25ab1d', '7ed1789cdf1452e91f3b74b6a25a', 'ed1789cdf1452e91f3b74b6a25ab', 'd1789cdf1452e91f3b74b6a25ab1', '1789cdf1452e91f3b74b6a25ab1d', '789cdf1452e91f3b74b6a25a', '89cdf1452e91f3b74b6a25ab', '9cdf1452e91f3b74b6a25ab1', 'cdf1452e91f3b74b6a25ab1d', 'df1452e91f3b74b6a25a', 'f1452e91f3b74b6a25ab', '1452e91f3b74b6a25ab1', '452e91f3b74b6a25ab1d', '52e91f3b74b6a25a', '2e91f3b74b6a25ab', 'e91f3b74b6a25ab1', '91f3b74b6a25ab1d', '1f3b74b6a25a', 'f3b74b6a25ab', '3b74b6a25ab1', 'b74b6a25ab1d', '74b6a25a', '4b6a25ab', 'b6a25ab1', '6a25ab1d', 'a25a', '25ab', '5ab1', 'ab1d', 'df61349e2fb145dab8f6fd4c3e6ed676', 'f61349e2fb145dab8f6fd4c3e6ed', '61349e2fb145dab8f6fd4c3e6ed6', '1349e2fb145dab8f6fd4c3e6ed67', '349e2fb145dab8f6fd4c3e6ed676', '49e2fb145dab8f6fd4c3e6ed', '9e2fb145dab8f6fd4c3e6ed6', 'e2fb145dab8f6fd4c3e6ed67', '2fb145dab8f6fd4c3e6ed676', 'fb145dab8f6fd4c3e6ed', 'b145dab8f6fd4c3e6ed6', '145dab8f6fd4c3e6ed67', '45dab8f6fd4c3e6ed676', '5dab8f6fd4c3e6ed', 'dab8f6fd4c3e6ed6', 'ab8f6fd4c3e6ed67', 'b8f6fd4c3e6ed676', '8f6fd4c3e6ed', 'f6fd4c3e6ed6', '6fd4c3e6ed67', 'fd4c3e6ed676', 'd4c3e6ed', '4c3e6ed6', 'c3e6ed67', '3e6ed676', 'e6ed', '6ed6', 'ed67', 'd676', '54dda453b94b4b8da0dd9680c199351e', '4dda453b94b4b8da0dd9680c1993', 'dda453b94b4b8da0dd9680c19935', 'da453b94b4b8da0dd9680c199351', 'a453b94b4b8da0dd9680c199351e', '453b94b4b8da0dd9680c1993', '53b94b4b8da0dd9680c19935', '3b94b4b8da0dd9680c199351', 'b94b4b8da0dd9680c199351e', '94b4b8da0dd9680c1993', '4b4b8da0dd9680c19935', 'b4b8da0dd9680c199351', '4b8da0dd9680c199351e', 'b8da0dd9680c1993', '8da0dd9680c19935', 'da0dd9680c199351', 'a0dd9680c199351e', '0dd9680c1993', 'dd9680c19935', 'd9680c199351', '9680c199351e', '680c1993', '80c19935', '0c199351', 'c199351e', '1993', '9935', '9351', '351e', '86bce48724d64269bb2956c77d2c9ada', '6bce48724d64269bb2956c77d2c9', 'bce48724d64269bb2956c77d2c9a', 'ce48724d64269bb2956c77d2c9ad', 'e48724d64269bb2956c77d2c9ada', '48724d64269bb2956c77d2c9', '8724d64269bb2956c77d2c9a', '724d64269bb2956c77d2c9ad', '24d64269bb2956c77d2c9ada', '4d64269bb2956c77d2c9', 'd64269bb2956c77d2c9a', '64269bb2956c77d2c9ad', '4269bb2956c77d2c9ada', '269bb2956c77d2c9', '69bb2956c77d2c9a', '9bb2956c77d2c9ad', 'bb2956c77d2c9ada', 'b2956c77d2c9', '2956c77d2c9a', '956c77d2c9ad', '56c77d2c9ada', '6c77d2c9', 'c77d2c9a', '77d2c9ad', '7d2c9ada', 'd2c9', '2c9a', 'c9ad', '9ada', '2a40c26cc43e4f488c79dd860f94ceca', 'a40c26cc43e4f488c79dd860f94c', '40c26cc43e4f488c79dd860f94ce', '0c26cc43e4f488c79dd860f94cec', 'c26cc43e4f488c79dd860f94ceca', '26cc43e4f488c79dd860f94c', '6cc43e4f488c79dd860f94ce', 'cc43e4f488c79dd860f94cec', 'c43e4f488c79dd860f94ceca', '43e4f488c79dd860f94c', '3e4f488c79dd860f94ce', 'e4f488c79dd860f94cec', '4f488c79dd860f94ceca', 'f488c79dd860f94c', '488c79dd860f94ce', '88c79dd860f94cec', '8c79dd860f94ceca', 'c79dd860f94c', '79dd860f94ce', '9dd860f94cec', 'dd860f94ceca', 'd860f94c', '860f94ce', '60f94cec', '0f94ceca', 'f94c', '94ce', '4cec', 'ceca', 'a60203533ed947458fcd418c6faee8a6', '60203533ed947458fcd418c6faee', '0203533ed947458fcd418c6faee8', '203533ed947458fcd418c6faee8a', '03533ed947458fcd418c6faee8a6', '3533ed947458fcd418c6faee', '533ed947458fcd418c6faee8', '33ed947458fcd418c6faee8a', '3ed947458fcd418c6faee8a6', 'ed947458fcd418c6faee', 'd947458fcd418c6faee8', '947458fcd418c6faee8a', '47458fcd418c6faee8a6', '7458fcd418c6faee', '458fcd418c6faee8', '58fcd418c6faee8a', '8fcd418c6faee8a6', 'fcd418c6faee', 'cd418c6faee8', 'd418c6faee8a', '418c6faee8a6', '18c6faee', '8c6faee8', 'c6faee8a', '6faee8a6', 'faee', 'aee8', 'ee8a', 'e8a6', '59e0f2643f9144f487a3ec082abe60cf', '9e0f2643f9144f487a3ec082abe6', 'e0f2643f9144f487a3ec082abe60', '0f2643f9144f487a3ec082abe60c', 'f2643f9144f487a3ec082abe60cf', '2643f9144f487a3ec082abe6', '643f9144f487a3ec082abe60', '43f9144f487a3ec082abe60c', '3f9144f487a3ec082abe60cf', 'f9144f487a3ec082abe6', '9144f487a3ec082abe60', '144f487a3ec082abe60c', '44f487a3ec082abe60cf', '4f487a3ec082abe6', 'f487a3ec082abe60', '487a3ec082abe60c', '87a3ec082abe60cf', '7a3ec082abe6', 'a3ec082abe60', '3ec082abe60c', 'ec082abe60cf', 'c082abe6', '082abe60', '82abe60c', '2abe60cf', 'abe6', 'be60', 'e60c', '60cf', 'bc46424e3e2a414b87d3ded325ca4037', 'c46424e3e2a414b87d3ded325ca4', '46424e3e2a414b87d3ded325ca40', '6424e3e2a414b87d3ded325ca403', '424e3e2a414b87d3ded325ca4037', '24e3e2a414b87d3ded325ca4', '4e3e2a414b87d3ded325ca40', 'e3e2a414b87d3ded325ca403', '3e2a414b87d3ded325ca4037', 'e2a414b87d3ded325ca4', '2a414b87d3ded325ca40', 'a414b87d3ded325ca403', '414b87d3ded325ca4037', '14b87d3ded325ca4', '4b87d3ded325ca40', 'b87d3ded325ca403', '87d3ded325ca4037', '7d3ded325ca4', 'd3ded325ca40', '3ded325ca403', 'ded325ca4037', 'ed325ca4', 'd325ca40', '325ca403', '25ca4037', '5ca4', 'ca40', 'a403', '4037', '348b346f247e4242a9955206ffe865e5', '48b346f247e4242a9955206ffe86', '8b346f247e4242a9955206ffe865', 'b346f247e4242a9955206ffe865e', '346f247e4242a9955206ffe865e5', '46f247e4242a9955206ffe86', '6f247e4242a9955206ffe865', 'f247e4242a9955206ffe865e', '247e4242a9955206ffe865e5', '47e4242a9955206ffe86', '7e4242a9955206ffe865', 'e4242a9955206ffe865e', '4242a9955206ffe865e5', '242a9955206ffe86', '42a9955206ffe865', '2a9955206ffe865e', 'a9955206ffe865e5', '9955206ffe86', '955206ffe865', '55206ffe865e', '5206ffe865e5', '206ffe86', '06ffe865', '6ffe865e', 'ffe865e5', 'fe86', 'e865', '865e', '65e5', 'e53253682c7a4a11b47ddf23c682759e', '53253682c7a4a11b47ddf23c6827', '3253682c7a4a11b47ddf23c68275', '253682c7a4a11b47ddf23c682759', '53682c7a4a11b47ddf23c682759e', '3682c7a4a11b47ddf23c6827', '682c7a4a11b47ddf23c68275', '82c7a4a11b47ddf23c682759', '2c7a4a11b47ddf23c682759e', 'c7a4a11b47ddf23c6827', '7a4a11b47ddf23c68275', 'a4a11b47ddf23c682759', '4a11b47ddf23c682759e', 'a11b47ddf23c6827', '11b47ddf23c68275', '1b47ddf23c682759', 'b47ddf23c682759e', '47ddf23c6827', '7ddf23c68275', 'ddf23c682759', 'df23c682759e', 'f23c6827', '23c68275', '3c682759', 'c682759e', '6827', '8275', '2759', '759e', 'b67cb763f0104298a66947ad71ac7e95', '67cb763f0104298a66947ad71ac7', '7cb763f0104298a66947ad71ac7e', 'cb763f0104298a66947ad71ac7e9', 'b763f0104298a66947ad71ac7e95', '763f0104298a66947ad71ac7', '63f0104298a66947ad71ac7e', '3f0104298a66947ad71ac7e9', 'f0104298a66947ad71ac7e95', '0104298a66947ad71ac7', '104298a66947ad71ac7e', '04298a66947ad71ac7e9', '4298a66947ad71ac7e95', '298a66947ad71ac7', '98a66947ad71ac7e', '8a66947ad71ac7e9', 'a66947ad71ac7e95', '66947ad71ac7', '6947ad71ac7e', '947ad71ac7e9', '47ad71ac7e95', '7ad71ac7', 'ad71ac7e', 'd71ac7e9', '71ac7e95', '1ac7', 'ac7e', 'c7e9', '7e95', '2554099822f34631a849e9761bb1acd5', '554099822f34631a849e9761bb1a', '54099822f34631a849e9761bb1ac', '4099822f34631a849e9761bb1acd', '099822f34631a849e9761bb1acd5', '99822f34631a849e9761bb1a', '9822f34631a849e9761bb1ac', '822f34631a849e9761bb1acd', '22f34631a849e9761bb1acd5', '2f34631a849e9761bb1a', 'f34631a849e9761bb1ac', '34631a849e9761bb1acd', '4631a849e9761bb1acd5', '631a849e9761bb1a', '31a849e9761bb1ac', '1a849e9761bb1acd', 'a849e9761bb1acd5', '849e9761bb1a', '49e9761bb1ac', '9e9761bb1acd', 'e9761bb1acd5', '9761bb1a', '761bb1ac', '61bb1acd', '1bb1acd5', 'bb1a', 'b1ac', '1acd', 'acd5', 'f2388ebc7a4f480f88350d91845094cb', '2388ebc7a4f480f88350d9184509', '388ebc7a4f480f88350d91845094', '88ebc7a4f480f88350d91845094c', '8ebc7a4f480f88350d91845094cb', 'ebc7a4f480f88350d9184509', 'bc7a4f480f88350d91845094', 'c7a4f480f88350d91845094c', '7a4f480f88350d91845094cb', 'a4f480f88350d9184509', '4f480f88350d91845094', 'f480f88350d91845094c', '480f88350d91845094cb', '80f88350d9184509', '0f88350d91845094', 'f88350d91845094c', '88350d91845094cb', '8350d9184509', '350d91845094', '50d91845094c', '0d91845094cb', 'd9184509', '91845094', '1845094c', '845094cb', '4509', '5094', '094c', '94cb', '260d05322d1841a6a194d93139fa35ce', '60d05322d1841a6a194d93139fa3', '0d05322d1841a6a194d93139fa35', 'd05322d1841a6a194d93139fa35c', '05322d1841a6a194d93139fa35ce', '5322d1841a6a194d93139fa3', '322d1841a6a194d93139fa35', '22d1841a6a194d93139fa35c', '2d1841a6a194d93139fa35ce', 'd1841a6a194d93139fa3', '1841a6a194d93139fa35', '841a6a194d93139fa35c', '41a6a194d93139fa35ce', '1a6a194d93139fa3', 'a6a194d93139fa35', '6a194d93139fa35c', 'a194d93139fa35ce', '194d93139fa3', '94d93139fa35', '4d93139fa35c', 'd93139fa35ce', '93139fa3', '3139fa35', '139fa35c', '39fa35ce', '9fa3', 'fa35', 'a35c', '35ce', 'f10c8a0658784fe1b3493271f1ffbe90', '10c8a0658784fe1b3493271f1ffb', '0c8a0658784fe1b3493271f1ffbe', 'c8a0658784fe1b3493271f1ffbe9', '8a0658784fe1b3493271f1ffbe90', 'a0658784fe1b3493271f1ffb', '0658784fe1b3493271f1ffbe', '658784fe1b3493271f1ffbe9', '58784fe1b3493271f1ffbe90', '8784fe1b3493271f1ffb', '784fe1b3493271f1ffbe', '84fe1b3493271f1ffbe9', '4fe1b3493271f1ffbe90', 'fe1b3493271f1ffb', 'e1b3493271f1ffbe', '1b3493271f1ffbe9', 'b3493271f1ffbe90', '3493271f1ffb', '493271f1ffbe', '93271f1ffbe9', '3271f1ffbe90', '271f1ffb', '71f1ffbe', '1f1ffbe9', 'f1ffbe90', '1ffb', 'ffbe', 'fbe9', 'be90', '84d4198945cf4b2297c4cb602118ff7f', '4d4198945cf4b2297c4cb602118f', 'd4198945cf4b2297c4cb602118ff', '4198945cf4b2297c4cb602118ff7', '198945cf4b2297c4cb602118ff7f', '98945cf4b2297c4cb602118f', '8945cf4b2297c4cb602118ff', '945cf4b2297c4cb602118ff7', '45cf4b2297c4cb602118ff7f', '5cf4b2297c4cb602118f', 'cf4b2297c4cb602118ff', 'f4b2297c4cb602118ff7', '4b2297c4cb602118ff7f', 'b2297c4cb602118f', '2297c4cb602118ff', '297c4cb602118ff7', '97c4cb602118ff7f', '7c4cb602118f', 'c4cb602118ff', '4cb602118ff7', 'cb602118ff7f', 'b602118f', '602118ff', '02118ff7', '2118ff7f', '118f', '18ff', '8ff7', 'ff7f', 'a7bbe6fc6cd544e49dda0d4391772313', '7bbe6fc6cd544e49dda0d4391772', 'bbe6fc6cd544e49dda0d43917723', 'be6fc6cd544e49dda0d439177231', 'e6fc6cd544e49dda0d4391772313', '6fc6cd544e49dda0d4391772', 'fc6cd544e49dda0d43917723', 'c6cd544e49dda0d439177231', '6cd544e49dda0d4391772313', 'cd544e49dda0d4391772', 'd544e49dda0d43917723', '544e49dda0d439177231', '44e49dda0d4391772313', '4e49dda0d4391772', 'e49dda0d43917723', '49dda0d439177231', '9dda0d4391772313', 'dda0d4391772', 'da0d43917723', 'a0d439177231', '0d4391772313', 'd4391772', '43917723', '39177231', '91772313', '1772', '7723', '7231', '2313', 'c93ab64aeb16472da89f1ccb114e96b2', '93ab64aeb16472da89f1ccb114e9', '3ab64aeb16472da89f1ccb114e96', 'ab64aeb16472da89f1ccb114e96b', 'b64aeb16472da89f1ccb114e96b2', '64aeb16472da89f1ccb114e9', '4aeb16472da89f1ccb114e96', 'aeb16472da89f1ccb114e96b', 'eb16472da89f1ccb114e96b2', 'b16472da89f1ccb114e9', '16472da89f1ccb114e96', '6472da89f1ccb114e96b', '472da89f1ccb114e96b2', '72da89f1ccb114e9', '2da89f1ccb114e96', 'da89f1ccb114e96b', 'a89f1ccb114e96b2', '89f1ccb114e9', '9f1ccb114e96', 'f1ccb114e96b', '1ccb114e96b2', 'ccb114e9', 'cb114e96', 'b114e96b', '114e96b2', '14e9', '4e96', 'e96b', '96b2', '9c5c5395f84a459e8804115137a9ba5e', 'c5c5395f84a459e8804115137a9b', '5c5395f84a459e8804115137a9ba', 'c5395f84a459e8804115137a9ba5', '5395f84a459e8804115137a9ba5e', '395f84a459e8804115137a9b', '95f84a459e8804115137a9ba', '5f84a459e8804115137a9ba5', 'f84a459e8804115137a9ba5e', '84a459e8804115137a9b', '4a459e8804115137a9ba', 'a459e8804115137a9ba5', '459e8804115137a9ba5e', '59e8804115137a9b', '9e8804115137a9ba', 'e8804115137a9ba5', '8804115137a9ba5e', '804115137a9b', '04115137a9ba', '4115137a9ba5', '115137a9ba5e', '15137a9b', '5137a9ba', '137a9ba5', '37a9ba5e', '7a9b', 'a9ba', '9ba5', 'ba5e', '8b1e919bddc64c51abc011e9a7fd1682', 'b1e919bddc64c51abc011e9a7fd1', '1e919bddc64c51abc011e9a7fd16', 'e919bddc64c51abc011e9a7fd168', '919bddc64c51abc011e9a7fd1682', '19bddc64c51abc011e9a7fd1', '9bddc64c51abc011e9a7fd16', 'bddc64c51abc011e9a7fd168', 'ddc64c51abc011e9a7fd1682', 'dc64c51abc011e9a7fd1', 'c64c51abc011e9a7fd16', '64c51abc011e9a7fd168', '4c51abc011e9a7fd1682', 'c51abc011e9a7fd1', '51abc011e9a7fd16', '1abc011e9a7fd168', 'abc011e9a7fd1682', 'bc011e9a7fd1', 'c011e9a7fd16', '011e9a7fd168', '11e9a7fd1682', '1e9a7fd1', 'e9a7fd16', '9a7fd168', 'a7fd1682', '7fd1', 'fd16', 'd168', '1682', '0c4de8d8af714262b1a19f804407e32e', 'c4de8d8af714262b1a19f804407e', '4de8d8af714262b1a19f804407e3', 'de8d8af714262b1a19f804407e32', 'e8d8af714262b1a19f804407e32e', '8d8af714262b1a19f804407e', 'd8af714262b1a19f804407e3', '8af714262b1a19f804407e32', 'af714262b1a19f804407e32e', 'f714262b1a19f804407e', '714262b1a19f804407e3', '14262b1a19f804407e32', '4262b1a19f804407e32e', '262b1a19f804407e', '62b1a19f804407e3', '2b1a19f804407e32', 'b1a19f804407e32e', '1a19f804407e', 'a19f804407e3', '19f804407e32', '9f804407e32e', 'f804407e', '804407e3', '04407e32', '4407e32e', '407e', '07e3', '7e32', 'e32e', '21b9eec55517423db0eec64055879702', '1b9eec55517423db0eec64055879', 'b9eec55517423db0eec640558797', '9eec55517423db0eec6405587970', 'eec55517423db0eec64055879702', 'ec55517423db0eec64055879', 'c55517423db0eec640558797', '55517423db0eec6405587970', '5517423db0eec64055879702', '517423db0eec64055879', '17423db0eec640558797', '7423db0eec6405587970', '423db0eec64055879702', '23db0eec64055879', '3db0eec640558797', 'db0eec6405587970', 'b0eec64055879702', '0eec64055879', 'eec640558797', 'ec6405587970', 'c64055879702', '64055879', '40558797', '05587970', '55879702', '5879', '8797', '7970', '9702', '0703956e92e24d799e36cb1bbf898ddc', '703956e92e24d799e36cb1bbf898', '03956e92e24d799e36cb1bbf898d', '3956e92e24d799e36cb1bbf898dd', '956e92e24d799e36cb1bbf898ddc', '56e92e24d799e36cb1bbf898', '6e92e24d799e36cb1bbf898d', 'e92e24d799e36cb1bbf898dd', '92e24d799e36cb1bbf898ddc', '2e24d799e36cb1bbf898', 'e24d799e36cb1bbf898d', '24d799e36cb1bbf898dd', '4d799e36cb1bbf898ddc', 'd799e36cb1bbf898', '799e36cb1bbf898d', '99e36cb1bbf898dd', '9e36cb1bbf898ddc', 'e36cb1bbf898', '36cb1bbf898d', '6cb1bbf898dd', 'cb1bbf898ddc', 'b1bbf898', '1bbf898d', 'bbf898dd', 'bf898ddc', 'f898', '898d', '98dd', '8ddc', 'b100b3aedbe24061ba9b1413dc641f58', '100b3aedbe24061ba9b1413dc641', '00b3aedbe24061ba9b1413dc641f', '0b3aedbe24061ba9b1413dc641f5', 'b3aedbe24061ba9b1413dc641f58', '3aedbe24061ba9b1413dc641', 'aedbe24061ba9b1413dc641f', 'edbe24061ba9b1413dc641f5', 'dbe24061ba9b1413dc641f58', 'be24061ba9b1413dc641', 'e24061ba9b1413dc641f', '24061ba9b1413dc641f5', '4061ba9b1413dc641f58', '061ba9b1413dc641', '61ba9b1413dc641f', '1ba9b1413dc641f5', 'ba9b1413dc641f58', 'a9b1413dc641', '9b1413dc641f', 'b1413dc641f5', '1413dc641f58', '413dc641', '13dc641f', '3dc641f5', 'dc641f58', 'c641', '641f', '41f5', '1f58', 'cc8cfff1b6e44e8583f824f322c8ef27', 'c8cfff1b6e44e8583f824f322c8e', '8cfff1b6e44e8583f824f322c8ef', 'cfff1b6e44e8583f824f322c8ef2', 'fff1b6e44e8583f824f322c8ef27', 'ff1b6e44e8583f824f322c8e', 'f1b6e44e8583f824f322c8ef', '1b6e44e8583f824f322c8ef2', 'b6e44e8583f824f322c8ef27', '6e44e8583f824f322c8e', 'e44e8583f824f322c8ef', '44e8583f824f322c8ef2', '4e8583f824f322c8ef27', 'e8583f824f322c8e', '8583f824f322c8ef', '583f824f322c8ef2', '83f824f322c8ef27', '3f824f322c8e', 'f824f322c8ef', '824f322c8ef2', '24f322c8ef27', '4f322c8e', 'f322c8ef', '322c8ef2', '22c8ef27', '2c8e', 'c8ef', '8ef2', 'ef27', '16fbc231e6324a0f95e337cd94956537', '6fbc231e6324a0f95e337cd94956', 'fbc231e6324a0f95e337cd949565', 'bc231e6324a0f95e337cd9495653', 'c231e6324a0f95e337cd94956537', '231e6324a0f95e337cd94956', '31e6324a0f95e337cd949565', '1e6324a0f95e337cd9495653', 'e6324a0f95e337cd94956537', '6324a0f95e337cd94956', '324a0f95e337cd949565', '24a0f95e337cd9495653', '4a0f95e337cd94956537', 'a0f95e337cd94956', '0f95e337cd949565', 'f95e337cd9495653', '95e337cd94956537', '5e337cd94956', 'e337cd949565', '337cd9495653', '37cd94956537', '7cd94956', 'cd949565', 'd9495653', '94956537', '4956', '9565', '5653', '6537', '0bdfe8a4b5ee4823ba8f5fab173fe7ea', 'bdfe8a4b5ee4823ba8f5fab173fe', 'dfe8a4b5ee4823ba8f5fab173fe7', 'fe8a4b5ee4823ba8f5fab173fe7e', 'e8a4b5ee4823ba8f5fab173fe7ea', '8a4b5ee4823ba8f5fab173fe', 'a4b5ee4823ba8f5fab173fe7', '4b5ee4823ba8f5fab173fe7e', 'b5ee4823ba8f5fab173fe7ea', '5ee4823ba8f5fab173fe', 'ee4823ba8f5fab173fe7', 'e4823ba8f5fab173fe7e', '4823ba8f5fab173fe7ea', '823ba8f5fab173fe', '23ba8f5fab173fe7', '3ba8f5fab173fe7e', 'ba8f5fab173fe7ea', 'a8f5fab173fe', '8f5fab173fe7', 'f5fab173fe7e', '5fab173fe7ea', 'fab173fe', 'ab173fe7', 'b173fe7e', '173fe7ea', '73fe', '3fe7', 'fe7e', 'e7ea', '23302c9ec60546d88321a7fb1d16a3f4', '3302c9ec60546d88321a7fb1d16a', '302c9ec60546d88321a7fb1d16a3', '02c9ec60546d88321a7fb1d16a3f', '2c9ec60546d88321a7fb1d16a3f4', 'c9ec60546d88321a7fb1d16a', '9ec60546d88321a7fb1d16a3', 'ec60546d88321a7fb1d16a3f', 'c60546d88321a7fb1d16a3f4', '60546d88321a7fb1d16a', '0546d88321a7fb1d16a3', '546d88321a7fb1d16a3f', '46d88321a7fb1d16a3f4', '6d88321a7fb1d16a', 'd88321a7fb1d16a3', '88321a7fb1d16a3f', '8321a7fb1d16a3f4', '321a7fb1d16a', '21a7fb1d16a3', '1a7fb1d16a3f', 'a7fb1d16a3f4', '7fb1d16a', 'fb1d16a3', 'b1d16a3f', '1d16a3f4', 'd16a', '16a3', '6a3f', 'a3f4', '6b3bca204be341f38b750153c4202232', 'b3bca204be341f38b750153c4202', '3bca204be341f38b750153c42022', 'bca204be341f38b750153c420223', 'ca204be341f38b750153c4202232', 'a204be341f38b750153c4202', '204be341f38b750153c42022', '04be341f38b750153c420223', '4be341f38b750153c4202232', 'be341f38b750153c4202', 'e341f38b750153c42022', '341f38b750153c420223', '41f38b750153c4202232', '1f38b750153c4202', 'f38b750153c42022', '38b750153c420223', '8b750153c4202232', 'b750153c4202', '750153c42022', '50153c420223', '0153c4202232', '153c4202', '53c42022', '3c420223', 'c4202232', '4202', '2022', '0223', '2232', '05e0ee85c1c04918b6940ed1408a6fea', '5e0ee85c1c04918b6940ed1408a6', 'e0ee85c1c04918b6940ed1408a6f', '0ee85c1c04918b6940ed1408a6fe', 'ee85c1c04918b6940ed1408a6fea', 'e85c1c04918b6940ed1408a6', '85c1c04918b6940ed1408a6f', '5c1c04918b6940ed1408a6fe', 'c1c04918b6940ed1408a6fea', '1c04918b6940ed1408a6', 'c04918b6940ed1408a6f', '04918b6940ed1408a6fe', '4918b6940ed1408a6fea', '918b6940ed1408a6', '18b6940ed1408a6f', '8b6940ed1408a6fe', 'b6940ed1408a6fea', '6940ed1408a6', '940ed1408a6f', '40ed1408a6fe', '0ed1408a6fea', 'ed1408a6', 'd1408a6f', '1408a6fe', '408a6fea', '08a6', '8a6f', 'a6fe', '6fea', '099b6c92f24e435c8eb7a89478bacfef', '99b6c92f24e435c8eb7a89478bac', '9b6c92f24e435c8eb7a89478bacf', 'b6c92f24e435c8eb7a89478bacfe', '6c92f24e435c8eb7a89478bacfef', 'c92f24e435c8eb7a89478bac', '92f24e435c8eb7a89478bacf', '2f24e435c8eb7a89478bacfe', 'f24e435c8eb7a89478bacfef', '24e435c8eb7a89478bac', '4e435c8eb7a89478bacf', 'e435c8eb7a89478bacfe', '435c8eb7a89478bacfef', '35c8eb7a89478bac', '5c8eb7a89478bacf', 'c8eb7a89478bacfe', '8eb7a89478bacfef', 'eb7a89478bac', 'b7a89478bacf', '7a89478bacfe', 'a89478bacfef', '89478bac', '9478bacf', '478bacfe', '78bacfef', '8bac', 'bacf', 'acfe', 'cfef', '090d88bfc897461994e985d70ffcfde0', '90d88bfc897461994e985d70ffcf', '0d88bfc897461994e985d70ffcfd', 'd88bfc897461994e985d70ffcfde', '88bfc897461994e985d70ffcfde0', '8bfc897461994e985d70ffcf', 'bfc897461994e985d70ffcfd', 'fc897461994e985d70ffcfde', 'c897461994e985d70ffcfde0', '897461994e985d70ffcf', '97461994e985d70ffcfd', '7461994e985d70ffcfde', '461994e985d70ffcfde0', '61994e985d70ffcf', '1994e985d70ffcfd', '994e985d70ffcfde', '94e985d70ffcfde0', '4e985d70ffcf', 'e985d70ffcfd', '985d70ffcfde', '85d70ffcfde0', '5d70ffcf', 'd70ffcfd', '70ffcfde', '0ffcfde0', 'ffcf', 'fcfd', 'cfde', 'fde0', '537dc3ed79034ac59134387c9b881111', '37dc3ed79034ac59134387c9b881', '7dc3ed79034ac59134387c9b8811', 'dc3ed79034ac59134387c9b88111', 'c3ed79034ac59134387c9b881111', '3ed79034ac59134387c9b881', 'ed79034ac59134387c9b8811', 'd79034ac59134387c9b88111', '79034ac59134387c9b881111', '9034ac59134387c9b881', '034ac59134387c9b8811', '34ac59134387c9b88111', '4ac59134387c9b881111', 'ac59134387c9b881', 'c59134387c9b8811', '59134387c9b88111', '9134387c9b881111', '134387c9b881', '34387c9b8811', '4387c9b88111', '387c9b881111', '87c9b881', '7c9b8811', 'c9b88111', '9b881111', 'b881', '8811', '8111', '1111', '2b6568ccadc84e259d04a7c00d87fcae', 'b6568ccadc84e259d04a7c00d87f', '6568ccadc84e259d04a7c00d87fc', '568ccadc84e259d04a7c00d87fca', '68ccadc84e259d04a7c00d87fcae', '8ccadc84e259d04a7c00d87f', 'ccadc84e259d04a7c00d87fc', 'cadc84e259d04a7c00d87fca', 'adc84e259d04a7c00d87fcae', 'dc84e259d04a7c00d87f', 'c84e259d04a7c00d87fc', '84e259d04a7c00d87fca', '4e259d04a7c00d87fcae', 'e259d04a7c00d87f', '259d04a7c00d87fc', '59d04a7c00d87fca', '9d04a7c00d87fcae', 'd04a7c00d87f', '04a7c00d87fc', '4a7c00d87fca', 'a7c00d87fcae', '7c00d87f', 'c00d87fc', '00d87fca', '0d87fcae', 'd87f', '87fc', '7fca', 'fcae', '1eadf726b4764fd98a7c4ec89080a252', 'eadf726b4764fd98a7c4ec89080a', 'adf726b4764fd98a7c4ec89080a2', 'df726b4764fd98a7c4ec89080a25', 'f726b4764fd98a7c4ec89080a252', '726b4764fd98a7c4ec89080a', '26b4764fd98a7c4ec89080a2', '6b4764fd98a7c4ec89080a25', 'b4764fd98a7c4ec89080a252', '4764fd98a7c4ec89080a', '764fd98a7c4ec89080a2', '64fd98a7c4ec89080a25', '4fd98a7c4ec89080a252', 'fd98a7c4ec89080a', 'd98a7c4ec89080a2', '98a7c4ec89080a25', '8a7c4ec89080a252', 'a7c4ec89080a', '7c4ec89080a2', 'c4ec89080a25', '4ec89080a252', 'ec89080a', 'c89080a2', '89080a25', '9080a252', '080a', '80a2', '0a25', 'a252', 'c3c3ae08b0dd411799d3d0f8cdaeb9d1', '3c3ae08b0dd411799d3d0f8cdaeb', 'c3ae08b0dd411799d3d0f8cdaeb9', '3ae08b0dd411799d3d0f8cdaeb9d', 'ae08b0dd411799d3d0f8cdaeb9d1', 'e08b0dd411799d3d0f8cdaeb', '08b0dd411799d3d0f8cdaeb9', '8b0dd411799d3d0f8cdaeb9d', 'b0dd411799d3d0f8cdaeb9d1', '0dd411799d3d0f8cdaeb', 'dd411799d3d0f8cdaeb9', 'd411799d3d0f8cdaeb9d', '411799d3d0f8cdaeb9d1', '11799d3d0f8cdaeb', '1799d3d0f8cdaeb9', '799d3d0f8cdaeb9d', '99d3d0f8cdaeb9d1', '9d3d0f8cdaeb', 'd3d0f8cdaeb9', '3d0f8cdaeb9d', 'd0f8cdaeb9d1', '0f8cdaeb', 'f8cdaeb9', '8cdaeb9d', 'cdaeb9d1', 'daeb', 'aeb9', 'eb9d', 'b9d1', '5167f2f3020c4e0fa8a7a656e771b6df', '167f2f3020c4e0fa8a7a656e771b', '67f2f3020c4e0fa8a7a656e771b6', '7f2f3020c4e0fa8a7a656e771b6d', 'f2f3020c4e0fa8a7a656e771b6df', '2f3020c4e0fa8a7a656e771b', 'f3020c4e0fa8a7a656e771b6', '3020c4e0fa8a7a656e771b6d', '020c4e0fa8a7a656e771b6df', '20c4e0fa8a7a656e771b', '0c4e0fa8a7a656e771b6', 'c4e0fa8a7a656e771b6d', '4e0fa8a7a656e771b6df', 'e0fa8a7a656e771b', '0fa8a7a656e771b6', 'fa8a7a656e771b6d', 'a8a7a656e771b6df', '8a7a656e771b', 'a7a656e771b6', '7a656e771b6d', 'a656e771b6df', '656e771b', '56e771b6', '6e771b6d', 'e771b6df', '771b', '71b6', '1b6d', 'b6df', 'cce8e0cf85b04df38df95bf0befa5be3', 'ce8e0cf85b04df38df95bf0befa5', 'e8e0cf85b04df38df95bf0befa5b', '8e0cf85b04df38df95bf0befa5be', 'e0cf85b04df38df95bf0befa5be3', '0cf85b04df38df95bf0befa5', 'cf85b04df38df95bf0befa5b', 'f85b04df38df95bf0befa5be', '85b04df38df95bf0befa5be3', '5b04df38df95bf0befa5', 'b04df38df95bf0befa5b', '04df38df95bf0befa5be', '4df38df95bf0befa5be3', 'df38df95bf0befa5', 'f38df95bf0befa5b', '38df95bf0befa5be', '8df95bf0befa5be3', 'df95bf0befa5', 'f95bf0befa5b', '95bf0befa5be', '5bf0befa5be3', 'bf0befa5', 'f0befa5b', '0befa5be', 'befa5be3', 'efa5', 'fa5b', 'a5be', '5be3', '24d93d9841994e91b187681af280e75d', '4d93d9841994e91b187681af280e', 'd93d9841994e91b187681af280e7', '93d9841994e91b187681af280e75', '3d9841994e91b187681af280e75d', 'd9841994e91b187681af280e', '9841994e91b187681af280e7', '841994e91b187681af280e75', '41994e91b187681af280e75d', '1994e91b187681af280e', '994e91b187681af280e7', '94e91b187681af280e75', '4e91b187681af280e75d', 'e91b187681af280e', '91b187681af280e7', '1b187681af280e75', 'b187681af280e75d', '187681af280e', '87681af280e7', '7681af280e75', '681af280e75d', '81af280e', '1af280e7', 'af280e75', 'f280e75d', '280e', '80e7', '0e75', 'e75d', 'e386099634664e97bbbe0a993593a654', '386099634664e97bbbe0a993593a', '86099634664e97bbbe0a993593a6', '6099634664e97bbbe0a993593a65', '099634664e97bbbe0a993593a654', '99634664e97bbbe0a993593a', '9634664e97bbbe0a993593a6', '634664e97bbbe0a993593a65', '34664e97bbbe0a993593a654', '4664e97bbbe0a993593a', '664e97bbbe0a993593a6', '64e97bbbe0a993593a65', '4e97bbbe0a993593a654', 'e97bbbe0a993593a', '97bbbe0a993593a6', '7bbbe0a993593a65', 'bbbe0a993593a654', 'bbe0a993593a', 'be0a993593a6', 'e0a993593a65', '0a993593a654', 'a993593a', '993593a6', '93593a65', '3593a654', '593a', '93a6', '3a65', 'a654', 'd396ac4327504576ac4495334d894fd8', '396ac4327504576ac4495334d894', '96ac4327504576ac4495334d894f', '6ac4327504576ac4495334d894fd', 'ac4327504576ac4495334d894fd8', 'c4327504576ac4495334d894', '4327504576ac4495334d894f', '327504576ac4495334d894fd', '27504576ac4495334d894fd8', '7504576ac4495334d894', '504576ac4495334d894f', '04576ac4495334d894fd', '4576ac4495334d894fd8', '576ac4495334d894', '76ac4495334d894f', '6ac4495334d894fd', 'ac4495334d894fd8', 'c4495334d894', '4495334d894f', '495334d894fd', '95334d894fd8', '5334d894', '334d894f', '34d894fd', '4d894fd8', 'd894', '894f', '94fd', '4fd8', 'ab4742156ed3431e90df3d90c0b8d12e', 'b4742156ed3431e90df3d90c0b8d', '4742156ed3431e90df3d90c0b8d1', '742156ed3431e90df3d90c0b8d12', '42156ed3431e90df3d90c0b8d12e', '2156ed3431e90df3d90c0b8d', '156ed3431e90df3d90c0b8d1', '56ed3431e90df3d90c0b8d12', '6ed3431e90df3d90c0b8d12e', 'ed3431e90df3d90c0b8d', 'd3431e90df3d90c0b8d1', '3431e90df3d90c0b8d12', '431e90df3d90c0b8d12e', '31e90df3d90c0b8d', '1e90df3d90c0b8d1', 'e90df3d90c0b8d12', '90df3d90c0b8d12e', '0df3d90c0b8d', 'df3d90c0b8d1', 'f3d90c0b8d12', '3d90c0b8d12e', 'd90c0b8d', '90c0b8d1', '0c0b8d12', 'c0b8d12e', '0b8d', 'b8d1', '8d12', 'd12e', 'c98a1b611d3d48d8a27df90e65f8c4cd', '98a1b611d3d48d8a27df90e65f8c', '8a1b611d3d48d8a27df90e65f8c4', 'a1b611d3d48d8a27df90e65f8c4c', '1b611d3d48d8a27df90e65f8c4cd', 'b611d3d48d8a27df90e65f8c', '611d3d48d8a27df90e65f8c4', '11d3d48d8a27df90e65f8c4c', '1d3d48d8a27df90e65f8c4cd', 'd3d48d8a27df90e65f8c', '3d48d8a27df90e65f8c4', 'd48d8a27df90e65f8c4c', '48d8a27df90e65f8c4cd', '8d8a27df90e65f8c', 'd8a27df90e65f8c4', '8a27df90e65f8c4c', 'a27df90e65f8c4cd', '27df90e65f8c', '7df90e65f8c4', 'df90e65f8c4c', 'f90e65f8c4cd', '90e65f8c', '0e65f8c4', 'e65f8c4c', '65f8c4cd', '5f8c', 'f8c4', '8c4c', 'c4cd', 'b48b124274464683b60fda75027ce738', '48b124274464683b60fda75027ce', '8b124274464683b60fda75027ce7', 'b124274464683b60fda75027ce73', '124274464683b60fda75027ce738', '24274464683b60fda75027ce', '4274464683b60fda75027ce7', '274464683b60fda75027ce73', '74464683b60fda75027ce738', '4464683b60fda75027ce', '464683b60fda75027ce7', '64683b60fda75027ce73', '4683b60fda75027ce738', '683b60fda75027ce', '83b60fda75027ce7', '3b60fda75027ce73', 'b60fda75027ce738', '60fda75027ce', '0fda75027ce7', 'fda75027ce73', 'da75027ce738', 'a75027ce', '75027ce7', '5027ce73', '027ce738', '27ce', '7ce7', 'ce73', 'e738', 'f490530347ef42d185a76a667f571c89', '490530347ef42d185a76a667f571', '90530347ef42d185a76a667f571c', '0530347ef42d185a76a667f571c8', '530347ef42d185a76a667f571c89', '30347ef42d185a76a667f571', '0347ef42d185a76a667f571c', '347ef42d185a76a667f571c8', '47ef42d185a76a667f571c89', '7ef42d185a76a667f571', 'ef42d185a76a667f571c', 'f42d185a76a667f571c8', '42d185a76a667f571c89', '2d185a76a667f571', 'd185a76a667f571c', '185a76a667f571c8', '85a76a667f571c89', '5a76a667f571', 'a76a667f571c', '76a667f571c8', '6a667f571c89', 'a667f571', '667f571c', '67f571c8', '7f571c89', '571c', '71c8', '1c89', 'b3952c5eaf90463aad06e57e66d22ad8', '3952c5eaf90463aad06e57e66d22', '952c5eaf90463aad06e57e66d22a', '52c5eaf90463aad06e57e66d22ad', '2c5eaf90463aad06e57e66d22ad8', 'c5eaf90463aad06e57e66d22', '5eaf90463aad06e57e66d22a', 'eaf90463aad06e57e66d22ad', 'af90463aad06e57e66d22ad8', 'f90463aad06e57e66d22', '90463aad06e57e66d22a', '0463aad06e57e66d22ad', '463aad06e57e66d22ad8', '63aad06e57e66d22', '3aad06e57e66d22a', 'aad06e57e66d22ad', 'ad06e57e66d22ad8', 'd06e57e66d22', '06e57e66d22a', '6e57e66d22ad', 'e57e66d22ad8', '57e66d22', '7e66d22a', 'e66d22ad', '66d22ad8', '6d22', 'd22a', '22ad', '2ad8', '7872215e9cc440f390d079c7867a1d5b', '872215e9cc440f390d079c7867a1', '72215e9cc440f390d079c7867a1d', '2215e9cc440f390d079c7867a1d5', '215e9cc440f390d079c7867a1d5b', '15e9cc440f390d079c7867a1', '5e9cc440f390d079c7867a1d', 'e9cc440f390d079c7867a1d5', '9cc440f390d079c7867a1d5b', 'cc440f390d079c7867a1', 'c440f390d079c7867a1d', '440f390d079c7867a1d5', '40f390d079c7867a1d5b', '0f390d079c7867a1', 'f390d079c7867a1d', '390d079c7867a1d5', '90d079c7867a1d5b', '0d079c7867a1', 'd079c7867a1d', '079c7867a1d5', '79c7867a1d5b', '9c7867a1', 'c7867a1d', '7867a1d5', '867a1d5b', '67a1', '7a1d', 'a1d5', '1d5b', '89a266a2ebd140cbae6c02dd044e0400', '9a266a2ebd140cbae6c02dd044e0', 'a266a2ebd140cbae6c02dd044e04', '266a2ebd140cbae6c02dd044e040', '66a2ebd140cbae6c02dd044e0400', '6a2ebd140cbae6c02dd044e0', 'a2ebd140cbae6c02dd044e04', '2ebd140cbae6c02dd044e040', 'ebd140cbae6c02dd044e0400', 'bd140cbae6c02dd044e0', 'd140cbae6c02dd044e04', '140cbae6c02dd044e040', '40cbae6c02dd044e0400', '0cbae6c02dd044e0', 'cbae6c02dd044e04', 'bae6c02dd044e040', 'ae6c02dd044e0400', 'e6c02dd044e0', '6c02dd044e04', 'c02dd044e040', '02dd044e0400', '2dd044e0', 'dd044e04', 'd044e040', '044e0400', '44e0', '4e04', 'e040', '0400', '4163e908fb484acebc656613fcc69fd3', '163e908fb484acebc656613fcc69', '63e908fb484acebc656613fcc69f', '3e908fb484acebc656613fcc69fd', 'e908fb484acebc656613fcc69fd3', '908fb484acebc656613fcc69', '08fb484acebc656613fcc69f', '8fb484acebc656613fcc69fd', 'fb484acebc656613fcc69fd3', 'b484acebc656613fcc69', '484acebc656613fcc69f', '84acebc656613fcc69fd', '4acebc656613fcc69fd3', 'acebc656613fcc69', 'cebc656613fcc69f', 'ebc656613fcc69fd', 'bc656613fcc69fd3', 'c656613fcc69', '656613fcc69f', '56613fcc69fd', '6613fcc69fd3', '613fcc69', '13fcc69f', '3fcc69fd', 'fcc69fd3', 'cc69', 'c69f', '69fd', '9fd3', '64bc0d950f994adfac79a0cf7dcd0307', '4bc0d950f994adfac79a0cf7dcd0', 'bc0d950f994adfac79a0cf7dcd03', 'c0d950f994adfac79a0cf7dcd030', '0d950f994adfac79a0cf7dcd0307', 'd950f994adfac79a0cf7dcd0', '950f994adfac79a0cf7dcd03', '50f994adfac79a0cf7dcd030', '0f994adfac79a0cf7dcd0307', 'f994adfac79a0cf7dcd0', '994adfac79a0cf7dcd03', '94adfac79a0cf7dcd030', '4adfac79a0cf7dcd0307', 'adfac79a0cf7dcd0', 'dfac79a0cf7dcd03', 'fac79a0cf7dcd030', 'ac79a0cf7dcd0307', 'c79a0cf7dcd0', '79a0cf7dcd03', '9a0cf7dcd030', 'a0cf7dcd0307', '0cf7dcd0', 'cf7dcd03', 'f7dcd030', '7dcd0307', 'dcd0', 'cd03', 'd030', '0307', '073f39878b9445e680251b5873d423a3', '73f39878b9445e680251b5873d42', '3f39878b9445e680251b5873d423', 'f39878b9445e680251b5873d423a', '39878b9445e680251b5873d423a3', '9878b9445e680251b5873d42', '878b9445e680251b5873d423', '78b9445e680251b5873d423a', '8b9445e680251b5873d423a3', 'b9445e680251b5873d42', '9445e680251b5873d423', '445e680251b5873d423a', '45e680251b5873d423a3', '5e680251b5873d42', 'e680251b5873d423', '680251b5873d423a', '80251b5873d423a3', '0251b5873d42', '251b5873d423', '51b5873d423a', '1b5873d423a3', 'b5873d42', '5873d423', '873d423a', '73d423a3', '3d42', 'd423', '423a', '23a3', '9b77a2f3ca2c4c0bb444196b41a00a53', 'b77a2f3ca2c4c0bb444196b41a00', '77a2f3ca2c4c0bb444196b41a00a', '7a2f3ca2c4c0bb444196b41a00a5', 'a2f3ca2c4c0bb444196b41a00a53', '2f3ca2c4c0bb444196b41a00', 'f3ca2c4c0bb444196b41a00a', '3ca2c4c0bb444196b41a00a5', 'ca2c4c0bb444196b41a00a53', 'a2c4c0bb444196b41a00', '2c4c0bb444196b41a00a', 'c4c0bb444196b41a00a5', '4c0bb444196b41a00a53', 'c0bb444196b41a00', '0bb444196b41a00a', 'bb444196b41a00a5', 'b444196b41a00a53', '444196b41a00', '44196b41a00a', '4196b41a00a5', '196b41a00a53', '96b41a00', '6b41a00a', 'b41a00a5', '41a00a53', '1a00', 'a00a', '00a5', '0a53', '8394028c75be407da3d985eee62ffdc1', '394028c75be407da3d985eee62ff', '94028c75be407da3d985eee62ffd', '4028c75be407da3d985eee62ffdc', '028c75be407da3d985eee62ffdc1', '28c75be407da3d985eee62ff', '8c75be407da3d985eee62ffd', 'c75be407da3d985eee62ffdc', '75be407da3d985eee62ffdc1', '5be407da3d985eee62ff', 'be407da3d985eee62ffd', 'e407da3d985eee62ffdc', '407da3d985eee62ffdc1', '07da3d985eee62ff', '7da3d985eee62ffd', 'da3d985eee62ffdc', 'a3d985eee62ffdc1', '3d985eee62ff', 'd985eee62ffd', '985eee62ffdc', '85eee62ffdc1', '5eee62ff', 'eee62ffd', 'ee62ffdc', 'e62ffdc1', '62ff', '2ffd', 'ffdc', 'fdc1', '1d96bec8186b425a8cde007fccb865a4', 'd96bec8186b425a8cde007fccb86', '96bec8186b425a8cde007fccb865', '6bec8186b425a8cde007fccb865a', 'bec8186b425a8cde007fccb865a4', 'ec8186b425a8cde007fccb86', 'c8186b425a8cde007fccb865', '8186b425a8cde007fccb865a', '186b425a8cde007fccb865a4', '86b425a8cde007fccb86', '6b425a8cde007fccb865', 'b425a8cde007fccb865a', '425a8cde007fccb865a4', '25a8cde007fccb86', '5a8cde007fccb865', 'a8cde007fccb865a', '8cde007fccb865a4', 'cde007fccb86', 'de007fccb865', 'e007fccb865a', '007fccb865a4', '07fccb86', '7fccb865', 'fccb865a', 'ccb865a4', 'cb86', 'b865', '865a', '65a4', '543225697b084a078a721cb481490088', '43225697b084a078a721cb481490', '3225697b084a078a721cb4814900', '225697b084a078a721cb48149008', '25697b084a078a721cb481490088', '5697b084a078a721cb481490', '697b084a078a721cb4814900', '97b084a078a721cb48149008', '7b084a078a721cb481490088', 'b084a078a721cb481490', '084a078a721cb4814900', '84a078a721cb48149008', '4a078a721cb481490088', 'a078a721cb481490', '078a721cb4814900', '78a721cb48149008', '8a721cb481490088', 'a721cb481490', '721cb4814900', '21cb48149008', '1cb481490088', 'cb481490', 'b4814900', '48149008', '81490088', '1490', '4900', '9008', '0088', '7d9b0d8a7456498d83122816cf925b6c', 'd9b0d8a7456498d83122816cf925', '9b0d8a7456498d83122816cf925b', 'b0d8a7456498d83122816cf925b6', '0d8a7456498d83122816cf925b6c', 'd8a7456498d83122816cf925', '8a7456498d83122816cf925b', 'a7456498d83122816cf925b6', '7456498d83122816cf925b6c', '456498d83122816cf925', '56498d83122816cf925b', '6498d83122816cf925b6', '498d83122816cf925b6c', '98d83122816cf925', '8d83122816cf925b', 'd83122816cf925b6', '83122816cf925b6c', '3122816cf925', '122816cf925b', '22816cf925b6', '2816cf925b6c', '816cf925', '16cf925b', '6cf925b6', 'cf925b6c', 'f925', '925b', '25b6', '5b6c', 'f6b6684a3f3a49d49b9234e4f37f3bd1', '6b6684a3f3a49d49b9234e4f37f3', 'b6684a3f3a49d49b9234e4f37f3b', '6684a3f3a49d49b9234e4f37f3bd', '684a3f3a49d49b9234e4f37f3bd1', '84a3f3a49d49b9234e4f37f3', '4a3f3a49d49b9234e4f37f3b', 'a3f3a49d49b9234e4f37f3bd', '3f3a49d49b9234e4f37f3bd1', 'f3a49d49b9234e4f37f3', '3a49d49b9234e4f37f3b', 'a49d49b9234e4f37f3bd', '49d49b9234e4f37f3bd1', '9d49b9234e4f37f3', 'd49b9234e4f37f3b', '49b9234e4f37f3bd', '9b9234e4f37f3bd1', 'b9234e4f37f3', '9234e4f37f3b', '234e4f37f3bd', '34e4f37f3bd1', '4e4f37f3', 'e4f37f3b', '4f37f3bd', 'f37f3bd1', '37f3', '7f3b', 'f3bd', '3bd1', '37077beea53c4f9785a43d0d0613adb5', '7077beea53c4f9785a43d0d0613a', '077beea53c4f9785a43d0d0613ad', '77beea53c4f9785a43d0d0613adb', '7beea53c4f9785a43d0d0613adb5', 'beea53c4f9785a43d0d0613a', 'eea53c4f9785a43d0d0613ad', 'ea53c4f9785a43d0d0613adb', 'a53c4f9785a43d0d0613adb5', '53c4f9785a43d0d0613a', '3c4f9785a43d0d0613ad', 'c4f9785a43d0d0613adb', '4f9785a43d0d0613adb5', 'f9785a43d0d0613a', '9785a43d0d0613ad', '785a43d0d0613adb', '85a43d0d0613adb5', '5a43d0d0613a', 'a43d0d0613ad', '43d0d0613adb', '3d0d0613adb5', 'd0d0613a', '0d0613ad', 'd0613adb', '0613adb5', '613a', '13ad', '3adb', 'adb5', 'dc920ac92a34434ca33472533bb2c45a', 'c920ac92a34434ca33472533bb2c', '920ac92a34434ca33472533bb2c4', '20ac92a34434ca33472533bb2c45', '0ac92a34434ca33472533bb2c45a', 'ac92a34434ca33472533bb2c', 'c92a34434ca33472533bb2c4', '92a34434ca33472533bb2c45', '2a34434ca33472533bb2c45a', 'a34434ca33472533bb2c', '34434ca33472533bb2c4', '4434ca33472533bb2c45', '434ca33472533bb2c45a', '34ca33472533bb2c', '4ca33472533bb2c4', 'ca33472533bb2c45', 'a33472533bb2c45a', '33472533bb2c', '3472533bb2c4', '472533bb2c45', '72533bb2c45a', '2533bb2c', '533bb2c4', '33bb2c45', '3bb2c45a', 'bb2c', 'b2c4', '2c45', 'c45a', '2a03807fb3404a00ad218e9cd6bb1173', 'a03807fb3404a00ad218e9cd6bb1', '03807fb3404a00ad218e9cd6bb11', '3807fb3404a00ad218e9cd6bb117', '807fb3404a00ad218e9cd6bb1173', '07fb3404a00ad218e9cd6bb1', '7fb3404a00ad218e9cd6bb11', 'fb3404a00ad218e9cd6bb117', 'b3404a00ad218e9cd6bb1173', '3404a00ad218e9cd6bb1', '404a00ad218e9cd6bb11', '04a00ad218e9cd6bb117', '4a00ad218e9cd6bb1173', 'a00ad218e9cd6bb1', '00ad218e9cd6bb11', '0ad218e9cd6bb117', 'ad218e9cd6bb1173', 'd218e9cd6bb1', '218e9cd6bb11', '18e9cd6bb117', '8e9cd6bb1173', 'e9cd6bb1', '9cd6bb11', 'cd6bb117', 'd6bb1173', '6bb1', 'bb11', 'b117', '1173', '50b85bf61bef4152bb276fe221a04353', '0b85bf61bef4152bb276fe221a04', 'b85bf61bef4152bb276fe221a043', '85bf61bef4152bb276fe221a0435', '5bf61bef4152bb276fe221a04353', 'bf61bef4152bb276fe221a04', 'f61bef4152bb276fe221a043', '61bef4152bb276fe221a0435', '1bef4152bb276fe221a04353', 'bef4152bb276fe221a04', 'ef4152bb276fe221a043', 'f4152bb276fe221a0435', '4152bb276fe221a04353', '152bb276fe221a04', '52bb276fe221a043', '2bb276fe221a0435', 'bb276fe221a04353', 'b276fe221a04', '276fe221a043', '76fe221a0435', '6fe221a04353', 'fe221a04', 'e221a043', '221a0435', '21a04353', '1a04', 'a043', '0435', '4353', 'bcfb5d8e041243b6a80dca6dc1de1aef', 'cfb5d8e041243b6a80dca6dc1de1', 'fb5d8e041243b6a80dca6dc1de1a', 'b5d8e041243b6a80dca6dc1de1ae', '5d8e041243b6a80dca6dc1de1aef', 'd8e041243b6a80dca6dc1de1', '8e041243b6a80dca6dc1de1a', 'e041243b6a80dca6dc1de1ae', '041243b6a80dca6dc1de1aef', '41243b6a80dca6dc1de1', '1243b6a80dca6dc1de1a', '243b6a80dca6dc1de1ae', '43b6a80dca6dc1de1aef', '3b6a80dca6dc1de1', 'b6a80dca6dc1de1a', '6a80dca6dc1de1ae', 'a80dca6dc1de1aef', '80dca6dc1de1', '0dca6dc1de1a', 'dca6dc1de1ae', 'ca6dc1de1aef', 'a6dc1de1', '6dc1de1a', 'dc1de1ae', 'c1de1aef', '1de1', 'de1a', 'e1ae', '1aef', '03bdda1abd0d4f0b9529f23045710b71', '3bdda1abd0d4f0b9529f23045710', 'bdda1abd0d4f0b9529f23045710b', 'dda1abd0d4f0b9529f23045710b7', 'da1abd0d4f0b9529f23045710b71', 'a1abd0d4f0b9529f23045710', '1abd0d4f0b9529f23045710b', 'abd0d4f0b9529f23045710b7', 'bd0d4f0b9529f23045710b71', 'd0d4f0b9529f23045710', '0d4f0b9529f23045710b', 'd4f0b9529f23045710b7', '4f0b9529f23045710b71', 'f0b9529f23045710', '0b9529f23045710b', 'b9529f23045710b7', '9529f23045710b71', '529f23045710', '29f23045710b', '9f23045710b7', 'f23045710b71', '23045710', '3045710b', '045710b7', '45710b71', '5710', '710b', '10b7', '0b71', 'a8b24676f4a740a0b538d3b7e51e27f2', '8b24676f4a740a0b538d3b7e51e2', 'b24676f4a740a0b538d3b7e51e27', '24676f4a740a0b538d3b7e51e27f', '4676f4a740a0b538d3b7e51e27f2', '676f4a740a0b538d3b7e51e2', '76f4a740a0b538d3b7e51e27', '6f4a740a0b538d3b7e51e27f', 'f4a740a0b538d3b7e51e27f2', '4a740a0b538d3b7e51e2', 'a740a0b538d3b7e51e27', '740a0b538d3b7e51e27f', '40a0b538d3b7e51e27f2', '0a0b538d3b7e51e2', 'a0b538d3b7e51e27', '0b538d3b7e51e27f', 'b538d3b7e51e27f2', '538d3b7e51e2', '38d3b7e51e27', '8d3b7e51e27f', 'd3b7e51e27f2', '3b7e51e2', 'b7e51e27', '7e51e27f', 'e51e27f2', '51e2', '1e27', 'e27f', '27f2', '2a5ff35f7d1540119bc819a4be1976f8', 'a5ff35f7d1540119bc819a4be197', '5ff35f7d1540119bc819a4be1976', 'ff35f7d1540119bc819a4be1976f', 'f35f7d1540119bc819a4be1976f8', '35f7d1540119bc819a4be197', '5f7d1540119bc819a4be1976', 'f7d1540119bc819a4be1976f', '7d1540119bc819a4be1976f8', 'd1540119bc819a4be197', '1540119bc819a4be1976', '540119bc819a4be1976f', '40119bc819a4be1976f8', '0119bc819a4be197', '119bc819a4be1976', '19bc819a4be1976f', '9bc819a4be1976f8', 'bc819a4be197', 'c819a4be1976', '819a4be1976f', '19a4be1976f8', '9a4be197', 'a4be1976', '4be1976f', 'be1976f8', 'e197', '1976', '976f', '76f8', '0b67444dd74b4ac8a27c124c8240277f', 'b67444dd74b4ac8a27c124c82402', '67444dd74b4ac8a27c124c824027', '7444dd74b4ac8a27c124c8240277', '444dd74b4ac8a27c124c8240277f', '44dd74b4ac8a27c124c82402', '4dd74b4ac8a27c124c824027', 'dd74b4ac8a27c124c8240277', 'd74b4ac8a27c124c8240277f', '74b4ac8a27c124c82402', '4b4ac8a27c124c824027', 'b4ac8a27c124c8240277', '4ac8a27c124c8240277f', 'ac8a27c124c82402', 'c8a27c124c824027', '8a27c124c8240277', 'a27c124c8240277f', '27c124c82402', '7c124c824027', 'c124c8240277', '124c8240277f', '24c82402', '4c824027', 'c8240277', '8240277f', '2402', '4027', '0277', '277f', 'df1d0724ab1943888cd9d60d6581c1ab', 'f1d0724ab1943888cd9d60d6581c', '1d0724ab1943888cd9d60d6581c1', 'd0724ab1943888cd9d60d6581c1a', '0724ab1943888cd9d60d6581c1ab', '724ab1943888cd9d60d6581c', '24ab1943888cd9d60d6581c1', '4ab1943888cd9d60d6581c1a', 'ab1943888cd9d60d6581c1ab', 'b1943888cd9d60d6581c', '1943888cd9d60d6581c1', '943888cd9d60d6581c1a', '43888cd9d60d6581c1ab', '3888cd9d60d6581c', '888cd9d60d6581c1', '88cd9d60d6581c1a', '8cd9d60d6581c1ab', 'cd9d60d6581c', 'd9d60d6581c1', '9d60d6581c1a', 'd60d6581c1ab', '60d6581c', '0d6581c1', 'd6581c1a', '6581c1ab', '581c', '81c1', '1c1a', 'c1ab', '2d6fd91821e74bb780f96b5b33bb26fb', 'd6fd91821e74bb780f96b5b33bb2', '6fd91821e74bb780f96b5b33bb26', 'fd91821e74bb780f96b5b33bb26f', 'd91821e74bb780f96b5b33bb26fb', '91821e74bb780f96b5b33bb2', '1821e74bb780f96b5b33bb26', '821e74bb780f96b5b33bb26f', '21e74bb780f96b5b33bb26fb', '1e74bb780f96b5b33bb2', 'e74bb780f96b5b33bb26', '74bb780f96b5b33bb26f', '4bb780f96b5b33bb26fb', 'bb780f96b5b33bb2', 'b780f96b5b33bb26', '780f96b5b33bb26f', '80f96b5b33bb26fb', '0f96b5b33bb2', 'f96b5b33bb26', '96b5b33bb26f', '6b5b33bb26fb', 'b5b33bb2', '5b33bb26', 'b33bb26f', '33bb26fb', '3bb2', 'bb26', 'b26f', '26fb', '07c03aad43a64d128e9a6913deb9de0e', '7c03aad43a64d128e9a6913deb9d', 'c03aad43a64d128e9a6913deb9de', '03aad43a64d128e9a6913deb9de0', '3aad43a64d128e9a6913deb9de0e', 'aad43a64d128e9a6913deb9d', 'ad43a64d128e9a6913deb9de', 'd43a64d128e9a6913deb9de0', '43a64d128e9a6913deb9de0e', '3a64d128e9a6913deb9d', 'a64d128e9a6913deb9de', '64d128e9a6913deb9de0', '4d128e9a6913deb9de0e', 'd128e9a6913deb9d', '128e9a6913deb9de', '28e9a6913deb9de0', '8e9a6913deb9de0e', 'e9a6913deb9d', '9a6913deb9de', 'a6913deb9de0', '6913deb9de0e', '913deb9d', '13deb9de', '3deb9de0', 'deb9de0e', 'b9de', '9de0', 'de0e', 'a8a5d1bec6754eb3afcba066aba16cda', '8a5d1bec6754eb3afcba066aba16', 'a5d1bec6754eb3afcba066aba16c', '5d1bec6754eb3afcba066aba16cd', 'd1bec6754eb3afcba066aba16cda', '1bec6754eb3afcba066aba16', 'bec6754eb3afcba066aba16c', 'ec6754eb3afcba066aba16cd', 'c6754eb3afcba066aba16cda', '6754eb3afcba066aba16', '754eb3afcba066aba16c', '54eb3afcba066aba16cd', '4eb3afcba066aba16cda', 'eb3afcba066aba16', 'b3afcba066aba16c', '3afcba066aba16cd', 'afcba066aba16cda', 'fcba066aba16', 'cba066aba16c', 'ba066aba16cd', 'a066aba16cda', '066aba16', '66aba16c', '6aba16cd', 'aba16cda', 'ba16', 'a16c', '16cd', '6cda', '58d57f6bc0a44d858087a68eb81766d7', '8d57f6bc0a44d858087a68eb8176', 'd57f6bc0a44d858087a68eb81766', '57f6bc0a44d858087a68eb81766d', '7f6bc0a44d858087a68eb81766d7', 'f6bc0a44d858087a68eb8176', '6bc0a44d858087a68eb81766', 'bc0a44d858087a68eb81766d', 'c0a44d858087a68eb81766d7', '0a44d858087a68eb8176', 'a44d858087a68eb81766', '44d858087a68eb81766d', '4d858087a68eb81766d7', 'd858087a68eb8176', '858087a68eb81766', '58087a68eb81766d', '8087a68eb81766d7', '087a68eb8176', '87a68eb81766', '7a68eb81766d', 'a68eb81766d7', '68eb8176', '8eb81766', 'eb81766d', 'b81766d7', '8176', '1766', '766d', '66d7', 'ff38c5a6f63042468adb5dfd67d81732', 'f38c5a6f63042468adb5dfd67d81', '38c5a6f63042468adb5dfd67d817', '8c5a6f63042468adb5dfd67d8173', 'c5a6f63042468adb5dfd67d81732', '5a6f63042468adb5dfd67d81', 'a6f63042468adb5dfd67d817', '6f63042468adb5dfd67d8173', 'f63042468adb5dfd67d81732', '63042468adb5dfd67d81', '3042468adb5dfd67d817', '042468adb5dfd67d8173', '42468adb5dfd67d81732', '2468adb5dfd67d81', '468adb5dfd67d817', '68adb5dfd67d8173', '8adb5dfd67d81732', 'adb5dfd67d81', 'db5dfd67d817', 'b5dfd67d8173', '5dfd67d81732', 'dfd67d81', 'fd67d817', 'd67d8173', '67d81732', '7d81', 'd817', '8173', '1732', 'dded5a243bb54fed96bfc6bc474aa244', 'ded5a243bb54fed96bfc6bc474aa', 'ed5a243bb54fed96bfc6bc474aa2', 'd5a243bb54fed96bfc6bc474aa24', '5a243bb54fed96bfc6bc474aa244', 'a243bb54fed96bfc6bc474aa', '243bb54fed96bfc6bc474aa2', '43bb54fed96bfc6bc474aa24', '3bb54fed96bfc6bc474aa244', 'bb54fed96bfc6bc474aa', 'b54fed96bfc6bc474aa2', '54fed96bfc6bc474aa24', '4fed96bfc6bc474aa244', 'fed96bfc6bc474aa', 'ed96bfc6bc474aa2', 'd96bfc6bc474aa24', '96bfc6bc474aa244', '6bfc6bc474aa', 'bfc6bc474aa2', 'fc6bc474aa24', 'c6bc474aa244', '6bc474aa', 'bc474aa2', 'c474aa24', '474aa244', '74aa', '4aa2', 'aa24', 'a244', 'b4d63e7d9e4b435aac056bcae361cf8a', '4d63e7d9e4b435aac056bcae361c', 'd63e7d9e4b435aac056bcae361cf', '63e7d9e4b435aac056bcae361cf8', '3e7d9e4b435aac056bcae361cf8a', 'e7d9e4b435aac056bcae361c', '7d9e4b435aac056bcae361cf', 'd9e4b435aac056bcae361cf8', '9e4b435aac056bcae361cf8a', 'e4b435aac056bcae361c', '4b435aac056bcae361cf', 'b435aac056bcae361cf8', '435aac056bcae361cf8a', '35aac056bcae361c', '5aac056bcae361cf', 'aac056bcae361cf8', 'ac056bcae361cf8a', 'c056bcae361c', '056bcae361cf', '56bcae361cf8', '6bcae361cf8a', 'bcae361c', 'cae361cf', 'ae361cf8', 'e361cf8a', '361c', '61cf', '1cf8', 'cf8a', '4e6967a467d0492c8460b5b56ec82e35', 'e6967a467d0492c8460b5b56ec82', '6967a467d0492c8460b5b56ec82e', '967a467d0492c8460b5b56ec82e3', '67a467d0492c8460b5b56ec82e35', '7a467d0492c8460b5b56ec82', 'a467d0492c8460b5b56ec82e', '467d0492c8460b5b56ec82e3', '67d0492c8460b5b56ec82e35', '7d0492c8460b5b56ec82', 'd0492c8460b5b56ec82e', '0492c8460b5b56ec82e3', '492c8460b5b56ec82e35', '92c8460b5b56ec82', '2c8460b5b56ec82e', 'c8460b5b56ec82e3', '8460b5b56ec82e35', '460b5b56ec82', '60b5b56ec82e', '0b5b56ec82e3', 'b5b56ec82e35', '5b56ec82', 'b56ec82e', '56ec82e3', '6ec82e35', 'ec82', 'c82e', '82e3', '2e35', '5510e1b68fd64436ac14e0e45af4efab', '510e1b68fd64436ac14e0e45af4e', '10e1b68fd64436ac14e0e45af4ef', '0e1b68fd64436ac14e0e45af4efa', 'e1b68fd64436ac14e0e45af4efab', '1b68fd64436ac14e0e45af4e', 'b68fd64436ac14e0e45af4ef', '68fd64436ac14e0e45af4efa', '8fd64436ac14e0e45af4efab', 'fd64436ac14e0e45af4e', 'd64436ac14e0e45af4ef', '64436ac14e0e45af4efa', '4436ac14e0e45af4efab', '436ac14e0e45af4e', '36ac14e0e45af4ef', '6ac14e0e45af4efa', 'ac14e0e45af4efab', 'c14e0e45af4e', '14e0e45af4ef', '4e0e45af4efa', 'e0e45af4efab', '0e45af4e', 'e45af4ef', '45af4efa', '5af4efab', 'af4e', 'f4ef', '4efa', 'efab', '74534355f0e94cdba9309ed01533095d', '4534355f0e94cdba9309ed015330', '534355f0e94cdba9309ed0153309', '34355f0e94cdba9309ed01533095', '4355f0e94cdba9309ed01533095d', '355f0e94cdba9309ed015330', '55f0e94cdba9309ed0153309', '5f0e94cdba9309ed01533095', 'f0e94cdba9309ed01533095d', '0e94cdba9309ed015330', 'e94cdba9309ed0153309', '94cdba9309ed01533095', '4cdba9309ed01533095d', 'cdba9309ed015330', 'dba9309ed0153309', 'ba9309ed01533095', 'a9309ed01533095d', '9309ed015330', '309ed0153309', '09ed01533095', '9ed01533095d', 'ed015330', 'd0153309', '01533095', '1533095d', '5330', '3309', '3095', '095d', '96ced60073ee4c2a9539624d536917a9', '6ced60073ee4c2a9539624d53691', 'ced60073ee4c2a9539624d536917', 'ed60073ee4c2a9539624d536917a', 'd60073ee4c2a9539624d536917a9', '60073ee4c2a9539624d53691', '0073ee4c2a9539624d536917', '073ee4c2a9539624d536917a', '73ee4c2a9539624d536917a9', '3ee4c2a9539624d53691', 'ee4c2a9539624d536917', 'e4c2a9539624d536917a', '4c2a9539624d536917a9', 'c2a9539624d53691', '2a9539624d536917', 'a9539624d536917a', '9539624d536917a9', '539624d53691', '39624d536917', '9624d536917a', '624d536917a9', '24d53691', '4d536917', 'd536917a', '536917a9', '3691', '6917', '917a', '17a9', '7168cb2bdb644ae0a076c3dddf999620', '168cb2bdb644ae0a076c3dddf999', '68cb2bdb644ae0a076c3dddf9996', '8cb2bdb644ae0a076c3dddf99962', 'cb2bdb644ae0a076c3dddf999620', 'b2bdb644ae0a076c3dddf999', '2bdb644ae0a076c3dddf9996', 'bdb644ae0a076c3dddf99962', 'db644ae0a076c3dddf999620', 'b644ae0a076c3dddf999', '644ae0a076c3dddf9996', '44ae0a076c3dddf99962', '4ae0a076c3dddf999620', 'ae0a076c3dddf999', 'e0a076c3dddf9996', '0a076c3dddf99962', 'a076c3dddf999620', '076c3dddf999', '76c3dddf9996', '6c3dddf99962', 'c3dddf999620', '3dddf999', 'dddf9996', 'ddf99962', 'df999620', 'f999', '9996', '9962', '9620', '738bb41767ff4255a01b4fc82e79ba53', '38bb41767ff4255a01b4fc82e79b', '8bb41767ff4255a01b4fc82e79ba', 'bb41767ff4255a01b4fc82e79ba5', 'b41767ff4255a01b4fc82e79ba53', '41767ff4255a01b4fc82e79b', '1767ff4255a01b4fc82e79ba', '767ff4255a01b4fc82e79ba5', '67ff4255a01b4fc82e79ba53', '7ff4255a01b4fc82e79b', 'ff4255a01b4fc82e79ba', 'f4255a01b4fc82e79ba5', '4255a01b4fc82e79ba53', '255a01b4fc82e79b', '55a01b4fc82e79ba', '5a01b4fc82e79ba5', 'a01b4fc82e79ba53', '01b4fc82e79b', '1b4fc82e79ba', 'b4fc82e79ba5', '4fc82e79ba53', 'fc82e79b', 'c82e79ba', '82e79ba5', '2e79ba53', 'e79b', '79ba', 'ba53', 'd4979c2f76ee48ee9958d9f46617db1a', '4979c2f76ee48ee9958d9f46617d', '979c2f76ee48ee9958d9f46617db', '79c2f76ee48ee9958d9f46617db1', '9c2f76ee48ee9958d9f46617db1a', 'c2f76ee48ee9958d9f46617d', '2f76ee48ee9958d9f46617db', 'f76ee48ee9958d9f46617db1', '76ee48ee9958d9f46617db1a', '6ee48ee9958d9f46617d', 'ee48ee9958d9f46617db', 'e48ee9958d9f46617db1', '48ee9958d9f46617db1a', '8ee9958d9f46617d', 'ee9958d9f46617db', 'e9958d9f46617db1', '9958d9f46617db1a', '958d9f46617d', '58d9f46617db', '8d9f46617db1', 'd9f46617db1a', '9f46617d', 'f46617db', '46617db1', '6617db1a', '617d', '7db1', 'db1a', 'e161d821e7c841cd801d289b5b42077d', '161d821e7c841cd801d289b5b420', '61d821e7c841cd801d289b5b4207', '1d821e7c841cd801d289b5b42077', 'd821e7c841cd801d289b5b42077d', '821e7c841cd801d289b5b420', '21e7c841cd801d289b5b4207', '1e7c841cd801d289b5b42077', 'e7c841cd801d289b5b42077d', '7c841cd801d289b5b420', 'c841cd801d289b5b4207', '841cd801d289b5b42077', '41cd801d289b5b42077d', '1cd801d289b5b420', 'cd801d289b5b4207', 'd801d289b5b42077', '801d289b5b42077d', '01d289b5b420', '1d289b5b4207', 'd289b5b42077', '289b5b42077d', '89b5b420', '9b5b4207', 'b5b42077', '5b42077d', 'b420', '4207', '2077', '077d', '64105168130e48268432a0ff140d0222', '4105168130e48268432a0ff140d0', '105168130e48268432a0ff140d02', '05168130e48268432a0ff140d022', '5168130e48268432a0ff140d0222', '168130e48268432a0ff140d0', '68130e48268432a0ff140d02', '8130e48268432a0ff140d022', '130e48268432a0ff140d0222', '30e48268432a0ff140d0', '0e48268432a0ff140d02', 'e48268432a0ff140d022', '48268432a0ff140d0222', '8268432a0ff140d0', '268432a0ff140d02', '68432a0ff140d022', '8432a0ff140d0222', '432a0ff140d0', '32a0ff140d02', '2a0ff140d022', 'a0ff140d0222', '0ff140d0', 'ff140d02', 'f140d022', '140d0222', '40d0', '0d02', 'd022', '0222', '0e7dab93662a4859bdd9bed4abbe4b2e', 'e7dab93662a4859bdd9bed4abbe4', '7dab93662a4859bdd9bed4abbe4b', 'dab93662a4859bdd9bed4abbe4b2', 'ab93662a4859bdd9bed4abbe4b2e', 'b93662a4859bdd9bed4abbe4', '93662a4859bdd9bed4abbe4b', '3662a4859bdd9bed4abbe4b2', '662a4859bdd9bed4abbe4b2e', '62a4859bdd9bed4abbe4', '2a4859bdd9bed4abbe4b', 'a4859bdd9bed4abbe4b2', '4859bdd9bed4abbe4b2e', '859bdd9bed4abbe4', '59bdd9bed4abbe4b', '9bdd9bed4abbe4b2', 'bdd9bed4abbe4b2e', 'dd9bed4abbe4', 'd9bed4abbe4b', '9bed4abbe4b2', 'bed4abbe4b2e', 'ed4abbe4', 'd4abbe4b', '4abbe4b2', 'abbe4b2e', 'bbe4', 'be4b', 'e4b2', '4b2e', '401ed9364ae24df3876c785c56839617', '01ed9364ae24df3876c785c56839', '1ed9364ae24df3876c785c568396', 'ed9364ae24df3876c785c5683961', 'd9364ae24df3876c785c56839617', '9364ae24df3876c785c56839', '364ae24df3876c785c568396', '64ae24df3876c785c5683961', '4ae24df3876c785c56839617', 'ae24df3876c785c56839', 'e24df3876c785c568396', '24df3876c785c5683961', '4df3876c785c56839617', 'df3876c785c56839', 'f3876c785c568396', '3876c785c5683961', '876c785c56839617', '76c785c56839', '6c785c568396', 'c785c5683961', '785c56839617', '85c56839', '5c568396', 'c5683961', '56839617', '6839', '8396', '3961', '9617', '540941d27d7841a683d84c5f658b672d', '40941d27d7841a683d84c5f658b6', '0941d27d7841a683d84c5f658b67', '941d27d7841a683d84c5f658b672', '41d27d7841a683d84c5f658b672d', '1d27d7841a683d84c5f658b6', 'd27d7841a683d84c5f658b67', '27d7841a683d84c5f658b672', '7d7841a683d84c5f658b672d', 'd7841a683d84c5f658b6', '7841a683d84c5f658b67', '841a683d84c5f658b672', '41a683d84c5f658b672d', '1a683d84c5f658b6', 'a683d84c5f658b67', '683d84c5f658b672', '83d84c5f658b672d', '3d84c5f658b6', 'd84c5f658b67', '84c5f658b672', '4c5f658b672d', 'c5f658b6', '5f658b67', 'f658b672', '658b672d', '58b6', '8b67', 'b672', '672d', 'DNmxNg5q878ibPLG', 'NmxNg5q878ibPLGT', 'mxNg5q878ibPLGTS', 'xNg5q878ibPLGTSr', 'Ng5q878ibPLG', 'g5q878ibPLGT', '5q878ibPLGTS', 'q878ibPLGTSr', '878ibPLG', '78ibPLGT', '8ibPLGTS', 'ibPLGTSr', 'bPLG', 'PLGT', 'LGTS', 'GTSr', 'g91b9c41d2ff549a58f4d9ee3b69c22c', '91b9c41d2ff549a58f4d9ee3b69c22c1', '1b9c41d2ff549a58f4d9ee3b69c2', 'b9c41d2ff549a58f4d9ee3b69c22', '9c41d2ff549a58f4d9ee3b69c22c', 'c41d2ff549a58f4d9ee3b69c22c1', '41d2ff549a58f4d9ee3b69c2', '1d2ff549a58f4d9ee3b69c22', 'd2ff549a58f4d9ee3b69c22c', '2ff549a58f4d9ee3b69c22c1', 'ff549a58f4d9ee3b69c2', 'f549a58f4d9ee3b69c22', '549a58f4d9ee3b69c22c', '49a58f4d9ee3b69c22c1', '9a58f4d9ee3b69c2', 'a58f4d9ee3b69c22', '58f4d9ee3b69c22c', '8f4d9ee3b69c22c1', 'f4d9ee3b69c2', '4d9ee3b69c22', 'd9ee3b69c22c', '9ee3b69c22c1', 'ee3b69c2', 'e3b69c22', '3b69c22c', 'b69c22c1', '69c2', '9c22', 'c22c', '22c1', 'VpyhPa5k11UX6tMC', 'pyhPa5k11UX6tMCY', 'yhPa5k11UX6tMCYD', 'hPa5k11UX6tMCYDW', 'Pa5k11UX6tMC', 'a5k11UX6tMCY', '5k11UX6tMCYD', 'k11UX6tMCYDW', '11UX6tMC', '1UX6tMCY', 'UX6tMCYD', 'X6tMCYDW', '6tMC', 'tMCY', 'MCYD', 'CYDW', 'rFVptZ5YC9Y6LtC9', 'FVptZ5YC9Y6LtC93', 'VptZ5YC9Y6LtC93F', 'ptZ5YC9Y6LtC93FG', 'tZ5YC9Y6LtC9', 'Z5YC9Y6LtC93', '5YC9Y6LtC93F', 'YC9Y6LtC93FG', 'C9Y6LtC9', '9Y6LtC93', 'Y6LtC93F', '6LtC93FG', 'LtC9', 'tC93', 'C93F', '93FG', 'qZWKPRvt', 'ZWKPRvtU', 'WKPRvtUw', 'KPRv', 'PRvt', 'RvtU', 'vtUw', 'xU5KTNhi', 'U5KTNhi1', '5KTNhi10', 'KTNh', 'TNhi', 'Nhi1', 'hi10', 'FcNKlC8C', 'cNKlC8Ck', 'NKlC8CkX', 'KlC8', 'lC8C', 'C8Ck', '8CkX', 'gsBKLw5R', 'sBKLw5RI', 'BKLw5RIn', 'KLw5', 'Lw5R', 'w5RI', '5RIn', 'XFsKftd6', 'FsKftd6H', 'sKftd6Hn', 'Kftd', 'ftd6', 'td6H', 'd6Hn', 'Wj5KDxBu', 'j5KDxBug', '5KDxBuga', 'KDxB', 'DxBu', 'xBug', 'Buga', 'RLgKvXBR', 'LgKvXBRF', 'gKvXBRFX', 'KvXB', 'vXBR', 'XBRF', 'BRFX', 'xxdKXWEV', 'xdKXWEVI', 'dKXWEVIW', 'KXWE', 'XWEV', 'WEVI', 'EVIW', 'DtbK9Qe5', 'tbK9Qe5v', 'bK9Qe5vx', 'K9Qe', '9Qe5', 'Qe5v', 'e5vx', 'D09KkCH2', '09KkCH2F', '9KkCH2FJ', 'KkCH', 'kCH2', 'CH2F', 'H2FJ', 'cPdK2Od0', 'PdK2Od0V', 'dK2Od0VI', 'K2Od', '2Od0', 'Od0V', 'd0VI', 'yKaKwbpY', 'KaKwbpYc', 'aKwbpYcV', 'Kwbp', 'wbpY', 'bpYc', 'pYcV', 'RcsKyfhr', 'csKyfhrR', 'sKyfhrRO', 'Kyfh', 'yfhr', 'fhrR', 'hrRO', 'vQhKJpW0', 'QhKJpW07', 'hKJpW07a', 'KJpW', 'JpW0', 'pW07', 'W07a', 'xrrKSe2j', 'rrKSe2jg', 'rKSe2jgd', 'KSe2', 'Se2j', 'e2jg', '2jgd', 'm18KgOpA', '18KgOpAX', '8KgOpAX1', 'KgOp', 'gOpA', 'OpAX', 'pAX1', 'PaddingM', 'addingMo', 'ddingMod', 'dingMode', 'ingM', 'px4KaB8p', 'x4KaB8pG', '4KaB8pGg', 'KaB8', 'aB8p', 'B8pG', '8pGg', 'w0lKA1Ow', '0lKA1Owu', 'lKA1OwuY', 'KA1O', 'A1Ow', '1Owu', 'OwuY', 'eE0KoJKX', 'E0KoJKXq', '0KoJKXqy', 'KoJK', 'oJKX', 'JKXq', 'KXqy', 'QJMKbShm', 'JMKbShmc', 'MKbShmch', 'KbSh', 'bShm', 'Shmc', 'hmch', 'M6SKitZI', '6SKitZIF', 'SKitZIFF', 'KitZ', 'itZI', 'tZIF', 'ZIFF', 'PL2Kd2ED', 'L2Kd2EDs', '2Kd2EDs5', 'Kd2E', 'd2ED', '2EDs', 'EDs5', 'olvKMpST', 'lvKMpST6', 'vKMpST6L', 'KMpS', 'MpST', 'pST6', 'ST6L', 'SS5KzU73', 'S5KzU73o', '5KzU73oH', 'KzU7', 'zU73', 'U73o', '73oH', 'h3EUHD6s', '3EUHD6sn', 'EUHD6snJ', 'UHD6', 'HD6s', 'D6sn', '6snJ', 'g43UEkj6', '43UEkj6W', '3UEkj6W6', 'UEkj', 'Ekj6', 'kj6W', 'j6W6', 'evyU7ZuJ', 'vyU7ZuJV', 'yU7ZuJVm', 'U7Zu', '7ZuJ', 'ZuJV', 'uJVm', 'xRJUN4dO', 'RJUN4dOi', 'JUN4dOiH', 'UN4d', 'N4dO', '4dOi', 'dOiH', 'knoU6RZS', 'noU6RZSg', 'oU6RZSgm', 'U6RZ', '6RZS', 'RZSg', 'ZSgm', 'OOCUBtr2', 'OCUBtr21', 'CUBtr21p', 'UBtr', 'Btr2', 'tr21', 'r21p', 'kuRUUgdf', 'uRUUgdfI', 'RUUgdfIM', 'UUgd', 'Ugdf', 'gdfI', 'dfIM', 'CsJUTyPc', 'sJUTyPcC', 'JUTyPcCe', 'UTyP', 'TyPc', 'yPcC', 'PcCe', 'XdUUPDjE', 'dUUPDjEG', 'UUPDjEGs', 'UPDj', 'PDjE', 'DjEG', 'jEGs', 'gPZUlOnM', 'PZUlOnMT', 'ZUlOnMT4', 'UlOn', 'lOnM', 'OnMT', 'nMT4', 'UAlULmsu', 'AlULmsur', 'lULmsurc', 'ULms', 'Lmsu', 'msur', 'surc', 'FTeUfsej', 'TeUfsejb', 'eUfsejbQ', 'Ufse', 'fsej', 'sejb', 'ejbQ', 'wR0UD89R', 'R0UD89RC', '0UD89RCd', 'UD89', 'D89R', '89RC', '9RCd', 'bjgUv2VQ', 'jgUv2VQ7', 'gUv2VQ7i', 'Uv2V', 'v2VQ', '2VQ7', 'VQ7i', 'CuoUXMDV', 'uoUXMDV7', 'oUXMDV7r', 'UXMD', 'XMDV', 'MDV7', 'DV7r', 'DeOU9Hkx', 'eOU9Hkxb', 'OU9HkxbM', 'U9Hk', '9Hkx', 'Hkxb', 'kxbM', 'BoCUk6bq', 'oCUk6bqB', 'CUk6bqB9', 'Uk6b', 'k6bq', '6bqB', 'bqB9', 'zvNU26v8', 'vNU26v89', 'NU26v89R', 'U26v', '26v8', '6v89', 'v89R', 'CLTUwaIx', 'LTUwaIxn', 'TUwaIxnQ', 'UwaI', 'waIx', 'aIxn', 'IxnQ', 'eN4UyhCd', 'N4UyhCdg', '4UyhCdgf', 'UyhC', 'yhCd', 'hCdg', 'Cdgf', 'IypUJJjW', 'ypUJJjWa', 'pUJJjWaN', 'UJJj', 'JJjW', 'JjWa', 'jWaN', 'KCmUScVx', 'CmUScVxB', 'mUScVxBh', 'UScV', 'ScVx', 'cVxB', 'VxBh', 'pnJUgjOw', 'nJUgjOwl', 'JUgjOwlZ', 'UgjO', 'gjOw', 'jOwl', 'OwlZ', 'K6FUaOTh', '6FUaOThw', 'FUaOThwb', 'UaOT', 'aOTh', 'OThw', 'Thwb', 'mRvUA5kZ', 'RvUA5kZK', 'vUA5kZKC', 'UA5k', 'A5kZ', '5kZK', 'kZKC', 'JxjUoUkK', 'xjUoUkKg', 'jUoUkKgF', 'UoUk', 'oUkK', 'UkKg', 'kKgF', 'tILUbGYL', 'ILUbGYLL', 'LUbGYLLQ', 'UbGY', 'bGYL', 'GYLL', 'YLLQ', 'SExUiIZv', 'ExUiIZv4', 'xUiIZv4q', 'UiIZ', 'iIZv', 'IZv4', 'Zv4q', 'dZ9Udp2P', 'Z9Udp2Ph', '9Udp2Ph8', 'Udp2', 'dp2P', 'p2Ph', '2Ph8', 'KIZUM1JF', 'IZUM1JFs', 'ZUM1JFsH', 'UM1J', 'M1JF', '1JFs', 'JFsH', 'hJvUzq3i', 'JvUzq3ib', 'vUzq3ibx', 'Uzq3', 'zq3i', 'q3ib', '3ibx', 'EHJrHKWf', 'HJrHKWft', 'JrHKWftl', 'rHKW', 'HKWf', 'KWft', 'Wftl', 'obBrEfWn', 'bBrEfWn0', 'BrEfWn0J', 'rEfW', 'EfWn', 'fWn0', 'Wn0J', 'n20r7QTe', '20r7QTex', '0r7QTexy', 'r7QT', '7QTe', 'QTex', 'Texy', 'Of7rNCiI', 'f7rNCiIv', '7rNCiIvM', 'rNCi', 'NCiI', 'CiIv', 'iIvM', 'Giir6unb', 'iir6unb2', 'ir6unb26', 'r6un', '6unb', 'unb2', 'nb26', 'yWWrBpEd', 'WWrBpEdk', 'WrBpEdkG', 'rBpE', 'BpEd', 'pEdk', 'EdkG', 'A1HrUmdd', '1HrUmdd6', 'HrUmdd6Q', 'rUmd', 'Umdd', 'mdd6', 'dd6Q', 'JI4rTP5I', 'I4rTP5IQ', '4rTP5IQ0', 'rTP5', 'TP5I', 'P5IQ', '5IQ0', 'GZdrPIha', 'ZdrPIhaS', 'drPIhaS3', 'rPIh', 'PIha', 'IhaS', 'haS3', 'u4Jrl70r', '4Jrl70r6', 'Jrl70r6u', 'rl70', 'l70r', '70r6', '0r6u', 'nAtrLV7V', 'AtrLV7Vv', 'trLV7VvZ', 'rLV7', 'LV7V', 'V7Vv', '7VvZ', 'JjVrfWsd', 'jVrfWsd2', 'VrfWsd2D', 'rfWs', 'fWsd', 'Wsd2', 'sd2D', 'uobrD8Kj', 'obrD8KjE', 'brD8KjEu', 'rD8K', 'D8Kj', '8KjE', 'KjEu', 'OrFrvpuB', 'rFrvpuBE', 'FrvpuBER', 'rvpu', 'vpuB', 'puBE', 'uBER', 'TElrXkTC', 'ElrXkTCa', 'lrXkTCai', 'rXkT', 'XkTC', 'kTCa', 'TCai', 'wdLr9ill', 'dLr9illv', 'Lr9illvs', 'r9il', '9ill', 'illv', 'llvs', 'NmmrkYrh', 'mmrkYrh5', 'mrkYrh5L', 'rkYr', 'kYrh', 'Yrh5', 'rh5L', 'b2yr2b0Z', '2yr2b0Z8', 'yr2b0Z8E', 'r2b0', '2b0Z', 'b0Z8', '0Z8E', 'IUxrwHhO', 'UxrwHhOA', 'xrwHhOAo', 'rwHh', 'wHhO', 'HhOA', 'hOAo', 'NoprydPx', 'oprydPxB', 'prydPxBq', 'rydP', 'ydPx', 'dPxB', 'PxBq', 'kRbrJyOr', 'RbrJyOrp', 'brJyOrpZ', 'rJyO', 'JyOr', 'yOrp', 'OrpZ', 'uDwrSyg0', 'DwrSyg0D', 'wrSyg0Dd', 'rSyg', 'Syg0', 'yg0D', 'g0Dd', 'QMUrgmCw', 'MUrgmCwX', 'UrgmCwXd', 'rgmC', 'gmCw', 'mCwX', 'CwXd', 'Cg1ra3IA', 'g1ra3IAM', '1ra3IAMY', 'ra3I', 'a3IA', '3IAM', 'IAMY', 'xYZrA1Uw', 'YZrA1Uw3', 'ZrA1Uw32', 'rA1U', 'A1Uw', '1Uw3', 'Uw32', 'F9wro6CN', '9wro6CNG', 'wro6CNG0', 'ro6C', 'o6CN', '6CNG', 'CNG0', 'MSgrbV6y', 'SgrbV6ya', 'grbV6yaE', 'rbV6', 'bV6y', 'V6ya', '6yaE', 'od0riK5t', 'd0riK5tq', '0riK5tqi', 'riK5', 'iK5t', 'K5tq', '5tqi', 'h6srdQnA', '6srdQnAK', 'srdQnAKC', 'rdQn', 'dQnA', 'QnAK', 'nAKC', 'odXrMH1w', 'dXrMH1wd', 'XrMH1wdH', 'rMH1', 'MH1w', 'H1wd', '1wdH', 'AqRrzUbA', 'qRrzUbAZ', 'RrzUbAZI', 'rzUb', 'zUbA', 'UbAZ', 'bAZI', 'Q3VTH1TE', '3VTH1TE6', 'VTH1TE6K', 'TH1T', 'H1TE', '1TE6', 'TE6K', 'knOTEL4E', 'nOTEL4Er', 'OTEL4ErE', 'TEL4', 'EL4E', 'L4Er', '4ErE', 'GBTT7pvq', 'BTT7pvq9', 'TT7pvq9y', 'T7pv', '7pvq', 'pvq9', 'vq9y', 'L9hTNpje', '9hTNpje0', 'hTNpje0R', 'TNpj', 'Npje', 'pje0', 'je0R', 'ifyT6Tbl', 'fyT6Tbl5', 'yT6Tbl5Q', 'T6Tb', '6Tbl', 'Tbl5', 'bl5Q', 'tOfTB4qG', 'OfTB4qGc', 'fTB4qGcQ', 'TB4q', 'B4qG', '4qGc', 'qGcQ', 'SJjTU4Sr', 'JjTU4SrD', 'jTU4SrDe', 'TU4S', 'U4Sr', '4SrD', 'SrDe', 'CN4TTFri', 'N4TTFriX', '4TTFriXY', 'TTFr', 'TFri', 'FriX', 'riXY', 'La6TPBws', 'a6TPBwsf', '6TPBwsft', 'TPBw', 'PBws', 'Bwsf', 'wsft', 'CX7Tlfqy', 'X7Tlfqye', '7Tlfqyes', 'Tlfq', 'lfqy', 'fqye', 'qyes', 'SNoTL3PL', 'NoTL3PLd', 'oTL3PLdP', 'TL3P', 'L3PL', '3PLd', 'PLdP', 'xc9TfobJ', 'c9TfobJr', '9TfobJr8', 'Tfob', 'fobJ', 'obJr', 'bJr8', 'aQmTD3ss', 'QmTD3ssU', 'mTD3ssUQ', 'TD3s', 'D3ss', '3ssU', 'ssUQ', 'rS8TvVyv', 'S8TvVyvk', '8TvVyvkX', 'TvVy', 'vVyv', 'Vyvk', 'yvkX', 'X7uTXcTH', '7uTXcTHD', 'uTXcTHDh', 'TXcT', 'XcTH', 'cTHD', 'THDh', 'hBBT9uka', 'BBT9ukaH', 'BT9ukaHB', 'T9uk', '9uka', 'ukaH', 'kaHB', 'sDGTky5T', 'DGTky5TQ', 'GTky5TQh', 'Tky5', 'ky5T', 'y5TQ', '5TQh', 'xGRT2MGR', 'GRT2MGRP', 'RT2MGRPW', 'T2MG', '2MGR', 'MGRP', 'GRPW', 'R3rTwK11', '3rTwK117', 'rTwK117h', 'TwK1', 'wK11', 'K117', '117h', 'LeUTyoqt', 'eUTyoqtQ', 'UTyoqtQm', 'Tyoq', 'yoqt', 'oqtQ', 'qtQm', 'NMTTJV0Y', 'MTTJV0Y0', 'TTJV0Y0x', 'TJV0', 'JV0Y', 'V0Y0', '0Y0x', 'qRtTSSTK', 'RtTSSTK8', 'tTSSTK88', 'TSST', 'SSTK', 'STK8', 'TK88', 'JVyTg9ic', 'VyTg9icZ', 'yTg9icZR', 'Tg9i', 'g9ic', '9icZ', 'icZR', 'WLaTau2P', 'LaTau2P5', 'aTau2P52', 'Tau2', 'au2P', 'u2P5', '2P52', 'ROFTALAV', 'OFTALAVR', 'FTALAVR0', 'TALA', 'ALAV', 'LAVR', 'AVR0', 'CagToIC1', 'agToIC1B', 'gToIC1B7', 'ToIC', 'oIC1', 'IC1B', 'C1B7', 'lcMTbCSR', 'cMTbCSRk', 'MTbCSRkd', 'TbCS', 'bCSR', 'CSRk', 'SRkd', 'IZYTiIY3', 'ZYTiIY3u', 'YTiIY3uo', 'TiIY', 'iIY3', 'IY3u', 'Y3uo', 'D0ZTdqaH', '0ZTdqaHt', 'ZTdqaHt5', 'Tdqa', 'dqaH', 'qaHt', 'aHt5', 'GKOTMEFc', 'KOTMEFcV', 'OTMEFcVW', 'TMEF', 'MEFc', 'EFcV', 'FcVW', 'lODTz01o', 'ODTz01oE', 'DTz01oEg', 'Tz01', 'z01o', '01oE', '1oEg', 'cOYeHy2q', 'OYeHy2qU', 'YeHy2qUi', 'eHy2', 'Hy2q', 'y2qU', '2qUi', 'V2YeE8BL', '2YeE8BLl', 'YeE8BLls', 'eE8B', 'E8BL', '8BLl', 'BLls', 'Dppe7RNB', 'ppe7RNBL', 'pe7RNBLb', 'e7RN', '7RNB', 'RNBL', 'NBLb', 'hM1eNGGY', 'M1eNGGYR', '1eNGGYRl', 'eNGG', 'NGGY', 'GGYR', 'GYRl', 'OrSe6hIi', 'rSe6hIiI', 'Se6hIiIL', 'e6hI', '6hIi', 'hIiI', 'IiIL', 'QTYeBAQO', 'TYeBAQOd', 'YeBAQOd1', 'eBAQ', 'BAQO', 'AQOd', 'QOd1', 'rNQeUXO3', 'NQeUXO3Q', 'QeUXO3Qn', 'eUXO', 'UXO3', 'XO3Q', 'O3Qn', 'GHKeTUwH', 'HKeTUwHE', 'KeTUwHEh', 'eTUw', 'TUwH', 'UwHE', 'wHEh', 'YPlePCt9', 'PlePCt9J', 'lePCt9JS', 'ePCt', 'PCt9', 'Ct9J', 't9JS', 'EqjeloKL', 'qjeloKLG', 'jeloKLGb', 'eloK', 'loKL', 'oKLG', 'KLGb', 'vhGeLpn0', 'hGeLpn0U', 'GeLpn0UM', 'eLpn', 'Lpn0', 'pn0U', 'n0UM', 'FHXefK6Z', 'HXefK6Ze', 'XefK6ZeB', 'efK6', 'fK6Z', 'K6Ze', '6ZeB', 'r6seDcy1', '6seDcy10', 'seDcy10q', 'eDcy', 'Dcy1', 'cy10', 'y10q', 'gZlevdHZ', 'ZlevdHZy', 'levdHZyA', 'evdH', 'vdHZ', 'dHZy', 'HZyA', 'l4leXqKL', '4leXqKLZ', 'leXqKLZ1', 'eXqK', 'XqKL', 'qKLZ', 'KLZ1', 'D2xe9Yko', '2xe9Ykox', 'xe9Ykoxq', 'e9Yk', '9Yko', 'Ykox', 'koxq', 'V6eek5g6', '6eek5g6J', 'eek5g6J5', 'ek5g', 'k5g6', '5g6J', 'g6J5', 'r7Ie2ts7', '7Ie2ts7I', 'Ie2ts7If', 'e2ts', '2ts7', 'ts7I', 's7If', 'nsvewIf5', 'svewIf5s', 'vewIf5sG', 'ewIf', 'wIf5', 'If5s', 'f5sG', 'gqseyjxF', 'qseyjxFB', 'seyjxFBO', 'eyjx', 'yjxF', 'jxFB', 'xFBO', 'fgqeJFeF', 'gqeJFeFf', 'qeJFeFf7', 'eJFe', 'JFeF', 'FeFf', 'eFf7', 'fameSKgb', 'ameSKgbN', 'meSKgbNH', 'eSKg', 'SKgb', 'KgbN', 'gbNH', 'lb1eg47h', 'b1eg47hd', '1eg47hdK', 'eg47', 'g47h', '47hd', '7hdK', 'BeBeaowp', 'eBeaowpm', 'BeaowpmY', 'eaow', 'aowp', 'owpm', 'wpmY', 'AJGeAqm3', 'JGeAqm3e', 'GeAqm3e4', 'eAqm', 'Aqm3', 'qm3e', 'm3e4', 'cfXeoCcu', 'fXeoCcuc', 'XeoCcucn', 'eoCc', 'oCcu', 'Ccuc', 'cucn', 'ARweb5AO', 'Rweb5AOO', 'web5AOOl', 'eb5A', 'b5AO', '5AOO', 'AOOl', 'e0BeiKqI', '0BeiKqIj', 'BeiKqIjG', 'eiKq', 'iKqI', 'KqIj', 'qIjG', 'shuedxlQ', 'huedxlQk', 'uedxlQkH', 'edxl', 'dxlQ', 'xlQk', 'lQkH', 'FPGeMZ9G', 'PGeMZ9Gm', 'GeMZ9Gma', 'eMZ9', 'MZ9G', 'Z9Gm', '9Gma', 'm4Lezovd', '4Lezovdi', 'LezovdiQ', 'ezov', 'zovd', 'ovdi', 'vdiQ', 'DjKPHNSX', 'jKPHNSXP', 'KPHNSXPy', 'PHNS', 'HNSX', 'NSXP', 'SXPy', 'LIfPE2fA', 'IfPE2fA8', 'fPE2fA84', 'PE2f', 'E2fA', '2fA8', 'fA84', 'DXqP7STU', 'XqP7STUQ', 'qP7STUQN', 'P7ST', '7STU', 'STUQ', 'TUQN', 'rqCPN6wJ', 'qCPN6wJX', 'CPN6wJXk', 'PN6w', 'N6wJ', '6wJX', 'wJXk', 'dDEP6es9', 'DEP6es9k', 'EP6es9kT', 'P6es', '6es9', 'es9k', 's9kT', 'WuDPBgw2', 'uDPBgw2j', 'DPBgw2jC', 'PBgw', 'Bgw2', 'gw2j', 'w2jC', 'TVWPU5vc', 'VWPU5vcV', 'WPU5vcV0', 'PU5v', 'U5vc', '5vcV', 'vcV0', 'gZ4PTijZ', 'Z4PTijZK', '4PTijZKT', 'PTij', 'TijZ', 'ijZK', 'jZKT', 'X3GPPSDH', '3GPPSDH0', 'GPPSDH0M', 'PPSD', 'PSDH', 'SDH0', 'DH0M', 'aQyPlp1k', 'QyPlp1kM', 'yPlp1kMr', 'Plp1', 'lp1k', 'p1kM', '1kMr', 'PpNPLVs8', 'pNPLVs8e', 'NPLVs8ew', 'PLVs', 'LVs8', 'Vs8e', 's8ew', 'BLiPf6BM', 'LiPf6BM9', 'iPf6BM9D', 'Pf6B', 'f6BM', '6BM9', 'BM9D', 'utsPD7vH', 'tsPD7vHc', 'sPD7vHcU', 'PD7v', 'D7vH', '7vHc', 'vHcU', 'sLPPv1UD', 'LPPv1UDu', 'PPv1UDuP', 'Pv1U', 'v1UD', '1UDu', 'UDuP', 'H7tPXrIw', '7tPXrIwr', 'tPXrIwrF', 'PXrI', 'XrIw', 'rIwr', 'IwrF', 'cssP9fQv', 'ssP9fQvf', 'sP9fQvfX', 'P9fQ', '9fQv', 'fQvf', 'QvfX', 'HmOPk1fk', 'mOPk1fkU', 'OPk1fkUp', 'Pk1f', 'k1fk', '1fkU', 'fkUp', 'BfMP2avV', 'fMP2avVB', 'MP2avVBg', 'P2av', '2avV', 'avVB', 'vVBg', 'xWtPwDuM', 'WtPwDuMJ', 'tPwDuMJ3', 'PwDu', 'wDuM', 'DuMJ', 'uMJ3', 'KtcPykgw', 'tcPykgw9', 'cPykgw9A', 'Pykg', 'ykgw', 'kgw9', 'gw9A', 'zc9PJxGB', 'c9PJxGBB', '9PJxGBBN', 'PJxG', 'JxGB', 'xGBB', 'GBBN', 'IIWPSs1k', 'IWPSs1kU', 'WPSs1kUA', 'PSs1', 'Ss1k', 's1kU', '1kUA', 'XPHPgHX0', 'PHPgHX0y', 'HPgHX0yP', 'PgHX', 'gHX0', 'HX0y', 'X0yP', 'ugaPapTK', 'gaPapTKl', 'aPapTKls', 'PapT', 'apTK', 'pTKl', 'TKls', 'FnGPAxYG', 'nGPAxYGM', 'GPAxYGMm', 'PAxY', 'AxYG', 'xYGM', 'YGMm', 'esRPoaHB', 'sRPoaHBj', 'RPoaHBj2', 'PoaH', 'oaHB', 'aHBj', 'HBj2', 'XqWPbjHb', 'qWPbjHbn', 'WPbjHbnx', 'PbjH', 'bjHb', 'jHbn', 'Hbnx', 'uSBPiGwO', 'SBPiGwOx', 'BPiGwOxi', 'PiGw', 'iGwO', 'GwOx', 'wOxi', 'glaPdQrx', 'laPdQrxK', 'aPdQrxKy', 'PdQr', 'dQrx', 'QrxK', 'rxKy', 'WuRPM0O3', 'uRPM0O3C', 'RPM0O3Cr', 'PM0O', 'M0O3', '0O3C', 'O3Cr', 'gxoPzJu0', 'xoPzJu0I', 'oPzJu0II', 'PzJu', 'zJu0', 'Ju0I', 'u0II', 'C2iGHWQC', '2iGHWQCl', 'iGHWQClH', 'GHWQ', 'HWQC', 'WQCl', 'QClH', 'sX6GE42B', 'X6GE42Bn', '6GE42BnR', 'GE42', 'E42B', '42Bn', '2BnR', 'bMPG7FmK', 'MPG7FmKN', 'PG7FmKNv', 'G7Fm', '7FmK', 'FmKN', 'mKNv', 'vdrGNq7N', 'drGNq7NZ', 'rGNq7NZk', 'GNq7', 'Nq7N', 'q7NZ', '7NZk', 'bu1G6rYN', 'u1G6rYN7', '1G6rYN7e', 'G6rY', '6rYN', 'rYN7', 'YN7e', 'nOGGBXB2', 'OGGBXB2i', 'GGBXB2i8', 'GBXB', 'BXB2', 'XB2i', 'B2i8', 'g26GUjEZ', '26GUjEZ7', '6GUjEZ7a', 'GUjE', 'UjEZ', 'jEZ7', 'EZ7a', 'DltGTYbq', 'ltGTYbqN', 'tGTYbqNj', 'GTYb', 'TYbq', 'YbqN', 'bqNj', 'CEPGPG8T', 'EPGPG8T8', 'PGPG8T8D', 'GPG8', 'PG8T', 'G8T8', '8T8D', 'wj0Gl5i1', 'j0Gl5i1R', '0Gl5i1RV', 'Gl5i', 'l5i1', '5i1R', 'i1RV', 'oJxGL56Q', 'JxGL56Qu', 'xGL56QuI', 'GL56', 'L56Q', '56Qu', '6QuI', 'NOwGfc7V', 'OwGfc7V6', 'wGfc7V6w', 'Gfc7', 'fc7V', 'c7V6', '7V6w', 'c6vGDr1M', '6vGDr1MK', 'vGDr1MKd', 'GDr1', 'Dr1M', 'r1MK', '1MKd', 'w5tGvDwf', '5tGvDwfy', 'tGvDwfyh', 'GvDw', 'vDwf', 'Dwfy', 'wfyh', 'upCGXF1U', 'pCGXF1Ue', 'CGXF1UeZ', 'GXF1', 'XF1U', 'F1Ue', '1UeZ', 'kBBG9rZ2', 'BBG9rZ25', 'BG9rZ25P', 'G9rZ', '9rZ2', 'rZ25', 'Z25P', 'tN0GkM27', 'N0GkM27m', '0GkM27mD', 'GkM2', 'kM27', 'M27m', '27mD', 'guFG20co', 'uFG20cox', 'FG20coxS', 'G20c', '20co', '0cox', 'coxS', 'U4QGwQlA', '4QGwQlA1', 'QGwQlA1F', 'GwQl', 'wQlA', 'QlA1', 'lA1F', 'eVtGyr5G', 'VtGyr5GL', 'tGyr5GLq', 'Gyr5', 'yr5G', 'r5GL', '5GLq', 'CTOGJIX3', 'TOGJIX3Y', 'OGJIX3Yh', 'GJIX', 'JIX3', 'IX3Y', 'X3Yh', 'wYmGSpp6', 'YmGSpp6x', 'mGSpp6xn', 'GSpp', 'Spp6', 'pp6x', 'p6xn', 'dAgGgTND', 'AgGgTNDt', 'gGgTNDtK', 'GgTN', 'gTND', 'TNDt', 'NDtK', 'yt3GaqRx', 't3GaqRxA', '3GaqRxAE', 'GaqR', 'aqRx', 'qRxA', 'RxAE', 'nuuGAK4X', 'uuGAK4X5', 'uGAK4X5M', 'GAK4', 'AK4X', 'K4X5', '4X5M', 'm7NGoZHE', '7NGoZHEm', 'NGoZHEmj', 'GoZH', 'oZHE', 'ZHEm', 'HEmj', 'LliGbGp8', 'liGbGp8u', 'iGbGp8uu', 'GbGp', 'bGp8', 'Gp8u', 'p8uu', 'EM7GimN7', 'M7GimN7M', '7GimN7MA', 'GimN', 'imN7', 'mN7M', 'N7MA', 'QE7GdoSP', 'E7GdoSP5', '7GdoSP56', 'GdoS', 'doSP', 'oSP5', 'SP56', 'sTaGMbqc', 'TaGMbqc7', 'aGMbqc78', 'GMbq', 'Mbqc', 'bqc7', 'qc78', 'GZEGzpNg', 'ZEGzpNgC', 'EGzpNgCf', 'GzpN', 'zpNg', 'pNgC', 'NgCf', 'P4FlHEnD', '4FlHEnDO', 'FlHEnDOB', 'lHEn', 'HEnD', 'EnDO', 'nDOB', 'wawlEbJk', 'awlEbJkL', 'wlEbJkLI', 'lEbJ', 'EbJk', 'bJkL', 'JkLI', 'zLdl7UgR', 'Ldl7UgRg', 'dl7UgRgB', 'l7Ug', '7UgR', 'UgRg', 'gRgB', 'xHklN7Ok', 'HklN7Okg', 'klN7Okga', 'lN7O', 'N7Ok', '7Okg', 'Okga', 'e5tl69g5', '5tl69g5D', 'tl69g5Df', 'l69g', '69g5', '9g5D', 'g5Df', 'qkglB9OM', 'kglB9OMN', 'glB9OMNf', 'lB9O', 'B9OM', '9OMN', 'OMNf', 'mTAlUUiQ', 'TAlUUiQU', 'AlUUiQU1', 'lUUi', 'UUiQ', 'UiQU', 'iQU1', 'sY7lTbDc', 'Y7lTbDcE', '7lTbDcEx', 'lTbD', 'TbDc', 'bDcE', 'DcEx', 'IWSlP3d4', 'WSlP3d4T', 'SlP3d4Tb', 'lP3d', 'P3d4', '3d4T', 'd4Tb', 'OmSllseA', 'mSllseAy', 'SllseAyJ', 'llse', 'lseA', 'seAy', 'eAyJ', 'mxmlLVwI', 'xmlLVwI5', 'mlLVwI5W', 'lLVw', 'LVwI', 'VwI5', 'wI5W', 'pcclfrls', 'cclfrlsk', 'clfrlskY', 'lfrl', 'frls', 'rlsk', 'lskY', 'hPOlDWVl', 'POlDWVlu', 'OlDWVluo', 'lDWV', 'DWVl', 'WVlu', 'Vluo', 'qFmlv01F', 'Fmlv01FD', 'mlv01FDv', 'lv01', 'v01F', '01FD', '1FDv', 'Kk8lXLO3', 'k8lXLO32', '8lXLO329', 'lXLO', 'XLO3', 'LO32', 'O329', 'gfnl95sp', 'fnl95spN', 'nl95spN8', 'l95s', '95sp', '5spN', 'spN8', 'sAplkCA3', 'AplkCA3S', 'plkCA3SC', 'lkCA', 'kCA3', 'CA3S', 'A3SC', 'jgAl2o0Y', 'gAl2o0Y6', 'Al2o0Y6T', 'l2o0', '2o0Y', 'o0Y6', '0Y6T', 'InflwpE2', 'nflwpE2p', 'flwpE2p6', 'lwpE', 'wpE2', 'pE2p', 'E2p6', 't86lydKF', '86lydKFc', '6lydKFcc', 'lydK', 'ydKF', 'dKFc', 'KFcc', 'mdolJfvY', 'dolJfvYs', 'olJfvYsK', 'lJfv', 'JfvY', 'fvYs', 'vYsK', 'o7flSXKK', '7flSXKKy', 'flSXKKy8', 'lSXK', 'SXKK', 'XKKy', 'KKy8', 'sF9lgEvV', 'F9lgEvVg', '9lgEvVgc', 'lgEv', 'gEvV', 'EvVg', 'vVgc', 'QevlaMuK', 'evlaMuKO', 'vlaMuKOt', 'laMu', 'aMuK', 'MuKO', 'uKOt', 'mhZlAkKA', 'hZlAkKA5', 'ZlAkKA5D', 'lAkK', 'AkKA', 'kKA5', 'KA5D', 'abhloxhG', 'bhloxhG4', 'hloxhG4E', 'loxh', 'oxhG', 'xhG4', 'hG4E', 'EBXlbtPV', 'BXlbtPVt', 'XlbtPVtM', 'lbtP', 'btPV', 'tPVt', 'PVtM', 'vSdliTSK', 'SdliTSKU', 'dliTSKUi', 'liTS', 'iTSK', 'TSKU', 'SKUi', 'Cs2ldNkQ', 's2ldNkQO', '2ldNkQOO', 'ldNk', 'dNkQ', 'NkQO', 'kQOO', 'cgBlMrsW', 'gBlMrsWY', 'BlMrsWYe', 'lMrs', 'MrsW', 'rsWY', 'sWYe', 'J3clzcCX', '3clzcCXY', 'clzcCXYW', 'lzcC', 'zcCX', 'cCXY', 'CXYW', 'vmuIH7Ot', 'muIH7Otq', 'uIH7Otqw', 'IH7O', 'H7Ot', '7Otq', 'Otqw', 'cjQIEj9b', 'jQIEj9b3', 'QIEj9b3v', 'IEj9', 'Ej9b', 'j9b3', '9b3v', 'MsJI78MJ', 'sJI78MJL', 'JI78MJLn', 'I78M', '78MJ', '8MJL', 'MJLn', 'eJOIN3jO', 'JOIN3jOp', 'OIN3jOp1', 'IN3j', 'N3jO', '3jOp', 'jOp1', 'fWqI6Fts', 'WqI6FtsE', 'qI6FtsE3', 'I6Ft', '6Fts', 'FtsE', 'tsE3', 'lo1IBiwH', 'o1IBiwHL', '1IBiwHL8', 'IBiw', 'BiwH', 'iwHL', 'wHL8', 'TW2IU7w1', 'W2IU7w1C', '2IU7w1Ci', 'IU7w', 'U7w1', '7w1C', 'w1Ci', 'KeIIT2Cx', 'eIIT2CxO', 'IIT2CxOy', 'IT2C', 'T2Cx', '2CxO', 'CxOy', 'DOhIPpGl', 'OhIPpGl7', 'hIPpGl7M', 'IPpG', 'PpGl', 'pGl7', 'Gl7M', 'sm7IlS9o', 'm7IlS9o6', '7IlS9o6g', 'IlS9', 'lS9o', 'S9o6', '9o6g', 'wo8ILspW', 'o8ILspWJ', '8ILspWJU', 'ILsp', 'LspW', 'spWJ', 'pWJU', 'Or6IfuZF', 'r6IfuZFs', '6IfuZFs6', 'IfuZ', 'fuZF', 'uZFs', 'ZFs6', 'CVEIDvyO', 'VEIDvyOR', 'EIDvyOR6', 'IDvy', 'DvyO', 'vyOR', 'yOR6', 'KVcIv0ly', 'VcIv0lyl', 'cIv0lylr', 'Iv0l', 'v0ly', '0lyl', 'lylr', 'IRvIXAyS', 'RvIXAySu', 'vIXAySuy', 'IXAy', 'XAyS', 'AySu', 'ySuy', 'YiwI9xFc', 'iwI9xFcM', 'wI9xFcMV', 'I9xF', '9xFc', 'xFcM', 'FcMV', 'rIQIkYJP', 'IQIkYJPW', 'QIkYJPWJ', 'IkYJ', 'kYJP', 'YJPW', 'JPWJ', 'lwlI2WNy', 'wlI2WNy8', 'lI2WNy80', 'I2WN', '2WNy', 'WNy8', 'Ny80', 'mArIwGXC', 'ArIwGXCE', 'rIwGXCEm', 'IwGX', 'wGXC', 'GXCE', 'XCEm', 'DYpIybNy', 'YpIybNyH', 'pIybNyHG', 'IybN', 'ybNy', 'bNyH', 'NyHG', 'yZRIJoHC', 'ZRIJoHCR', 'RIJoHCRZ', 'IJoH', 'JoHC', 'oHCR', 'HCRZ', 'O8NISWXk', '8NISWXkN', 'NISWXkNt', 'ISWX', 'SWXk', 'WXkN', 'XkNt', 'DOfIgguY', 'OfIgguYl', 'fIgguYln', 'Iggu', 'gguY', 'guYl', 'uYln', 'cT7IaUlo', 'T7IaUloe', '7IaUloeh', 'IaUl', 'aUlo', 'Uloe', 'loeh', 'zhVIA6mj', 'hVIA6mjX', 'VIA6mjX1', 'IA6m', 'A6mj', '6mjX', 'mjX1', 'bpOIor3B', 'pOIor3Bc', 'OIor3Bcp', 'Ior3', 'or3B', 'r3Bc', '3Bcp', 'qsoIbaZ9', 'soIbaZ9K', 'oIbaZ9KL', 'IbaZ', 'baZ9', 'aZ9K', 'Z9KL', 'DQUIiq4l', 'QUIiq4lY', 'UIiq4lYl', 'Iiq4', 'iq4l', 'q4lY', '4lYl', 'RCaIdf7F', 'CaIdf7Fa', 'aIdf7Fak', 'Idf7', 'df7F', 'f7Fa', '7Fak', 'iVjIM6TV', 'VjIM6TVP', 'jIM6TVPg', 'IM6T', 'M6TV', '6TVP', 'TVPg', 'RPvIzEfy', 'PvIzEfyc', 'vIzEfycd', 'IzEf', 'zEfy', 'Efyc', 'fycd', 'QU9LHQnh', 'U9LHQnhW', '9LHQnhWc', 'LHQn', 'HQnh', 'QnhW', 'nhWc', 'Crea', 'reat', 'eate', 'Padd', 'addi', 'ddin', 'Load', 'GetObjec', 'etObject', 'tObj', 'ResolveT', 'esolveTy', 'solveTyp', 'olveType', 'lveT', 'veTy', 'ManifestModu', 'anifestModul', 'nifestModule', 'ifestMod', 'festModu', 'estModul', 'stModule', 'tMod', 'ResolveField', 'esolveFi', 'solveFie', 'olveFiel', 'lveField', 'veFi', 'eFie', 'ResolveMembe', 'esolveMember', 'solveMem', 'olveMemb', 'lveMembe', 'veMember', 'eMem', 'Memb', 'embe', 'mber', 'GetMethodFromHan', 'etMethodFromHand', 'tMethodFromHandl', 'MethodFromHandle', 'ethodFromHan', 'thodFromHand', 'hodFromHandl', 'odFromHandle', 'dFromHan', 'GetFieldFromHand', 'etFieldFromHandl', 'tFieldFromHandle', 'FieldFromHan', 'ieldFromHand', 'eldFromHandl', 'ldFromHandle', 'IsBy', 'sByR', 'ByRe', 'yRef', 'GetElementTy', 'etElementTyp', 'tElementType', 'ElementT', 'lementTy', 'ementTyp', 'mentType', 'entT', 'ntTy', 'eadB', 'ReadInt6', 'eadInt64', 'ReadSing', 'eadSingl', 'adSingle', 'dSin', 'ReadDoub', 'eadDoubl', 'adDouble', 'dDou', 'GetUnderlyingTyp', 'etUnderlyingType', 'tUnderlyingT', 'UnderlyingTy', 'nderlyingTyp', 'derlyingType', 'erlyingT', 'rlyingTy', 'lyingTyp', 'yingType', 'IsEn', 'sEnu', 'ToObject', 'oObj', 'Explicit', 'xpli', 'plic', 'lici', 'icit', 'ToUInt64', 'oUIn', 'ToUInt32', 'FreeHGlo', 'reeHGlob', 'eeHGloba', 'eHGlobal', 'HGlo', 'Glob', 'loba', 'obal', 'InnerExcepti', 'nnerExceptio', 'nerException', 'erExcept', 'rExcepti', 'FullName', 'ullN', 'llNa', 'lNam', 'IsAssignableFrom', 'sAssignableF', 'AssignableFr', 'ssignableFro', 'signableFrom', 'ignableF', 'gnableFr', 'nableFro', 'ableFrom', 'bleF', 'leFr', 'eFro', 'From', 'AllocHGlobal', 'llocHGlo', 'locHGlob', 'ocHGloba', 'cHGlobal', 'ResolveStrin', 'esolveString', 'solveStr', 'olveStri', 'lveStrin', 'veString', 'GetFunctionPoint', 'etFunctionPointe', 'tFunctionPointer', 'BaseType', 'aseT', 'seTy', 'tMethods', 'hods', 'GetBaseDefinitio', 'etBaseDefinition', 'tBaseDefinit', 'BaseDefiniti', 'aseDefinitio', 'seDefinition', 'eDefinit', 'Definiti', 'efinitio', 'finition', 'init', 'niti', 'IsNa', 'sNaN', 'IsInfini', 'sInfinit', 'Infinity', 'nfin', 'fini', 'nity', 'IsVirtua', 'sVirtual', 'Virt', 'irtu', 'rtua', 'tual', 'FormatterService', 'ormatterServices', 'rmatterServi', 'matterServic', 'atterService', 'tterServices', 'terServi', 'Serializatio', 'erialization', 'rializat', 'ializati', 'GetUninitializedObje', 'etUninitializedObjec', 'tUninitializedObject', 'UninitializedObj', 'ninitializedObje', 'initializedObjec', 'nitializedObject', 'itializedObj', 'tializedObje', 'ializedObjec', 'alizedObject', 'lizedObj', 'izedObje', 'zedObjec', 'edObject', 'dObj', 'IsCl', 'sCla', 'Clas', 'IsInterf', 'sInterfa', 'Interfac', 'nterface', 'terf', 'erfa', 'rfac', 'face', 'DeclareLocal', 'eclareLo', 'clareLoc', 'lareLoca', 'areLocal', 'reLo', 'eLoc', 'Loca', 'ocal', 'EmitCall', 'mitC', 'itCa', 'tCal', 'LocalVariableInf', 'ocalVariableInfo', 'calVariableI', 'alVariableIn', 'lVariableInf', 'VariableInfo', 'ariableI', 'riableIn', 'iableInf', 'ableInfo', 'bleI', 'leIn', 'LocalTyp', 'ocalType', 'calT', 'alTy', 'lTyp', 'ChangeTy', 'hangeTyp', 'angeType', 'ngeT', 'geTy', 'CompareT', 'ompareTo', 'mpar', 'pare', 'areT', 'reTo', 'MakeGenericT', 'akeGenericTy', 'keGenericTyp', 'eGenericType', 'GenericT', 'enericTy', 'nericTyp', 'ericType', 'ricT', 'icTy', 'cTyp', 'Appe', 'ppen', 'pend', 'AppendFormat', 'ppendFor', 'pendForm', 'endForma', 'ndFormat', 'dFor', 'Form', 'orma', 'rmat', 'CompilerGeneratedAttribu', 'ompilerGeneratedAttribut', 'mpilerGeneratedAttribute', 'pilerGeneratedAttrib', 'ilerGeneratedAttribu', 'lerGeneratedAttribut', 'erGeneratedAttribute', 'rGeneratedAttrib', 'GeneratedAttribu', 'eneratedAttribut', 'neratedAttribute', 'eratedAttrib', 'ratedAttribu', 'atedAttribut', 'tedAttribute', 'AttributeUsageAttrib', 'ttributeUsageAttribu', 'tributeUsageAttribut', 'ributeUsageAttribute', 'ibuteUsageAttrib', 'buteUsageAttribu', 'uteUsageAttribut', 'teUsageAttribute', 'eUsageAttrib', 'UsageAttribu', 'sageAttribut', 'ageAttribute', 'geAttrib', 'AttributeTargets', 'ttributeTarg', 'tributeTarge', 'ributeTarget', 'ibuteTargets', 'buteTarg', 'uteTarge', 'teTarget', 'eTargets', 'Targ', 'gets', 'GeneratedCodeAttribu', 'eneratedCodeAttribut', 'neratedCodeAttribute', 'eratedCodeAttrib', 'ratedCodeAttribu', 'atedCodeAttribut', 'tedCodeAttribute', 'edCodeAttrib', 'dCodeAttribu', 'CodeAttribut', 'odeAttribute', 'deAttrib', 'odeD', 'deDo', 'eDom', 'Compiler', 'ompi', 'mpil', 'pile', 'iler', 'DebuggerNonUserCodeAttribute', 'ebuggerNonUserCodeAttrib', 'buggerNonUserCodeAttribu', 'uggerNonUserCodeAttribut', 'ggerNonUserCodeAttribute', 'gerNonUserCodeAttrib', 'erNonUserCodeAttribu', 'rNonUserCodeAttribut', 'NonUserCodeAttribute', 'onUserCodeAttrib', 'nUserCodeAttribu', 'UserCodeAttribut', 'serCodeAttribute', 'erCodeAttrib', 'rCodeAttribu', 'EditorBrowsableAttribute', 'ditorBrowsableAttrib', 'itorBrowsableAttribu', 'torBrowsableAttribut', 'orBrowsableAttribute', 'rBrowsableAttrib', 'BrowsableAttribu', 'rowsableAttribut', 'owsableAttribute', 'wsableAttrib', 'sableAttribu', 'ComponentMod', 'omponentMode', 'mponentModel', 'ponentMo', 'onentMod', 'nentMode', 'entModel', 'ntMo', 'odel', 'EditorBrowsableState', 'ditorBrowsableSt', 'itorBrowsableSta', 'torBrowsableStat', 'orBrowsableState', 'rBrowsableSt', 'BrowsableSta', 'rowsableStat', 'owsableState', 'wsableSt', 'sableSta', 'ableStat', 'bleState', 'leSt', 'eSta', 'tate', 'UnmanagedFunctionPointerAttribut', 'nmanagedFunctionPointerAttribute', 'managedFunctionPointerAttrib', 'anagedFunctionPointerAttribu', 'nagedFunctionPointerAttribut', 'agedFunctionPointerAttribute', 'gedFunctionPointerAttrib', 'edFunctionPointerAttribu', 'dFunctionPointerAttribut', 'FunctionPointerAttribute', 'unctionPointerAttrib', 'nctionPointerAttribu', 'ctionPointerAttribut', 'tionPointerAttribute', 'ionPointerAttrib', 'onPointerAttribu', 'nPointerAttribut', 'PointerAttribute', 'ointerAttrib', 'interAttribu', 'nterAttribut', 'terAttribute', 'erAttrib', 'rAttribu', 'CallingConventio', 'allingConvention', 'llingConvent', 'lingConventi', 'ingConventio', 'ngConvention', 'gConvent', 'Conventi', 'onventio', 'nvention', 'vent', 'enti', 'ntio', 'harS', 'arSe', 'rSet', 'FlagsAttribu', 'lagsAttribut', 'agsAttribute', 'gsAttrib', 'VyybV3Hbk9BA0Kxy', 'yybV3Hbk9BA0KxyM', 'ybV3Hbk9BA0KxyMx', 'bV3Hbk9BA0Kx', 'V3Hbk9BA0Kxy', '3Hbk9BA0KxyM', 'Hbk9BA0KxyMx', 'bk9BA0Kx', 'k9BA0Kxy', '9BA0KxyM', 'BA0KxyMx', 'A0Kx', '0Kxy', 'KxyM', 'xyMx', '0Vo8aGnLWYBq6AMF', 'Vo8aGnLWYBq6AMFY', 'o8aGnLWYBq6AMFYc', '8aGnLWYBq6AM', 'aGnLWYBq6AMF', 'GnLWYBq6AMFY', 'nLWYBq6AMFYc', 'LWYBq6AM', 'WYBq6AMF', 'YBq6AMFY', 'Bq6AMFYc', 'q6AM', '6AMF', 'AMFY', 'MFYc', 'resource', 'ekJCbABmLGs77U1b', 'kJCbABmLGs77U1b9', 'JCbABmLGs77U1b9R', 'CbABmLGs77U1', 'bABmLGs77U1b', 'ABmLGs77U1b9', 'BmLGs77U1b9R', 'mLGs77U1', 'LGs77U1b', 'Gs77U1b9', 's77U1b9R', '77U1', '7U1b', 'U1b9', '1b9R', 'L8RUNjK99qgMXaV3', '8RUNjK99qgMXaV3U', 'RUNjK99qgMXaV3Uo', 'UNjK99qgMXaV', 'NjK99qgMXaV3', 'jK99qgMXaV3U', 'K99qgMXaV3Uo', '99qgMXaV', '9qgMXaV3', 'qgMXaV3U', 'gMXaV3Uo', 'MXaV', 'XaV3', 'aV3U', 'V3Uo', 'iTJg9l6IfQ2Tc5gk', 'TJg9l6IfQ2Tc5gkY', 'Jg9l6IfQ2Tc5gkYe', 'g9l6IfQ2Tc5g', '9l6IfQ2Tc5gk', 'l6IfQ2Tc5gkY', '6IfQ2Tc5gkYe', 'IfQ2Tc5g', 'fQ2Tc5gk', 'Q2Tc5gkY', '2Tc5gkYe', 'Tc5g', 'c5gk', '5gkY', 'gkYe', '4fA0eIhH69ZoXcl0', 'fA0eIhH69ZoXcl0b', 'A0eIhH69ZoXcl0by', '0eIhH69ZoXcl', 'eIhH69ZoXcl0', 'IhH69ZoXcl0b', 'hH69ZoXcl0by', 'H69ZoXcl', '69ZoXcl0', '9ZoXcl0b', 'ZoXcl0by', 'oXcl', 'Xcl0', 'cl0b', 'l0by', 'WrapNonExceptionThro', 'rapNonExceptionThrow', 'apNonExceptionThrows', 'pNonExceptionThr', 'NonExceptionThro', 'onExceptionThrow', 'nExceptionThrows', 'ExceptionThr', 'xceptionThro', 'ceptionThrow', 'eptionThrows', 'ptionThr', 'tionThro', 'ionThrow', 'onThrows', 'nThr', 'Thro', 'hrow', 'rows', '12016879', '2016', '0168', '1687', '6879', '2943', '468a', 'b5e7', 'eabdd91d8ee2', 'abdd91d8', 'bdd91d8e', 'dd91d8ee', 'd91d8ee2', '91d8', '1d8e', 'd8ee', '8ee2', 'NETFramework', 'ETFramew', 'TFramewo', 'Framewor', 'ramework', 'amew', 'mewo', 'ewor', 'work', 'Version=', 'ion=', 'FrameworkDisplayName', 'rameworkDisplayN', 'ameworkDisplayNa', 'meworkDisplayNam', 'eworkDisplayName', 'workDisplayN', 'orkDisplayNa', 'rkDisplayNam', 'kDisplayName', 'DisplayN', 'isplayNa', 'splayNam', 'playName', 'layN', 'ayNa', 'AllowMultipl', 'llowMultiple', 'lowMulti', 'owMultip', 'wMultipl', 'Multiple', 'ulti', 'ltip', 'tipl', 'Inherite', 'nherited', 'heri', 'erit', 'ited', '3Sys', 'Tool', 'ools', 'StronglyTypedResourceBuilder', 'tronglyTypedResourceBuil', 'ronglyTypedResourceBuild', 'onglyTypedResourceBuilde', 'nglyTypedResourceBuilder', 'glyTypedResourceBuil', 'lyTypedResourceBuild', 'yTypedResourceBuilde', 'TypedResourceBuilder', 'ypedResourceBuil', 'pedResourceBuild', 'edResourceBuilde', 'dResourceBuilder', 'ResourceBuil', 'esourceBuild', 'sourceBuilde', 'ourceBuilder', 'urceBuil', 'rceBuild', 'ceBuilde', 'eBuilder', 'Culture=', 'ure=', 'neut', 'eutr', 'utra', 'tral', 'licKeyToken=', 'eyToken=', 'ken=', 'b77a5c561934e089', '77a5c561934e', '7a5c561934e0', 'a5c561934e08', '5c561934e089', 'c561934e', '561934e0', '61934e08', '1934e089', '934e', '34e0', '4e08', 'e089', 'SUsSyste', 'UsSystem', 'sSys', 'lSys', 'ResourceRead', 'esourceReade', 'sourceReader', 'ourceRea', 'urceRead', 'rceReade', 'ceReader', 'eRea', 'RuntimeResourceS', 'untimeResourceSe', 'ntimeResourceSet', 'timeResource', 'imeResourceS', 'meResourceSe', 'eResourceSet', 'esourceS', 'sourceSe', 'ourceSet', 'rceS', 'ceSe', 'eSet', 'PADP', 'ADPA', 'DPAD', 'yr8x', 'r8xt', 'cGIZ', 'Ymt7', 'yhzU', 'Ke7y', '9kQu', 'JslM', 'slMp', '3rsY', 'PADPADPm', 'ADPm', '1gpX', 'SURc', 'ifsC2kyW', 'fsC2', 'sC2k', 'C2ky', '2kyW', 'xZ9b', 'upI2', 'V3dA', 'jZ0D', 'Osa0', 'sa0B', '6JXK', 'PoDv', 'oDvG', 'A83d', 'Hqey', '7Ai0', 'Ai0k', 'c1y5', 'wQ26', 'y0oP', 'kE35', 'E356', 'nhA5', 'm4nZ', '3AGO', 'pNf5', 'g8vu', 'IaCT', 's3Yq', 'nlzV', 'tdaB', 'JWkj', 'Wkj7', 'WElQ', 'ZTTC', 'd2Ef', 'wb8Z', 'KSmn', 'e1tS', 'hceo', 'LIb5', 'MrLn', 'rLnz', 'vmTQ', 'mTQm', '2XgN', 'XgNf', 'Gk4a', 'eGd8', 'PQne', 'QneN', 'Y0ra', 'hXou', 'ssan', 'Qu0T', '5bdK', '0BXR', 'oND0', 'quNV', 'r70h', '70h3', 'vr1u', '5q83', '91TR', '1TRM', 'TRMj', 'Nt9E', 'r6PV', 'R9ss', '8t6S', 'KCwY', 'itMu', 'uWYk', 'gPJU', 'PJUw', 'JUwf', 'f1Ny', 'oa3O', 'Py9i', 'PjGI', 'XXBs', 'XBsj', 'RuXE', 'uXE=', 'ygbK', 'ccll', 'u5Sm', 'wXpO', 'XpOQ', 'TFgy', '0do0', '6MZY', 'MvvZ', '6L3Q', 'ehOb', 'hObR', 'cfHt', 'jqtX', 'ipQE', 'ApSU', 'pSUL', 'Ki49', 'i49N', 'YPuD', 'qHAO', 'INev', 'eCcu', 'UyhE', 'MMrU', 'TXlw', 'eMEx', 'mCEG', 'LOYC', 'LhNE', 'hNEj', 'rNzk', 'NzkX', 'E2UL', '2ULw', 'Pzv0', 'yE4k', 'mW2y', 'SfP9', 'GBEr', 'BEr3', 'mDXy', 'TIjZ', 'D0ta', 'YtMl', 'z0OL', 'cIDX', 'i4rO', '4rOL', 'sZ8F', 'Z8F2', 'vpho', 'k4wU', '4rAE', 'rAEC', 'VpN5', 'APNh', 'PNhI', 'NhIr', '8ngl', 'mBBX', '2uS0', 'uS0a', '9Vc0', 'Vc0u', 'adfn', 'A5RI', 'bqqt', 'UX0j', 'fO1r', 'O1rP', 'OgIp', 'KjIF', '7HOw', 'jK9w', 'S2PY', 'Ba7c', 'erCK', 'rCKC', 'ay3c', 'mGqb', '9LAL', 'LALA', 'dqej', 'zZZU', 'HVQ4', 'NnJF', 'i7L7', 'QsV2', 'Elll', '0fpR', 'bhbl', 'Epca', 'TxOe', 'nwwi', '0Ifm', 'Ifmf', 'KRh7', 'aHKi', 'k76y', 'k9Ss', '9SsB', 'x0Lb', 'Omiq', 'VnqR', 'RnXB', 'I2Hg', '4pBN', '8Qfa', '465G', 'hNEr', 'I1hl', 'aYHj', 's63D', 'z97p', '7KLW', 'KLWg', 'LWgJ', 'UH0k', 'H0kp', '0kpJ', 'BYv4', 'DQ5R', 'A9Fs', '24Kp', '31Hq', 'k7Y4', '7Y4y', 'uBHM', 'BHMM', 'wUMX', 'xsKJ', 'hjAR', 'ScOq', 'C3AK', '3AK=', 'M1qA', 'LR1D', 'R1DO', '1Igs', '5oyg', 'oyg7', '1nHm', 'XUPz', 'UPz1', 'Pz1K', 'WY4O', 'Y4ON', 'hPXi', 'rTzk', 'MILD', 'KEh9', 'Eh9O', 'h9O=', 'ahxa', 'LlNs', '2mWI', 'mWIc', '29tk', 'Ry6H', '4hME', 'TDCr', 'DCrL', 'MCp9', 'TRDh', 'WuEj', 'UCHH', 'PP08', 'LhdS', 'yvPy', 'vPyd', 'VTK5', 'EdFg', 'cAbg', 'y2Kn', '2Kn7', 'Kn7v', '7oxW', 'mwz1', '8B0=', 'tzCi', 'tSwi', 'fxjF', 'YsV=', 'SEdN', 'SseS', 'QXJe', 'A4NX', 'ZNFH', 'Zr25', 'wFT6', '5Rxc', '5WfC', 'R8H3', 'mWI1', 'A8my', 'B1LU', '4C5s', 'NFKS', 'aqhk', 'bIpE', 'IpEi', 'pEiH', 'YRrA', 'mo6K', 'o6KX', 'Lqzr', 'ZVP9', 'VP9=', 'fFvI', 'FvIO', 'Pnwj', 'nwjA', 'V6fq', 'HuJc', 'uJc5', 'DEKL', 'v0CY', 'disD', 'ehRv', 'Q61m', 'APi=', 'eYt=', 'iThJ', 'Rcd8', 'QSnz', 'LCeE', 'b1AF', 'z6cq', 'cKmT', 'dskD', 'GDoo', 'nZz4', 'RbH5', 'I6mh', 'bdac', '4Zez', 'RwLF', 'Frfw', '8WKh', 'WKhz', 'kyJs', 'Qlx4', 'lx4H', 'bytZ', 'VgI2', '3OVi', 'zW1C', 'qy7=', 'kpNP', 'BI8U', 'wsz9', '7zby', 'aeur', 'H9Wm', 'bjbT', 'jbTO', 'bTOk', 'fgGw', 'P5GY', 'nu4g', 'Dv6u', 'mQvi', '9iSF', 'anuq', 'u0zg', 'iaBW', 'TO1n', 'pNfW', 'x5Ka', '5KaA', 'cZBv', 'o3iR', 'Zxen', 'wby8', 'by8c', 'y8cl', 'Mj0x', 'VxiE', 'HSnx', 'ShvR', 'fLvK', 'tcL1', 'BOuj', 'vG6u', 'G6uc', 'RIMV', 'IMVP', '9dMl', '1p8k', 'OYfD', 'YfDf', 'fDfI', 'FaGk', 'aGkP', 'K0gO', 'Wv2e', 'mnUt', 'ucDx', 'LwDd', 'wDdQ', 'boGD', 'oGDV', '6DRj', 'Wcna', 'sAKw', 'ghp3', 'cQw2', 'Qw2c', '1X6=', 'u79K', 'YpDP', 'QVNV', '5I3a', 'XW2J', 'W2J1', 'jHeA', 'EjdP', '2rA3', 'yHu=', '82OG', '1R2b', 'IqCp', 'quJx', 'LsH4', 'LLqI', 'Kbe5', 'EIdF', 'Qejg', 'eqYD', 'KLZI', '2wJS', 'mhK1', 'Q9yu', '9yug', 'UZxE', 'EN6V', 'N6VN', 'ko7D', 'D78C', '78Ct', 'Z1Vo', '1VoM', 'iUCH', 'WKjI', '12L0', 'VAs4', 'x3I2', 'v5jB', '5jBC', 'hEWB', 'kxMY', 'pkmV', 'BMxE', 'MxE8', 'xE89', 'kK48', 'K48=', 'UdmP', 'quMT', 'tVj7', 'qlw3', 'dRK9', 'W8ZQ', 'DBus', 'Ommj', 'M1sC', 'Lg6H', 'yzKY', '9OTQ', '7S2b', 'OQ1p', 'KZyF', 'yC7P', 'C7PL', 'AnVV', 'DpXe', 'fkRk', 'aH6k', 'H6k1', '6k1F', 'DiYj', 'upum', 'fDjz', 'Djzo', 'JaeF', '2wxa', 'Cy9b', 'B4Wd', 'qPMU', 'YK5F', 'ooWN', '2Pfx', '6h08', '6c9D', 'LZwm', 'Nwlg', 'wlgr', '5v3V', 'vgIa', 'i6Lj', 'Ubl3', 'bl3w', 'Paaq', 'MOQR', 'OQRZ', 'QRZx', 'sr3P', 'pVNT', 'vlnI', '8UJM', 'IU5F', 'wgAR', 'nLRU', 'LRUT', 'RUTR', '9lWy', 'yQQU', 'BaFN', '452e', 'kuoh', 'WDyY', 'Rbbv', 'xi5G', 'C6si', '3CqW', 'CqWm', 'qWmU', 'IoS2', 'hkWC', 'ReN5', 'FfXW', '2nT0', 'FnBZ', '4OhC', 'OhCJ', 'Ge7t', 'e7t2', 'uEF=', 'OrWn', 'rWnA', 'GwHZ', 'kn3O', 'n3Om', 'qWuo', 'Ga4P', 'plLp', 'U4tF', 'gFrL', 'gip5', 'ip55', 'Ib8b', 'b8bL', 'sCbh', 'Cbha', 'W9PM', '9PMk', 'CFdq', '46Em', 'leT8', 'eT8L', 'T8LY', '8LYS', 'qAOT', 'AOTU', 'OTUh', 'hLTv', 'LTvX', 'GBu9', 'EzKU', 'n7po', 'k1Go', '1Goa', 'HCb5', '81q7', 'VLzv', 'fXbt', 'XbtR', 'v0Cj', 'CNR3', 'NR3P', 'W6cG', '6t6Z', 't6ZC', 'E5o9', '5o94', 'pJiE', 'JiE4', 'iE4p', 'h6pt', 'qbHO', 'n21l', 'gSPy', 'XRoX', 'iW0m', 'W0mP', 'YqxA', 'yNAU', 'BRA3', 'RA3W', 'qTOt', 'XBeD', 'cKWH', 'aN3V', 'N3Vi', '3Vig', 'zdwY', 'JdtD', 'dtDJ', 'tDJF', 'jN1n', 'N1nw', 'in7u', 'Qwpi', '5YT6', 'Wnjm', 'njmF', 'P7eH', 'R6Jd', 'Yevl', 'jFZC', 'FZCv', 'ZCva', 'KejL', '1G5O', 'G5Or', '5Or3', 'cMRv', 'Q8Qy', '8QyT', 'yX0p', 'WPsS', 'lB3O', 'B3Ol', 'XuGd', 'gBcc', 'Bcc2', 'Eo3J', 'aZKR', 'ydeE', '1i3h', 'rBbb', 'Bbb8', 'bb8l', 'b8la', 'a57X', 'iF2i', '1Rsd', 'G9HX', '9HXk', 'Civg', 'ujAi', 'r86S', '86Sr', 'INe=', 'WTAr', 'TArw', 'Jpcn', '2XYr', 'rAj5', '8Aw=', 'qVwR', 'htOM', 'JHEN', 'HEN0', '6u9B', 'VADC', 'PEbI', '9cQ1', 'hoqV', '5LwQ', 'w2Le', 'EIfY', 'IfYo', 'mUzl', 'Uzlk', 'ljXS', 'DSLu', '0IGR', '6fU4', 'fU4W', 'Fcq5', '3UKk', 'i0AX', 'Patd', 'atdR', 'tdRz', 'i4SA', '6BSg', 'QYBh', 'j29N', 'pT1d', 'wjwO', 'jwO9', 'wO9H', 'DvDW', 'sd4a', 'z5uL', '0Zrm', '5bZ0', 'bZ0i', '22Xs', 'Ddz6', 'ZLeB', 'tzMm', 'rjE2', 'EXG7', 'cAyH', 'mAHc', 'h4n8', 'PHjG', 'ZUap', 'UapZ', 'rN35', 'Bwu2', 'cJaU', 'tXxy', '3qSq', 'y3jh', 'Pa8g', 'Bsob', 'L5iC', '5iC0', 'pFTU', '7YG0', 'YG0h', 'G0h5', '0h5A', 'RIq2', 'TY74', 'Y743', '7431', 'l78L', 'sGrk', '11ST', 'NzW2', 'bwqP', 'cgKu', 'rlrV', 'jkWL', 'lqdV', 'WRhW', 'nh66', 'XHoq', 'cm0W', 'fdII', 'dIIa', 'IIa3', 'acor', 'Ufuz', 'fuzu', 'k9a7', 'uVA5', 'VA5X', 'rx81', 'FeaK', 'eaKZ', 'xCj5', 'Cj5U', 'wdCZ', 'W8rn', '8rnh', 'joPW', 'Nwyz', 'Wzmt', 'zmti', 'kQQB', 'QQB=', 'zssM', 'ssMG', 'QYsV', 'kuxH', 'GPwK', 'RQ6o', 'RyOU', 'i3jX', 'nM1P', 'IhES', 'L8PZ', '8Y7J', 'QVXI', 'j5GI', '6lh8', 'lh8O', 'Um7V', 'm7VV', 'uKqB', 'iZtU', 'Eif=', '2rkK', 'rkKY', 'Tbb7', 'bb7j', 'NxPL', 'bhwyQoQL', 'hwyQ', 'wyQo', 'yQoQ', 'QoQL', 'GyAa', 'wqch', 'Nuww', 'uwwG', 'wwGp', 'lOv5', 'BYJW', 'SYOy', 'Z5tp', 'J2v0', 'j0QW', '734Z', 'XZ9H', 'Z9Hs', '9Hsu', 'gBLw', 'pzdi', 'nrEv', 'DDPX', 'ndzz', 'Fu1i', 'PTe0', 'U3gA', 'vkq4', 'z3TD', '5yqk', 'yqks', 'qksf', '5FOs', 'FOsJ', 'DFw2', 'NUNs', 'UNsO', '1Gco', 'R5UZ', '8ggJ', 'mAYA', 'BhjS', 'negt', 'clOl', 'AQAk', 'l7oL', 'VSa0', 'Sa0Y', 'Sr29', 'd2U7', '9WrD', 'rOxX', '6JKs', 'JKsu', 'STZ=', 'wuxP', 'uxPD', 'phn7', 'P8dk', 'jKiL', 'G36H', 'Y2HO', '2HOH', 'M6OV', 'XRtp', '4Uje', 'xqX6', 'vCxc', 'H9MW', 'Lrlh', 'xtmu', 'tmuy', '8ZwC', 'MXFJ', 'XFJJ', 'UqO0', 'pTSh', 'TShz', 'Qjbw', 'LaK0', '0Rzf', 'Rzf8', 'ZKbw', 'Eohj', 'ohjo', 'zbtN', 'BK2P', 'OSep', 'c7QC', 'Iv9t', '5Ksu', 'Ksuu', 'KZ5m', 'gfe4', 'XmnJ', 'bfr2', 'MmJN', 'mJNC', 'MXIq', '3n2o', 'sgdB', 'tStD', 'JTHF', '0eYK', 'tJL8', 'ByHo', '2kSW', 'uruA', 'puLE', 'iFc9', 'epbB', 'pbBn', 'vupb', 'upb8', 'KDBi', 'DBik', 'Biki', 'rrXC', 'NI3g', 'SH7F', 'DyOg', '2lcS', 'G4Em', 'likh', 'cOP=', 'C8NE', 'mTif', 'KqLV', 'kwpu', 'V73r', '73rA', 'nD7w', 'D7w0', 'dDwh', 'oty3', '6DkW', '1K1m', 'HxnJ', 'V1Jb', 'xMhl', 'ZDC6', 'DC6J', 'On08', 'WZXx', 'ZXx0', 'cIM9', 'NGCQ', '0E2L', 'E2LH', '2LH7', 'abLj', 'IL2a', 'j5Gd', 'm1d6', '1d6g', 'rXXt', 'XXtc', 'fRSe', 'JO6E', 'tRI2', 'RI2b', 'xzvn', 'wdmW', 'i5Sq', 'o4an', '4AS7', 'vI4b', 'b2XN', 'fV9R', '2ff3', 'dgIK', 'SqF4', 'Rfhn', 'CorExeMa', 'orExeMai', 'rExeMain', 'ExeM', 'xeMa', 'eMai', 'Main', 'msco', 'core', 'oree']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsNET_EXE' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsWindowsGUI' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsPacked' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_Studio_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_C_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_Studio_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'NET_executable_' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'NET_executable' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24' with data '['<PrivateImplementationDetails>{2694970F-33C0-4F3D-8460-AEC6CCD3E65D}', '<Module>{81ADDF81-2A2A-4D67-B614-83D63B9A2005}', '<Module>{1d590a57-0001-4721-86b5-87b20d253506}']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsNET_DLL' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsDLL' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'IsConsole' with data '[]'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_Studio_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_C_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_Studio_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'NET_executable_' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 4920 triggered the Yara rule 'NET_executable' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "pe_compile_timestomping",
      "description": "Binary compilation timestomping detected",
      "categories": [
        "generic"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "anomaly": "Compilation timestamp is in the future"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "infostealer_bitcoin",
      "description": "Attempts to access Bitcoin/ALTCoin wallets",
      "categories": [
        "infostealer"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\Electrum\\wallets"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 9.0,
  "ttps": [
    {
      "signature": "mouse_movement_detect",
      "ttps": [
        "T1497"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "antisandbox_sleep",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0001",
        "B0007",
        "B0007.008"
      ]
    },
    {
      "signature": "antivm_checks_available_memory",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "mountpoints_volume_discovery",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "creates_suspended_process",
      "ttps": [
        "T1055"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "resumethread_remote_process",
      "ttps": [
        "T1055"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "encrypt_pcinfo",
      "ttps": [
        "T1560",
        "T1033"
      ],
      "mbcs": [
        "OB0007"
      ]
    },
    {
      "signature": "accesses_recyclebin",
      "ttps": [
        "T1074"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "terminates_remote_process",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "C0018"
      ]
    },
    {
      "signature": "binary_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_cnc_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0004",
        "B0033",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_questionable_http_path",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "packer_entropy",
      "ttps": [
        "T1027.002",
        "T1027"
      ],
      "mbcs": [
        "OB0001",
        "OB0002",
        "OB0006",
        "F0001"
      ]
    },
    {
      "signature": "procmem_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "pe_compile_timestomping",
      "ttps": [
        "T1070.006",
        "T1070"
      ],
      "mbcs": [
        "OB0006",
        "F0005",
        "F0005.004"
      ]
    },
    {
      "signature": "discover_registry_mount_points",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "infostealer_bitcoin",
      "ttps": [
        "T1005"
      ],
      "mbcs": [
        "OB0003",
        "B0028",
        "B0028.001"
      ]
    }
  ],
  "malstatus": "Malicious"
}